Newsletter Archives

• MS-DEFCON 3: Get the October patches installed

  Posted on October 29, 2020 at 23:49 CDT by woody • Comment in the Forums

  We’re seeing some funny business with the ancillary patches this month, but the mainstream Windows cumulative updates and Office patches look good to go.

  Big question is whether you want to upgrade from Win10 version 1909 to version 2004. I have a few observations. Bottom line: Susan Bradley has upgraded her 1909 machines to 2004. I’m still sitting on a fence. Really, there’s exactly nothing in 2004 that most people will want.

  Step-by-step details in Computerworld Woody on Windows.

  Windows Patches/Security MS-DEFCON 3, October 2020 Black Tuesday

• About that Flash-zapping patch, KB 4577586? One leeetle problem. It doesn’t remove Flash.

  Posted on October 27, 2020 at 21:08 CDT by woody • Comment in the Forums

  Earlier today Microsoft released KB 4577586, the “Update for the removal of Adobe Flash Player: October 27, 2020.” As Susan notes in the entry below, it’s only available if you manually download and install it from the Microsoft Catalog.

  Now comes word from Lawrence Abrams at BleepingComputer that the patch doesn’t do anything of the sort:

  In our tests, though, Adobe Flash Player remained installed after installing the update… When we checked the Adobe Flash Player component in Microsoft Edge, it was still installed after installing the update.

  Let’s hear it for Microsoft’s testers – the unpaid ones, at least.

   

  Windows Patches/Security Flash, KB 4577586

• Where we stand with the October patches

  Posted on October 22, 2020 at 00:26 CDT by woody • Comment in the Forums

  The run-of-the-mill cumulative updates had all the usual problems. But the other patches were a bit odd.

  I’m still amazed that the cumulative updates went out with a hard bug in an HP app, but HP has fixed its wayward ways.

  And we still don’t have the announced security fix for Microsoft Dynamics 365 Commerce.

  Winter – and version 20H2 – are coming.

  Details in Computerworld Woody on Windows.

  Windows Patches/Security October 2020 Black Tuesday

• Is KB 4580980, the .NET update preview for 1903 and 1909, being installed even if you don’t “seek” for it?

  Posted on October 20, 2020 at 21:12 CDT by woody • Comment in the Forums

  A distressing post from @Brockton:

  I’m running Win10 Home 1909 which was current with the October updates and currently updates are NOT paused.  I still have v2004 sitting in my update screen as an optional ‘download and install’.

  I just had a notification pop-up to restart my computer.  It turns out KB4580980 downloaded and installed without me checking for updates.  I figured with this being a preview it would be optional.  Note that when I system did it’s usual auto-check for updates it pushed the .NET preview without my permission.

  I know the thought was that if you un-pause updates it may perform a check and pull down the .NET preview … BUT my updates were not paused and it still auto-installed the .NET preview.  It was not optional like it used to be…

  it seemed to act like a standard ‘Patch Tuesday’ update that you’d typically pause and prepare for.  But I’m used to the preview patches showing as optional so I kept my updates un-paused not expecting this unless I manuall check for updates.  It seemed to get pushed through like the monthly standard updates that you get even if you don’t ‘seek’.

  Can you confirm? I’m not seeing it – but I’m paused.

  Windows Patches/Security .NET preview, KB 4580980

• A compatibility problem between Office 2010 and the Win10 version 2004 update?

  Posted on October 20, 2020 at 18:47 CDT by woody • Comment in the Forums

  Just got this report from BM:

  Just thought I would let you know that the 2004 update was a complete mess for me. It was pushed, I didn’t choose it. I run a Legion Y920-17IKB laptop with a licensed version of office 2010 (because I prefer it to 365). The update completely removed every office file I have created since October 2019. No files were saved in the update restore folder and restoring back to the previous version of windows didn’t recover the files. It also changed all the recents in those applications to files that were again, back from 2019.

  This is by far the worst update experience I’ve had, sharing it with you incase you can use it as a cautionary tale for your readers. Microsoft advice is to always back-up to the cloud. God I hate their updates so much! Just when you thought 2020 had thrown all it could at you…

  Anybody else seeing that?
  Office, Windows 10 Releases Office 2010, Win10 2004

• SwiftOnSecurity on Patch Tuesday

  Posted on October 17, 2020 at 20:41 CDT by woody • Comment in the Forums

  

  Man, ain’t that the truth….

  Windows Patches/Security

• Another HEVC codec bug fixed via the Microsoft Store – plus a couple of updates on this month’s mayhem

  Posted on October 15, 2020 at 22:58 CDT by woody • Comment in the Forums

  Back in July I wrote about two weird Microsoft Store patches for a couple of security holes in the HEVC codecs, which are programs that Microsoft created to let you play Apple HEVC files. (Protip: You probably don’t have them, unless you’ve installed codecs from the Store.)

  Now comes word that we have another identified security hole in that same HEVC codecs,

  CVE-2020-17022

  This warning isn’t for everybody. Per MS,

  Only customers who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.

  So unless you’ve specifically downloaded the Microsoft codec, you don’t need to worry about it – but be aware that this one is also coming through Windows Update the Microsoft Store. There’s a lengthy discussion of versions in the KB article.

  The announcement also says that CVE-2020-17022 is a security hole in Remote Desktop Services, but it isn’t. Be calm, grasshopper.

  There’s also a bug for Visual Studio programmers, CVE-2020-17023, which involves opening a nasty package.json file. If you’re using Visual Studio, watch out.

  Finally, we have CVE-2020-16943, which was just updated (the original notice was released on Patch Tuesday). The problem? This security hole is in Microsoft Dynamics 365 Commerce. Microsoft posted about the fix on Patch Tuesday and then decided, two days later, to tell people that it doesn’t yet have a fix:

  The security update for Dynamics 365 Commerce is not immediately available. The update will be released as soon as possible, and when it becomes available, customers will be notified via a revision to this CVE information.

  Golly.

  Windows Patches/Security October 2020 Black Tuesday

• Win10 version 2004 systemwide password “amnesia” – a fix?

  Posted on October 15, 2020 at 18:12 CDT by woody • Comment in the Forums

  I wrote about this unusual – but very frustrating – bug a month ago:

  The upgrade to 2004 applies fine but I keep getting prompted for passwords to sign into applications, google, facebook, outlook, and others. It seems the credential manager is not remembering passwords with a local admin account. It will for a while but the password is getting wiped out.

  @WarningU2 has found a workaround that involves running a specific (and formidable) PowerShell command.

  The bug’s still there. But it looks like this one command makes things work again.

  Windows 10 Releases Password Amnesia, Win10 2004 bugs
• « Older Entries