November 2019 Office non-Security updates are available

The November 2019 non-Security Office updates have been released Tuesday, November 5, 2019. They are not included in any DEFCON-4 approval for the October 2019 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

Remember, Susan’s patching sequence and  recommendations are based on a business environment that has IT support and may have time constraints on the updating process. Consumer patching should be more cautious due to limited technical and mechanical resources. The latter is the reason for the AskWoody DEFCON system.

Office 2016
Update for Microsoft Access 2016 (KB4475539)
Update for Microsoft Office 2016 (KB4484138)
Update for Microsoft Office 2016 (KB4484137)
Update for Microsoft Office 2016 (KB4475588)
Update for Microsoft Office 2016 (KB4475552)
Update for Microsoft Office 2016 (KB4484145)
Update for Microsoft Outlook 2016 (KB4484139)
Update for Microsoft PowerPoint 2016 (KB4484134)
Update for Microsoft Word 2016 (KB4484135)

There were no non-security listings for Office 2007 (which is out of support), Office 2010, or Office 2013.

Updates are for the .msi version (persistent). Office 365 and C2R are not included.

Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

Firefox users don’t be fooled: The “Contact Windows support” message is fake.

Scary.

Dan Goodin at Ars Technica takes a shovel to this message, now appearing in Firefox:

Apparently the message appears as the result of a bug in Firefox and it appears if you venture onto an infected site — you don’t have to lift a finger..

The attack works on both Windows and Mac versions of the open source browser. The only way to close the window is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS.

Looks like the Firefox folks are working on a fix.

Thx CA…

Microsoft just slipped in a bug fix for the new PowerToys – version 0.13 now available

I skipped the wave of announcements about the bulk-file-renaming app in the nostalgically named – but still underwhelming – collection of Microsoft utilities called PowerToys. There’s an official description of version 0.12 here.

The old XP-era PowerToys were great. But this is the new show.

Anyway, it seems that the bulk-file-renaming app, called PowerRename, had some significant bugs. And it looks like the snap-to-any-location app called FancyZone had other bugs, which were fixed about a week ago.

Being the occasionally gullible soul that I am, I went through the usual process to install:

Step 1. Over on GitHub, click PowerToysSetup.msi to download it

Step 2. Run the MSI file to step through the Setup Wizard, which is relatively painless.  I personally chose to NOT run the program(s) on startup.

Step 3. Reboot.

My first attempt was to prepend the text “Test” to a bunch of files that I’ve selected (in File Explorer, select the files, right-click and choose PowerRename). Ends up I didn’t have the right syntax:

See how the “Rename” button is grayed out? So I went through the documentation and decided that I needed to use a different syntax involving the “%1” match key:

That didn’t work either. (Again, Rename is grayed out.)

So I uninstalled the app. There are much better and more capable (albeit harder to understand) and simpler but predictable third party bulk renaming utilities out there….

Surface Pro X review embargo just lapsed

If you look around, you’ll see a flood of reviews of the Surface Pro X, which apparently went off embargo around 10 pm Redmond time. That’s how the hardware review business works: Publications line up to get free first-run machines, promising to hold off on reviews until a specific date and time. Looks like the alarm just went off.

Of course, Microsoft doesn’t send me review units. (You thought otherwise?) So I just read the reviews like anybody else. Of course, given the Surface support history and the fact that it’s an ARM-based machine with all the compatibility headaches that implies, I would never buy one. But still it’s cute seeing Microsoft’s response to the iPad.

Part of a natural ARM progression: Windows RT was a joke. Surface RT died a horrible death. Windows 10 in S Mode was an embarrassment. Now Surface Pro X. The review practically writes itself — although Microsoft will assure you ten ways from Tuesday that the Surface Pro X is better and different because it’ll run Windows desktop apps.

Yep. Pull the other finger.

Dieter Born at The Verge: MICROSOFT SURFACE PRO X REVIEW: HEARTBREAKER

Brad Sams at Petri: Surface Pro X Review: A Classic Look For The New Mobile Worker

Cherlynn Low, Engadget: Surface Pro X review: Gorgeous hardware marred by buggy software

Sam Rutherford for Gizmodo: Microsoft’s Surface Pro X Goes Full Batman

Dan Ackerman at CNet: Surface Pro X review: A Surface evolution, but the software hasn’t caught up yet

Jacob Krol, CNN: Microsoft’s Surface Pro X is for many, but not everyone yet

And on and on…

Just in case you were wondering, yes, absolutely, Microsoft vets their reviewers carefully. For example

https://twitter.com/zacbowden/status/1191699134375481345

Malwarebytes gets a full version bump

There’s a new version of Malwarebytes and it seems pretty spiffy.

