Replies

You’re very welcome! 🙂 I see it got us both an answer we were looking forward to.

1 user thanked author for this post.

walker

@walker: From your description, you did indeed use the Options menu to effect the changes in your browser to enable its built-in ad and tracking blocking mechanism. That’s great!

There are a couple of ways to tweak it even further to really clamp down on the vast majority of ALL ads, but that also “breaks” the functionality of some very above-board sites that most of us tend to use on a fairly frequent basis, so I won’t attempt to describe it here.

If you have a sudden reappearance of the annoying pop-ups advertising browser updates or anything else you “suddenly” and “urgently” need, please feel free to post such occurrence(s) on this site and we’ll be happy to help you through it!

For now, I see NO need to change what you’ve been able to do with the help of the Firefox support page you’ve referenced. Just make sure that the setting for Tracking Protection within the Privacy & Security area of Firefox’s Options menu is set to Always and you should have no more real problems with those obnoxious pop-ups.

If you have ANY problems with a web site you regularly visit not displaying properly, just drop a line here and either one of the MVP’s or I will help you out!

Cybertooth wrote:

…I was hoping to do a search for discussions of KB4011276, for which the Microsoft Update Catalog mysteriously gives two listings that look identical in every respect, except the file size. Can’t determine if I should install only one of them (and which one), or both. Thanks.

If you haven’t found the answer yourself by now, I just did.

There are two “Download” buttons on that page of the Catalog, one on top of the other.

Clicking the top one of the two “Download” buttons yields a clickable link to a file that is meant for those who’ve set their systems up for using Chinese (not sure if it’s Traditional or simplified version of Chinese) as the default system language, because it has the string “zh-cn” towards the beginning of its file name.

The bottom one of the two “Download” buttons yields a file meant for those of us here in the U.S. who’ve set up their systems with English as the default system language, as it has “en-us” towards the beginning of its file name.

Hope this helps!

Bob99

1 user thanked author for this post.

Cybertooth

@walker, I have a question for you: Exactly what is the name of the add-on you installed that has so far been preventing those very annoying pop-ups?

I ask this because there are some very sketchy and disreputable add-ons out there for Firefox that make incredible claims to solve just a single, particular problem. I just want to make sure you haven’t mistakenly fallen for one of them, as some of their presentations can be very slick. If you’ve installed one of the blockers that’s been recommended to you by one of the MVP’s here on Askwoody, then you’re indeed all set.

Firefox already has a built-in anti-tracking mechanism, which has also blocked quite a few obnoxious ads as part of its functionality. This anti-tracking feature has worked very well for me, so I haven’t had the need to install an add-on to block known trackers. Because of using this built-in functionality, I’ve never had the misfortune of having your experience if pop-ups claiming to need to install an update which would in reality install (crap)ware of some kind.

PKCano wrote:

The servicing stack is not a system upgrade.

Ok, I get that, so it isn’t possible to have it d/l and install in the background irrespective of system settings. Thanks for the clarification!

MrBrian wrote:

Microsoft documents it as a flaw in builds 15063.726 and 15063.728.

With the above being said, is it possible that installing the servicing stack update by itself would hopefully prevent the unwanted behavior shown by the forcing of upgrades? After all, isn’t the servicing stack responsible for such behavior, i.e. the forced upgrading of the OS?

MrBrian wrote:

That update is listed at https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in as being released on November 14.

PKCano wrote:

The servicing stack was a normal part of the updates released 11/14

Is it possible then, since it’s a servicing stack update, that it d/l’ed and installed on a system in the background irrespective of any GP, registry, or other settings to the contrary? That’s the only way I could think of that it would be the cause of the forced upgrades, since it was released with the other updates on the 14th.

Although I run Win 7, I just noticed a servicing stack update for Win 10 1703 that is dated Nov 14th.

Was this in the original bunch of Patch Tuesday releases, or is it “late to the party”? If it’s late to the party, could it be a fix for the unwanted upgrades to 1709? If it wasn’t late to the party, could it be the cause of the unwanted upgrades?

The link I found is here: https://support.microsoft.com/en-us/help/4049011/servicing-stack-update-for-windows-10-version-1703-november-14-2017

 

You’re Very Welcome!

Now, if only the developers would take the site down (as advertised) to fix bugs like the aforementioned one and to deliver the promised improvements in functionality and performance…  🙁

walker wrote:

…however when I click on a Topic in the Blog, it immediately logs me out!…

@walker: Easily fixed by just refreshing the page! It did it to me logging in and getting back to this thread, so just hit F5 or click your browser’s “Refresh” button and wait for the page to refresh. You’ll then see that the “Log In” heading has changed to “Log Out”. 🙂

1. Simply log in as usual using the “Log In” heading at the top of the page.

2. If the next topic’s page or topic’s thread you come to after a successful login has the heading at the top of the page that says “Log In”, simply hit F5 or your browser’s Refresh button and wait for the page to reload. The heading at the top of the page should now say “Log Out”.

3 users thanked author for this post.

walker, HiFlyer, JDeC

PKCano wrote:

… I have not seen KB 4055038 come through Windows Update for my Win7 machine as of 9:00am CST US 11/23/17.

My thinking is that, unless WU detects you have any of the affected Epson drivers on your system (indicating you have an affected printer), you might not be offered the update by WU. The KB article is pretty specific as to which specific types of Epson printers it’s for. Googling the SIDM term for Epson reveals a rather short list of a total of 16 printer models, for example, although those may be still in widespread use by businesses who can’t convert them to laser or inkjet for a variety of reasons.

Remember, when MS first acknowledged the bug, they said they’d been in contact with Epson already and had been able to determine it wasn’t a problem with the Epson drivers. So, therefore, I believe MS knows exactly which drivers are affected, and can use that as a detection mechanism for the patch. (Fingers and toes crossed for those affected  🙂 )

Ok, here’s a brief primer on how to tell just which generation your Intel Core® processor is.

Most come with a designation such as i#-### or i#-####, where the # symbol is replaced by actual digits.

For those that have just three digits after the i# and the dash (-), such as i5-750 or, to use the example from the post just above this one, i5-650, you have what Intel calls the Legacy processors for the Core line, and that’s also called the first generation, so you’re not affected by this vulnerability.

For those whose processor number has four digits after the i#- part, the FIRST digit after the dash denotes the generation of your Core processor. So, an i3-2120, for example, would be a second generation Core processor, and so on.

Basically, if you have a processor that’s any of the following sequences you might be vulnerable and you should use the tool that Intel has released for confirmation:

i3-6###, 7### or 8###

i5-6###, 7### or 8###

i7-6###, 7### or 8###

A link for Intel’s tool can be found in post 146683 a little ways above this one.

AlexEiffel wrote:

… But in reality, just updating the drivers before activating mandatory ASLR would have prevented the issue… But then, keep your drivers updated anyway and remove the vulnerabilities.

AMEN!! The single best thing one can do to avoid security issues once you’ve learned of one existing for a particular piece of hardware. However, as they say, “If it ain’t broke, don’t fix it”. So, if there’s no security vulnerability to avoid, don’t go installing the latest device driver simply because there’s a newer one available unless it adds needed functionality or fixes a malfunction.

And, unless you know for certain that your device drivers and applications are 64 bit AND made to support ASLR (as @AlexEiffel does), don’t bother enabling mandatory, system-wide ASLR within Windows 7 by using EMET. Just leave ASLR set to “Application Opt In”.

AlexEiffel, please correct me if I’m wrong with what I’ve said above.

2 users thanked author for this post.

AlexEiffel, GoneToPlaid

Please see the following post from @MrBrian for instructions on how to disable the equation editor if you choose to do so.

Please pay special attention to the bittedness (32 bit or 64 bit) of BOTH your version of Office AND Windows before proceeding, so you know which step(s) is/are needed for your situation.

Also, please read the ENTIRE bulletin he refers you to before proceeding, so you can decide if some functionality you’ve come to depend on within Office will be disabled by disabling the equation editor.

1 user thanked author for this post.

MrBrian

@PKCano-

Why use the Disconnect.me add-in for FF, when the full functionality is already built-in and has been for quite a while now through entries in the “Privacy & Security” area of the Options menus?

For those with Windows 7 and thinking about setting up mandatory, system-wide ASLR via EMET, here’s something to think about, directly from Microsoft:

“In our tests we encountered issues in a common use scenario where having ASLR set to “Always On” would cause a system to blue screen during boot. This occurred because the address space for certain third party video drivers was being randomized. These drivers had not been built to support this randomization and subsequently crashed, causing the whole system to crash as well.”

The preceding quote is directly from the User’s Guide for EMET version 5.52. If you ask me, it’s not worth BSOD’ing a system in the name of security because that amounts to a DoS condition (unable to use the computer)!  🙂