Newsletter Archives

  • More June security patching bugs: You can patch an IE security hole, or print inside iFrames – but not both

    The latest IE patching conundrum deals with a bug in the June patches that broke the ability to print in iFrames. Automatic Update flops between one choice and the other.

    Computerworld Woody on Windows

  • A most unusual Patch Tuesday

    Microsoft has released its usual Patch Tuesday flood, and it’s enormous: 358 patches addressing 96 individually identified security holes. Gregg Keizer at Computerworld just posted a thorough overview.

    Martin Brinkmann at has the full list. Here’s the summary:

    • Windows 7:  48 vulnerabilities of which 6 are rated critical, and 42 important
    • Windows 8.1: 52 vulnerabilities of which 8 are rated critical, and the remaining 44 important
    • Windows RT 8.1: 48 vulnerabilities of which 8 are rated critical, and 40 important
    • Windows 10 version 1703: 45 vulnerabilities of which 7 are rated critical, and 38 important.

    At the same time, Microsoft has released individual patches for Windows XP and Vista – both of which are beyond their end of support dates.

    There’s a reason why Microsoft released XP/Server 2003 updates – they didn’t bother to patch either last month, with the WinXP patch for WannaCry.

    Full details in my Woody on Windows blog, which has just moved from InfoWorld to Computerworld.

    UPDATE: Microsoft even released a patch for Win10 1507 — the original, “RTM” release, which is supposed to be out of support. See KB 4022727.

    Brad Sams, writing on, calls the XP patch “a dangerous precedent.” I say hogwash. It’s an overdue CYA patch. Can you imagine what would happen with a working XP SMB worm?

    Peter Bright = Dr. Pizza, writing on Ars Technica says “Microsoft’s decision to patch Windows XP is a mistake.” I say he’s wrong. Microsoft didn’t have any choice – and won’t have any choice, in the future, but to patch NSA-derived security holes in all versions of Windows from XP onward.

    Dan Goodin, also on Ars Technica, now has technical details. He hits the nail on the head when he says, in conclusion:

    Company officials are showing that, as much as they don’t want to set a precedent for patching unsupported Windows versions, they vastly prefer that option to a potential replay of the WCry outbreak.

    And, I would add, a potential replay of the WannaCry outbreak long after learning the details from the NSA.

    This doesn’t smell right.