News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Here’s why we’re not patching Internet Explorer

    Posted on September 30th, 2019 at 01:05 Tracey Capen Comment on the AskWoody Lounge

    PATCH WATCH

    By Susan Bradley

    There’s no way to sugar-coat this: The current Windows updating situation is a disaster.

    No, I’m not talking about the usual round of side effects in the second–Patch Tuesday updates, the lack of overall patch quality, or the known issues that impact only a small set of Windows users but that we’re still forced to track.

    Read the full story in AskWoody Plus Newsletter 16.35.0 (2019-09-30).

  • August update warnings prove overblown

    Posted on August 19th, 2019 at 01:05 Tracey Capen Comment on the AskWoody Lounge

    PATCH WATCH

    By Susan Bradley

    Recent headlines might make you think we’re deep into a Windows-patching panic.

    The buzz centered on August’s Windows updates — specifically, more fixes for the ongoing Remote Desktop Protocol (RDP) threat, aka BlueKeep. But the predictions of doom were, as usual, well off course.

    Read the full story in AskWoody Plus Newsletter 16.29.0 (2019-08-19).

  • History of cumulative updates for .NET Framework for Win10 1809 and Server 2019

    Posted on April 3rd, 2019 at 19:30 woody Comment on the AskWoody Lounge

    Patch Lady Susan Bradley just discovered this gem.

    Yes, there was a cumulative update for .NET Framework 3.5 and 4.7.2, for Win10 1809, released on April 2.

  • What’s happening with Win7 .NET updates?

    Posted on October 21st, 2017 at 13:29 woody Comment on the AskWoody Lounge

    Just got this from reader OC:

    Today I received from MS new updates for my Win 7 Pro, x64, SP1 (to be installed when I decide to), for .NET 4.6.4, 4.61. 4.62, 4.7; another for 4.5.2 and a third for 3.5.1.
    They are, respectively, kb4040973; … 77; … 80 (the first 5 digits are the same for all three.)

    Further, the message says they replace kb2978120 and … 28.

    Now, when going to the MS page with the explanation and I click on the corresponding kb, say …73 to go to the site where there is a link to the MS site where I can download it, that takes me to a page for …86; when I click on the next one, it also takes me to a page for a different kb, and same for the third one. And they are all include fixes, not the ones advertised in the message, but for … 4.7 ! (Which, according to your site, is best avoided, for now.)

    I hope this can be cleared out in the not too distant future. In the meantime, I am keeping this update parked “unticked” in my machine, until that clarification happens, or until postings in your site advise that it is OK to go ahead and install them as they are, or…

  • .NET Framework 4.7 is now available for Win7 SP1

    Posted on June 14th, 2017 at 07:49 PKCano Comment on the AskWoody Lounge

    This question from poster @CraigS526

    I upgraded not long ago to .Net Framework 4.6.2 JUST to get Longer File names and had No Issues. It never came up in Win Update to go from 4.6.1 — to ( .2 ) — so IF it is Not an option in June, is there any reason NOT to Install 4.7 Manually?

    .NET Framework 4.7 has just recently become available for Win7 SP1. Perhaps it would be a good idea to do some research on the problems with installation and use in Win7 SP1 before moving forward.

    Read here about the DirectX Dependency

    The DirectX dependency is now available in the Preview of Monthly Rollup released via Windows Update on May 16, 2017. The Monthly Rollup is also available for deployment via WSUS and the Microsoft Update Catalog under the following Knowledge Base Article ids:

    Windows 7 SP1 and Server 2008 R2 SP2: KB4019265
    Windows Server 2012: KB4019218

    The DirectX dependency is also available outside of the Monthly Rollup as an independent/standalone package in the Microsoft Update Catalog. Due to its relatively smaller size as compared to the Monthly Rollup package, this standalone package may be preferable for ISVs that need to redistribute the .NET Framework 4.7 with their application.

    Please see the following for more information: The .NET Framework 4.7 installation is blocked on Windows 7, Windows Server 2008 R2 and Windows Server 2012 because of a missing d3dcompiler update.

    And some information on known issues can be found here.

    .NET Framework 4.7 is also available for Win8.1 as a recommended update through Windows Update as of June 2017. It is also available for versions Win10, and as a part of Win10 Creators Update.

    Join us for further discussion on .NET Framework 4.7 on Win7 SP1 at Our .Net Framework 4.7 Upgrade Intentions

  • .NET Framework patch numbering screw-up?

