![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
VirtualBox: Answers to frequent reader questions
In this issue
- TOP STORY: VirtualBox: Answers to frequent reader questions
- LANGALIST PLUS: Managing multiple Windows system images
- PATCH WATCH: Closing out 2015 with a bulky batch of patches
- LOUNGE LIFE: The virtues of other people's experience
- FIELD NOTES: Taking a free VPN service for a drive
- WACKY WEB WEEK: Good taste not required to attract tourists
VirtualBox: Answers to frequent reader questions
Although Oracle’s free, open-source, virtual-PC application is a great way to safely test drive a new operating system or to keep an old OS alive, some of its complexities can be baffling.
Here are answers to some of the most common questions readers have sent in about setting up and using VirtualBox.
First, a quick refresher on virtual PCs
Simply put, virtual PCs (aka VPCs or virtual machines) are complete computing systems — hardware, OS, and apps — that are emulated entirely in software. For standalone applications (versus server setups), a VPC runs as a desktop application on a host system — typically a standard PC. VPC software often supports various versions of OSes; for example, VirtualBox lists support for Windows, Linux, Solaris, Apple’s OS X, and others.
Unlike a dual-boot system, a VPC lets you run two or more operating systems at the same time (shown in Figure 1) — and switch between them with just a click of the mouse. You can even set up shared folders and clipboards between the virtual and host systems.

Figure 1. Here, a fully functional Win7 (foreground) is running on an emulated PC — which in turn is running as an app on a physical Win10 machine.
VPCs isolate the OS and apps running inside them; by default, The VPC’s software runs just as if it were installed on a separate, real, physical PC.
By default, the VPC software isolates (sandboxes) the guest OS and its apps from the host system. In fact, the guest system is unaware that it’s running on an emulated PC. More important, whatever goes on inside the VPC is unlikely to have any effect on host-PC operations. For example, if the VPC-based OS crashes, the host system is typically fully protected and carries on without missing a beat.
VPCs have two major uses: One is to run an older OS and its apps inside a newer — often more secure — OS. This lets you continue to use software that might be obsolete or otherwise incompatible with current technology. For example, many Win7 users employ VPCs to continue running XP; or they use a virtual machine to run XP, Vista, and/or Win7 on a Win10 system (again, see Figure 1).
On the flip side, VPCs are ideal for testing operating systems and apps that might not be ready for prime time — or that need to be evaluated before you install them on your main system or systems.
Windows Secrets has featured several articles on using a VPC to safely test-drive and experiment with Android, Win8, and Win10, all without risking your primary machine. See, for example:
- “How to run Google’s Android OS on a Windows PC” – March 13, 2014, Top Story
- “Step by step: How to safely test-drive Win8” – March 14, 2012, Top Story
- “How to safely test-drive Win10 — step by step” – Oct. 16, 2014, Top Story
Those articles are all based on Oracle’s VirtualBox (site) VPC application. There are, of course, alternative VPCs, but VirtualBox is open-source and completely free. And unlike Microsoft’s free Hyper-V (info), VirtualBox runs on all current versions of Windows — even older releases and Home editions.
VirtualBox’s documentation is excellent, but getting answers to apparently simple questions can be daunting. Although Oracle provides significant help, much of the information (site) has been created by volunteers — many of whom are not technical writers.
That’s the overview. In the rest of this article, I’ll distill and answer several of the most common questions Windows Secrets readers have sent in about VirtualBox.
What are Guest Additions and Extension Packs?
Perhaps the two most puzzling aspects of VirtualBox are “Guest Additions” and “Extension Packs.” Many readers ask: “Do I need them?”
The confusion is understandable; a VirtualBox installation might comprise one, two, or three major components, in different combinations. These components include:
- VirtualBox platform package: This software contains the essential parts required for setting up and running bare-bones, generic, virtual machines on Windows, OS X, Linux, and other host operating systems.
The open-source, platform-package files are available for free on the VirtualBox.org download page.
As of this writing, to run VirtualBox on a Windows host PC, you’d click the platform-package link VirtualBox 5.0.10 for Windows hosts – x86/amd64. (VirtualBox is regularly updated, so you might see a higher version number.)
- Guest Additions: These optional, open-source files provide numerous — and important — added functions that take VirtualBox VPCs beyond the basics. Guest Additions add features such as better video support (via custom, virtual video drivers), seamless mouse integration between the guest and host operating system, bidirectional clipboard support (to allow cutting and pasting between the host and guest OS), shared folders (a folder on the host PC can be accessed by one or more VPCs for easy file-sharing), and more.
For a complete list of what’s available in the Windows Guest Addition packages, see section 4.2.1 of the online VirtualBox manual, “Guest Additions for Windows.”
The Guest Additions files aren’t downloaded separately; they’re bundled into the VirtualBox platform package download. However, Guest Additions are not automatically installed; they’re inserted into the guest system as a virtual CD (see Figure 2) and must be manually installed on each VPC.
