• New Surface Book, Surface Pro 4 firmware updates

    Posted on February 17, 2016 at 17:08 CST by Comment in the Forums

    They’re supposed to fix the (many!) lingering problems with SB and SP4.

    I find it interesting that MS is releasing this as four separately identified patches. I hope — hope! — that this is the first step toward separating out Windows 10 patches, instead of cramming everything together.

    Brad Sams has the early scoop.

     

    Microsoft News ,

  • Avoid the Windows 10 “update” KB 3140742

    Posted on February 17, 2016 at 06:28 CST by Comment in the Forums

    Just like KB 3136562, it’s a downloadable patch — available on Microsoft’s servers — that’s not yet official. The earlier patch didn’t become a real cumulative update. No reason to believe this one will, either.

    Windows Patches/Security

  • Should I patch now or wait?

    Posted on February 17, 2016 at 05:56 CST by Comment in the Forums

    Just got a good question from reader IB:

    Woody, I know you’re a busy guy. Thanks for all you do…
    I have a basic question. I have ONE home computer, win7 pro, 64 bit (whatever that means)
    I use GWX control panel, and have ZERO desire to update to win 10. Heck, I just got rid of XP less than a year ago! My windows updates are set to “let me choose” etc.

    As per your advise, I always install DEFENDER updates immediately.

    But my confusion is about “important” updates: I think you have told us that anything with “security” in the title needs to be installed. (I currently have a couple security for “.NET FRAMEWORK” and about 10 for WIN7 64bit…”). But in response to a comment within the last week (I forget which thread) about security updates, you said, “wait”.

    So my question…when I see ‘security’ updates…should I install them immediately, or wait till DEFCON says it’s time?

    Thank you.

    I say, always wait for the MS-DEFCON rating to come down, then follow the specific instructions I give when the number goes down.

    There’s a reason for waiting. Many problems with Microsoft’s patches don’t appear in the first few days, or even the first few weeks, in some cases. For Win7 and 8.1, Microsoft pulls and re-issues the really bad ones. For Win10, well, we’re still not sure exactly what Microsoft will do. In all cases, within a few weeks we have a pretty good idea of what’s going to clobber systems, and what’s benign.

    Not infallible, mind you, but reasonably accurate.

    You also need to keep in mind that very, very few patches cover holes that are being exploited. There are fixes for zero-day problems, but most zero-days these days are directed at very specific targets – government installations, military, financial institutions and the like. For you and I, zero-days are rarely a concern.

    Take a look at the latest SANS Internet Storm Center list. See the column marked “Known Exploits”? There aren’t any known exploits for any of the patches (although there’s one that had a published exploit later). Even when an exploit “Proof of Concept” is published, it takes weeks or months or years for the exploit to become a problem for you and me.

    If you’re carrying a hundred thousand Social Security numbers, or storing nuclear launch codes, it’s a different problem, of course. But for the vast number of people, the vast majority of the time, waiting for patches to show their fangs is a very good idea.

    You need to patch sooner or later. Yes. Definitely. But you don’t need to dance to Microsoft’s tune.

    Windows Patches/Security

  • Citrix verifies ongoing problems between VDA and Windows 10 build 10586 cumulative updates

    Posted on February 16, 2016 at 14:07 CST by Comment in the Forums

    If you use Citrix VDA with Windows 10, you’re in for a rough ride.

    InfoWorld Woody on Windows

    Windows Patches/Security

  • 29 non-security patches just released

    Posted on February 16, 2016 at 13:57 CST by Comment in the Forums

    Oh boy. Here’s the Cliff Notes version:

     

     

    Windows Patches/Security

  • Windows Update Agent and WSUS oddity

    Posted on February 16, 2016 at 11:43 CST by Comment in the Forums

    I’m no expert on WSUS, so I pass this on for general consumption. From IT:

    I’m a System Admin, running SBS2011 with WSUS. In the SBS Console I have updates for Client AND Server computers set to none… On the Client Workstations that use WSUS (Not WU) I have them set to update automatically… My thinking is The clients will update automatically only after I manually OK the updates, yet this morning everything has been updated Windows updates, Office updates… Is Microsoft pulling a fast one or am I missing something?

    SnipImage

    Also please see screenshot of Windows Update Agent 7.6.7600.256 being installed as well as updates that aren’t security related (I have several of them on other screenshots) despite having security only which has since been changed to NONE, Windows update seems to only be honoring our request unless MS really wants it installed and this is using WSUS… Do a search for the windows update agent in “Installed Updates” and it won’t show up, but from my screenshot you can clearly see it was successful…

    Windows Patches/Security ,

  • New Flash Player updates

    Posted on February 16, 2016 at 11:36 CST by Comment in the Forums

    From EP –

    New Adobe Flash Player security updates were posted last Tuesday
    Feb. 9 in Adobe security bulletin APSB16-04:
    https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
    Win8.1 & Win10 users can obtain Flash Player updates from Microsoft
    Windows Update.

    Windows Patches/Security

  • Windows 10 cumulative update 8, KB 3135173/10586.104, resets browser and other defaults

    Posted on February 16, 2016 at 09:36 CST by Comment in the Forums

    The forced update not only knocks out the defaults, it prevents you from resetting them

    “How many times does this have to happen before Microsoft separates security and non-security patches, and give us tools to block or delay patches? As long as Microsoft’s patching bugs are relatively minor, there’s little incentive to give us the tools we need. The day we get a really bad, crippling patch, there’ll be tar and feathers.”

    InfoWorld Woody on Windows

    Windows Patches/Security

  • Windows 10 telemetry

    Posted on February 15, 2016 at 12:31 CST by Comment in the Forums

    If you’ve been following the recent back-and-forth on Windows 10 snooping, Simon Bisson’s latest analysis on ZDNet is a must-read.

    Bottom line on Windows 10 Pro :

    for a PC with a standard load, logged into a Microsoft account and using Windows 10’s messaging service, we’re sending around 190 packets per hour to Microsoft servers, and around 130KB of data per hour.

    Since the data’s encrypted, there’s no way to know what’s being sent.

    Without unencrypting the telemetry packets Microsoft receives, we’re not going to know exactly what data it receives. But they’re small and relatively infrequent, so are unlikely to be packed with your personal data.

    My take is, and always has been, that the primary question is what Microsoft actually does with the data it collects. I’m also concerned that people are upgrading to Windows 10 without recognizing that there’s been a fundamental shift in the quantity and type of data being collected. I also think that Microsoft should get out ahead of the problem and proactively tell us what they’re collecting, and give us tools to view and opt out of data collection.

    It wouldn’t surprise me a bit if, five or ten years from now, companies collecting data on computer users will be required by US (or EU) law to give snoopies (er, snoopees!) access to the snooped data – much like the regulations we have now with credit reporting agencies.

    Bisson’s analysis should give you Win10 customers some solace. It doesn’t completely exonerate Microsoft, but it puts the problem in some much-needed perspective.

    Windows News

  • When did “Download updates but let me choose” change?

    Posted on February 15, 2016 at 09:35 CST by Comment in the Forums

    Interesting question from EG. I haven’t been following along closely enough to give him a definitive answer. Do any of you know when (or even if) it has changed? Remember that I recommend “Notify but don’t download.” I’ve been running my Win 8.1, Vista and Win 7 (even XP) machines with that setting for a decade or two…

    When did the option to “Download updates but let me choose whether to install them” change to install everything that’s pre-checked when you restart or shut down your computer?

    I thought a family member had changed her settings to automatic when she called me last Wednesday about having to wait for the updates to get done installing before she could shut her computer down… and then another family member called me the following day experiencing the same problem. I accessed both of their computers over the weekend (remotely) and changed the setting to “Check for updates but let me choose whether to download and install them”, but both of these computers have been set that way for a very long time and have never installed updates upon a reboot or shut down before. They’ve always had to click the “Install updates” button before.

    That Windows update option does say “let me choose whether to install them”… what happened to the “let me choose” part? They’re limited to one shot at choosing before the first reboot now? Am I overlooking a setting someplace else?

    Thanks in advance Woody… for EVERYTHING you do!

    Windows Patches/Security

  • Unwanted updates for Windows 7

    Posted on February 14, 2016 at 17:53 CST by Comment in the Forums

    I’ve received many variations on this request over the past few weeks:

    Hi Woody, I hope you are well. With all the knowledge you have of the Windows Updates, can you provide me a complete list of Updates to avoid in Windows 7 so not to end up with W10? It would be VERY much appreciated!
    Thanks, TP
    A list of “good” patches would be several hundred entries long, and vary depending on all sorts of things.
    Your best bet right now is to follow my advice on AskWoody.com, and only install patches with “Security update” in the name.
    When you’re done, download and run GWX Control Panel.
    Depending on how long it’s been since you last installed Windows 7 patches, you’ll probably be OK. If you haven’t patched for several months, you need to get right on it. Don’t skip the security patches.
    Windows Patches/Security

  • Exchange 2010 problems with .NET 4.5.2 – KB3127229 KB3122656

    Posted on February 12, 2016 at 13:41 CST by Comment in the Forums

    Just received this from reader PA:

    The latest .NET security updates for 4.5.2 have caused my Exchange environment major issues.  The document linked below refers to 4.6 and 2013 but I had both things happen to my system just hours after installing the updates. Our COO’s mailbox (of course it was him) was quarantined and honestly after working with Exchange since 5.0 with thousands of mailboxes I had never had this happen before.  Hell I didn’t know quarantine was even a thing in an Exchange environment until yesterday.  Our mailbox databases were randomly rolling to other DAG members as well.  Removing the patches (last night at about 7:00 PM) seems to have fixed the issue. We have one CAS/HT server and four mailbox database servers all participating in a DAG. Not sure yet which one or more was causing the issue.

     

    https://support.microsoft.com/en-us/kb/3095369

    Windows Patches/Security ,
  • « Older Entries
    Newer Entries »
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    June 2025
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.