ISSUE 16.35.0 • 2019-09-30

Help: customersupport@askwoody.com

In this issue

PATCH WATCH: Here’s why we’re not patching Internet Explorer

BEST OF THE LOUNGE: Stumped by erratic download speed

BEST UTILITIES: Freeware Spotlight — Win7 Games for Windows 10 and 8

EDITOR’S NOTE

Long-time Windows Secrets readers might recall our tradition of skipping any fifth publishing day in a month. (Among other things, it gives us some time to catch up on some newsletter housekeeping.) However, there was no way we were going to delay September’s all-important second Patch Tuesday, which includes important information on Internet Explorer.

Thanks for your support!

— The AskWoody Plus Newsletter crew

By Susan Bradley

There’s no way to sugar-coat this: The current Windows updating situation is a disaster.

No, I’m not talking about the usual round of side effects in the second–Patch Tuesday updates, the lack of overall patch quality, or the known issues that impact only a small set of Windows users but that we’re still forced to track.

This time, it’s the out-of-band Internet Explorer security update that Microsoft released on September 23. Normally, any patch that arrives outside the usual update-release schedule signals a pressing security threat that’s in active use by attackers. In most cases, out-of-band updates are pushed out broadly — they’re released via Windows Update and Windows Software Update Services, ensuring that all Windows users get protected quickly.

Microsoft released IE patches on September 23 to fix a zero-day threat (more info), but it was made available only through the Microsoft Update Catalog — a cumbersome website at best. It means that the patches would be useful only to those who went hunting for them.

To make things more confusing, Microsoft also included the IE fix in the optional cumulative updates released on September 24. On Microsoft’s patch-health dashboard, the company stated: “(Note: Because this update requires a reboot, we are making it optional to give customers and administrators a choice to install/deploy the update now.)”

I’m not buying it. I can recall many other instances in which Microsoft pushed out an out-of-band security update that required a reboot. I still remember the video where former MS senior security program manager (now zero-day initiative communications director) Dustin Childs talked about the decision process to “reboot Russia” — meaning that Microsoft takes the need to force reboots seriously. In short: In order to protect customers, Microsoft has always pushed out critical fixes to most Windows users, regardless of whether a Windows reboot was needed.

This time, Microsoft effectively posted patches on Monday and then told us to go get them ourselves.

Bottom line: Microsoft handled these updates poorly. At this time, the IE exploits appear to be highly targeted and narrowly applied. But the company hasn’t clearly spelled out the extent of the threat — except indirectly by making the fix relatively difficult to get.

So in what might be a first — and with some concern — I’m recommending skipping the still-optional zero-day IE patches, both the standalone updates and in the preview cumulative updates. I believe it’s safer to wait and ensure that the possible side effects are fully investigated. For example, there are already reports that some users can’t install .NET Framework 3.5 after applying the IE fix. I was able to reproduce the flaw. There are also posts noting printer problems, but Microsoft claims the problem is with HP drivers — not with the update.

What is fixed: The regular September cumulative updates, along with other patches, have resolved a number of issues that cropped up in early September. For example, an MS update released August 30 for Win10 1903 did not play well with the Lenovo Vantage app on some systems. But the problem of red- or orange-tinted screens (more info) was apparently solved with a fix to the Vantage app. (Vantage is, among other things, Lenovo’s driver-updating utility.)

On Win10 1903, gamers who experienced lower-than-expected audio can install the optional patch KB 4517211. But because I never install updates within a few days of release, I’d just crank up the volume and wait until the update is included in next month’s rollup.

I’ve listed the optional (i.e., installation not recommended) “D” week (aka preview) updates on the AskWoody Master Patch List page. Note that the MPL page now includes a single list of September-only updates in Excel, PDF, and HTML formats. I produce these lists to make patch information as clear as possible for AskWoody Plus members. Please look them over and suggest ways to make them even more helpful, using this AskWoody forum link.

What to do: September’s regular cumulative and security updates aren’t perfect, but it’s time to get them installed. As always, keep an eye on askwoody.com for new developments.

Here’s what you should be looking for.

Expect to see four patches for every version of Windows 10: a servicing-stack update, a cumulative update, a .NET Framework security patch, and an Adobe Flash Player fix. None of the systems I manage has shown significant side effects from these updates. The following were released on September 10:

Cumulative Windows updates

Servicing-stack updates

(Note: If you use Windows Update, servicing-stack patches will be installed automatically.)

.NET Framework updates

(These patches fix various security issues.)

A reminder: If you also receive KB 4480730, a “Reliability improvement to Windows 10 update components” patch, it’s probably because your system isn’t on a current version of Win10. The update’s information page states, “This update will be downloaded and installed automatically to Windows 10 devices [that] haven’t installed the most recent cumulative update in a timely manner.”

Before installing KB 4480730, I recommend you investigate why your machine isn’t installing the latest Win10 feature (version) release. If there’s no obvious explanation, I suggest going to Microsoft’s Software Download page and clicking the Update now button. Be aware, however, that it’ll probably bump you straight to Win10 Version 1903.

Adobe Flash Player: This problematic media app might be on its way out, but we still need to keep it updated. September’s patch for Win10 is KB 4516115.

Windows 8.1 has two official “known issues” — the persistent bug with file renaming on cluster-shared volumes, and possible Internet Explorer failures. The first problem isn’t going to impact the vast majority of Win8.1 users.

The second bug affects Surface RT devices. If you install September rollup KB 4516064, then launch IE and receive the error message “C:\Program Files\Internet Explorer\iexplore.exe: A certificate was explicitly revoked by its issuer,” you’ll need to install KB 4516041, too.

Win8.1 users should install the following:

The September update for Win7 SP1 and Server 2008 R2 SP1 includes a required servicing-stack patch — with a bug. As noted on its description page, some systems might reboot during the patch installation process and then get stuck at “Stage 2 of 2″ or Stage 3 of 3.” At that point, press Ctrl/Alt/Delete to move on to the sign-in page.

With one exception, install the following:

Reminder: Microsoft has re-released the SHA-2 code-signing support update, KB 4474419. It includes boot-manager files needed to avoid start-up failures. If you installed the patch previously, you might see it again.

More on Win7 servicing-stack update KB 4516655: As I noted in the previous Patch Watch, Microsoft states that this update makes “quality” improvements to the servicing stack — the component that installs Windows updates. But the info page doesn’t specify what exactly is improved. I’m still thinking that one of these servicing-stack patches for Win7 will add the ability to receive the extended security updates — for those that purchase them.

Note to admins: September’s updates for Server 2012 still include the aforementioned file-renaming issue on cluster-shared volumes. Install the following:

September’s updates for this OS appear to be bug-free. Install these patches:

The following Office security updates may also include feature fixes. Most important, however, they close potentially dangerous vulnerabilities — so let them install.

Office 2016

Office 2013 SP1

Office 2010 SP2

September’s Office non-security enhancements and fixes were released on September 3.

Office 2016

Office 2013 SP1

Exchange 2019 and 2016

Unless noted, these updates fix one or more vulnerabilities.

Stay safe out there.

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

Best of the Lounge

AskWoody Plus member Exfso is having speed issues with one of four computers sharing the same Ethernet connection on a home network. Three computers have consistent download speeds, but on the fourth system download speeds fluctuate dramatically. Is something obvious being overlooked? Suggestions welcome.

If you’re not already a Lounge member, use the quick registration form to sign up for free.

Best Utilities

By Deanna McElveen

Moving from Win7 to Win10 is somewhat like moving to a new town. Sure, many of the big stores are in both places, but what about that favorite coffee shop?

For Windows 7 users, migrating up can mean leaving behind some familiar versions of treasured games — good ol’ FreeCell, Hearts, Solitaire, Spider Solitaire, Mahjong, Minesweeper, and others — and wandering through the MS Store maze or the silliness of Win10’s “Solitaire Collection.”

It’s one reason many Win7 users are dragging themselves to Win10, kicking and screaming. Fortunately, ace developer Sergey Tachenko is offering help — in the form of Windows 7 Games for Windows 10 and 8. Sergey is well known in the Windows-utilities world. Back in 2011, he created the wildly popular winaero.com site, which still offers a variety of utilities for tinkering with Windows 7, 8.1, and 10. (He’s now bundled the tools into the single Winaero Tweaker package. His site is also a good resource for Winamp skins and plugins.)

If you’ve been pining for one or more of those classic Win7 games on your Win8.1 or Win10 system, download Sergey’s collection (ZIP file) from our OlderGeeks site. Unzip the download and click the Windows 7 Games for Windows 10 and 8.exe file to start the fast-and-easy installation process (see Figure 1).

Figure 1. The installation Wizard’s opening screen recommends closing other apps during the setup process.

In the next screen (Figure 2), uncheck any games you don’t want. You can relaunch the wizard to add other games at some later time.

Figure 2. The installation wizard lets you select just the games you’re ready to play.

In the final installation window (Figure 3), you’ll see the pre-checked box for “Discover Winaero Tweaker to tune up Windows 10/8.1/8.” It’s not some bundleware scam; it’s simply a suggestion to use Sergey’s excellent Winaero Tweaker tool (also hosted on OlderGeeks). If you don’t want it, just uncheck the box and click Finish.

Figure 3. The installation Wizard’s final screen has a pre-checked box; it simply opens a webpage for more information on Sergey’s Winaero Tweaker suite.

All done? Now open your Windows Start menu and look in the Games folder (Figure 4). Your favorite games are back — right where they should have been all along!

Figure 4. Look for the new Games folder in the start menu’s app list.

Moving to a new Windows version is often stressful. We’ve found that “Windows 7 Games for Windows 10 and 8” has done wonders for relaxing both us and our customers who are trying to cope with Windows 10. Technology changes fast: we sometimes forget that for some people a glass of juice, some toast, and a laptop with Solitaire is the perfect start to the day. Just because Microsoft is ending support for Windows 7 doesn’t mean we have to lose some of the OS’s smaller charms.

Here are reminders of two classics: Solitaire (Figure 5) and Minesweeper (Figure 6) — and one of our editor’s favorites, 3D Pinball (Figure 7). Sadly, no Tetris.

Figure 5. Who can resist a game or six of the classic Solitaire!

Figure 6. The much-loved Minesweeper

Figure 7. 3D Pinball is a great way to take the edge off daily stress.

Happy computing — and playing!

Deanna and Randy McElveen are celebrating 20 years in the computer business, seven years running OlderGeeks.com, and 26 years of putting up with each other. Their computer store is in a small town in the Missouri Ozarks. Believing that happy customers are always the best advertisement, they hope to do it for another 20 years.

Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:

• Subscription help: customersupport@askwoody.com

Copyright © 2019 AskWoody LLC, All rights reserved.