See the detailed review from Lawrence Abrams at BleepingComputer:

New scanning engine, a new user interface, threat statistics and more. If you wish to upgrade to this new version you will need to download the installer directly from Malwarebytes site… With this release, Malwarebytes considers itself an antivirus replacement and will now register itself with the Windows Security settings as the primary antivirus solution on the computer.

Now available at OlderGeeks.com.

Hey admins: Is SCCM finally dead?

Is #SCCM finally dead? No, but it is rebranded; and I will be doing my best to retire the hashtag. I consider there are 3 parts to this announcement, the first is out. The other 2 key pillars are coming today and tomorrow. https://t.co/eJM8a8TZLl #ConfigMgr #Memcm #Mempowered

— david james (@djammmer) November 4, 2019

Reports of Surface Pro swamping \Temp folder with bogus .evtx files

I don’t have many details at this point, but the most succinct description I can find is on the StackExchange forum, from Sam Axe:

Every few seconds a new .evtx file and a new .txt file appear in c:\windows\temp. Each .evtx file has nearly identical content (except for timestamps), ditto the .txt files.
The .evtx files are roughly 7 MB large and contain almost 3600 events each. As you can imagine, this is filling up the HDD rather quickly. We deleted ~30 GB worth of these files earlier today.

He’s had some luck with this solution:

We were able to resolve this by removing the “Surface” app via powershell:

Get-AppxPackage *surface* | Remove-AppxPackage

Completely removing the “Surface” app and rebooting appears to have solved the issue.

In the same thread, Camile reports that it doesn’t work all the time:

I’ve fixed 2 of these issues today by updating the windows to the latest 1903 build. The removal of the App worked on 1 but didn’t work for the other so just updated both.

The twist: It looks like this problem occurs sporadically on several different kinds of Surface devices and may (or may not) be triggered by a specific Windows update.

Anybody else hitting the problem? Does the Remove-AppxPackage solution work?

Peering into the Windows tea leaves

WOODY’S WINDOWS WATCH

By Woody Leonhard

You can expect some significant changes — existential changes — to Windows in the very near future.

Based on some official announcements and more than a few highly reliable leaks, it looks like Windows is in for a very bumpy ride.

Read the full story in AskWoody Plus Newsletter 16.40.0 (2019-11-04).

More on restoring drivers from local backups

LANGALIST

By Fred Langa

Windows offers an add-driver command, but it doesn’t do what you might think!

Plus: Tracking down the scattered locations and various methods for obtaining official Windows 7, 8.1, and 10 installation files. Also, are there issues with whole-disk encryption?

Read the full story in AskWoody Plus Newsletter 16.40.0 (2019-11-04).

Take charge of Windows 10 and Office 365 updating

WINDOWS PATCHING

By Susan Bradley

Recently, I started the process of migrating Windows Server 2008 R2 and Server 2012 R2 to Server 2019.

Unfortunately, Server 2019 (and 2016) has a problem in common with Windows 10 — limited user/administrator control over when and how the OSes get patched.

Read the full story in AskWoody Plus Newsletter 16.40.0 (2019-11-04).

Freeware Spotlight — Best diagnostic tools

BEST UTILITIES

By Deanna McElveen

After 20 years of troubleshooting and repairing computers, Randy and I have seen many fine and free diagnostics tools come and go.

And while we use many utilities for our work, we rely on a core set almost every day.

Read the full story in AskWoody Plus Newsletter 16.40.0 (2019-11-04).

BlueKeep now being used in attacks – but the sky isn’t falling

Remember BlueKeep – the “wormable” monster infection that was supposed to take over the Windows world?

Two months ago, I warned that there was a working exploit making the rounds.

We finally saw a slightly modified version of that Metasploit exploit used in a for-real infection. Except it isn’t nearly as scary as originally projected, doesn’t operate as a worm, and isn’t exactly taking the world by storm.

Kevin Beaumont found evidence of the infection in some honeypots he set up – but had stopped monitoring.

https://twitter.com/GossiTheDog/status/1190654984553205761

As expected, folks who have either disabled RDP or blocked port 3389 are fine. Still…

Word to the wise: If you haven’t updated your Win7 or Server 2008/Server 2008R2 machine since May, you better get on the stick.

See, there’s a reason why you have to update sooner or later.

Full details from Catalin Cimpanu at ZDNet. Thx GoneToPlaid (who just had a Tesla mode named after him).

UPDATE:

https://twitter.com/GossiTheDog/status/1191148135344693248