Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Outlook 2007 and 2010 security patches scramble languages, break printing on custom forms

    Posted on September 15th, 2017 at 06:00 woody Comment on the AskWoody Lounge

    Both Outlook 2007 and 2010 security patches for September have been implicated in switching languages — Swedish menus in the Hungarian version, for example. Outlook 2010’s patch has the additional distinction of breaking custom form print function.

    Computerworld Woody on Windows

  • A warning about this month’s security patches

    Posted on September 14th, 2017 at 07:47 woody Comment on the AskWoody Lounge

    If you can’t avoid Word’s “Enable Editing” button, you’re better off installing this month’s .NET patches right now. If you’re running Win10, yes, that means you need to install the cumulative updates – bugs and all.

    Of course, the smarter alternative is to just cut off your clicking finger.

    It’s a damned-if-you-do situation, but in this case – if you can’t keep from clicking “Enable Editing” – you’re better off installing the patch(es) and dealing with the bugs later.

    Computerworld Woody on Windows

  • Bloated Patch Tuesday brings fix for nasty Word/RTF/Net vulnerability

    Posted on September 13th, 2017 at 05:58 woody Comment on the AskWoody Lounge

    For you folks guarding Russian-language espionage worthy secrets, there’s a hundred or so patches I need to tell you about.

    For the rest of you, hang tight. We’re still at MS-DEFCON 2. Let’s wait and see what problems flush out of this month’s huge round of Patch Tuesday patches.

    Computerworld Woody on Windows.

    UPDATE: Ars Technica’s Dan Goodin just tweeted that there is now public exploit code for CVE-2017-8759 making the rounds. That steps up the pressure to patch, considerably.

    ANOTHER UPDATE: Good question from an anonymous commenter:

    does this same vuln still apply if RTF file is opened instead in Wordpad?

    Answer: No. It requires Word, and Word cannot be running in Preview Mode. If you open RTF files with Wordpad, the Word Viewer, or any of a gazillion RTF readers (including OpenOffice), the .NET bug is NOT triggered.

  • September Security patches for Windows and Office are out

    Posted on September 12th, 2017 at 12:06 woody Comment on the AskWoody Lounge

    I’ll keep this post updated (as I furtively watch the Apple announcement – there’s a reliable one on YouTube).

    Overall list here. I see 259 individual security patches.

    Martin Brinkmann just posted his overview on the Ghacks site.

    • Windows 7:  22 vulnerabilities of which 3 are rated critical, 19 important
    • Windows 8.1: 26 vulnerabilities of which 4 are rated critical, 22 important
    • Windows 10 version 1703: 25 vulnerabilities of which 2 are rated critical, 23 important

    I swear, I don’t know how Martin gets his list out so quickly.

    The release notes still refer to the 1507 LTSB edition (now known as the Win10 2015 LTSC).

    Win10 1703 (Creators Update) cumulative update announced, build 15063.608. It’s huge – many dozens of bug fixes, in addition to multiple security patches. Watch out for this one!

    Win10 1607 (Anniversary Update) cumulative update announced, build 14393.1715. A half dozen bug fixes and all those security updates.

    September Office Updates for all versions are available here. Considering the recent track record, you may want to wait on these.

    The Windows Update release list now has the Sept. 12 entries.

    For those of you who only want to install “Group B” security patches (NOTE: I strongly recommend against it; much too early!) PKCano advises:

    Win 7 KB 4038779 – Download 32-bit or 64-bit  IE11 KB 4036586- Download 32-bit or 64-bit

    Win8.1 Security-only KB 4038793 – Download 32-bit or 64-bit  IE11 KB 4036586- Download 32-bit or 64-bit

    While this site is broken, if you want to retrieve an old version of the list of “Group B” patches, start with the Internet Archive.

    Microsoft posted an advisory about a specific security hole in Word, CVE-2017-8759, that involves opening an RTF file, then changing from Protected View to enable edits. If you’re opening RTF files in Word, then switching them to enable edits, and fear an infection from the Russian-linked NEODYMIUM group, you need to get a bunch of Windows and .NET patches installed. Yes, all versions of Windows are susceptible, including all the Win10 variants, as well as all versions of .NET, including the very new .NET Framework 4.6. Full list of patches here.

    Two critical security holes in Adobe Flash Player, security update APSB17-28.

  • MS-DEFCON 2: Time to make sure Windows Automatic Update is turned off

    Posted on September 11th, 2017 at 12:43 woody Comment on the AskWoody Lounge

    Unfortunately the comments on this site aren’t working right, but as soon as they’re up again, you’re most welcome to post about your experiences.

    Computerworld Woody on Windows

  • Office non-security patches for September 2017 are available

    Posted on September 5th, 2017 at 12:39 PKCano Comment on the AskWoody Lounge

    These are September patches. They are NOT covered under the current 9/5/2017 MS-DEFCON 3 unbrella for August patches. You do NOT want to install them yet (unless you want to be an unpaid Beta tester).

    Office 2013
    Update for Microsoft Office 2013 (KB3172484)
    Update for Microsoft Office 2013 (KB3172512)
    Update for Microsoft Office 2013 (KB3203486)
    Update for Microsoft Office 2013 (KB3213536)
    Update for Microsoft Office 2013 (KB4011087)
    Update for Microsoft Office 2013 (KB4011106)
    Update for Microsoft Project 2013 (KB4011109)
    Update for Microsoft Visio 2013 (KB3191936)
    Update for Microsoft Word 2013 (KB4011105)

    Office 2016

    Update for Microsoft Access 2016 (KB4011032)
    Update for Microsoft Office 2016 (KB3191923)
    Update for Microsoft Office 2016 (KB3191924)
    Update for Microsoft Office 2016 (KB3203478)
    Update for Microsoft Office 2016 (KB3203482)
    Update for Microsoft Office 2016 (KB4011093)
    Update for Microsoft Office 2016 (KB4011099)
    Update for Microsoft Office 2016 (KB4011102)
    Update for Microsoft Office 2016 Language Interface Pack (KB4011098)
    Update for Microsoft OneNote 2016 (KB4011092)
    Update for Microsoft Project 2016 (KB4011101)
    Update for Microsoft Visio 2016 (KB4011096)
    Update for Microsoft Word 2016 (KB4011039)

     

    Office 2007 is on extended support. It no longer receives non-security updates. There were no updates listed for Office 2010. Security patches for all current supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday)