Are you seeing update KB 3185319 being offered for Internet Explorer?

Günter Born just reported that he’s seen two cases of Win7 users being offered KB 3185319 — an update from Sept. 13, 2016 — as a checked Important update to Win7. It’s part of the MS16-104 bundle.

I wrote about bugs in this patch back in October 2016.

Any idea what’s happening? Or is this just another Windows Update snafu?

Happy Orthodox Easter

An Orthodox Easter cake.

Report from the field about ongoing Win7-Avira problems

Avira’s certainly had a tough time of it lately with multiple attempts to fix the Win7 and 8.1 patch bluescreens introduced in this month’s Patch Tuesday.

We just got an anonymous report that problems persist with Windows 7 and Avira:

PC1: Installed Monthly Rollup and IE patch. Initially for 10 min very slow, but then ok. After 3 days (with more Avira updates) Avira would never finish to initialize. Suspecting the AV to be ineffective, I reset that PC to March 2019 (using a restore point). Avira is fully updated. The Avira interface can be started, but only with the (limited rights) user account, that happened to get the update to the newly designed interface, the top right elements (x=close, _=minimize, ?=Help) show and can be clicked. The admin and other user account can only close via Alt-F4, clicking into the area where x should show has apparently no effect whatsoever.

PC2: No Monthly Rollup. Unending initializing. I wondered if the update might be adapted to Microsoft’s April patches being installed, and installed KB 4493448 and KB 4493435. Same situation: Initializing for some 15 minutes with umbrella taskbar sign open (= indicating protection), after the time-out the sign just goes away. The Avira interface can not be opened at all.

PC3: Only Avira updated, MS updates never tried. Like PC 1: Avira interface has the top right window elements only with the account that got the update.

I’m seeing reports of Avira problems all over the web.

Problems reported with this month’s Server 2008 Monthly Rollup KB 4493471

I’m seeing reports of bad problems with KB 4493471, this month’s Monthly Rollup for Server 2008 (not R2). According to an anonymous poster here on AskWoody:

It was not possible to boot in normal mode, nor in safe mode had to use startup recovery WinPE environment and eventually fall back to system restore to restore back to before the April monthly rollup was installed.

The poster says that they’re running Avast Free, which isn’t one of the identified antivirus packages with an acknowledged antipathy to this month’s patch. It’s a 64-bit Server 2008 machine.

He/she has a second machine running 32-bit Server 2008 (again, not R2):

It boots up ok but has developed new undesirable explorer.exe behavior in that when trying to rename, copy into or delete files out of any protected location that requires UAC elevation to proceed the UAC prompts all occur but the actual operation is never attempted i.e. if renaming a registered file extension there is no warning changing the file type may make the file no longer work or whatever words it would normally use suggesting the abort happens before the changes are even attempted. The action can be completed from an administrator command window .

Removing the Monthly Rollup relieves the problem. This machine is running Windows Defender.

Has anybody out there seen this problem?

Thx, anonymous.

New Win10 1903 beta testing cumulative update KB 4497093

Official Microsoft announcement is here.

We have released Build 18362.86 (KB4497093) for Windows Insiders who are currently in the Fast ring only and on Build 18362.53. We’ll roll this out to the Slow and Release Preview rings in a bit.

It includes the Japanese calendar fixes, plus a fix for the hiccup in 20H1 testing.

Windows Insiders on Build 18362.53 who were unable to update to Build 18875 will need to install Build 18362.86 (KB4497093) *FIRST* before being able to receive today’s build.

No, there’s still no word on 19H2 (or 1909, if you prefer).

Thx @EP

LangaList: “I know to de-fragment my HDD and not to de-fragment my SSD. Do I de-fragment my hybrid drive?”

Interesting question – without a simple answer.

Follow Fred’s advice on Langa.com.

There they are… Second April patches are out and they look lame

UPDATE: All the latest in Computerworld Woody on Windows.

We waited an extra week and a half for this?

Around 2:30 pm (Redmond time) on Thursday, Microsoft released a small bunch of patches:

Win10 1803 patch KB 4493437 has a bunch of little “quality” (non-security) fixes, including lots of Japanese date bug fixes. The IE “Customer URI Schemes” bug introduced earlier has apparently been fixed. Both of the other acknowledged bugs are still there, including a Rename on a Cluster Shared Volume crashing the system.

Win10 1709 patch KB 4493440 has a similarly lengthy list of little fixes, similar gaggle of Japanese bug fixes. 1709 is at end of service for Home and Pro (but not for Enterprise).

Win 8.1 Monthly Rollup Preview KB 4493443 appears to consist entirely of Japanese date bug fixes. Notably, there’s no change in status for these patches and the previously identified antivirus bugs.

Similarly, Win 7 Monthly Rollup Preview KB 4493453 only has Japanese date bug fixes. It, too, still has the old conflicts with the antivirus products.

Nothing for 1809 – and I don’t see anything new coming out for 1903.

Let’s see how they fare overnight.

Thx, @EP, @PKCano, @LaidBackTokyo

Microsoft: Forced password changes don’t work

Yesterday, Sergiu Gatlan at BleepingComputer wrote about Microsoft’s newfound antipathy to forced frequent password changes.

You know the problem: Every 30 or 60 or 90 days, you’re forced to change your password – and the new one can’t match the last 12 of them. