Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Big problems with Win7 Preview of Monthly Rollup KB4041686

    Posted on October 18th, 2017 at 07:41 woody Comment on the AskWoody Lounge

    I just saw a heads-up from @abbodi86 about the Monthly Rollup Preview for Win7 that was released yesterday. It’s KB 4041686, the 2017-10 Preview of Monthly Rollup.

    As you know, I strongly recommend against installing Previews — they’re “previews” precisely because they aren’t ready for prime time.

    Here’s the problem.

    After installing KB 4041686, a SFC (System File Check) scan will report and fix an error in \system32\drivers\en-US\usbhub.sys.mui — even though there is no error.

    This is precisely the problem @abbodi86 reported to Microsoft after installing the old KB 3125574, which is the “convenience rollup” I call “Win7 SP 2.”

    The bug was fixed in  KB 3181988, but it’s back again.

    If you install KB 4041686, you’ll trigger a bogus SFC error even if you have KB 3125574 installed.

    Is anybody at Microsoft listening?

  • Massive patch for those of you still on Win10 Anniversary Update

    Posted on October 18th, 2017 at 05:57 woody Comment on the AskWoody Lounge

    Yesterday, Microsoft released a gonzo pig of a patch for any of you who are still using Win10 1607, the Anniversary Update.

    KB 4014688 brings Win10 1607 up to build 14393.1794.

    In addition to the couple-dozen-or-so bug fixes, it also triggers the bogus “Unexpected error from external database driver” error for some custom database programs.

    Remember, we’re still on MS-DEFCON 2, and the ink isn’t yet dry on last week’s 1607 patch.

  • Anybody else seeing redlining after installing KB 4041693 on Server 2012R2?

    Posted on October 18th, 2017 at 05:43 woody Comment on the AskWoody Lounge

    I just got this inquiry on Facebook, from EK:

    all of our windows 2012r2 servers, after installing the updates are clocking up the CPU. and the only way to bring down the CPU is to actaully stop and disbale the windows update service. Just wondering if you heard about this?

    Can any of you 2012R2 users confirm?

  • MS-DEFCON 2, October Windows updates, and KRACK

    Posted on October 17th, 2017 at 10:21 woody Comment on the AskWoody Lounge

    I’m moving us down to MS-DEFCON 2. No, installing this month’s patches isn’t a good idea. But the situation that caused me to run up to MS-DEFCON 1 has been fixed.

    Microsoft fed the wrong updates to Windows Update servers (WSUS and SCCM) for four hours on Tuesday. Those bad updates – actually, combination of updates – caused many machines to throw blue screens. All of the affected machines were on Update servers. And by now all of those Update servers have been cleaned up. I hope.

    Still, the enormous number of problems with this month’s patches looms, with some new bugs just now coming to light.

    Many of you have written, asking if you need to apply the October Windows patches to protect against the KRACK Wi-Fi WPA2 security hole.

    Microsoft released a Security Alert yesterday that says, in effect, not to worry about KRACK because the hole was plugged in last week’s patches. Which is fine. But that’s no reason to run out and install the October Patch Tuesday patches right away. As of this moment, there are no known active breaches using KRACK, and there aren’t likely to be any anytime soon.

    KRACK is a real, significant threat, but it isn’t something you have to fix right away. Somebody may figure out a way to insert themselves into your Wi-Fi conversations using the KRACK approach, but “general availability” of that kind of exploit is a long way off — certainly months, possibly years.

    Stay cool. Keep calm. And let’s see if Microsoft fixes any more of the October bugs.

  • “Unexpected error from external database driver” error messages in Excel, Access, ODBC, cause by this month’s Windows patches

    Posted on October 17th, 2017 at 09:34 woody Comment on the AskWoody Lounge

    Yeah, I know it doesn’t make any sense, but that’s the general consensus. Looks like all of this month’s Windows patches changed the msexcl40.dll file to buggy version 4.0.9801.1.

    Computerworld Woody on Windows

    HOLY COW! Microsoft has modified all of the associated KB articles, not just acknowledging but explaining the error:

    Installing this update may cause applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) to fail when creating or opening Microsoft Excel .xls files. The error message is, “Unexpected error from external database driver (1). (Microsoft JET Database Engine)”.

    Download and install the Microsoft Access Database Engine 2010 Redistributable, and then modify the DB connection strings in Microsoft Excel to use ACE as a provider. Example: Change Provider=Microsoft.Jet.OLEDB.4.0 to Provider=Microsoft.ACE.OLEDB.12.0.

    Microsoft is working on a resolution and will provide an update in an upcoming release.

    That’s a third fix, reported in several Answers forum posts.

    Thx to @mrbrian and his eagle eye.

  • Is a Win10 1607 cumulative update re-enabling a disabled Windows Update service?

    Posted on October 16th, 2017 at 21:24 woody Comment on the AskWoody Lounge

    Intriguing question posed by Günter Born. He’s in contact with a Win10 1607 user (yes, Anniversary Update, not Creators Update) who had manually turned off the Windows Update service. After installing one of the October patches, Stefan says the Windows Update service now starts automatically.

    Stefan believes one of these patches flipped the Windows Update service back on: KB 4038782, 3186568, 4033637, 4035631, or the Flash Player update.

    Can anybody else confirm?

  • Adobe Flash player security update is out

    Posted on October 16th, 2017 at 14:38 woody Comment on the AskWoody Lounge

    A week late, but what the heck. APSB17-32.

    Details on the Adobe site.

  • KRACK attack – bad, but the sky isn’t falling

    Posted on October 16th, 2017 at 06:23 woody Comment on the AskWoody Lounge

    Overnight, interest in the so-called KRACK attack (“Key Reinstallation attack”) hit fever proportions. The details are now available.

    You can read the disclosure, by Mathy Vanhoef (from the Belgian university KU Leuven) on the newly minted krackattacks.com web site. The gist:

    We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted…

    The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.

    Kevin Beaumont has a tremendous analysis on the DoublePulsar site:

    So there’s a new Wi-Fi attack. In the media it is being presented as a flaw in WPA protocol which isn’t fixable. This isn’t true… The attack  realistically doesn’t work against Windows or iOS devices. The Group vuln is there, but it’s not near enough to actually do anything of interest.

    There is currently no publicly available code out there to attack this in the real world — you would need an incredibly high skill set and to be at the Wi-Fi base station to attack this.

    In short, it’s a real and severe flaw in the WPA2 algorithm that’s been artfully packaged and sold as a scary vulnerability. You’re going to read about it endlessly over the next few days. But it isn’t going to bite you any time soon.

    One of my favorite security guys, Rob Rosenberger had this curmudgeonly take:

    Dear Computer Users,

    Cybersecurity experts are booking themselves on talk shows to discuss #KRACK. Stand by; details to follow.

    Yep, the offal is about to hit the PR propeller.

    UPDATE: As I anticipated last night (see the next entry), Catalin Cimpanu at Bleepingcomputer has an excellent analysis.

    UPDATE: Lawrence Abrams at Bleepingcomputer has a list of all firmware and driver updates to handle KRACK. There’s also an enormous list of firms that haven’t yet responded.