News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Fix for the VB bug introduced this month released for Win10 1803

    Posted on August 19th, 2019 at 21:16 woody Comment on the AskWoody Lounge

    Thanks to @WC and @EP for the heads up.

    A few hours ago we got KB 4512509 – the second cumulative update for Win10 version 1803 this month.

    It claims to fix the VB/VBA/VBScript bug introduced by the first cumulative update this month.

    We’re still waiting for Win10 1903.

  • More fixes for the VB/VBA/VBScript bugs in this month’s patches

    Posted on August 18th, 2019 at 07:10 woody Comment on the AskWoody Lounge

    On Friday evening, we got fixes for the VB “invalid procedure call” bugs in

    • Win10 1709
    • Win7
    • Win8.1
    • Server 2008
    • Server 2008 R2
    • Server 2012
    • Server 2012 R2

    On Saturday afternoon (US time), a few more appeared:

    • Win10 1809
    • Win10 1703
    • Win10 1607
    • Win10 1507
    • Server 2016
    • Server 2019

    Like the others, these are one-off patches that have to be installed manually or via a “Check for updates” click of death.

    We’re still waiting for fixes for Win10 1803 and 1903.

    There’s a reason why we’re on MS-DEFCON 2. Don’t install ANY of this month’s patches. Stay tuned.

    I still get a chuckle when people tell me that Win10 is the “last” version of Windows…

    UPDATE: Günter Born says, “But I received user feedback, that the issue isn’t completely fixed.” Oh boy.

  • Win7 and 8.1 Previews of Monthly Rollups – released on Saturday?

    Posted on August 18th, 2019 at 06:57 woody Comment on the AskWoody Lounge

    It looks like Microsoft rolled out its usual Monthly Rollup Previews for Win7, 8.1, and Server 2008 on Saturday afternoon, US time.

    Wuh?

    The only listed improvements (this for Win7):

    This non-security update includes improvements and fixes that were a part of KB4512506 (released August 13, 2019) and also includes these new quality improvements as a preview of the next Monthly Rollup update:

    Addresses an issue that causes the svchost.exe that hosts the WSMan Service (WsmSvc) to stop working and stops other services in the same host process. This issue occurs when you run multiple instances of Windows Remote Management (WinRM).

    Addresses an issue that may prevent devices from starting when they start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM). The error is, “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed.”

    I’m going to hazard a guess that, in spite of the verbiage in the KB article, these patches also include the VB fixes released on Friday. The KB article for Saturday’s Win7 patch mentions the buggy Patch Tuesday patch, but neglects to mention the fix for the VB bug released on Friday, KB 4517297.

    I bet that somebody decided to get the Monthly Rollup Previews out early so MS can tell people to install the Rollup Preview if they want to fix the VB bug. Once again we see a bug in a security patch fixed in a non-security patch.

    Ths @geekdom, @WildBill

  • Microsoft releases patches to fix the VB/VBA/VBScript bugs

    Posted on August 16th, 2019 at 21:59 woody Comment on the AskWoody Lounge

    Sometime in the past few hours, Microsoft released 18 new patches through the Update Catalog.

    They purport to fix the VB, VBA and VBScript bug in Tuesday’s patches.

    At this moment – 10 pm US Central time on Friday night – patches are only available for Win10 1709 (!), Win7, Win8.1, Server 2008, 2008 R2, 2012 and 2012 R2. The 1709 patch is documented. I don’t see any KB articles for the others – but that’ll likely change as the night wears on.

    We’re still at MS-DEFCON 2. Don’t install them. Let’s see what wails of pain emerge in the next 12 hours or so.

    Like I said on Monday:

    Traditionally, August finds Microsoft in a mid-summer lull, with lots of folks on vacation and more than the usual chances of surprising screw-ups from second-string staff. It’s an excellent month to sit on the sidelines and see what problems appear with the latest round of Windows and Office patches.

  • The sky is not falling: DejaBlue (aka BlueKeep II, III, IV, V) are not being exploited in the wild

    Posted on August 14th, 2019 at 14:55 woody Comment on the AskWoody Lounge

    I’m hearing a lot of saber rattling, urging folks to install the latest Patch Tuesday patches to guard against the newly-discovered BlueKeep variants. One blog says, “So patch your PCs and spread the word. Millions of users around the world refuse to update their versions of Windows but, in this case, the threat is immediate, viral and very real.”

    Horsepucky.

    Permit me to remind you that BlueKeep itself hasn’t been reliably exploited. The threat is real, but it’s not viral or immediate.

    That said, Kevin Beaumont thinks these new exploits may be able to circumvent Microsoft’s recommended “mitigation”: NLA may not break the infection chain.

    I’ll be keeping a close eye on developments. In the meantime, I still don’t see any pressing reason to install this month’s patches — and I’m seeing more and more reports of bugs.

    We’re still at MS-DEFCON 2.

  • August 2019 Security patches: It’s a biiiiiiiiig month

    Posted on August 13th, 2019 at 12:30 woody Comment on the AskWoody Lounge

    Looks like we’re getting 90 separate patches for 93 individually reported security holes (CVEs).

    The largest single pain point appears to be Remote Desktop Services. (Tell me if you’ve heard that one before.) According to a post from Simon Pope at the MS Security Response Center:

    Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

    The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.

    Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself affected.,,

    At this time, we have no evidence that these vulnerabilities were known to any third party.

    In the process of fixing the BlueKeep security hole, Microsoft found a metric ton of similar problems. At this point, nobody’s figured out a way to worm-out BlueKeep, so I figure you’re safe for now. This applies to almost none of you (if you have an internet-facing RDP server you likely know about it already), but as Dustin Childs says on the Zero Day Initiative page:

    If you must have an internet-facing RDP server, patch immediately (and reconsider your server placement).

    Martin Brinkmann has his usual overview on ghacks.net:

    Windows 7: 39 vulnerabilities
    Windows 8.1: 39 vulnerabilities
    Windows 10 version 1709: 53 vulnerabilities (!)
    Windows 10 version 1803: 61 vulnerabilities
    Windows 10 version 1809: 64 vulnerabilities
    Windows 10 version 1903: 64 vulnerabilities

    The scariest Office vulnerability? CVE-2019-1201. It looks like you can exploit this one by sending someone an email and having it viewed in the Outlook preview pane. I thought that general form of exploit was fixed years ago – but not according to the CVE description:

    Microsoft Outlook Preview Pane is an attack vector for this vulnerability.

    As usual, we’re very interested in hearing of any problems you encounter – particularly if they persist after you roll back the patch.

    UPDATE: There’s an acknowledged problem with the Win7 and Server 2008R2 patches and Symantec Endpoint Protection. It’s more of the SHA-2 blues. Thx, @EP.

    Another update: Security folks are starting to call the new BlueKeep act-alikes “BlueKeep II” and “BlueKeep III.” I’m going to follow Kevin Beaumont’s lead and call them DejaBlue.

    Worth noting: None of the security holes plugged today have known exploits. SANS Internet Storm Center has details.

    Great observation by Brian Krebs:

    At least one of the updates I installed last month totally hosed my Windows 10 machine. I consider myself an equal OS abuser, and maintain multiple computers powered by a variety of operating systems, including Windows, Linux and MacOS.

    Nevertheless, it is frustrating when being diligent about applying patches introduces so many unfixable problems that you’re forced to completely reinstall the OS and all of the programs that ride on top of it.

    We share your pain, Brian.

  • More intern shenanigans

    Posted on August 13th, 2019 at 11:28 woody Comment on the AskWoody Lounge

    Remember how I warned you that:

    Traditionally, August finds Microsoft in a mid-summer lull, with lots of folks on vacation and more than the usual chances of surprising screw-ups from second-string staff. It’s an excellent month to sit on the sidelines

    Not surprisingly, it’s happening. From the patchmanagement list:

    Just got a slew office security updates with a time stamp 8/13/2019 6:29am CST.

    however when you click the “more information” link it goes to a page not found on Microsoft’s site. Even more weird is if you do search on Microsft site for the KB like (KB4475547) it states
    We would like to show you a description here but the site won’t allow us
     
    what in the world is going on?
    What’s going on is people who don’t know what they’re doing, doing it anyway. Hang tight. When the info’s all out, we’ll post it here.
  • MS-DEFCON 2: Make sure Windows automatic update is temporarily turned off

    Posted on August 12th, 2019 at 10:21 woody Comment on the AskWoody Lounge

    Traditionally, August is a slow month, with lots of ‘Softies on vacation, and an unusually large share of beginner’s mistakes.

    It’s time to check your braces and suspenders, and get Auto Update paused or turned off.

    Details in Computerworld Woody on Windows.