    Posted on September 25th, 2016 at 07:35 woody Comment on the AskWoody Lounge

    Message from JO:

    I have two .NET Framework updates pending on my Windows 7 Service Pack 1 64-bit computer.  KB3102433 – “Microsoft .NET Framework 4.6.1 for Windows 7 for x64” published 2/9/2016 is a recommended update.  Being offered this update is understandable because the latest version of .NET Framework installed on my computer is 4.5.2, at least that is what is shown under programs on the control panel.  KB3179930 – “Reliability Rollup for Microsoft .NET Framework 4.5.2, 4.6, and 4.6.1 on Windows 7 and Server 2008 R2 for x64” published 9/22/2016 is an optional update.  The information that Microsoft provides under the “More information” link references a different KB number (3179949) and makes no mention of .NET Framework 4.5.2.  In fact, the prerequisite is that .NET Framework 4.6 or 4.6.1 must be installed.
     
    I am in no hurry to install any of these.  Nevertheless, I am wondering whether KB3179930 is actually an update that is designed for .NET Framework 4.5.2 as advertised in the title of this update.

    Anybody know for sure?

  • MS09-054 patch zaps Firefox

    Posted on October 17th, 2009 at 07:14 woody Comment on the AskWoody Lounge

    Now it looks like this round of patches includes one, MS09-054, that messes up Firefox.

    If you have .NET Framework 3.5 SP1 installed, and you use Firefox, you’re opening up your system to all sorts of mayhem. The mayhem was supposed to be plugged by MS09-054, but it only made the situation worse. The problem? A Firefox plug-in that Microsoft installs called the Windows Presentation Foundation.

    Just in from the SANS Internet Storm Center:

    if you use Windows, install patches, and also have Firefox, oddly enough you will want to read the following Microsoft KB article entitled “How to remove the .NET Framework Assistant for Firefox

    UPDATE: Ryan Naraine at ZDNet has the details. Yes, Microsoft installed a “patch” with a security hole that affects Firefox. If you have automatic updates turned on, or you got fooled into installing MS09-054, you have to go into Firefox and manually turn off the bleeding add-on that Microsoft surreptitiously put on your computer.

    REALLY COOL UPDATE:

    I just re-started Firefox and it caught the two suckers. “Firefox has determined that the following add-ons are known to cause stability or security problems.” The culprits: .NET Framework Assistant and Windows Presentation Foundation. Both are blocked by default. Restart Firefox and you’ll be rid of the pests.

    Take THAT Microsoft…

    ANOTHER UPDATE: One reader left a comment about this patch, and I wanted to clarify. Yes, indeed, this patch was supposed to fix the earlier security hole created when Microsoft took it upon itself to install the .NET Framework Assistant in Firefox. (I cried about that patch in a blog entry four months ago.) While MS09-054 was supposed to fix the hole in Firefox introduced by Microsoft, it’s much smarter to simply disable Microsoft’s .NET Framework Assistant for Firefox. That’s exactly what Firefox has done. (Indeed, it’s what Microsoft recommended!) It isn’t clear, at this point, if MS09-054 makes the problem worse or not – thus the markthrough edits to the beginning of this post.

  • MS-DEFCON 4: Apply all outstanding patches except 951847 and 960715, and watch out for other problems

    Posted on April 5th, 2009 at 06:00 woody Comment on the AskWoody Lounge

    It’s time to get patched up.

    Last month’s crop of Black Tuesday patches turned out pretty good. One of them, KB 959772, is a CYA patch that lets people play music they’ve already bought from Microsoft. None of the three seems to be causing undue heartache.

    I still recommend that you HOLD OFF on these patches:

    KB 951847 is a mess of a patch of a patch of a patch of the .NET Framework in Windows XP. I’m beginning to think that it’ll never get fixed – you’re better off waiting until you upgrade to Vista or (better) Windows 7, which have .NET baked in.

    KB 960715, the ActiveX killbit update, still breaks many programs. I don’t think the cure is any better than the disease. Of course, you’re using Firefox (or Chrome) – or any Web browser that doesn’t directly expose your machine to ActiveX infections, right?

    KB 967715, the Conficker-killer that doesn’t work, is worth installing, but make sure you understand its limitations, as I posted in mid-March.

    I’m still ambivalent about Windows XP Service Pack 3, KB 936929. If you’ve been keeping up on all of your patches, it’s a toss-up. If you decide to install it, and you have problems, be sure to check out Microsoft’s Knowledge Base article KB 950718.

    I’m also ambivalent about Internet Explorer 8. Mark Edwards has a good analysis of the situation on the Windows Secrets web site.

    That brings us down to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

    To get patched up, click Start, All Programs. Near the top of the list you see either Windows Update or Microsoft Update. Click on that and tell Windows Update that you want to perform a “Custom” update. Be prepared to spend ten to fifteen minutes – longer, if you haven’t patched in a while. When you’re done, make sure you have Automatic Updates set to “Notify but don’t download or install” by clicking Start, Control Panel, Security Center.

    My general admonition about applying hardware driver patches still applies: Ain’t broke, don’t fix. That is, unless you have a very specific reason for installing a new driver, don’t do it.