Newsletter Archives

  • Is it safe yet?


    By Susan Bradley

    Every month, Windows users have to ask the same question: “Is it safe to patch yet?”

    As is all too common, the issues and concerns I had at the beginning of this month are not the ones I have a few weeks later. Case in point: I thought for sure we’d have more screams of frustration when the recent Office updates started blocking Web information requested by Visual Basic apps.

    But no: I’m mostly tracking possible issues with the Windows 10 1909 update. It’s sort of similar to how we’re feeling these days about staying in or going out; I don’t think you’ll see any issues, but I also can’t guarantee you won’t. It’s confusing, I know.

    Read the full story in AskWoody Plus Newsletter 17.17.0 (2020-05-04).

  • Do you want to protect yourself against BlueKeep, or break Visual Basic?

    Gawd this is tiresome.

    If you read somewhere that you have to install the August patches, even though you read somewhere that you can’t install the August patches (e.g., if you use Juris), chill. The authors of those advisories are parroting things that they’ve read that they don’t understand.

    Installing patches right now is not a good idea. In very rare circumstances, you need to install a patch soon after it arrives. This isn’t one of those circumstances.

    Right now, we know for sure that these August patches break VB, VBA and VBScript in some situations. Günter Born has a good explainer, which points the finger at array handling. An anonymous follow-on post says it’s related to working with empty arrays.

    You’ll get hit if you’re using Raiser’s Edge, Financial Edge, Education Edge, Epic, Ivanti Workspace Control, or Juris. All have been mentioned by name in our forums.

    DejaBlue, on the other hand — BlueKeep II, III, IV and V — remain theoretical. They, like BlueKeep, will pose a threat at some point. But that point isn’t now.

    It looks like Metasploit is poised to add a BlueKeep module to its package at some point in the next week or two. You’re protected if you followed my instructions and have installed any Windows patch from May onward.

    Meanwhile, there are no credible reports that I can see of a BlueKeep infection. And DejaBlue? I haven’t heard of anything beyond bluescreens.

    Meanwhile, every local news show is telling people to patch now. Bah.

  • Microsoft quietly updates all of this month’s Windows patches warning about conflicts with Visual Basic 6, VBA and VBScript

    Sometime in the past few hours, the KB articles for every August Windows patch have been updated with this “Known issue”

    After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

    I can’t find any independent description of the problem. Can you?

    And… who tests this stuff anyway? It’s VB, fer heaven’s sake.

    More in Computerworld Woody on Windows.