Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • DDEAUTO vulnerability evolving

    Posted on October 22nd, 2017 at 14:29 Kirsty Comment on the AskWoody Lounge

    Further to recent news on DDEAUTO vulnerability, this threat has, like all good malware, evolved.

    From nakedsecurity.sophos.com:

    On Friday, independent reports surfaced showing that it’s possible to run DDE attacks in Outlook using emails and calendar invites formatted using Microsoft Outlook Rich Text Format (RTF), not just by sending Office files attached to emails.

    In the original attack users had to be coaxed into opening malicious attachments. By putting the code into the email message body itself, the attack comes one step closer, meaning that the social engineering needed to talk a recipient into falling for it becomes easier.

    The good news is that whether a DDE attack comes via an attachment or directly in an email or a calendar invite, you can stop the attack easily:
    Just say no

    You can read their article here

    AdminITs might like to check out the Microsoft blog on ASR (Attack Surface Reduction), which is said to mitigate the risks – linked in the AdminIT Lounge topic “Enable Attack Surface Reduction in Win10-1709“.

  • More problems with Win10 FCU – missing icons, no Start entries

    Posted on October 21st, 2017 at 18:26 woody Comment on the AskWoody Lounge

    I saw a screenshot of this, but didn’t believe my eyes.

    From a post by KevinWash1 on the MS Answers forum:

    I just upgraded to the Windows 10 Fall creators update after the update I now have missing icons for some of my store apps they are completely gone from the start screen and if I search through Cortana they do not come up some of the icons on the task bar are missing however if I click on the missing icon blank area I get a highlight under mouse and the app launches all of the missing apps on the start screen do show up in the apps list when I go into settings so they are on the computer if I go to the store and search for the missing apps I get the prompt saying they are installed and when I click launch they will launch properly from within the store, but that is the only way.

    Microsoft’s Jestoni Mac confirms in Missing apps after installing Windows 10 Fall Creators Update.

    After installing the Windows 10 Fall Creators Update, some apps are missing from the Start Menu on some devices.  The missing apps are no longer pinned in the Start Menu, nor are they in the list of apps.  If I search for the app, Cortana is not able to find it and instead points me to the Store to install it.  But the Store says that the app is already installed.

    Later in that same thread,

    I also upgraded to FCU using Microsoft account. My user folder suddenly changed; In the Creators Update itself, my username and user folder name are truncated from say ‘Johndoe’ to ‘Johnd’ after upgrading from Anniversary Update. Now moving from CU to FCU, my username changed back to Microsoft account name ‘Johndoe’. I lost access to ‘Store’ app and many UWP apps and my files in library.

    There are some solutions proposed in both of those threads, but nothing seems to work.

  • What’s happening with Win7 .NET updates?

    Posted on October 21st, 2017 at 13:29 woody Comment on the AskWoody Lounge

    Just got this from reader OC:

    Today I received from MS new updates for my Win 7 Pro, x64, SP1 (to be installed when I decide to), for .NET 4.6.4, 4.61. 4.62, 4.7; another for 4.5.2 and a third for 3.5.1.
    They are, respectively, kb4040973; … 77; … 80 (the first 5 digits are the same for all three.)

    Further, the message says they replace kb2978120 and … 28.

    Now, when going to the MS page with the explanation and I click on the corresponding kb, say …73 to go to the site where there is a link to the MS site where I can download it, that takes me to a page for …86; when I click on the next one, it also takes me to a page for a different kb, and same for the third one. And they are all include fixes, not the ones advertised in the message, but for … 4.7 ! (Which, according to your site, is best avoided, for now.)

    I hope this can be cleared out in the not too distant future. In the meantime, I am keeping this update parked “unticked” in my machine, until that clarification happens, or until postings in your site advise that it is OK to go ahead and install them as they are, or…

  • Win10 Fall Creators Update Store problems appear to be solved

    Posted on October 21st, 2017 at 07:48 woody Comment on the AskWoody Lounge

    Well I’ll be…

    I bumped into Günter Born’s article this morning, saying that the “Something bad happened” bug has been fixed. Flipped over to my 1709 machine and, sure enough, as soon as I clicked on the “Store” icon, it updated itself.

    I now have a new icon in the taskbar – more colorful than the old one – and the store now identifies itself as “Microsoft Store.”

