News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Microsoft blinks again, promises to clean up after its Win7 mess

    Posted on January 27th, 2020 at 07:58 woody Comment on the AskWoody Lounge

    Remember the bug in the latest Win7 patch — the one that turns “Stretch”ed wallpapers into black screens?

    Microsoft originally said (after waiting a week to acknowledge the obvious bug) that it would fix the problem on machines running Extended Security Updates — you had to pay to get your wallpaper back.

    Now it seems cooler heads have prevailed. We’re all going to get the fix. But how?

    Details in Computerworld Woody on Windows.

  • MS-DEFCON 3: No rush, but you should get the January Patch Tuesday patches installed

    Posted on January 24th, 2020 at 14:55 woody Comment on the AskWoody Lounge

    Usually I wait until near the end of the month before giving the all-clear to install Microsoft’s Patch Tuesday patches.

    This month’s different.

    On the one hand, this month’s patches look pretty darn clean. Part of the reason for our good fortune, I’m convinced, is that we haven’t had any non-security patches since October.

    On the other hand, there’s the looming threat of CurveBall — the CVE-2020-0601 security hole advertised by the NSA. I don’t think CurveBall will hit the mainstream any time soon, but ya never know.

    Putting those together, and I figure now’s a good time for normal folks to get their machines patched.

    I’m only moving to MS-DEFCON 3 this month because it’s still very early in the crowdsourced bug catching phase. If you hit a problem with a patch, let us know loud and clear! But get patched.

    Full step-by-step details in Computerworld Woody on Windows.

    UPDATE: If you’re having installation problems with the Win10 1903 and 1909 cumulative updates, it may be caused by a missing Connect app. See Günter Born’s post.

  • Want to fix that black Stretched wallpaper in Windows 7? Buy Extended Security Updates

    Posted on January 24th, 2020 at 14:08 woody Comment on the AskWoody Lounge

    Microsoft has acknowledged the bug we’ve been talking about for several days:

    After installing KB4534310, your desktop wallpaper might display as black when set to Stretch.

    MS offers a workaround that’s identical to the one presented by Lawrence Abrams in BleepingComputer a few days ago.

    What, you think that Microsoft should fix its bugs before kicking you off the update gravy train? Nope. Here’s the final word (as of today, anyway):

    We are working on a resolution and will provide an update in an upcoming release for organizations who have purchased Windows 7 Extended Security Updates (ESU).

    Nice guys.

  • Where we stand with the January 2020 patches

    Posted on January 23rd, 2020 at 07:57 woody Comment on the AskWoody Lounge

    All in all, it’s been a relatively benign month.

    If you got stampeded into installing the Chain of Fools/CurveBall CVE-2020-0601 patch, well, I won’t say I toldja so….

    Details in Computerworld Woody on Windows.

    We’re still on MS-DEFCON 2. There are many reasons for admins to get their systems updated – but those of us who are, uh, normal users have no need to panic.

  • Worried about the ADV200001 JScript bug? 0patch to the rescue

    Posted on January 23rd, 2020 at 06:04 woody Comment on the AskWoody Lounge

    As far as I can tell, it’s only a problem for a very select group of unfortunate targets, but if you’re concerned about the recently-announced JScript bug (see Yet another JScript vulnerability) documented in MS Advisory ADV200001, CVE-2020-0674, there’s a patch from 0patch that should be of interest.

    In case you’re new to 0patch, the approach is tricky but straightforward: Mitja Kolsek’s team comes up with tiny tweaks to Windows itself that fix bugs. When Microsoft finally releases a patch, the 0patch change will get overwritten by the new Windows code.

    Per Kolsek:

    Last Friday, Microsoft published an advisory about a remotely exploitable memory corruption vulnerability (CVE-2020-0674) that was reported to them by Qihoo 360 as being exploited in the wild. These attacks were reportedly limited so Microsoft decided not to rush with issuing a patch but will rather provide one as part of February’s Patch Tuesday. They did, however, provide a workaround.

    Because the provided workaround has multiple negative side effects, and because it is likely that Windows 7 and Windows Server 2008 R2 users without Extended Security Updates will not get the patch at all (their support ended this month), we decided to provide a micropatch that simulates the workaround without its negative side effects.

    What does Microsoft say about issuing a fix for Win7? Nothing. Per the Advisory:

    Is there an update to address this vulnerability?

    No, Microsoft is aware of this vulnerability and working on a fix. Our standard policy is to release security updates on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.

    To get the micropatch, you have to download and install the 0patch enabling software.

    Martin Brinkmann has more details on ghacks.net.

  • Reports: Server 2008 R2 systems boot to recovery mode after January patches applied

    Posted on January 20th, 2020 at 12:28 woody Comment on the AskWoody Lounge

    Not clear which patches are causing the problem, but I’m seeing multiple reports of a boot to recovery mode on Server 2008 R2 systems.

    Can anybody out there confirm?

  • There’s a manual workaround for the RD Gateway security holes, CVE-2020-0609 and -0610

    Posted on January 18th, 2020 at 07:42 woody Comment on the AskWoody Lounge

    Marcus Hitchins has come up with a way to subvert the vulnerabilities described in this month’s Remote Desktop Gateway fixes CVE-2020-0609 and CVE-2020-0610.

    (Protip: If you aren’t in charge of a RD Gateway network, forget about it.)

    Posting on the KryptosLogic site, he gives manual bypass details:

    If for whatever reason you are unable to install the patch, it is still possible to prevent exploitation of these vulnerabilities. RDG supports the HTTP, HTTPS, and UDP protocols, but the vulnerabilities only exist in the code responsible for handling UDP. Simply disabling UDP Transport, or firewalling the UDP port (usually port 3391) is sufficient to prevent exploitation.

    Kevin Beaumont notes that it’ll involve a performance hit.

    Thx Florian Roth.

  • Yet another JScript vulnerability

    Posted on January 17th, 2020 at 16:55 woody Comment on the AskWoody Lounge

    Internet Explorer, the gift that keeps on giving.

    Looks like we have a brand new JScript bug. According to ADV200001:

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.

    The fix, documented in the Security Advisory, is to cut off JScript. Again.

    Is there an update to address this vulnerability?

    No, Microsoft is aware of this vulnerability and working on a fix. Our standard policy is to release security updates on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.

    Is Microsoft aware of attacks based on this vulnerabilty?

    Yes, Microsoft is aware of limited targeted attacks.

    At least they aren’t going to try to chase it down with four progressively buggy patches, like they did in September and October.

    You folks trying to work with IE are going to have an interesting weekend, yes?

    UPDATE: Catalin Cimpanu has more details on ZDNet.

    UPDATE: Microsoft has assigned the CVE number CVE-2020-0674