Third party updates for February 2016

Rand the Tech Professor has just posted his monthly list of updates to Windows-releated programs many of you use (Chrome, Firefox, Flash Player).

They’re on his site.

MS-DEFCON 3: Time to take your Microsoft update medicine

We’ve had a veritable blizzard of patches so far this month, with several that caused problems, one that was pulled after crashing Office 2013 systems, and a whole bunch that are woefully under-described.

It looks like there’s a lull on the Redmond front, so it’s time to jump in and get patched.

As was the case last month, I’m generally recommending that Vista, Win 7 and 8.1 users install identified Security updates, and that you give all of the rest a wide berth. If you’re running Win10 and have updates backed up (probably with the metered connection trick), it’s time to cross your fingers and get caught up.

The details:

Vista: Start Internet Explorer and verify (Help > About) that you’re running Internet Explorer 9. Apply all outstanding patches, but DON’T CHECK any update boxes that are unchecked. Run the update. If your fonts turn fuzzy, follow the instructions in KB 3037639. Most of all, be very aware of the fact that extended support for Vista ends on April 11, 2017, so you’re going to be facing the piper before too long.

Windows 7: The “Get Windows 10” campaign is back in full force. If you don’t want to upgrade to Win10 right now – there are lots of reasons to hold off – here’s the easy way to get caught up without installing any of the latest dreck.

Step 1. If you haven’t checked recently, crank up Internet Explorer. Don’t use it to go to any sites, but click the gear icon in the upper right corner, choose About Internet Explorer, and verify that you’re on IE 11. If you aren’t yet on IE 11, make sure the box marked “Install new versions automatically” is checked, then click Close. That’s the easiest way to upgrade to IE 11.

I don’t recommend that you use IE. (Hey, Microsoft’s already put it out to pasture; that’s what Edge is all about.) But you need to update it, and keep it patched, because Windows still uses bits and pieces of IE in various places.

Step 2. Run GWX Control Panel and set it to block OS upgrades.

Step 3. Go into Windows Update (Start > Control Panel > System and Security > under Windows Update, click Check for updates). Click the link that says “XX important updates are available” and select only security updates. In other words, check the boxes next to items that say “Security Update” and UNCHECK the boxes next to items that only say “Update.”

Yes, you should check KB 3134214, if it appears in your list, even though it’s a combined security and non-security patch.

Step 4. On the left, click the link that says Optional. Uncheck every box that you see. Yes, I’m saying that if a box is checked, uncheck it.

Step 5. Click OK, then Install updates.

Step 6. Back in Windows Update, on the left, click the link to Change settings. Make sure “Important Updates” is set to “Check for updates but let me choose whether to download and install them,” and uncheck the box next to “Give me recommended updates the same way I receive important ones.”

Step 7. Click OK and reboot.

Step 8. This one’s important. You need to run GWX Control Panel again. That’ll ensure Microsoft didn’t install anything untoward.

Windows 8.1: Follow the instructions for Windows 7, but in Step 3 go into Windows Update by right-clicking on the Start icon and choosing Control Panel.

Windows 10: If you’re using the metered connection trick to block updates, unblock the metered connection long enough to get caught up.

Everybody: Either watch here on AskWoody.com, or follow me on Twitter (@woodyleonhard) or Facebook to keep up on the latest. We’ve seen more than a hundred patches in the past month. It’s a jungle out there. And if you catch something, shoot me email (click on the mail icon in the upper right corner of this page), or post a reply to this blog.

I’m putting us at MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

My usual boilerplate advice:

For those of you who are new to this game, keep in mind that… You should always use Windows Update to install patches; downloading and installing individual patches is a clear sign of impending insanity. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source). If Windows Update has a patch but the box isn’t checked, DON’T CHECK THE BOX. It’s like spitting in the wind. I use Chrome and Firefox, and only pull out IE when I feel very inclined — but even if you don’t use IE, you need to keep up with its patches.

P.S. Yes, you read that right. I now recommend that you Win7 and 8.1 users only install Security Updates. For many months, almost all of the non-security updates Win7 and 8.1 customers have received are specifically designed to push them to Windows 10, or to increase Microsoft’s ability to snoop on Win7 and 8.1 machines. No thanks.

Thanks, as always, to Susan Bradley and her in-depth work in Windows Secrets Newsletter.

Will Microsoft decide which programs you can run on Windows 10?

Great question from reader PC:

Is this real or just more hokum?

Microsoft is now going to decide what programs you can run on Win10?
https://www.yahoo.com/tech/microsoft-goes-war-windows-tune-220632983.html

I can understand malware, but does it stop there?

Already they uninstall Speccy with every update. Is Speccy malware?

I’m sure there is a longer list.

Speccy isn’t malware, but it has had problems working with Win10.

Windows 10 Insider Preview beta build 14271 fixes some problems, makes some changes

Not much to see.

InfoWorld Woody on Windows

Two different versions of KB 3035583 issued on the 23rd and 24th

Ends up there’s a reason why the KB article and the Windows Update site weren’t updated until a day after the new “Get Windows 10” nagware/malware was released.

Big thanks to RD for sending me the timeline:

It turns out that KB3035583 (and SUS/WSUS B894199) weren’t revised until after KB3035583 was pushed to Win7/Win8.1 late on the 23rd/early on the 24th. From Properties section of each KB:

Article ID: 3035583 – Last Review: 02/24/2016 15:20:00 [UTC – i.e., 7:20 AM Pacific] – Revision: 10.0

Article ID: 894199 – Last Review: 02/24/2016 15:23:00 [UTC – i.e., 7:23 AM Pacific] – Revision: 244.0

KB3035583 was offered here at approx. 07:30 UTC on the 24th (i.e., 11:30 PM Pacific on the 23rd).