    That’s the difference between updating through Windows Update (where you can control things) and updating through the Store.

  • New directions for Win 7 and 8.1 patching

    Posted on October 19th, 2017 at 20:59 woody Comment on the AskWoody Lounge

    I think it’s time to re-evaluate the “Group A” and “Group B” instructions for updating Windows 7 and 8.1. It’s been one year since Microsoft announced that it was grouping together patches – the “patchocalypse” – and we’ve seen a lot of water under multiple bridges.

    With the advent of MS17-010, there’s no question that patching is a must. Group W is no longer viable.

    @MrBrian and many others are now convinced that Group B doesn’t work either. Lots of details, lots of problems – and those who manually install security-only updates are finding that Microsoft hasn’t made life easy. Or perhaps even tolerable.

    Now it looks like my old instructions for Group A aren’t going to work any more, either. In particular there are problems with hiding individual patches that may bite back.

    So I’m opening up the floor for discussion. Two questions:

    Is it ever going to be possible for “normal” people – by which I mean people who don’t have time to spend hours every day – to manually download and install all of the patches they need?

    For those who stick with Microsoft’s preferred approach, is there anything “normal” people can do to avoid really bad patches? And is it possible to curtail Microsoft’s snooping in the process?

    Your comments and insight most welcome.

  • Microsoft security’s unseemly jab at Google

    Posted on October 19th, 2017 at 08:29 woody Comment on the AskWoody Lounge

    In yesterday’s Windows Security blog post Browser security beyond sandboxing, Microsoft’s Jordan Rabet (part of the “Microsoft Offensive Security Research team” – no, I didn’t make that up) took aim at Google. There’s a whole lot of technical discussion about the superiority of Edge in that article. There’s also a deep dig at Google.

    Catalin Cimpanu at Bleepingcomputer boils it down:

    The problem that Rabet pointed out was that the fix for the bug they reported was pushed to the V8 GitHub repository, allowing attackers to potentially reverse engineer the patch and discover the source of the vulnerability.

    It didn’t help that it took Google three more days to push the fix to the Chromium project and the Chrome browser, time in which an attacker could have exploited the flaw.

    Taking into account that this happened in mid-September, Microsoft had no reason to detail a bug in a Chrome version that’s not even current. Chrome 62 is the latest Chrome version.

    Paul Thurrott has a great article, turning Microsoft’s old words against itself.

    What Microsoft should have done is take the high ground. Do the right thing for your shared customers and just shut up about it. But it didn’t.

    It’s time for both sides to grow up and work together. Take potshots at each other, sure. But not over security.

    If you’re interested in browser security, I suggest you read it.

  • Big problems with Win7 Preview of Monthly Rollup KB4041686

    Posted on October 18th, 2017 at 07:41 woody Comment on the AskWoody Lounge

    I just saw a heads-up from @abbodi86 about the Monthly Rollup Preview for Win7 that was released yesterday. It’s KB 4041686, the 2017-10 Preview of Monthly Rollup.

    As you know, I strongly recommend against installing Previews — they’re “previews” precisely because they aren’t ready for prime time.

    Here’s the problem.

    After installing KB 4041686, a SFC (System File Check) scan will report and fix an error in \system32\drivers\en-US\usbhub.sys.mui — even though there is no error.

    This is precisely the problem @abbodi86 reported to Microsoft after installing the old KB 3125574, which is the “convenience rollup” I call “Win7 SP 2.”

    The bug was fixed in  KB 3181988, but it’s back again.

    If you install KB 4041686, you’ll trigger a bogus SFC error even if you have KB 3125574 installed.

    Is anybody at Microsoft listening?

  • Massive patch for those of you still on Win10 Anniversary Update

    Posted on October 18th, 2017 at 05:57 woody Comment on the AskWoody Lounge

    Yesterday, Microsoft released a gonzo pig of a patch for any of you who are still using Win10 1607, the Anniversary Update.

    KB 4041688 brings Win10 1607 up to build 14393.1794.

    In addition to the couple-dozen-or-so bug fixes, it also triggers the bogus “Unexpected error from external database driver” error for some custom database programs.

    Remember, we’re still on MS-DEFCON 2, and the ink isn’t yet dry on last week’s 1607 patch.