AskWoody

Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • New directions for Win 7 and 8.1 patching

    Posted on October 19th, 2017 at 20:59 woody Comment on the AskWoody Lounge

    I think it’s time to re-evaluate the “Group A” and “Group B” instructions for updating Windows 7 and 8.1. It’s been one year since Microsoft announced that it was grouping together patches – the “patchocalypse” – and we’ve seen a lot of water under multiple bridges.

    With the advent of MS17-010, there’s no question that patching is a must. Group W is no longer viable.

    @MrBrian and many others are now convinced that Group B doesn’t work either. Lots of details, lots of problems – and those who manually install security-only updates are finding that Microsoft hasn’t made life easy. Or perhaps even tolerable.

    Now it looks like my old instructions for Group A aren’t going to work any more, either. In particular there are problems with hiding individual patches that may bite back.

    So I’m opening up the floor for discussion. Two questions:

    Is it ever going to be possible for “normal” people – by which I mean people who don’t have time to spend hours every day – to manually download and install all of the patches they need?

    For those who stick with Microsoft’s preferred approach, is there anything “normal” people can do to avoid really bad patches? And is it possible to curtail Microsoft’s snooping in the process?

    Your comments and insight most welcome.

  • The Windows Fall Creators Update has been released, and a sea of bloatware and annoying “features” has returned

    Posted on October 19th, 2017 at 12:39 woody Comment on the AskWoody Lounge

    What Powershell commands should I run to easily remove this garbage?

    Reddit strikes again….

    Thx @campuscodi

  • Microsoft security’s unseemly jab at Google

    Posted on October 19th, 2017 at 08:29 woody Comment on the AskWoody Lounge

    In yesterday’s Windows Security blog post Browser security beyond sandboxing, Microsoft’s Jordan Rabet (part of the “Microsoft Offensive Security Research team” – no, I didn’t make that up) took aim at Google. There’s a whole lot of technical discussion about the superiority of Edge in that article. There’s also a deep dig at Google.

    Catalin Cimpanu at Bleepingcomputer boils it down:

    The problem that Rabet pointed out was that the fix for the bug they reported was pushed to the V8 GitHub repository, allowing attackers to potentially reverse engineer the patch and discover the source of the vulnerability.

    It didn’t help that it took Google three more days to push the fix to the Chromium project and the Chrome browser, time in which an attacker could have exploited the flaw.

    Taking into account that this happened in mid-September, Microsoft had no reason to detail a bug in a Chrome version that’s not even current. Chrome 62 is the latest Chrome version.

    Paul Thurrott has a great article, turning Microsoft’s old words against itself.

    What Microsoft should have done is take the high ground. Do the right thing for your shared customers and just shut up about it. But it didn’t.

    It’s time for both sides to grow up and work together. Take potshots at each other, sure. But not over security.

    If you’re interested in browser security, I suggest you read it.

  • Happy Diwali!

    Posted on October 19th, 2017 at 02:54 woody Comment on the AskWoody Lounge

    Wishes for a year of prosperity, health and fun!

    झिलमिलाते दीपों की रोशनी से प्रकाशित ये दीपावली आपके घर में सुख समृद्धि और आशीर्वाद ले कर आए शुभ दीपावली!

  • Recently updated topics you may have missed

    Posted on October 19th, 2017 at 02:09 Kirsty Comment on the AskWoody Lounge

    It’s possible you may have missed recent security updates that have been made to Chrome, Firefox, Thunderbird, Java and Flash Player. The following topics have now been updated with the US-Cert alerts, with links:

    Chrome Security Update: US-CERT (Browser)

    Mozilla Security Update: US-CERT (Firefox)

    Mozilla Security Update: US-CERT (Thunderbird)

    Oracle Security Update: US-CERT (Java etc)

    1000002: Links to Flash update resources

    Subscribers to those topics should have received emails with details of the new posts. However, we have had some reports that some people are currently not receiving those emails. If your subscription emails aren’t working, please let us know.

     
    Also updated recently is AKB3000005: On the subject of Botnets, which was posted last month, but promptly disappeared in a backup-reset of the site.

  • Bott: Windows 10 Update Rules Change Like a Game of Calvinball

    Posted on October 18th, 2017 at 11:51 woody Comment on the AskWoody Lounge

    Feel frustrated by all the changing Win10 nomenclature, processes and paradigms? Believe me, you aren’t alone.

    Just yesterday, @teroalhonen pointed me to the new Win10 Release Information site, where I noticed a key, subtle change.

    Up until yesterday, the “Microsoft recommends” bullet on the right was located next to the “Semi-Annual Channel” entry. Until yesterday, it was the only official visual clue I had to what used to be “Current Branch for Business.” Now, it appears, Microsoft is recommending that Win10 business users install a one-day-old version of Win10 — a remarkable recommendation, given the past two years’ admonitions that it takes about four months for new versions to stabilize.

    Ed Bott has a great new article in RedmondMag wherein he likens the make-it-up-as-you-go-along nature of Windows 10 to the MIUAYGA heart of the Calvin & Hobbes classic Calvinball.

    Highly recommended.

  • Now available .NET 4.7.1

    Posted on October 18th, 2017 at 10:36 woody Comment on the AskWoody Lounge

    Yesterday Microsoft released .NET 4.7.1, an in-place update for  .NET 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7

    Details on Martin Brinkmann’s Ghacks.

    I know that .NET 4.7 has all sorts of weird problems. Anybody conversant enough with 4.7.1 to point out where the bodies are buried?

  • Big problems with Win7 Preview of Monthly Rollup KB4041686

    Posted on October 18th, 2017 at 07:41 woody Comment on the AskWoody Lounge

    I just saw a heads-up from @abbodi86 about the Monthly Rollup Preview for Win7 that was released yesterday. It’s KB 4041686, the 2017-10 Preview of Monthly Rollup.

    As you know, I strongly recommend against installing Previews — they’re “previews” precisely because they aren’t ready for prime time.

    Here’s the problem.

    After installing KB 4041686, a SFC (System File Check) scan will report and fix an error in \system32\drivers\en-US\usbhub.sys.mui — even though there is no error.

    This is precisely the problem @abbodi86 reported to Microsoft after installing the old KB 3125574, which is the “convenience rollup” I call “Win7 SP 2.”

    The bug was fixed in  KB 3181988, but it’s back again.

    If you install KB 4041686, you’ll trigger a bogus SFC error even if you have KB 3125574 installed.

    Is anybody at Microsoft listening?