Patch Watch: Still Tracking Issues with Spectre/Meltdown

Patch Watch: Still Tracking Issues With Spectre/Meltdown

AMD Chips Now Cleared for Updating

Microsoft has now prepared a fixed update that won’t BSOD computers running the AMD chip set and thus have begun to rerelease the update. If you were impacted by the AMD BSOD, hopefully you have a second computer handy as you need to download KB4073290 from the Microsoft catalog site and then … well I’m honestly not sure what you can do if the machine in question has a BSOD and won’t boot. The only way I’m aware to install a patch on an un-bootable machine is to use the DISM commands at a boot prompt to install the update.

You would type in Dism /Add-Package /PackagePath: [/IgnoreCheck] [/PreventPending] and insert the location where you downloaded the windows10.0-kb4073290-x64_5119daced3c80d539e79cf52a5fb5bc9cea61eb8.msu.

I honestly think it’s easier and safer to perform a system refresh whereby the Windows 10 reinstalls the operating system but does not damage any data files.

I’d honestly recommend that you download and create a windows 10 bootable image flash drive so that should something happen — for any reason — you have the tools at hand to take care of your machine. I would suggest going to this link, and create a Windows installation media and keep it on hand.

Once you have a bootable flash drive, you then insert the flash drive into your computer before you turn it on and if the bios is set to boot first from a usb flash drive you can get under the operating system and run the necessary steps to repair from any disaster. The basic guidance to follow is documented on a Microsoft page.

But the key element is having boot media to get under the operating system and then go to Troubleshoot > Reset this PC.

• Boot your computer using a USB bootable media. You may need to change your system’s BIOS settings to make sure it can boot from USB. Access the BIOS by powering up your device and hitting one of the functions or ESC keys, normally a F2 or F8, but check with the manufacturer’s web site if those keys do not work.
• Click Next.
• Click the Repair your computer link in the bottom-right corner.
• In the “Advanced startup” experience, click the Troubleshoot button.

Look for the option to reset the PC. This will merely reset the computer and not totally reinstall the operating system.

Tracking Inaccessible Boot Device

The second issue I’m tracking has a nasty side effect. After the installation of patches during the second week of the month – but not the out of band updates released the first week – individuals, consultants and administrators are tracking an issue wherby systems won’t boot back up and computers have on the screen “inaccessible boot device” on the screen. There are a couple of ways to recover and roll back but all of them need boot media to proceed. You can either follow the information here or do a reset of the computer.

I’m sure many of you are concerned that you will have issues once these patches are installed and are asking if you should uninstall them.

I honestly would not recommend uninstalling the patches if they have installed and you are seeing no side effects. But  if you have seen any of these symptoms, uninstall these updates and disable Windows update and hide the update if you were impacted.

What to do: Review if you’ve had any side effects from this update and monitor as needed.

Checking If You Are Really Protected

I am approaching these patches like I do any other big event patching process. I look at my devices and determine which one is most at risk: Which ones do I surf on more than others and patch those devices first. If I determine there are no side effects, I’ll then slowly roll them out to other machines under my control.

Once you have patched, Microsoft only provides a Powershell script to test if you are protected which isn’t the most user friendly. I recommend instead using either Insepctre or the Ashampoo tool to check where you are at in your protections.

For users of Chrome you may also want to set up site isolation as follows:

• Type or copy-paste chrome://flags/#enable-site-per-process into the URL field at the top of your Chrome web browser, then hit the Enter key.
• Look for Strict Site Isolation, then tap or click the box labeled Enable.
• If your work is saved, hit Relaunch Now. Otherwise, save your work, then quit and relaunch Chrome.

This will separate browser tabs so that they can’t steal information from another tab. There may be side effects with some websites, so again, test before doing this to all your computers.

If you have Broadwell and Haswell chips, Intel is recommending that you hold off on installng bios updates at this time.

If you are unsure what processor you have, you can look at this Lenovo support page which shows how to determine what processor you have.

