Newsletter Archives

  • MS-DEFCON 4: Time to get the November patches installed

    A few quick notes:

    • I’m recommending that Win10 Home users move to version 1903 (or 1909). The ability to Pause updates outweighs the potential hassles and problems with changing versions. That said, I still recommend that Win10 Pro users stay on 1809 (awaiting results of the December patches).
    • There’s a bug in the Office patches that throws bogus “Query … is corrupt” errors. If you hit that error, you need to manually install a fix.
    • The manually installed “Group B” security-only patches for Win7 and 8.1 do not include telemetry this month. But you will need the SHA-2 patch to get the Win7 patch to install.

    Full details and step-by-step instructions in Computerworld. Woody on Windows

  • Where we stand with the November 2019 patches

    Sifting through the list of patches and patches-of-patches, we’re in pretty good shape.

    Susan has full patch-by-patch details in her latest AskWoody Plus Newsletter Patch Watch column. If you’re in charge of installing individual patches, that’s the list to watch.

    If you’re looking at the big picture, or working on an individual machine, I have an overview in Computerworld Woody on Windows.

  • Microsoft posts Monthly Rollup Previews for Win7, 8.1, Server 2008 SP2, 2012 and .NET

    A fascinating grab bag of fixes – with absolutely nothing that should interest most reasonably sane individuals.

    Details in Computerworld Woody on Windows.

  • Born: Microsoft incorrectly signed the MSRT update that’s been bouncing around. It’s fixed now.

    News on that infuriating MSRT update bug. If you recall, the version of KB 890830 that arrived on Patch Tuesday was all over the map. As I said in Computerworld:

    There are hundreds of reports online of people who found that the MSRT installer threw an 800B0109 and wouldn’t install; or installed but then reinstalled on reboot; showed up multiple times in the Installed Updates list; didn’t show up in the Installed Updates list in spite of running; and several variations on those themes.

    I also said that the bad patch was fixed on Tuesday night – but, at least for some people, it wasn’t.

    Now comes word from Günter Born about the root cause of the problem:

    Microsoft made a mistake signing the update package in question… KB 890830 is no longer available via Windows Update… Microsoft has updated the package (in the Update Catalog) for Windows 7 and Server 2008/r2 and replaced the faulty certificate.

    He reports that the newly updated (but not yet pushed) version installs correctly. (Actually, I should say “runs correctly,” because the MSRT programs just run, they don’t install anything.)

    UPDATE: @Speccy has observed that the problem isn’t with the certificate, but with our old friend the SHA-2 signing problem with Win7 patches. Looks like he’s right. Read more here.

  • November 2019 Patch Tuesday foibles

    Have a patching problem? Post it here.

    My tally so far (as of early Wednesday morning):

    • “3340 query is corrupted” errors in Access
    • an annoying carousel of never-ending Malicious Software Removal Tool (KB 890830) installations, now fixed
    • a re-release of Win10 version 1809, Server 1809 and Server 2019
    • several new Servicing Stack updates
    • another Internet Explorer “exploited” security hole shrouded in secrecy
    • a promise that we won’t see any more “optional non-security” cumulative updates this year
    • and a new but not new version 1909 rollout.

    Details in Computerworld Woody on Windows.

    UPDATE: Microsoft has documented the “Query is corrupt” bug in Access.

    This issue will be fixed [in December] for all versions:

    If you encounter this issue before the fix is available, the recommended workaround is to update the query so that it updates the results of another query, rather than updating a table directly.

  • November 2019 Patch Tuesday arrives – along with Win10 version 1909

    The patches are out. There are 116 new individual patches in the Update Catalog covering 74 separately identified security holes (CVEs).

    Worthy of note is the Win10 1903 cumulative update Knowledge Base article KB 4524570:

    To reflect this change, the release notes for Windows 10, version 1903 and Windows 10, version 1909 will share an update history page. Each release page will contain a list of addressed issues for both 1903 and 1909 versions. Note that the 1909 version will always contain the fixes for 1903; however, 1903 will not contain the fixes for 1909. This page will provide you with the build numbers for both 1909 and 1903 versions so that it will be easier for support to assist you if you encounter issues.

    That’s a significant question answered! Sure enough, the KB article has two pull-down sections, one for 1903 and one for 1909. Looks like the 1909 flavor only has the same patches as the 1903 version.

    I can confirm that KB 4524570 installed on my Win10 1909 test machine (which is not in the Insider program). Build 18363.476. Nothing has gone kablooey.

    There’s a new post on the Insider Blog that tells you how to get Win10 version 1909. Basically, follow all of the steps in How to block the Windows 10 November 2019 Update, version 1909, from installing, but at the end click Download and install now. That’s good news.

    Martin Brinkmann on posted the salient details:

    • Win7: 35 security holes
    • Win8.1: 37 security holes
    • Win10: 46 vulnerabilities

    And, of course, this is the last planned cumulative update for Win10 version 1803.

    There are links on to all of the downloads and KB articles, as well as an Excel overview.

    Dustin Childs has his usual rundown for the Zero Day Initiative. Of particular concern is yet another “exploited” hole in Internet Explorer:

     CVE-2019-1429 – Scripting Engine Memory Corruption Vulnerability Reported through the Google Threat Analysis Group, this patch for IE corrects a vulnerability in the way that the scripting engine handles objects in memory. This vague description for memory corruption means that an attacker can execute their code if an affected browser visits a malicious web page or opens a specially crafted Office document. That second vector means you need this patch even if you don’t use IE. Microsoft gives no information on the nature of the active attacks, but they are likely limited at this time.

    At least we aren’t seeing another round of chicken-with-its-head-cut-off multiple out-of-band patches for an obscure in the wild exploit, like we did last month. I’ll keep an eye on it and let you know if it starts causing problems for anyone other than nuclear research firms and missile launch systems.

    @PKCano advises that there are new SSUs on the hoof:

    KB 4523206 for Win7
    KB 4524445 for Win8.1

  • MS-DEFCON 2: Make sure Automatic Update is temporarily switched off

    With Patch Tuesday tomorrow, and a Win10 1909 upgrade waiting in the wings, now’s a good time to check that Automatic Update’s temporarily turned off.

    As usual, there are full step-by-step instructions in Computerworld Woody on Windows.