Got XP? Get Your Patches

How To: Using Windows File Explorer as an FTP Client

These days I do not need a full FTP client as much as I used to several years ago. Part of this is just because we now tend to access everything over the Internet through websites instead of downloads from FTP servers.

Remember getting some big updates from a company by downloading from their FTP server?

Anyway, while there are plenty of fully equipped FTP clients out there to download, sometimes we just need a quick connection to grab some files – in my case for my website maintenance – and need something straight forward and simple.

Well did you know that there is an FTP client built right into the Windows File Explorer?

It has actually been there through the last few versions of Windows and is very easy to setup and use for these infrequent FTP sessions.

The service is very robust and gives you the ability to easily work with files over FTP and perform functions such as uploads, downloads, deletes, renames, change file permissions (CHMOD), and even pin folders and entire sites in your File Explorer UI.

Today I want to show you this process in Windows 10 but you will find the sequence very similar in Windows 7 and 8.1.

(1) Click in the File Explorer Address Bar to highlight the field.

(2) Type in the ftp address you want to access. Note: The ftp:// element is not required at this stage but can be used.

3) Type in your FTP username

(4) Type in your FTP password

(5) Select this check box if you are accessing this FTP server anonymously

(6) Select this check box to save your password in the Windows Credential Manager

(7) Click Log On to access the FTP server

The FTP site will open up in second instance of File Explorer and now you can access the site.

(8) You can pin a folder to the Quick Access area of File Explorer at anytime for the selected folder.

(9) By right clicking on a file or folder that is on the FTP server you can adjust the Read, Write, Execute permissions for the content. This is commonly referred to as CHMOD.

(10) If you right click on This PC you can select Map network drive to add an FTP site to this tab of File Explorer.

(11) Select the link at the bottom of this dialog to get started.

(12) Click Next to continue.

(13) After selecting the single option on this dialog, click Next to continue.

(14) Type in the FTP site address here. Note: The ftp:// element is required in this step.

(15) Select this check box for anonymous access to the FTP server.

(16) Type in your user name. Note: If you have previously accessed this FTP site in File Explorer as I showed earlier and you opted to have your password saved then you will not be prompted for the password when you access this new resource since it is already stored.

(17) You can use the full server name as shown by default or choose your own unique name for this mapped resource.

(18) If you want to immediately access this FTP server then leave this check box selected, otherwise uncheck that box.

(19) Click Finish to wrap up this process.

(20) Your newly mapped FTP server is now available when you open File Explorer and access the This PC tab.

Enjoy your quick and easy FTP access right from within File Explorer.

Got XP? Get Your Patches

In an unprecedented move from Microsoft, more XP patches were released to prevent attacks from Nation states. You’ll need to go to the download center to get patches for these older versions. This is a serious issue and a sign that cyberwarfare is getting serious.

Older Operating Systems Get Patches Too

In an unexpected move, Microsoft released several updates for older computer systems due to current or expected attacks from nation-state actors according to a Microsoft blog post. The post went on to urge us to still update these older platforms to supported operating systems but it’s good that Microsoft has made the decision to update these unprotected systems nonetheless.

Microsoft deems that we need these updates due to a “heightened risk of exploitation due to past and threatened nation-state attacks and disclosures”.

For Windows XP make sure you have the following updates installed:

• KB958644 — a 2008 update that you should already have installed.
• KB2347290 — a 2010 update that may already have been installed back then.
• KB4012598
• KB4012583
• KB4022747
• KB4018271 for IE8
• KB4018466
• KB3197835
• KB4024323
• KB4025218
• KB4024402
• KB4019204

For Server 2003 sp2 (64bit) please make sure you have the following updates installed:

• KB958644 — a 2008 update that you should already have installed.
• KB2347290 — a 2010 update that may already have been installed back then.
• KB3011780
• KB4012598
• KB4012583
• KB4022747
• KB4018466
• KB3197835
• KB4024323
• KB4025218
• KB4024402
• KB4019204

If you have any Windows Server 2003 that need 32 bit patches here is the needed list. For those running Home Server 2003 (the original release), this is the list of updates you should see are installed:

• KB4022747
• KB4018466
• KB3197835
• KB4024323
• KB4025218
• KB4024402
• KB4019204

It’s good to see that Microsoft is doing the right thing for customers and updating these older platforms. Take this opportunity to migrate off these insecure platforms once and for all.

What to do: Install these updates on your older unsupported machines as soon as possible.

Flash and Browser Review Time

It’s time for our monthly review of all things browser related. First off check your Flash and ensure that it’s on version 26.0.0.126 as noted in Adobe’s security bulletin. Expect updates to Chrome and Firefox as well to ensure you are fully up to date.

Shockwave is also being updated but as Brian Krebs points out on his blog, you may wish to uninstall it instead.

For those on Windows 8.1 and 10, look for KB4022730 to patch Adobe Flash on your systems.

What to do: Review your browsers and determine if Flash is up to date.

Windows 10

Windows 10 gets SMB updates as well as servicing stack updates.Windows 10 is receiving not only updates for the nation state attacks noted above, but also a servicing stack update for 1703 and 1607 release.

LATE BREAKING UPDATE: These Windows 10 updates are causing issues printing frames through IE 11 as noted in this post. Please test and prepare to uninstall this update as needed.

• 1703 receives KB4022725
• 1607 receives KB4022715
• 1511 receives KB4022714
• 1507 receives KB4022727

Of note is that 1507 is still getting updates even though it was supposed to fall out of support last month.

The following issues were fixed in the release for Windows 10 1703:

• Addressed issue where the user may need to press the space bar to dismiss the lock screen on a Windows 10 machine to log in, even after the logon is authenticated using a companion device.
• Addressed issue with slow firewall operations that sometimes results in timeouts of Surface Hub’s cleanup operation.
• Addressed issue with a race condition that prevents Cortana cross-device notification reply from working; users will not be able to use the remote toast activation feature set.
• Addressed issue where the Privacy Separator feature of a Wireless Access Point does not block communication between wireless devices on local subnets.
• Addressed issue on the Surface Hub device where using ink may cause a break in the touch trace that could result in a break in inks from the pen.
• Addressed issue where Internet Explorer 11 may ignore the “Send all sites not included in the Enterprise Mode Site List to Microsoft Edge” policy when opening a Favorites link.
• Addressed additional issues with time-zone information and Internet Explorer.

And all of that does not include the security fixes which include:

• Security updates to Windows kernel, Microsoft Windows PDF, Windows kernel-mode drivers, Microsoft Uniscribe, Device Guard, Internet Explorer, Windows Shell, and Microsoft Edge.

In addition, 1703 receives a Servicing stack update and 1607 also receiving a Servicing stack update.

What to do: Install this update at this time.

Windows 7 KB4022719

This month’s KB4022719 finally fixes a longstanding issue for users who have an AMD Carrizo DDR4 processor and have been unable to install updates. Perform the following steps:

• Download KB4022719 from Microsoft update catalog.
• Extract the CAB file from the downloaded .msu file from the first step. Note the path where you stored the CAB file for use in the final step.
• Run the DISM /Online /Add-Package command to install the update: DISM.exe /Online /Add-Package /PackagePath: CAB file path from the above location.

Personally I think some other more automated fixit should be built to solve this issue as asking an impacted customer to find this information and run the DISM to install the update on is asking quite a bit from Microsoft’s customer base.

This month’s Windows 7 updates also includes the following fixes:

• Addressed issue where, after installing KB3164035, users cannot print enhanced metafiles (EMF) or documents containing bitmaps rendered out of bounds using the BitMapSection(DIBSection) function.
• Addressed issue where updates were not correctly installing all components and would prevent them from booting.

What to do: Install this update as soon as possible.

Windows 8.1 KB4022726 Get June Fixes

The June Windows 8.1 update also fixes the 8.1 platform for the AMD processor issue introduced several months ago. Like Windows 7 you need to run a DISM command to get your machine fixed up. Here’s hoping no WindowsSecrets reader is impacted by this issue — because, quite frankly, the solution is not user friendly at all.

