News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Incoming: New cumulative updates for Win10 1703, 1709, 1803, and previews for Win8.1 and .NET 4.6

    Posted on January 15th, 2019 at 12:25 woody Comment on the AskWoody Lounge

    They’re coming hot off the presses right now.

    The Microsoft Update Catalog shows 14 new patches, just released. Details coming.

    Nothing for 1809. Yet. It would appear as if using the Windows Insider Preview Ring is working the way it’s supposed to!

    Win10 1803 cumulative update KB 4480976 brings build up to 17134.556

    Win10 1709 cumulative update KB 4480967 brings the build to 16299.936

    Win10 1703 cumulative update KB 4480959 brings the build to 15063.1596

    Looks like they’re only for “seekers” — they only install if you click “Check for updates.” I don’t see them coming in through the Automatic Update chute.

    Win8.1 Preview of Monthly Rollup KB 4480969

    I don’t see anything for Win7.

    All of them still have the acknowledged Jet database bug.

    Thx @GoneToPlaid

  • Patch Tuesday patches are here

    Posted on January 8th, 2019 at 12:53 woody Comment on the AskWoody Lounge

    As usual, Martin Brinkmann has the first full list:

    • Microsoft released security updates for all client and server versions of Windows.
    • No critical vulnerabilities in Windows 8.1 and 7.
    • Microsoft released security updates for Microsoft Edge, Internet Explorer, Adobe Flash Player, .NET Framework, Microsoft Office, Microsoft Exchange Server, and Microsoft Visual Studio
    • The Update Catalog lists 187 updates for January 2019.

    Dustin Childs has an interesting take on the patches for the Zero Day Initiative:

    • CVE-2019-0547 – Windows DHCP Client Remote Code Execution Vulnerability
      If you are running Windows 10 or Server version 1803, this patch has to be on the top of your deployment list.

    • CVE-2019-0586 – Microsoft Exchange Memory Corruption Vulnerability
      This corrects a bug in Exchange that could allow an attacker to take control of an Exchange server just by sending it a specially crafted email.

    • CVE-2019-0550, CVE-2019-0551 – Windows Hyper-V Remote Code Execution Vulnerability

    Which means most of you aren’t in the crosshairs. The only known exploit he lists is for the Jet Database engine — another hole found in ancient technology that probably won’t affect you unless you use an old database application.

    There’s also a new Servicing Stack Update for Win10 version 1703, KB 4486458. As if any of you are still running 1703.

    There are January Security-only patches for .NET as well as the Security and Quality Rollups.

    January 2019 Security Updates for Microsoft Office 2010, Office 2013, Office 2016, the Office Viewers, and SharePoint Servers are available on the Office Support Pages. These Updates are for the .msi versions of Office, not Office 365 or C2R.

    UPDATE: It looks like the Win10 version 1803 patch, KB 4480966, may be something you need to install quickly. So far there are no known exploits, and no proof of concept code. But Microsoft is saying it’s bad.

    Will keep you posted as the drama unfolds.

  • MS-DEFCON 2: Microsoft’s already yanked four patches. Best to verify Auto Update is turned off

    Posted on January 7th, 2019 at 05:43 woody Comment on the AskWoody Lounge

    The holidays are over, but the Grinch is still on the loose. Make sure your machine is locked down.

    Computerworld Woody on Windows.

  • January 2019 non-Security Office Updates have been posted

    Posted on January 3rd, 2019 at 06:13 PKCano Comment on the AskWoody Lounge

    The January 2019 non-Security Office updates were released Wednesday, January 2, 2019. They are not included in the DEFCON4 approval for the December 2018 patches. Unless you have a specific need to install them, you should wait until Susan Bradley (Patch Lady) approves them and any problems have been reported.

    Office 2010

    Update for Microsoft Excel 2010 (KB4461627)
    Update for Microsoft Office 2010 (KB4032217)
    Update for Microsoft Office 2010 (KB4032225)
    Update for Microsoft Office 2010 (KB4461616)

    Office 2013

    Update for Microsoft Project 2013 (KB4461560)
    Update for Skype for Business 2015 (KB4461557)

    Office 2016

    Update for Skype for Business 2016 (KB4461586)
    Update for Microsoft Excel 2016 (KB4461600)
    Update for Microsoft Office 2016 (KB3203480)
    Update for Microsoft Office 2016 (KB4032230)
    Update for Microsoft Office 2016 (KB4461435)
    Update for Microsoft Office 2016 (KB4461533)
    Update for Microsoft Project 2016 (KB4461587)
    Update for Microsoft Visio 2016 (KB4461531)

    There were no non-security listings for Office 2007 (which is out of support).
    Office 365 and C2R are not included.
    Security updates for all supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday).

    UPDATE: As of January 4, 2019, the four January 2019 Updates for Office 2010 (msi version) have been pulled by Microsoft and are no longer available for download. If you have problems with the Office programs, Microsoft recommends uninstalling the updates.