An easier way is to use CPU-Z to determine what specific chip you have. In my case I found out my Lenovo machine had a Haswell chip. Since I’m testing the updates on this system, I’ll be monitoring this computer to see if I see side effects.

What to do: Review your options and test the updates on systems before rolling it out to all of your machines.

Windows 10 Additional Releases.

Last week’s additional updates include the following:

• KB4073291 for Windows 10 1709 includes the fix to allow protection of AMD chips
• KB4057144 for Windows 10 1703
• KB4057142 for Windows 10 1607
• KB4075200 for Windows 10 1511
• KB4075199 For Windows 10 RTM (for those running Long Term Servicing Branch

As stated earlier, these updates fix issues seen on systems with AMD chips and 32 bit systems.

The 1703 release includes quite a few fixes including:

• Addresses issue where some customers on a small subset of older AMD processors get into an unbootable state.
• Addresses issue with printing PDFs in Microsoft Edge.
• Addresses issue with the App-V package folder access that cause the access control list to be handled incorrectly.
• Addresses issue where backwards compatibility for managing Microsoft User Experience Virtualization (UE-V) with group policy is lost. Windows 10 version 1607 group policy isn’t compatible with Windows 10 version 1703 or higher group policy. Because of this bug, the new Windows 10 Administrative Templates (.admx) cannot be deployed to the Group Policy Central Store. This means that some of the new, additional settings for Windows 10 aren’t available.
• Addresses issue where some Microsoft-signed ActiveX controls don’t work when Windows Defender Application Control (Device Guard) is enabled. Specifically, class IDs related to XMLHTTP in msxml6.dll don’t work.
• Addresses issue where, when attempting to change the Smart Card for Windows service start type from Disabled to Manual or Automatic, the system reports an error: “Cannot create a file when that file already exists.”
• Addresses issue where some applications are blocked from running by Windows Defender Device Guard or Windows Defender Application Control when the application runs in Audit only enforcement mode.
• Addresses issue where the virtual TPM self-test isn’t run as part of virtual TPM initialization.
• Addresses issue with NoToastApplicationNotificationOnLockScreen GPO that causes Toast notifications to appear on the lock screen.
• Addresses issue originally called out in KB4056891 where calling CoInitializeSecurity with the authentication parameter set to RPC_C_AUTHN_LEVEL_NONE resulted in the error STATUS_BAD_IMPERSONATION_LEVEL.

At the present time, if you have not received these updates, I’ll recommend you pause updates on your 1709 machine. To pause updates, you’ll need the Windows Pro version. You cannot pause updates on Home versions. You’ll need to go into the advanced settings of the Windows update app and choose to pause updates as shown on the blog.

What to do: If you have yet to receive these updates, I’ll still recommend that you pause these updates until more issues get resolved.

Windows 7 Updates

The Windows 7 preview update released this month in the form of KB4057400 includes the following non-security updates:

• Addresses issue where every smart card logon to a Windows Terminal Server/Remote Desktop Server may result in a handle leak in the certprop service. Token leaks result in session leaks on computers that have installed MS16-111/KB3175024 and superseding fixes.
• Adds support for the SHA2 server’s authentication endpoint support for the Windows Server Update Services server.

These updates will be bundled into next month’s updates.

What to do: You’ll be offered these updates next month as part of the cumulative update.

Windows 8.1 Updates

Windows 8.1 preview of next month’s non security updates was released in the form of KB4057401. You will see these fixes in the next month’s cumulative update releases and includes these fixes:

• Addresses issue where every smart card logon to a Windows Terminal Server/Remote Desktop Server may result in a handle leak in the certprop service. Token leaks result in session leaks on computers that have installed MS16-111/KB3175024 and superseding fixes.
• Addresses issue where servers running AppLocker stop working.
• Addresses issue where an unexpected system restart occurs because of exception code 0xc0000005 (Access Violation) in LSASS.exe, where the faulting module is cryptnet.dll.
• Addresses issue where, if the Online Certificate Status Protocol (OCSP) renewal date comes after the certificate expiration date, the OCSP-stapled response is used until the renewal date even though the certificate has expired.
• Addresses multiple symptoms that occur during power transitions including a stop error 0x9F (0000009F) when a device tries to enter sleep mode or restart. USB PnP devices may also be unusable after waking from sleep.
• Addresses issue where the iSCSI Initiator Properties Devices list doesn’t display certain targets.
• Addresses issue where Event ID 1511 appears when you start a task that is created in Task Scheduler.
• Addresses issue where a race condition in memory management may lead to Error 0x50 or 0x149 when trimming sparse files.
• Addresses issue where AD FS incorrectly processed the wct parameter in a ws-federation request as a local time instead of a UTC value. This affects customers that federate AD FS with other third-party identity providers. Authentication failed because incorrect wct values implied bad or old requests.
• Addresses issue where attempts to view the previous versions of a file on a file share fail. This occurs after a disk that hosts file shares goes offline and comes back online.
• Addresses the following issues with the WinRM service:
  A threading issue that may cause the WinRM service to crash under load. This is a client-side solution, so you must apply it to the affected computers(s) and the computers that communicate with the WinRM service.
  A system performance issue that may cause logon to stop responding with the message, “Please wait for the Remote Desktop Configuration”. This was caused by a deadlock in the WinRM service.
• Addresses issue originally called out in KB4056895 where calling CoInitializeSecurity with the authentication parameter set to RPC_C_AUTHN_LEVEL_NONE resulted in the error STATUS_BAD_IMPERSONATION_LEVEL.

What to do: You’ll be offered these updates next month as part of the cumulative update.

Office Update Releases

There are several side effects that have been noted after the January updates as detailed on Office support page.

As noted the following side effects are known as a result of the Outlook patches in January:

• When you attempt to Save All Attachments from an email to a shared network drive, nothing happens. This issue is seen on version 16.0.8518.1000 and higher.
• After installing the January Update for MSI versions of Outlook, attachments are removed when forwarding emails in plain text.
• After updating Outlook or Office to version 16.0.8827.2062, searching using the All Mailboxes option shows no results.
• After updating Outlook or Office to version 16.0.8827.2062, searching using Find Related option shows no results.
• Various workarounds are noted on the Office support page.Office 2016
• KB4011627 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011574 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011622 This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011632 This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011626 This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. It also fixes an issue whereby if you select multiple attachments and try to cancel one of the attachments, all the other attachments are cancelled.
• KB4011643 This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

Office 2013

• KB4011639 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011580 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011636 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011637 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. It also fixes the issue whereby if you send an email message from Outlook.com to a recipient outside of Office 365, the recipient always gets a winmail.dat attachment in the message.
• KB4011651 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

Office 2010

• KB4011660 Fixing a vulnerability in Microsoft Excel that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011658 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011611 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011273 Fixing a vulnerability in Microsoft Outlook that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011659 Fixing a vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Office file.

Office 2007

• KB4011602 Fixing a vulnerability in Microsoft Excel that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011606 Fixing a vulnerability in Microsoft Excel Viewer that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011607 Fixing a vulnerability in Microsoft Office Compatibility pack that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011605 Fixing a vulnerability in Microsoft Office Compatibility Pack that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011201 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011656 Fixing a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011213 Fixing a vulnerability in Microsoft Outlook that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011657 Fixing a vulnerability in Microsoft Word 2007 that could allow remote code execution if a user opens a specially crafted Office file.
• KB4011641 Fixing a vulnerability in Microsoft Word Viewer that could allow remote code execution if a user opens a specially crafted Office file.

What to do: Due to the number of remote code execution bugs in these, I’ll recommend you install these updates as soon as possible.

Non-Security Office Updates

At this time I’ll urge you to install the rest of the January updates being aware of the side effects noted above.