Additional fixes include:

• Addressed issue where, after installing KB3170455 (MS16-087), users have difficulty importing printer drivers and get errors with error code 0x80070bcb.
• Addressed a rare issue where mouse input can cease to function. The mouse pointer may continue to move, but movements and clicks produce no response other than a beeping noise.
• Addressed issue where printing a document using a 32-bit application can crash a Print Server in a call to nt!MiGetVadWakeList.
• Addressed issue where an unsupported hardware notification is shown and Windows Updates not scanning, for systems using the AMD Carrizo DDR4 processor or Windows Server 2012 R2 systems using Xeon E3V6 processor.
• Security updates for Microsoft Windows PDF, Windows shell, Windows Kernel, Microsoft Graphics Component, Microsoft Uniscribe, Microsoft Scripting Engine, Internet Explorer, Windows COM, and Windows Kernel-Mode Drivers.

What to do: Install this update as soon as possible.

Office Gets June’s Protections

For those running Office 2010 click to run, expect to be updated to 14.0.7182.5000, for Office 2013 click to run, expect to be updated to version 15.0.4937.1000. For Office 2016 Pro plus, expect to be updated to the Current channel as noted on the release notes. For other Office platforms expect the following updates:

Office 2003

• 3203484 – Security fixes for Word viewer.
• 3203427 – Security fixes for Word viewer.

Office 2007

• 3191837 – Security fixes for Office 2007.
• 3203441 – Security fixes for Word 2007.
• 3203438 – Security fixes for Office compatability pack.
• 3203436 – Security fixes for Office 2007.
• 3127894 – Security fixes for Microsoft Office Compatibility Pack Service Pack 3.
• 3127888 – Security fixes for Microsoft PowerPoint 2007.
• 3118304 – Security fixes for Office 2007.
• 3191898 – Security fixes for Outlook 2007.
• 3191828 – Security fixes for Office 2007.

Office 2010

• 3203460 – Security fixes for Office 2010.
• 3203467 – Security fixes for Outlook 2010.
• 3203464 – Security fixes for Word 2010.
• 3203463 – Security fixes for Office 2010.
• 3203461 – Security fixes for Office 2010.
• 3191908 – Security fixes for Office 2010.
• 3191848 – Security fixes for Office 2010.
• 3191844 – Security fixes for Office 2010.
• 3118389 – Security fixes for Office 2010.

Office 2013

• 3191938 – Security fixes for Outlook 2013. Note: This update is causing issues opening attachments, please hold off installing at this time.
• 3203393 – Security fixes for Word 2013.
• 3203386 – Security fixes for Office 2013.
• 3191939 – Security fixes for Skype 2015.
• 3203392 – Security fixes for Office 2013.
• 3162051 – Security fixes for Office 2013.
• 3191937 – Security fixes for Lync 2013.

Office 2016

• 3191932 – Security fixes for Outlook 2016. Note: This update is causing issues opening attachments, please hold off installing at this time.
• 3191882 – Security fixes for Office 2016.
• 3178667 – Security fixes for Office 2016.
• 3191943 – Security fixes for Office 2016.
• 3191944 – Security fixes for Office 2016.
• 3203382 – Security fixes for Skype 2016.
• 3191945 – Security fixes for Word 2016.
• 3203383 – Security fixes for Office 2016.

The Office updates target several flaws that can be used to take control of your system.

Additional Office updates include:

• 3203485 – Security fixes for Office Online Server.
• 3203432 – Security fixes for SharePoint services 2016.
• 3203433 – Security fixes for SharePoint 2016.
• 3203387 – Security fixes for SharePoint server 2013.
• 3203399 – Security fixes for Project Server 2013.
• 3203385 – Security fixes for SharePoint 2013
• 3203397 – Security fixes for SharePoint 2013
• 3203391 – Security fixes for Office Web Apps 2013
• 3203390 – Security fixes for Excel Services for SharePoint 2013
• 3203388 – Security fixes for SharePoint 2013
• 3203384 – Security fixes for Word automation services on SharePoint 2013
• 3172445 – Security fixes for SharePoint 2013
• 3203466 – Security fixes for SharePoint 2010
• 3203458 – Security fixes for SharePoint 2010

Please note these updates are for Server administrators only.

.NET 4.7 Released

.NET 4.7 was released but unfortunately for Exchange admins, it’s not compatable. As noted on Exchange blog it’s not recommended to install .NET 4.7 on a server running Exchange server.

What to do: Pass on installing .NET 4.7 at this time.

.NET on Embedded

The only .NET security update released this month is one you probably won’t see: It’s for Embedded products that are used for special deployments of the Windows operating system – believe it or not often in Banking ATMs.

• KB4021915 — Security and .NET Framework 4 on WES09 and POSReady 2009 update

For all other platforms there are no other .NET security updates this month.

What to do: Install these .Net updates if you are managing embedded systems.

Fixing Up Office (NONSECURITY UPDATES LIST)

The non security updates for Office that were released in early June should be held off for now.

In my personal testing, I noted no side effects with these updates, but as usual I’ll still recommend you hold off at this time.

For the full list of nonsecurity Office updates, see the related Office KB KB article.

Office 2013

• 3191940 – Office fixes for Excel 2013, hides the From Microsoft Azure Marketplace option from the Power Pivot ribbon, because the Microsoft Azure Marketplace service no longer exists.
• 3172501 – Fixes for Office 2013, Add-ins can display special characters in the caption now.
• 3178709 – Fixes for Office 2013, Eyedropper tool doesn’t work in PowerPoint 2013 in Windows 7 through a remote desktop.
• 3191872 – Fixes for Office 2013 to fix an issue where Microsoft Azure Marketplace option from the Power Pivot ribbon, because the Microsoft Azure Marketplace service is no longer exists.
• 3191874 – Fixes for Office 2013 to fix an issue where Microsoft Azure Marketplace option from the Power Pivot ribbon, because the Microsoft Azure Marketplace service is no longer exists.
• 3191935 – Fixes for Improves the translation of some animation effects in the Korean version of PowerPoint 2013.
• 3191941 – Fixes for for Microsoft Project 2013.
• 3172527 – Fixes for for SharePoint Server 2013 Client Components SDK.

Office 2016

• 3115281 – Fixes for Excel 2016 due to the shutdown of Azure Marketplace data services, the corresponding Azure Marketplace connector in Excel has been removed.
• 3141457 – Fixes for Office 2016 to improve the Japanese era calendar.
• 3191859 – Fixes for Office 2016 to remove the link to Azure Marketplace from PowerPivot Get External Data tab.
• 3191868 – Fixes for Office 2016 to removes the link to Azure Marketplace from PowerPivot Get External Data tab.
• 3191920 – Fixes issues with Office 2016 to fix the Eyedropper tool doesn’t work in PowerPoint 2016 in Windows 7 through a remote desktop.
• 3191929 – Fixes issues with Office 2016 to fix an issue when you use the Hangul-Hanja Conversion tool, Chinese characters are clipped in the text box in a high DPI mode.
• 3191933 – Fixes issues with Office 2016 with email messages may not be displayed if the computer has low memory. The email messages may be displayed when you resize the window.
• 3191921 – Fixes issues with Microsoft PowerPoint 2016.
• 3191934 – Office 2016 fixes for Project 2016.
• 3191918 – Fixes issues with Visio 2016.

What to do: Wait to install these updates at this time.

Regularly Updated Problem-Patch Chart

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft’s list of recently released patches, go to the MS Security TechCenter page.

Patch	Released	Description	Status
4022719	6-13	Win7 rollup	Install
4022730	6-13	Flash update for Windows 8.1	Install
4022725	6-13	Win10 1703 cumulative update	Install
4022715	6-13	Win10 1607 cumulative update	Install
4022714	6-13	Windows 10 1511 cumulative update	Install
4022727	6-13	Win10 RTM cumulative update	Install

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.