Figure 2. The VirtualBox Guest Additions are inserted into each virtual machine via the VPC options menus
For step-by-step instructions on installing Guest Additions, see section 4.2.1 of the online manual, “Guest Additions for Windows.”
I highly recommend installing the Guest additions on all Windows VPCs. (Note: If you update to a newer version of VirtualBox, you should reinstall the Guest Additions.)
- Extension Packs: These files add advanced support for USB 2.0 and USB 3.0 devices, network booting, and several other functions. (For a full list, see section 1.5 of the VirtualBox online manual, “Installing VirtualBox and extension packs.”
Extension Packs require a separate download from the VirtualBox.org download page. The current version is VirtualBox 5.0.10 Oracle VM VirtualBox Extension Pack. When the download is complete, double-click the file and it will automatically add the Extensions to the core Platform package.
Note: Extension Packs are not open-source files. However, Oracle provides them for free, under terms of the VirtualBox Personal Use and Evaluation License (info), which covers private/personal/academic use and product evaluation. If you’re planning to deploy Extension Packs in a commercial or enterprise setting, see Oracle’s Licensing FAQ for more information.
Unless the licensing is a problem, I recommend installing Extension Packs. (If you update the core VirtualBox software, check whether there’s a new Extension Pack. VirtualBox works best if all components are current.)
Issues with virtual hard-drive sizing
Here’s another common question is something like this: “What’s the right size for the virtual hard drives used by VPCs? I don’t want to give up too much space from my real OS and apps.”
VirtualBox, by default, creates virtual hard drives that use dynamic space allocation. It’s important to remember that the amount of disk space you specify when you first set up a virtual PC is the virtual drive’s maximum size. The actual space a virtual drive starts out using will typically be much smaller — only as large as it needs to be. It will then grow until it reaches the assigned maximum size.
In other words, regardless of a virtual drive’s size setting, it’ll consume only the amount of host drive space it currently needs.
For example, a clean, new, freshly created Win10 Pro-64 virtual machine with no additional software loaded, requires roughly 25GB of real disk space. Say you set the VPC’s virtual disk to 32GB (the amount VirtualBox suggests for Win10), the initial disk will still occupy only about 25GB of actual disk space on the host system. Then, as you use the new VPC — adding software, updates, and user files — the disk space will naturally grow until you reach the ceiling you initially set: 32GB, 50GB, 100GB, or whatever).

Figure 3. By default, a VirtualBox virtual disk uses only the space needed — and grows no larger than the ceiling you set.
So, it really doesn’t hurt anything to set an initial virtual-disk size to some number greater than you think you’ll need. Again, the VPC won’t occupy the assigned disk space until and unless it’s actually needed.
But remember: A VPC drive cannot grow beyond its assigned size. For example, a 32GB disk for a Win10/64 VPC is perfectly fine for basic OS testing and evaluation. But if you intend to fully populate your VPC with an Office suite, other add-on software and utilities, copies of your user files, and so on, then 32GB may not be enough — you’ll run out of room. And if you’re approaching the virtual-drive’s ceiling, you might run into problems with Win10 upgrades.
Resizing virtual drives — after the fact
The confusion about virtual-drive size leads many users to set the initial drive size too low, which then brings up this common question: “I’ve run out of space on my VPC’s virtual hard drive. How can I make it larger?”
There are three options:
- Use the VirtualBox Manager command line: This technique is a bit geeky, but it’s relatively quick, and it works.
To start, shut down the VPC and open a command window on the host system. Navigate to the VirtualBox program folder (typically, Program Files\Oracle\VirtualBox) and enter the following command:
VBoxManage modifyhd [full path&name of target hard drive file] –resize [new size in MB]
Next, restart the VPC and use either Windows’ built-in disk manager or the third-party partition manager of your choice to expand the VPC’s primary disk partition to fill the newly created space.
For more information, see “How to resize a Virtual Drive” (VirtualBox Forums), “How To Enlarge a Virtual Machine’s Disk in VirtualBox or VMware” (How-To Geek article), or “How to increase VirtualBox disk size in 9 easy steps” (Hajuria’s Blog).
- Transfer the Windows setup to a larger VPC: For this technique, you use disk imaging or a full-system backup. The process is less technically challenging, but takes much longer.
Make a system image or backup of the too-small VPC and store the files in a safe location, off the VPC. Shut down the VPC and delete it from the VirtualBox management console. When asked, also delete all files associated with the old VPC.
Now create a new VPC with the disk size of your choice. Restore the disk image or backup to the new, empty VPC. Most restoration tools will let you restore the old image or back up to the new, larger disk. If the tool doesn’t, use a partition manager (Windows’ or a third party’s) to expand the restored image’s partition.
- Re-do everything from scratch: This is the simplest approach, but it’s also by far the most time-consuming. You simply wipe out the current VPC and create a new VPC with a larger drive. You then reinstall the OS and apps — and then restore your user files from backups.
Questions about licensing and Product Keys
No one wants to waste a Windows license, so many readers wonder: “Is a VPC a legitimate way to test Windows without buying new licenses? If I install Win10 on a virtual machine, will this prevent me from using the ‘free’ Win10 upgrade on my real PC later?”
A VPC test setup is completely legitimate, and it won’t affect a later, for-real, upgrade.
All current Windows versions allow for test installations. You simply skip the screen where you’re asked to provide a product key; you can also ignore the nags to activate. Windows will operate normally — though perhaps with some additional nag screens or limits on nonessential functions — for a month or more (the grace period varies by version and edition).
But in all cases, the core OS will be fully functional, and you’ll have enough time to get a feel for how the test version works — and to see whether it suits your needs.
When your test is done and you’re ready to move to the next version of Windows, just wipe out the VPC and upgrade the real, physical PC in the normal manner.
Other VirtualBox questions and concerns
Again, the VirtualBox online documentation (site) can be unwieldy — and parts of it aren’t written with the utmost clarity — but it should answer most of your questions. Use the search option to zero in on the topic you’re researching. If needed, try different and varied keywords to conduct your search in different ways.
The VirtualBox online Community offers a wiki, chat, mailing list, and other functions that also can help answer your questions.
And finally, a general Web search with any of the major search engines can help answer almost anything. Use the term virtualbox plus the specific item you’re asking about; for example, “virtualbox hard drive resize,” “virtualbox memory allocation,” “virtualbox shared folders,” and so on.
Once you get the hang of VirtualBox, I’ll bet you’ll find it an invaluable addition to your software toolbox!
Further reading on use and troubleshooting
VirtualBox is a complex platform for running and maintaining virtual machines. Here are some valuable resources from past LangaList Plus columns (paid content):
- “Solving problems with VirtualBox virtual PCs” (Oct. 23, 2014)
- “Two ways to make ‘self-healing’ Windows setups” (April 22, 2010)
- “Virtual PC install kills host PC’s networking” (May 14, 2015)
Managing multiple Windows system images
By default, Windows’ built-in imaging tool keeps only the most recent copy; it overwrites — deletes — older images. Here’s how to keep multiple copies.
Plus: What really needs to be backed up before a Win10 upgrade? And why some software requires very frequent updates.
A workaround for one-at-a-time system images
Reader John K. Radcliffe wants to store multiple system images on the same external hard drive — something the built-in Windows tool is not set up to do.
He’s developed his own method for storing multiple images, from several different PCs, on the same drive. But he wonders whether his method will actually work if and when he needs to do a restore.
- “Hi Fred! You wrote an article on Win7 backups, “Build a complete Windows 7 safety net”
[May 12, 2011, Top Story], but I have questions about storing multiple image files.“I use an external drive. When I run an image backup, it creates a folder on the drive called WindowsImageBackup. But when I create a new image to the same drive, Windows wants to overwrite the previous backup.
“Currently, I run the Windows imaging tool; then, once the WindowsImageBackup folder is created in the root of the external drive, I create an empty folder with the date and name of the computer I just backed up. Next, I move the WindowsImageBackup folder into the dated folder.
“I have not verified this, but my thought on running a restore is to move one of the dated backup folders back to the root of the external drive; I then access it with an emergency recovery disk.
“This should let me safely store separate, multiple images from different computers.
“Please let me know whether you think it’ll work. I haven’t tried a restore yet!”
John, your description of the problem — and your solution — are both exactly right.
The Windows System Backup tool is indeed designed to store only one copy of an image at a time; older images are automatically overwritten with newer ones.
That limitation dates back to 2007 (the imaging tool first shipped with Vista) when hard drives were a fraction of their size today. System images can be quite large, so Microsoft decided that its imaging tool would conserve disk space by storing only the most recent copy.
Your method of manually moving — or the alternative of renaming older images — works perfectly. It lets you build a library of images for one or more PCs. You can store as many images as you like; the only limitation is disk space.
So well done, John, you’re doing it right!
(For Microsoft’s official take on this, see “Keeping different versions of system images,” on the Microsoft help page, “Back up your programs, system settings, and files.”)
What must be backed up before a Win10 upgrade?
John Hopkins is feeling pressure to upgrade his Win7 system, but he’s also wondering about the reliability of the upgrade process.
- “Microsoft’s ‘Free for a limited time’ popup is nagging me daily on my laptop and desktop, and I don’t want to miss the free upgrade.
“What should I back up before upgrading from Win7 to Windows 10: the Windows folder only, everything on the hard drive, or something in between?”
First and foremost, don’t let Microsoft (or anyone else) pressure you into upgrading before you’re ready. Keep in mind that, currently, the free upgrade offer doesn’t expire until July 29, 2016 — you have plenty of time to make your move.
That said, the actual upgrade process is typically quite reliable. And it usually preserves your Win7 files and settings properly. In fact, if you don’t like Win10, you can revert back to Win7, restoring your complete, pre-upgrade setup, with just a few clicks.
Note, however, that you have only one month to use the automated reversion option, once you’ve completing the Win10 upgrade. If you wish to revert to Win7 after that, you’ll need to restore it from a full system image or backup, created prior to the Win10 upgrade.
Most important, not all upgrades and updates go perfectly. Stuff happens! So to protect yourself and your setup, you should, at a minimum, back up your important user files. Ideally, you’ll preserve your entire Win7 setup with a complete system image or backup. That way, no matter what happens, you’ll be able to restore your current, working setup.
For a complete, five-step process that should help ensure that an upgrade goes smoothly, safely, and with complete roll-back options, see the July 2, 2015, LangaList Plus column, “Prepping a Win7 PC for the Win10 upgrade.”
Why do some tools have so many updates?
Paul Brundage is bothered by too-frequent software updates — at least, that’s how it seems to him. He wonders whether every new version is really needed.
- “I’m often notified — at least monthly, and sometimes more often — that utilities such as RoboForm, GoodSync, CCleaner, and others need updating.
“I can understand why virus engines need to constantly update their data files, but I’m puzzled why these utilities have so many updates.
“How beneficial is it to the user to update these apps every time there’s a new version?”
There are two major types of software updates, based largely on whether you’re using free or paid-for software. Both types have at least occasional updates that include various bug fixes and enhancements.
You can usually pick and choose which of these updates to install. The easiest way to see what’s in a new version is to check the software publisher’s website; changes are usually listed under headings such as version history, product news, update news, and so on. For example, see RoboForm’s Version News; GoodSync’s Version News; and CCleaner’s Version History.
Take RoboForm as an example. The update to Version 7.9.16 mostly deals with changes in Firefox, Chrome, Windows 10, and high-resolution displays. If you’re not using Firefox, Chrome, Windows 10, or a high-DPI monitor, and if your current setup is working fine, you probably don’t need that update. Feel free to skip it.
On the other hand, when the listed changes do apply to your situation — or if they include major bug fixes, improvements to performance, and/or security patches — then the update is likely to be worth installing.
Free software can be a little different. In addition to rolling out true product improvements, some free-software publishers use frequent updates to pull you back to their websites, where they display ads or try to upsell you to a paid version.
It’s hard to find fault with these marketing tricks; “free” software still costs money to produce and distribute, and publishers need to recover their investment somehow.
So, I have two suggestions for managing updates. First, if you’re bothered by too-frequent updates to free software, consider upgrading to the paid version, which usually eliminates or reduces update nags that are unrelated to actual product enhancements.
Second, for all software (free and paid), check the product’s version history or news releases to see whether the offered upgrade corrects a problem that affects you — or offers an improvement that benefits you. It’s okay to skip any update that doesn’t apply to your situation, setup, or needs.
Closing out 2015 with a bulky batch of patches
All I wanted for Christmas was a light and easy patching month. Unfortunately, thanks to Microsoft, Adobe, and Apple, I’m not getting my wish.
While most of us slog through the usual patching suspects — browser, media, kernel, and .NET vulnerabilities — server admins need to watch for a nasty DNS vulnerability.
MS15-124 (3104002), MS15-126 (3105579)
Another reminder to keep browsers up to date
Here’s a reminder that it’s the end of the line for older versions of Internet Explorer. As I stated in the previous Patch Watch column, Microsoft will cease releasing updates for IE 7 and 8 on Jan. 12, 2016. But it’s a bit more complicated than that; Vista systems will need to be on IE 9 to remain safe and Win7 systems will need to be on IE 10.
In the meantime, KB 3104002, December’s cumulative Internet Explorer update, fixes 30 vulnerabilities. The update is rated critical for all current, workstation releases of IE — including Versions 7 and 8.
Vista and Server 2008 systems will also see KB 3105579, a separate critical patch that fixes vulnerabilities in the Windows VBScript scripting engine. (For all other versions of IE, the VBScript fix is included in KB 3104002.)
Not to be outdone in volume, Adobe’s latest Flash Player update tackles 77 vulnerabilities, according to Adobe’s related bulletin. If you must have Flash installed, ensure that you’re on Version 20.0.0.228 for Internet Explorer and Version 20.0.0.235 on Firefox. (Use the Adobe test page to ensure you’re on the latest version.)
Finally, check that you have the latest version of all installed browsers. For Chrome, Firefox, and IE, click Help/About; Chrome and Firefox should update automatically if they’re on an older release. (You should also check that any browser plugins you have installed are up to date.) For most Windows users, if you’re running any IE version other than 10 or 11, you’ll be putting yourself at risk after Jan. 12.
What to do: Install KB 3104002 (MS15-124) and, if offered, KB 3105579 (MS15-126) as soon as possible.
MS15-125 (3116869, 3116900)
Updating Windows 10 and Windows 10 Version 1511
There are effectively two versions of Windows 10 currently installed on millions of PCs, and they’re on somewhat separate update tracks. For example, Patch Tuesday saw two versions of the Win10 cumulative security update in MS15-125; KB 3116900 is for systems upgraded to Win10 Version 1511 and KB 3116869 is for systems still running the original Win10. Both patches are rated critical.
Note: If you’re concerned about downloading the big Version 1511 update, or you’re simply not ready for it, check out the metered-connection trick described by Woody Leonhard in an InfoWorld article. By setting your system’s Wi-Fi setting to metered, the update won’t install until you make the choice to install it.
For those who support and patch networks, Version 1511 is finally released on Windows Server Update Services. But be sure to install a needed hotfix, noted in a WSUS blog, before attempting to deploy this update. Also note that the WSUS-based Version 1511 not only updates Windows 10, it upgrades Win7 and 8.1 systems, too.
Finally, another reminder that Microsoft will soon put on a stronger push to upgrade Win7 and 8.1 systems. If you simply don’t want Windows 10, the easiest way to block it is download and run GWX Control Panel (site).
What to do: KBs 3116869 and 3116900 (MS15-125) are security fixes; check that Windows Update has installed one or the other. Both require system reboots.
3122947
A Version 1511 fix that needs a fix
Numerous Windows 10 users who upgraded to Version 1511, aka the Fall Update, discovered that their customized settings were reset to the defaults after the upgrade. These settings include Advertising ID, Background Apps, SmartScreen, and Sync with Devices.
KB 3122947 is a nonsecurity patch designed to help restore your preferred settings. But many Win10 Version 1511 users can’t get the update to install. Fortunately, it’s not getting in the way of other, more important, updates. In previous versions of Windows, you would simply hide the update. But you can’t do that in Win10. Woody has posted more on this problematic patch — including steps for getting the update installed. (To do so, you have to dig in deep and run dism commands.)
What to do: There’s no hurry to get KB 3122947 installed. Ensure all your important security updates are installed before tackling the repair noted above. Or wait for a possible fix from Microsoft.
MS15-128, MS15-135
A Windows-graphics update with a long reach
The patches in MS15-128 seem to apply to nearly every part of Windows. It fixes three graphics memory-corruption issues in Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight. The patches protect against exploits using malicious webpage fonts, and all but the patch for Word Viewer are rated critical.
Vista through Win8.1 systems will get a kernel fix in the form of KB 3109094; for Win10, the patch is included in cumulative updates KB 3116869 or KB 3116900. You should also see some combination of the following:
- 3085612 – Office 2010 SP2
- 3085616 – Office 2007 SP3
- 3099860 – .NET Framework 3.0 SP2
- 3099862 – .NET Framework 3.5.1
- 3099863 – .NET Framework 3.5
- 3099864 – .NET Framework 3.5
- 3099866 – .NET Framework 4
- 3099869 – .NET Framework 4.5/4.5.1/4.5.2
- 3099874 – .NET Framework 4.6
- 3106614 – Silverlight
- 3114351 – Skype 2013
- 3114372 – Skype 2016
- 3114478 – Word Viewer
- 3115871 – Skype 2010
What to do: Install any of the above updates in MS15-128 when offered — except the kernel fix, KB 3109094. (Oddly, this patch is also described in MS Security Bulletin MS15-135.) Leave this kernal update until the end of the month — so we know it won’t be the coal in your patching stocking.
MS15-129 (3106614)
Another must-keep-updated media application
Here’s one update I hope you won’t see. KB 3106614 is a critical patch that blocks remote exploits of a Silverlight vulnerability. Like Flash Player and Java, Silverlight is one of those apps that should be kept off your system — unless you absolutely need it. And if it is required by a media application, you really want to keep it up to date.
What to do: Either install KB 3106614 (MS15-129) or remove Silverlight from your system — and decline any future offers for this app.
MS15-130 (31086700)
Keeping Windows 7 safe from bogus fonts
Nearly all of this month’s patches are designed to protect us from malicious websites and content. KB 3108670 blocks possible infections from malicious Uniscribe fonts.
According to a Microsoft glossary, Uniscribe is “a set of APIs that allow a high degree of control for fine typography and for processing complex scripts. Both complex scripts and simple scripts with fine typography effects require special processing to display and edit because the characters (‘glyphs’) are not laid out in a simple way.”
The update is rated critical, but applies only to Windows 7 and Server 2008 R2.
What to do: Install KB 3108670 (MS15-130) when offered.
MS15-131
A modest number of security fixes for Office
The updates in MS15-131 fix six vulnerabilities in Office, five of them for a memory-corruption flaw. Merely opening a malicious Office file could let a cyber thief take control of your system (aka remote-code execution) — especially if you’re running an admin-level account at the time of attack.
- 3085528 – Office 2010 SP2
- 3085549 – Office 2007 SP3
- 3101532 – Word 2010 SP2
- 3114382 – Word 2016
- 3114403 – Office 2010 SP2
- 3114415 – Excel 2010 SP2
- 3114422 – Excel 2007 SP3
- 3114431 – Office Compatibility Pack SP3
- 3114433 – Excel Viewer
- 3114457 – Office Compatibility Pack SP3
- 3114458 – Word 2007 SP3
To other patches, KB 3119517 for Office for Mac 2011 and KB 3119518 for Office 2016 for Mac are still not released as of this writing. They should appear soon.
What to do: Install any of the above patches in MS15-131 if and when offered.
MS15-132 (3116162)
Attacking Windows systems via bogus DLLs
Another flaw in Windows could let a hacker trick the OS into loading a malicious DLL. KB 3116162 changes Windows’ input validation. Because exploiting this vulnerability requires direct access to the target system, the patch is rate just important.
A Google Security Research post discusses this vulnerability in detail. The upshot: A hacker can plant a malicious DLL and take control of a system.
What to do: Install KB 3116162 (MS15-132).
MS15-133 (3116130)
Patching a problematic Pragmatic protocol
Pragmatic General Multicasting is a networking system for delivering data to multiple recipients simultaneously (Wikipedia info). It’s commonly used on internal, corporate networks.
KB 3116130 is a Windows fix that prevents a hacker from running malicious code to create a race condition that targets open memory locations. That could then give the attacker elevated privileges on a local system. For the exploit to work, both Microsoft Message Queuing (MSMQ) and the Windows Pragmatic General Multicast (PGM) protocol must be installed and enabled. However on most systems, these two features aren’t installed or are disabled by default.
Because the attacker must have direct access to a target system, this patch is rated merely important. Nevertheless, there’s a possibility it could be combined with other exploits.
What to do: As a defensive-in-depth measure, install KB 3116130 (MS15-133).
MS15-134 (3108669)
Accessing user data through Windows Media Center
Possibly our final 2015 desktop-security patch, KB 3108669 fixes a flaw in Windows Media Center. By opening a malicious MC link file, an attacker could take remote control of a PC. However, like most of today’s exploits, this one requires help from the PC’s users — either by browsing to a malicious website or by opening an email-based link. Windows Media Center must also be set up and running.
Rated important, the patch affects Vista, Win7, and Win8.x systems.
What to do: Install KB 3108669 (MS15-134) when offered.
MS15-127 (3100465)
A critical fix for Windows-based DNS servers
KB 3100465 is important only to admins who run publicly exposed Domain Name System (DNS) servers — typically used by large firms. But a flaw in Windows could give hackers access to a DNS server via malicious server requests. The attack could then lead to remote-code execution.
The update is rated critical for all current Windows Server versions (2008 through 2012 R2); it changes the way Windows DNS servers handle requests.
What to do: Install KB 3100465 (MS15-127) after testing.
A nonsecurity patch causes problems with Outlook
There’s good reason to hold back on nonsecurity updates. It simplifies the installation of security updates, and it gives us time to get reports on flawed patches. Two December patches are cases in point.
As noted in a Windows Secrets Lounge thread, update KB 3114409 can causes Outlook to open only in safe mode; uninstalling the update puts Outlook back to normal. That’s ironic because one of the elements of the patch was to add admin control over the ability to boot Outlook in safe mode. Microsoft has now pulled the patch from Windows Update, but expect it to be reissued at a later date.
Moreover, KB 3102429 might cause problems with custom applications that interact with Crystal Reports, as noted in a Microsoft Communities thread. This update is designed to add Azerbaijani Manat and Georgian Lari currency symbols to Windows.
Also, a note on Office 2016 updates: This newest release of Office is getting quite a few updates. But the retail versions are sold and deployed as Click-to-Run editions or via Office 365. You won’t see individual updates for either version. (Only volume-license customers can now purchase Office with traditional, individual patches.)
With that said, I’ll call out only problem Office 2016 updates — and not review the 26 patches released in December (listed in MS Support article 3121650). Note that Click-to-Run updates are detailed on the TechNet Branch release page.
The rest of December’s nonsecurity updates include:
Vista, Win7 and Win8.x
- 3112343 – Windows Update Client improvements (Win10 upgrade helper)
- 3112148 – Vista/Win7/8.x; cumulative time-zone update
Office 2007/2010
- 2760779 – Outlook 2010; error when using Play on Phone feature
- 3085605 – Office 2010; unknown
- 3114399 – Office 2010; crashes with Information Rights Management and SharePoint access
- 3114404 – Office 2010; formatting issues with Excel-to-Access exports
- 3114412 – Outlook 2010 junk-mail filter
- 3114409 – Outlook 2010; adds admin support plus other fixes
- 3114427 – Office 2007 junk-mail filter
Office 2013
- 3023068 – Office; Office-app support for SharePoint trusted URLs
- 3085482 – Office; errors when synching files with OneDrive
- 3085570 – Office; error on query refreshes
- 3085578 – Office; errors when synching files with OneDrive
- 3114332 – PowerPoint; file corruption on save with new transition
- 3114333 – Office; various fixes and enhancements
- 3114346 – Office; crashes with custom add-ins
- 3114349 – Outlook; numerous fixes
- 3114350 – Outlook junk-mail filter
- 3114354 – Excel; username display flaw, error on refresh, slow filtering
- 3114357 – Access; calculation failures, SQL query issues
- 3114358 – Office; errors when synching files with OneDrive
- 3114366 – Project; numerous fixes
Other updates
- 3039696 – SharePoint Foundation 2013; support for apps adding trusted URLs
- 3039776 – Skype for Business 2015; general update
- 3114331 – SharePoint 2013; support for apps adding trusted URLs
- 3114334 – SharePoint 2013; numerous fixes
- 3114336 – Visio; wrong color patterns with SVG images
- 3114339 – SharePoint Foundation 2013, cumulative update
- 3114341 – Project Server 2013; cumulative update
- 3114345 – SharePoint 2013; cumulative update
- 3114352 – SharePoint Foundation 2013; numerous fixes
- 3114360 – Project Server 2013; various fixes
- 3114363 – SharePoint Foundation 2013; JavaScript error on folder selection
- 3114364 – OneDrive for Business; files deleted during SharePoint synching
- 3114405 – Project Server 2010; cumulative update
- 3114408 – SharePoint Server 2010; cumulative update
- 3114411 – SharePoint Server 2010; duplications and display issues with Manage Content and Structure
- 3114418 – SharePoint Foundation 2010; unknown
- 3114419 – Project 2010; XML files and new projects open slowly
What to do: Wait a couple of weeks before pouring a strong eggnog and installing these nonsecurity updates.
Regularly updated problem-patch chart
This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.
For Microsoft’s list of recently released patches, go to the MS Security TechCenter page.
Patch | Released | Description | Status |
---|---|---|---|
3109094 | 12-08 | Kernel-mode driver. | Wait |
3081320 | 11-10 | Windows Schannel | Install |
3092601 | 11-10 | Windows Winsock | Install |
3097877 | 11-10 | Kernel and Adobe Type Manager; also KB 3101746 | Install |
3100213 | 11-10 | Windows Journal | Install |
3100773 | 11-10 | IE cumulative update | Install |
3101246 | 11-10 | Windows Kerberos | Install |
3101722 | 11-10 | Windows Network Driver Interface Specification | Install |
3102939 | 11-10 | Windows IPSec | Install |
3104507 | 11-10 | .NET Framework; see MS15-118 for complete list | Install |
3104540 | 11-10 | MS Office; see MS15-116 for complete list | Install |
3105213 | 11-10 | MS Edge cumulative update | NA |
3105872 | 11-10 | Lync/Skype for Business; see MS15-123 for complete list | Install |
3100465 | 12-08 | Windows DNS | Install |
3104002 | 12-08 | Cumulative IE update | Install |
3104503 | 12-08 | Graphics Component; see MS15-128 for full list; wait on KB 3109094 | Install |
3105579 | 12-08 | JScript and VBScript; Vista and Server 2008 | Install |
3106614 | 12-08 | Silverlight 5 | Install |
3108371 | 12-08 | Windows; also KB 3108381 | Install |
3108669 | 12-08 | Windows Media Center | Install |
3108670 | 12-08 | MS Uniscribe; Win7 and Server 2008 R2 | Install |
3109103 | 12-08 | Windows PGM | Install |
3116111 | 12-08 | MS Office; see MS15-131 for complete list | Install |
3116869 | 12-08 | Edge | NA |
Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.
The virtues of other people's experience
When Lounge member wavy decided to mend his “fast and easy” photo-management style, he began searching for a good duplicate-photo finder.
Before long, he was requesting recommendations in the Graphics/Multimedia forum.
Products abound, but do they accomplish what you need, and are they safe to use? You might want to tune in to see the relevant information Loungers offered from their experience.
The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:
starred posts: particularly useful
If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.
If you’re already registered, you can jump right into today’s discussions in the Lounge.
Taking a free VPN service for a drive
Recently, a Windows Secrets reader wrote in asking about a particular, free, virtual private network service.
Betternet is a classic example of the limitations of “free.”
Tracking your network IP address is one way online companies and services follow you on the Net. Virtual private networking (VPN) applications are a common privacy tool for hiding your address. They’re ideal for adding an additional layer of security when you’re on public Wi-Fi. When you’re connected to a VPN server, the rest of the Net sees only a temporary address for your system.
There are many VPN services to choose from. In his April 2 On Security story, “How to safely and securely use public Wi-Fi,” Lincoln Spector talks about CyberGhost (site), which has been around for a while and offers both free and paid versions.
Betternet (site) appears to be a new service. It claims that it’ll always offer unlimited VPN for private websurfing and for unblocking sites such as Netflix. (Some companies block media sites on their worksystems.) Oddly, the company has recently added a premium service that apparently costs U.S. $30 per year — although I could not find any place on the Betternet site to sign up for a paid account.
How does the company support itself? By advertising third-party applications. At first, I worried that this meant potentially unwanted programs that are foisted on you when Betternet installs. Fortunately, that appears to not be the case. But I also didn’t see ads on the Windows-based Betternet app. Perhaps they’ll show up eventually.
Betternet comes in several editions: again, a Windows app that you install like any other Win software, but also you can chose among editions for OS X, iOS, Android, Chrome, and Firefox. On Windows, installation is fairly standard. Along with the Betternet software, the process also installs OpenVPN and TAP-Windows — two open-source utilities for handing VPN services.