Office 2013

• January 2, 2018 update for PowerPoint 2013 KB401165 After you install February 7, 2017, update for PowerPoint 2013 (KB3141461), when you send a presentation file that contains some special characters, such as a number sign (#) in the name as an attachment, the file name is truncated.
• January 2, 2018 update for Project 2013 KB4011640 This update fixes various issues with Project 2013.
• January 2, 2018 update for Skype for Business 2015 KB4011638 This update also includes the new Skype for Business client.
• Office 2016
• January 2, 2018, update for Access 2016 KB4011221 Access 2016 may crash when you try to add a lookup column to a related table in the Datasheet view.
• January 2, 2018 update for Office 2016 KB3178662 This update improves the thesaurus for modern usage guidelines for all Office 2016 products.
• January 2, 2018, update for Office 2016 KB4011146 Translates some terms in multiple languages to make sure that the meaning is accurate.
• January 2, 2018, update for Office 2016 KB4011569 This update improves font selection to display the text correctly.
• January 2, 2018 update for Office 2016 KB4011625 After you click the Attach File option, the drop-down list of attachments in Outlook may display “Updating” and then disappear. After you install this update, the drop-down list will not disappear, and the attachments will be presented as expected.
• Janury 2, 2018, update for Office 2016 KB4011630 This update adds a registry key that enables authentication to continue even if the Online Content is disabled.
• January 2, 2018 update for Office 2016 KB4011631 This update improves font selection to display the text correctly.
• January 2, 2018, update for Office 2016 KB4011644 In a scatter chart or a chart that contains a series line, line endings (such as arrowheads) may display inversely when you do a slide presentation. This update corrects the display inconsistency issue.
• January 2, 2018, update for PowerPoint 2016 KB4011564 This update corrects the translation for the string “Slides” in the Korean version of PowerPoint 2016.
• January 2, 2018, update for Project 2016 KB4011633 Fixes various issues in Project 2016.
• January 2, 2018, update for Office 2016 KB4011215 This update fixes a reliability issue that can occur when Visio runs in automation mode. To fix this issue, install this update and then follow the steps in the Registry information section.
• January 2, 2018, update for Skype for Business KB4011623 Fixes several issues in Skype 2016.

What to do: I recommend not installing these updates at this time.

Regularly updated problem-patch chart

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft’s list of recently released patches, go to the MS Security TechCenter page.

Patch	Released	Description	Status
KB405689	1-03	Windows 7 rollup	*Hold
KB4056898	1-03	Windows 8	*Hold
KB4056892 [1709]	1-03	Windows 10 1709	*Hold
KB4056891 [1703]	1-03	Windows 10 1703	*Hold
KB4056890 [1607]	1-03	Windows 10 1607	*Hold

*Hold: Please note if you’ve installed these updates and are not seeing any side effects you can leave the updates installed. I’m only recommended holding off if you are severely impacted by these side effects.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.

Spruce Up Your Microsoft Outlook Emails with Themes and Stationery

Your emails can look more appealing with the right themes and stationery.

Do your messages from Microsoft Outlook look dull? Maybe you’re trying to promote a product or service in your emails or you just want to wow recipients with a certain style to your emails. And your regular messages just seem blah, at least visually. Can you spruce them up? Sure, you can format each email individually with specific fonts, colors, and other attributes. You can tap into styles to touch up your emails. Or you can rely on themes and stationery.

Through themes, you can paint your emails with a specific visual style. You can choose from the built-in themes and create your own themes. Using themes and stationery, you can set up your messages with specific fonts, colors, backgrounds, and other elements. You can choose to apply your stationery to selected individual messages or to all new HTML emails you compose.

Let’s see how you can spruce up your Outlook messages with themes and stationery.

For this article, I’m using Outlook 2016 via Office 365, but the process for using themes and stationery is similar in the prior few versions of Outlook.

To start, launch Outlook. Create a new email. You can choose to format the email as plain text, rich text, or HTML. But if you’re going to include graphics, hyperlinks, and similar elements, go with HTML, or at least rich text. Add color to some text, add a graphic, insert a table, and include any other content of your choosing.

First, let’s review the basic ways to format text.

Click on the Format Text tab. Select any text you want to modify, and you can change the font, point size, color, and other attributes. Hover over each style in the Style section on the Format Text Ribbon, and you can apply a predefined look to your current line or paragraph. Click on the Change Styles button.

Move to the entry for Style Set and hover over the different built-in styles to see how each one would affect your email. Do the same with Fonts, Colors, and Paragraph Spacing.

There’s one downside with styles and similar formatting choices. They won’t do much to spruce up your message unless you applied headings, titles, subtitles, and other elements to individual lines and paragraphs. So let’s move onto other options.

Click on the Options tab to display the Options Ribbon. One trick you can perform here is to change the background color of your email. Click on the Page Color button and hover over the different colors to see how your message looks. Select a different background color if you find one you like.

Now let’s segue to Themes. Click on the Themes icon. Hover over the different themes to preview what effect each one would have on your email. Click on a specific theme to apply it to your message.

If you wish to return to the default theme for your current template, click on the Themes icon and select “Reset to Theme from Template.”

If you want to keep your current theme but modify certain elements, you can return to the Format Text and Options ribbons to touch up specific lines and paragraphs or the entire message.

Now, let’s say you like the theme and the tweaks you applied to customize it, and you want to save your message so you can reuse it in the future. You have a couple of options: You can save it as a new theme or save it as a template.

To save your message as a theme, make sure the Options Ribbon is active.

1. Click on the Themes icon and select Save Current Theme.
2. A File Explorer window pops up pointing to the default folder for Microsoft Office themes. Give your theme a unique name and click on Save.
3. Start a new email message with text and other content, but don’t delete the original email.
4. Click on the Themes icon. You should see your custom theme pop up in the list.
5. Click on that theme, and your new email takes on the fonts of the theme.

You’ll notice, however, that the theme doesn’t apply all the visual elements of your original email. If you wish to reproduce those exactly, save your original email as a template instead.

1. To do this, click on File, then Save As. In the Save As window, change the type to Outlook Template. By default, Outlook will save the file in the Office Templates folder.
2. Click Save.
3. To use this template for a new email, click on the New Items icon on the Home Ribbon.
4. Hover over the entry for More items and select Choose Form.
5. At the Choose Form window, click on the dropdown menu for “Look in” and select “User Templates in File System.”
6. Double-click on the template you created, and you’ll see the original message appear, which you can now revise with different text.

Another way to spruce up your messages with specific fonts, backgrounds, and other visual elements is through stationery. To apply specific stationery to a new message, click on the New Items icon. Hover over the entry for “New E-mail Message Using” and select “More Stationery.” At the Theme or Stationery window, click on the different types of stationery to preview them. Double-click on the stationery you want to use. You can now create your message using this stationery.

You can also create your own stationery, one that incorporates your own personal or business logo as well as other unique design elements.

1. Create a new email message using HTML format. Add your preferred fonts, bullet point style, background color, images, and other elements.
2. When done, click on the File tab and select Save As.
3. In the Save As window, type the path %appdata%microsoftstationery in the Address Bar to open the folder for Office stationery.
4. Type a name for your stationery. Click in the Save as Type field and change the type to HTML.
5. Click Save.
6. Repeat the steps to create a new email using stationery and you should now see your custom stationery appear in the list.

Want to use your stationery for all new emails?

1. Click on the File tab and select Options.
2. In the Outlook Options window, select Mail and then click on the button for Stationery and Fonts.
3. In the section for “Theme or stationery for new HTML e-mail message,” click on the Theme button.
4. Select the stationery you designed (or any other stationery). Any new emails you create in HTML format will adopt that stationery.

By default, all messages will use the font specified in your stationery. But you can modify that to use a different font. Click on the field that says “Use theme’s font” and change the selection to “Always use my fonts.”

You can now change the font for new email messages as well as replies and forwarded messages by clicking on the Font button for each of those two types of messages. You can also choose a different font color for replies and forwarded messages and for plain text messages.