FWIW a program update which upgrades Microsoft Security Essentials to v4.9.218.0 was also pushed late on the 24th. The dummy KB3140527 is associated with the update (‘dummy’ as in there isn’t a legit KB page, at least not one that’s publicly available).

Day late, dollar short, MS shows KB 3035583 updates on the Windows Update page and refreshed KB article

Nice of them to oblige, almost 24 hours after the fact.

KB 3035583 now mentions

Last Review: 02/24/2016 15:20:00 – Revision: 10.0

(that’s a bounce up from this morning’s 12/15/2015 Revision 7.0)

The Windows Update page now says:

New non-security content:

• Update for Windows 8.1 and Windows 7 (KB3035583)

  Locale: All
  Deployment: Recommended/Automatic Updates
  Classification: Updates, Non-Security
  Supersedes: KB3035583 on Windows 8.1 and Windows 7
  Target platforms: Windows 8.1 and Windows 7
  Approximate file sizes:

  • Windows 8.1 update: ~ 615KB
  • Windows 8.1 x64 update: ~ 826KB
  • Windows 7 x64 update: ~ 821KB
  • Windows 7 update: ~ 612KB

  Description:
  Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

KB article 3035583 – the “Get Windows 10” installer – has just been updated

It now stands at version 10, revised 2/24/2016.

This morning, it was at version 7, revised 12/15/2015

Wonder when/if Microsoft will update the official Windows Update list?

Problems with February Security Updates KB3134814 and KB3135782 and AISuite

Just got this from reader FN:

I installed KB3134814 (cumulative IE 11 security update) and KB3135782 (security update foe Adobe Flash) yesterday on my Windows 8.1 64 bit OS. Upon the required restart for installing the updates, a BIOS utility app triggered an “Access violation at address 00413FDO in module AISuite3.exe). This was a situation I have not previously encountered and the other BIOS utilities would not load successfully. As a little background, AISuite3.exe contains a number of configuration utilities to change BIOS settings for OC the CPU, fan setting optimization, etc. and is generally useful for monitoring MB temperatures and CPU utilization. I have installed version 1.00.56 of the Asustek AISuite3 software which I confirmed is the latest release.

After a few hours of sleuthing, I traced the access violation error to a specific app which is AIcharger plus.exe within the suite that loads from the startup menu. The purpose of AIcharger plus is to enable the battery charging of portable devices, such as smartphones, from USB ports on the motherboard. This program (I believe version 51) caused all sorts of headaches for people when they were trying to upgrade their system from Win 8 to Win 8.1, namely the upgrade would fail to install because of compatibility issues. The only solution was to remove AIcharger at the time if you wanted to perform the upgrade. So there is a history of this app bot playing nice with Win 8.1. After tracing the problem to the source, I “disabled” AIchargerplus in the start menu and the problem is successfully removed as a workaround. All the other BIOS utilities in the AISuite3 began launching and working properly again without any discernible issues. I have yet to make up my mind as to whether I will uninstall the problem app or just go with triage in the startup menu. I do not use my USB ports to charge devices anyway.I am certain that one of the KBs mentioned triggered the issue because they were the only two that I installed and the error first occurred upon the required installation reboot. I am just passing this experience along for purposes of intel for your DEFCON rating for February Windows security patches. I am running an Asus Z87-Pro motherboard with a Core i7 4770K CPU on my desktop system. The AISuite3 is also used with a number of other Asus motherboards and so it is not inconceivable that others may encounter this problem.

If I had to hazard a best guess, I would suspect KB3134814 to be the install that triggered the issue.

With no warning, Win 7/8.1 ‘Get Windows 10’ nagware patch KB 3035583 suddenly re-appears

The tenth version of the Microsoft’s much-maligned malware rolled out Tuesday afternoon

InfoWorld Woody on Windows

Thanks to everyone who participated in the fact-gathering,  here on AskWoody, via Twitter, and on my new AskWoody Facebook page.

KB3035583, the “Get Windows 10” app is re-re-re-released

Please check your Windows 7 and 8.1 machines, and tell me if KB 3035583 appears in Windows Update? Post here and tell me (1) Windows version, (2) Does the patch appear in the Important or Optional list, (3) Is the box to the left of the patch checked or unchecked, (4) Italicized or not. Thanks!

(Before you ask, I’ve never seen a definitive explanation about why patches appear italicized.)

I’ve seen three many independent reports that KB3035583 – the notorious “Get Windows 10” patch – has been re-released. Not clear if it’s recommended or not, checked or not.

Be careful out there.

It still isn’t listed on the official Windows Update site, and the KB article hasn’t been updated, at close of business East Coast time on Tuesday.

I’m seeing it as unchecked, Optional, italicized on Windows 7 machines.

On my sole surviving Windows 8.1 machine, KB 3035583 appears as optional, unchecked, italicized.

Look for the story tomorrow morning in InfoWorld.

The inside scoop on Windows snooping

Microsoft won’t give us any decent documentation about its telemetry/snooping efforts. Ed Bott, on the other hand, has lots of contacts on the Windows team and has turned out an important piece on Windows security.

Yes, I know that Ed writes books for Microsoft. Yes, I know he generally comes down on the side of the Redmondians. Nonetheless, if you read his article carefully, you’ll learn a lot.

I know I did.

I’d love to see a companion piece on Windows 7 and 8.1 snooping.

It took MS eight days to fix an Office 2013 Click-to-Run bug

Not an auspicious precedent for Windows 10, and Microsoft-as-a-Service.

InfoWorld Woody on Windows