Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • February patches bring key Outlook fixes and a rebirth of KB 2952664

    Posted on February 14th, 2018 at 11:41 woody Comment on the AskWoody Lounge

    Unless you use an installed version of Outlook, there’s no reason to patch just yet. Even if you have a bought-n-paid-for version of Outlook, patching is iffy.

    Computerworld Woody on Windows.

  • February 2018 Security Patches Are Out

    Posted on February 13th, 2018 at 14:22 PKCano Comment on the AskWoody Lounge

    The Microsoft Software Update Services pages have finally been updated. With 34 new patches listed – first update since January 9th in spite of the patches, re-patches, and re-re patches.

    Due to issues with some anti-virus software and the Meltdown/Spectre fixes last month, the ALLOW REGKEY must be set in the Registry by the AV software to enable downloads through Windows Update.

    Martin Brinkman has posted his usual thorough overview on ghacks.net.

    Operating System Distribution

    • Windows 7: 15 vulnerabilities of which 1 is rated critical and 14 are rated important
    • Windows 8.1: 12 vulnerabilities of which 1 is rated critical, 10 are important, and 1 is moderate
    • Windows 10 version 1607: 17 vulnerabilities of which 1 is rated critical and 16 are rated important
    • Windows 10 version 1703: 18 vulnerabilities of which 1 is rated critical and 17 are rated important
    • Windows 10 version 1709: 19 vulnerabilities of which 1 is rated critical and 18 are rated important

    Windows Server products

    • Windows Server 2008: 11 vulnerabilities of which 1 is rated critical and 10 are rated important
    • Windows Server 2008 R2: 14 vulnerabilities of which 1 is rated critical and 13 are rated important
    • Windows Server 2012 and 2012 R2: 12 vulnerabilities of which 1 is rated critical 11 are rated important
    • Windows Server 2016: 17 vulnerabilities of which 1 is rated critical and 16 are rated important

    Other Microsoft Products

    • Internet Explorer 11: 2 vulnerabilities, 1 critical, 1 important
    • Microsoft Edge: 14 vulnerabilities, 11 critical, 2 important, 1 moderate

    KB article 4077965 lists Office Security and non-security updates:
    Office 2016 – 13
    Office 2013 – 8
    Office 2010 – 5
    Office 2007 – 2
    SharePoint and SharePoint Servers – 8
    Many of these have fixes for remote code execution vulnerabilities.

    If last month’s updates are any example, it is a good idea to backup your system before installing these updates – after we reach DEFCON-3 or above later this month, of course.

  • MS-DEFCON 2 for Feb 2018: Make sure Automatic Update is turned off

    Posted on February 12th, 2018 at 08:24 woody Comment on the AskWoody Lounge

    Last month’s Patch Tuesday (and Monday, Wednesday, Thursday, Friday, Saturday and Sunday) should prove, once again, that knowledgeable Windows users need to turn off Automatic Update.

    Computerworld Woody on Windows.

    Do me a favor, wouldja? If you bump into any of the self-proclaimed security “experts” who tell everyone to turn on Automatic Update, would you post a link to their drivel? I took a lot of guff for my posts a year ago, advising folks to turn off Automatic Update. If there’s anybody in the industry who’s still spreading that kind of hooey, I want to know who and why.

  • Lots of Critical, Remote Code Execution patches coming on Tuesday

    Posted on February 9th, 2018 at 15:05 woody Comment on the AskWoody Lounge

    Brian Krebs tweeted an early look at next Tuesday’s patches. Wowza.

  • Adobe Flash patch KB 4074595 pushed out the Windows Update chute

    Posted on February 8th, 2018 at 00:58 woody Comment on the AskWoody Lounge

    Doncha just love Flash?

    A few hours ago, Microsoft pushed the first round of February 2018 patches. The KB 4074595 patch fixes two security holes in Adobe Flash Player, CVE-2018-4877 and CVE-2018-4878.

    Microsoft has a few details in Security Advisory ADV180004.

    Adobe’s Security Bulletin APSB18-03 says:

    Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users.  These attacks leverage Office documents with embedded malicious Flash content distributed via email.

    Adobe goes on to say it’s a remote code execution hole. Critical Priority 1. Impacts 28.0.0.137 and earlier versions (February 6, 2018). New version is 28.0.0.161.

    Adobe’s version checker is here.

    Microsoft’s patches are for Windows 8.1 and Win10, all versions. All of those versions need to have Internet Explorer (and, in the case of Win10, Edge) fixed to plug the holes in the embedded versions of Flash.

    Adobe’s patches cover everything other than IE 11 and Edge. Chrome is fixed automatically, by default, when you re-start Chrome.

    Liam Tung at ZDNet reports:

    Researchers at Cisco Talos said hackers known as Group 123 were using the zero-day Flash flaw and Excel sheets to deliver the ROKRAT remote-administration tool.

    Cisco researchers found Group 123’s Excel sheets contained an ActiveX object that was a malicious Flash file that downloaded ROKRAT from a compromised web server. Notably, it was the first time this group has been seen using a zero-day exploit, suggesting the targets were carefully selected and high value.

    FireEye, which calls Group 123 TEMP.Reaper, said it had observed the group interacting with their command-and-control infrastructure from North Korean IP addresses. Most of the group’s targets were South Korean government, military and defense industry organizations, it said.

    If you haven’t yet disabled Flash, now would be a very good time to do so. Chris Hoffman at How-to-Geek has detailed instructions. If you absolutely have to have Flash, restrict it to one browser — I use Chrome to do the dirty deed — and only use it manually, under duress.

    If you can’t or won’t throttle Flash, get the update applied. Yet another Patch Wednesday.

    Thx CAR, Günter Born.