Newsletter Archives

  • MS-DEFCON 3: Time to get Windows and Office patches up-to-date

    For those of you new to this particular piece of AskWoody arcana…

    Every month, I recommend that people pause Windows updating long enough to make sure there aren’t any real stinkers in the Patch Tuesday bunch. That sets up an ongoing tug-of-war. On the one hand, there are inevitable problems with all of the patches. Every month. On the other hand, there’s an ongoing threat that some miscreant will use the patched security holes to make new malware.

    I watch both sides incessantly and try to come up with solid patching recommendations. Been doing it for 14 years.

    You can read about my general approach in a Computerworld article, The case against knee-jerk installation of Windows patches. The AskWoody site has details about the MS-DEFCON system, which I’ve used for years to give normal Windows users a red-light/green-light signal about installing patches. (Very advanced Windows users and admins in charge of many systems are better off following Susan Bradley’s Master Patch List.) Whenever there’s a change in the MS-DEFCON level, I publish detailed, step-by-step instructions in Computerworld.

    Every month, there comes a time when – in my opinion – it’s better to install the (possibly modified) patches than leave the month’s round of patches uninstalled. We’ve just reached such a point. I figure we know enough about the problems at hand to help people who get socked by this month’s patches — and the malware cretins are close enough that it’s time to put the shields up.

    We’re now at MS-DEFCON 3: Go ahead and patch, but watch out for potential problems.

    Details in Computerworld Woody on Windows.

    (Yes, it’s true, my main machines are all on Win10 version 1909. Test machines run other versions and, of course, the Seven Semper Fi machine runs bone-stock Win7. See the Computerworld article.)

  • Where we stand with the April 2020 patches

    The Windows patches are throwing all sorts of strange (one-off?) errors. Microsoft has asked for help in identifying the problems (yay!) but we’re having trouble sorting out how to post the problem reports.

    The “missing data” temporary profile bug is still there – and has been since February (or maybe January).

    Office Click-to-Run patch throws VBA compile errors – but they’re there to protect you.

    Susan still hasn’t gotten to the bottom of the v4 Printer Driver disconnected printer bug.

    And I’m sitting here worried what kind of mess we’ll see when MS releases Win10 version 2004.

    Details in Computerworld Woody on Windows.

  • The bugs in this month’s Win10 version 1903 and 1909 Cumulative Update have prompted MS to issue a call for help – but where’s the telemetry?

    It’s good that Microsoft has acknowledged the bugs in this month’s Cumulative Update. I’ve looked and looked, and haven’t found any patterns. So I feel their pain.

    But… why isn’t Windows telemetry picking this stuff up? We’re sending copious quantities of data to Microsoft every time we use Windows. MS says they aren’t using it to sell things to us. Okay. But if the telemetry isn’t there to pinpoint and fix these kinds of problems, why do we bother?

    Details in Computerworld Woody on Windows.

  • Voluminous reports of problems with this month’s Win10 Cumulative Update – but many appear random

    Yes, there are lots and lots (and lots) of reports of problems with this month’s Win10 version 1903 and 1909 cumulative update, KB 4549951. I’ll be hanged if I can see any patterns. Aside from the race condition/temporary profile bug, which has been around for months, the rest of the ailments seem random.

    Have you figured out the root cause(s)?

    Details in Computerworld Woody on Windows.

    Just as a reminder: We’re still at MS-DEFCON 2. I see absolutely no reason to install the April patches right now.

  • Microsoft releases out-of-band patch for Office 2016 Click-to-Run, Office 2019, and Office 365 ProPlus (now known as Microsoft 365 Apps for enterprise)

    Even Microsoft didn’t get the name change.

    Security Advisory ADV200004, Availability of updates for Microsoft software utilizing the Autodesk FBX library, describes a handful of out-of-band security patches for various Office click-to-run versions.

    The security holes originate with the Autodesk FBX library, which is buried inside various Office products. (FBX, in case you were wondering, is Autodesk’s file format for animated 3D images.)

    Here are the affected products, according to the Security Advisory:

    • Office 2016 Click-to-Run
    • Office 2019 (which is only available as Click-to-Run – thx, @b)
    • Office 365 ProPlus
    • Paint 3D

    Of course, you’re savvy enough to know that Office 365 ProPlus has officially been renamed to “Microsoft 365 Apps for enterprise” — but don’t tell Microsoft that.

    The bug is marked with a Severity of “Important,” which means it isn’t really all that important. If you have a habit of opening dodgy 3D animation files, watch out. Otherwise, you’re fine.

    Carry on. And stay home.

  • The last of the “optional, non-security, C/D Week” patches arrive for Win10 versions 1903 and 1909

    They’re out – hopefully for the last time.

    KB 4550945 – dozens of non-security fixes for Win10 versions 1903 and 1909

    KB 4550969 – ditto for Win10 version 1809

    Win10 1803 an d 1609 get similar patches.

    Also, the Win8.1/Server 2012 R2 Monthly Rollup Preview, KB 4550958, is also available.

    By this time next month I expect that we’ll be wrangling with Win10 version 2004 – so the planned demise of “optional, non-security, C/D Week” patches won’t come a moment too soon.

    As always, you don’t want to install them. Patience, grasshopper….

    Thx, @EP

  • Patch Tuesday update: Confusion over the number of 0days and many reports of failed installs

    So far, Patch Tuesday looks pretty stable. Of course, it’s much too early to tell if there are lesser goblins in the mix.

    The main point of contention early Wednesday morning is whether we have three or four “exploited” patches – whether Microsoft had marked three or four patches as zero-days (“Exploited: Yes”). Brian Krebs has a good, and accurate, explanation:

    Many security news sites are reporting that Microsoft addressed a total of four zero-day flaws this month, but it appears the advisory for a critical Internet Explorer flaw (CVE-2020-0968) has been revised to indicate Microsoft has not yet received reports of it being used in active attacks. However, the advisory says this IE bug is likely to be exploited soon.

    As best I can tell, that advisory has always said CVE-2020-0968 is not a zero-day. So it appears as if some security sites are working from outdated information, possibly fed to them by MS.

    The only problem I’m seeing at this early date involves installation errors 0x80070008 , 0x800f0985, 0x800f0986, and 0x800f081f. Those are all pretty common. Usually retrying the installation clears up the error. But it always amazes me when people freak out because a Patch Tuesday patch doesn’t install. Given that there are no pressing security holes this month, you should be glad that the installer didn’t work.

    It’s not a bug, it’s a feature.

    At some point you’ll want to install the Patch Tuesday patches, but for now, sit tight.

    And for those of you who were wondering, nope, there’s no MSRT this month. See the updated text for KB 890830, the Microsoft Malicious Software Removal Tool.

  • Patch Tuesday bugs appearing already – after installing today’s Office patches, you may trigger a VBA “Compile error: Can’t find project or library”

    Official confirmation here:

    When you install one of the Microsoft Office security updates that are listed in Microsoft Common Vulnerabilities and Exposures CVE-2020-0760, you might notice that some types of Visual Basic for Applications (VBA) references are blocked, and you receive an error message….

    If your existing VBA solutions have some VBA object libraries or references that are blocked, the following error message is displayed.

    Error message when VBA libs are blocked

    This is a standard message that indicates missing VBA object libraries. If you receive this error message, revisit your current VBA solution, and replace the blocked libraries with local ones.

    It’s going to be a rocky week.

  • Patch Tuesday live updates

    Patch Tuesday is starting to roll out. I see 98 new patches in the Microsoft Catalog. (Note that four older patches also match a search on “2020-04”.) That’s a very light count. All tolled, they cover 113 security holes, which is a large crop.

    Looks like we have the usual cumulative updates for all versions of Win10.

    Win10 1903/1909 update KB 4549951 is up. There’s also a Servicing Stack Update, KB 4552152.

    Dustin Childs on the ZDI blog reports that there are 113 separately identified security holes. Two are publicly known, two are currently exploited. All of those are rated “Important” which is a significant step down from the usual security level which is “Critical.” Translation: Nothing to be overly concerned about.

    The Adobe Type 1 Font Manager security hole, which is both publicly known and currently exploited, is the one Microsoft announced a couple of weeks ago in ADV 200006. It was so pressing that MS didn’t release a fix at the time. 0patch has since published a micropatch for the problem. If you’ve paid for Win7 Extended Security Updates, you’ll get the patch, but normal Win7 users won’t get it.

    The other currently exploited security hole is yet another bug in the way Windows handles fonts — although it’s a different bug. Win10 is only tangentially affected. Win7 is, but you’ll only get the patch if you pay for it. Expect 0patch to come up with something fairly quickly.

    Ho hum.

    Martin Brinkmann has his usual thorough list on

    I don’t see anything pressing in the lot. Do you?

    Let’s see if we got a fairly stable set of patches this month…..

    UPDATE: Childs has updated his list so it now shows four “exploited” security holes. The other two aren’t font-related. CVE-2020-0968 takes control through Internet Explorer, which means it could theoretically be triggered if you use Outlook. Microsoft doesn’t say it’s “exploited” on the CVE description page. CVE-2020-1027 seems to be more pernicious, with few details, but Microsoft lists it as “Important,” which means it isn’t.

    So we have four or three exploited security holes, up from two a couple of hours ago.

  • MS-DEFCON 2: April 2020 Patch Tuesday arrives tomorrow. Get automatic update locked down.

    Tomorrow’s the second Tuesday of the month (it comes late this month) and that means the usual, uh, challenges with Windows and Office patches are just around the corner.

    Spare yourself some drama and make sure that automatic update is either turned off (for Win8.1) or set to Pause (for Win10) long enough to see what joys await.

    Step-by-step details in Computerworld Woody on Windows.