Figure 1. The Windows version of Betternet has an extremely simple control panel for enabling and disabling a VPN.
Setting up a VPN service is easy; you simply open the app and click the big Connect button. On my Win7 system, the connection took just a few seconds. But on Win10 Version 1511, it took about three times as long.
In fact, Betternet doesn’t seem ready for Win10, although the company’s site says it is. On my system, the disconnect function would start, pause for a while, and then try to restart the service. (Timely clicking of the Cancel button completed the disconnect.)
Once connected, Betternet works in the background. Using the WhatIsMyIP site, I checked my IP address with VPN turned off and then turned on — and they were different.
One knock on free VPNs is Internet speed, and this is where “free” shows its limitations. Using OOKLA’s Speedtest (site)
my download speed dropped from 9.92 megabits per second (Mbps) to just .60Mbps. Ping and upload speeds were equally affected.
Bottom line: Betternet is simple and easy, but I would not use it for any heavy Internet use. At this point, I’d say it’s fine for private browsing on the Web. Perhaps the service will get faster over time, but I’m unlikely to pay for a service that might not be around a year from now.
Good taste not required to attract tourists
![]() |
In mid-November, nearly two tons of used chewing gum came off the walls of a theater and other buildings in Seattle’s Post Alley, in the famous Pike Place Market. The Gum Wall had been for 20 years a surprise hit with tourists. Patrons of Unexpected Productions shows at the Market Theater started the gum wall by using chewed gum as glue for coins on the wall next to the Box Office — clearly another amazing thing that people will do with their money. The coins didn’t stay put, but the gum did — until very recently, as you can see in this video. Market merchants decided that they preferred that the brick walls of their buildings stay up, so the weighty gum had to come down. Click below or go to the original YouTube video. |
Post your thoughts about this story in the WS Columns forum. |
Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.
Your email subscription:
- Subscription help: customersupport@askwoody.com
Copyright © 2025 AskWoody LLC, All rights reserved.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Help with WD usb driver on Windows 11
by
Tex265
11 minutes ago -
hibernate activation
by
e_belmont
3 hours, 2 minutes ago -
Red Hat Enterprise Linux 10 with AI assistant
by
Alex5723
6 hours, 49 minutes ago -
Windows 11 Insider Preview build 26200.5603 released to DEV
by
joep517
9 hours, 54 minutes ago -
Windows 11 Insider Preview build 26120.4151 (24H2) released to BETA
by
joep517
9 hours, 56 minutes ago -
Fixing Windows 24H2 failed KB5058411 install
by
Alex5723
13 hours, 6 minutes ago -
Out of band for Windows 10
by
Susan Bradley
14 hours, 39 minutes ago -
Giving UniGetUi a test run.
by
RetiredGeek
21 hours, 36 minutes ago -
Windows 11 Insider Preview Build 26100.4188 (24H2) released to Release Preview
by
joep517
1 day, 5 hours ago -
Microsoft is now putting quantum encryption in Windows builds
by
Alex5723
1 day, 3 hours ago -
Auto Time Zone Adjustment
by
wadeer
1 day, 9 hours ago -
To download Win 11 Pro 23H2 ISO.
by
Eddieloh
1 day, 7 hours ago -
Manage your browsing experience with Edge
by
Mary Branscombe
11 hours, 58 minutes ago -
Fewer vulnerabilities, larger updates
by
Susan Bradley
24 minutes ago -
Hobbies — There’s free software for that!
by
Deanna McElveen
6 hours, 48 minutes ago -
Apps included with macOS
by
Will Fastie
4 hours, 40 minutes ago -
Xfinity home internet
by
MrJimPhelps
1 hour, 27 minutes ago -
Convert PowerPoint presentation to Impress
by
RetiredGeek
1 day, 2 hours ago -
Debian 12.11 released
by
Alex5723
2 days, 6 hours ago -
Microsoft: Troubleshoot problems updating Windows
by
Alex5723
2 days, 10 hours ago -
Woman Files for Divorce After ChatGPT “Reads” Husband’s Coffee Cup
by
Alex5723
1 day, 13 hours ago -
Moving fwd, Win 11 Pro,, which is best? Lenovo refurb
by
Deo
1 minute ago -
DBOS Advanced Network Analysis
by
Kathy Stevens
3 days, 3 hours ago -
Microsoft Edge Launching Automatically?
by
healeyinpa
2 days, 17 hours ago -
Google Chrome to block admin-level browser launches for better security
by
Alex5723
15 hours, 34 minutes ago -
iPhone SE2 Stolen Device Protection
by
Rick Corbett
2 days, 22 hours ago -
Some advice for managing my wireless internet gateway
by
LHiggins
2 days, 5 hours ago -
NO POWER IN KEYBOARD OR MOUSE
by
HE48AEEXX77WEN4Edbtm
1 day, 7 hours ago -
A CVE-MITRE-CISA-CNA Extravaganza
by
Nibbled To Death By Ducks
3 days, 15 hours ago -
Sometimes I wonder about these bots
by
Susan Bradley
1 day, 3 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.