Newsletter Archives

  • MS-DEFCON 4: Time to get the July 2019 patches installed

    There’s some important new information for those of you installing Security-only patches for Win7 and Server 2008R2, and there’s an unconfirmed report of conflicts with McAfee Endpoint Protection (again), but for the most part “normal” users should be OK to install this month’s patches.

    Details and step-by-step instructions in Computerworld. Woody on Windows.


    Anybody who sees KB 4023057 should follow the discussion and advice here:

    It’s now being pushed to 1809 as well.

    In short, you probably don’t want it.

  • Where we stand with the July 2019 patches: Welcome to the Upside Down

    Win7 basks in telemetry

    The Win10 1903 RST upgrade block casts an unintentionally wide net

    Visual Studio patches go to the wrong machines

    …and yet another fervent call to block the BlueKeep hole, which looms like a demogorgon

    Much more.

    Computerworld Woody on Windows.

  • We’re still at MS-DEFCON 2

    Susan Bradley’s recommendations are out for the July Windows and Office patches. In the latest AskWoody Plus Newsletter, she gives almost all of them a green light. You can see the detailed recommendations in her latest Master Patch List.

    I just wanted to post a reminder that Susan’s Master Patch List is directed at people who are down in the patching trenches. If you’re looking for detailed advice on installing individual patches, that’s the place to look.

    Most of you, though, aren’t under the gun to get patches installed immediately – you can take a longer view and wait until the dust has settled a bit. For those of you who aren’t worried about safeguarding corporate secrets or political shenanigans, there’s no need to rush – no pressing need to install any of the July patches just yet.

    For most folks, now’s a good time to do nothing. Let’s sit back and see what else might unfold.

    When the coast is clear, I’ll change the MS-DEFCON rating. For now, sit tight.

  • Second July cumulative update for Win10 1809 drops

    Yesterday Microsoft released KB 4505658, the second “optional” July cumulative update for Win10 version 1809. We still haven’t seen the second July cumulative update for Win10 1903. Martin Brinkmann has details.

    Of course, I don’t recommend that you install it. Let’s see what happens to the cannon fodder.

    Per @Microfix

    MSFT have also released an updated SSU patch and compatibility update for W10 v1809 yesterday 22nd July 2019. More info over in the Microsoft Catalog :

    KB4505657 – Compatibility update for installing Windows 10, version 1809

    KB4512937 – Servicing Stack Update for Windows 10 Version 1809

    Thx to @Microfix, @b, @EP, @Alex5723.

  • Microsoft surreptitiously adds telemetry functionality to July 2019 Win7 Security-only patch

    Unannounced, Microsoft has added telemetry functionality to the July 2019 Security-only Update for Windows 7 KB4507456. Alerted on Patch Tuesday by an anonymous poster:

    Warning for group B Windows 7 users!

    The “July 9, 2019—KB4507456 (Security-only update)” is NOT “security-only” update.

    It replaces infamous KB2952664 and contains telemetry. Some details can be found in  file information for update 4507456 (keywords: “telemetry”, “diagtrack” and “appraiser”) and under (in “Package details”->”This update replaces the following updates” and there is KB2952664 listed).

    It doesn’t apply for IA-64-based systems, but applies both x64 and x86-based systems.

    Microsoft included the KB2952664 functionality (known as the “Compatibility Appraiser”) in the Security Quality Monthly Rollups for Windows 7 back in September 2018. The move was announced by Microsoft ahead of time.

    With the July 2019-07 Security Only Quality Update KB4507456, Microsoft has slipped this functionality into a security-only patch without any warning, thus adding the “Compatibility Appraiser” and its scheduled tasks (telemetry) to the update. The package details for KB4507456 say it replaces KB2952664 (among other updates).

    Come on Microsoft. This is not a security-only update. How do you justify this sneaky behavior? Where is the transparency now.

    Susan, we need your Pinocchio with a loooooong nose.

    UPDATE: Details on ComputerWorld. Woody on Windows

  • July 2019 Patch Tuesday has arrived

    There are 212 entries in the Windows Update Catalog for July.

    Two major issues affecting all versions of Windows have been addressed by Microsoft, along with many other fixes affecting specific versions.

    • Addresses an issue that causes Internet Explorer 11 to stop working when it opens or interacts with Scalable Vector Graphics (SVG) markers, including Power BI line charts with markers.
    • Addresses an issue that may display the error, “MMC has detected an error in a snap-in and will unload it.” when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.

    SHA-2 Code Signing
    For Windows 7 Users, the SHA-2 Code Signing Support becomes mandatory in July. You will need to have KB4474419 (the SHA-2 update) and KB4490628 (2019-03 Servicing Stack) installed for Win7 SP1, Server 2008 R2 SP1, and Server 2008 SP2 prior to August updates.

    Martin Brinkman has his usual thorough summary posted on ghacks.

    Windows 7: 21 vulnerabilities: 1 rated critical and 20 rated important
    Windows 8.1: 19 vulnerabilities: 1 rated critical and 18 rated important
    Windows 10 version 1703: 24 vulnerabilities: 1 critical and 23 important
    Windows 10 version 1709: 36 vulnerabilities: 1 critical and 35 important
    Windows 10 version 1803: 37 vulnerabilities: 1 critical and 36 important
    Windows 10 version 1809: 36 vulnerabilities: 1 critical and 35 important
    Windows 10 version 1903: 36 vulnerabilities: 1 critical and 35 important

    Internet Explorer 11: 6 vulnerabilities: 6 critical
    Microsoft Edge: 7 vulnerabilities: 7 critical

    The Security Update Guide lists 1,854 new individual patches today.

    For those of you updating manually, there are new Servicing Stack Updates for all versions of Windows 10, Windows 8.1, and for Windows 8 Embedded.

    Updates are available for Microsoft Office MSI products: Office 2016, Office 2013, Office 2010, Office 2016 Language Interface Pack, and SharePoint Servers.

  • MS-DEFCON 2: Patch Tuesday beckons, make sure Auto Update is turned off

    Tomorrow’s Patch Tuesday and you probably know what that means – it’s a good time to get Windows Automatic Update turned off.

    This month we have some fun ‘n games because those of you on Win10 version 1903 may witness a disappearing section in Update Options. But never fear. There are workarounds. (More like yelling at the Microsoft kids to get off the lawn, but nevermind.)

    One thing you should ponder: If Win10 1909 is going to be a Service Pack (with a different name) and it’s being distributed as a cumulative update (again, you have to wonder which bug fixes MS is holding back to beef up the 1909 cumulative update), how does that effect the “feature update deferral” setting. Will 1909 be a new “version” in the classic sense – thus allowing a feature update deferral? Or will it be a cumulative update – thus being put off by the “quality update deferral” setting? Will MS continue to release cumulative updates for 1903 after it’s delivered 1909? (There are parallels to Win7 and Win8, but I doubt that anybody’s thought about that.)

    I think it’s great that we’re finally getting some relief from the insane two-versions-a-year pace. But has anybody thought through how this is, you know, actually going to work?

    Anyway, details in Computerworld. Woody on Windows.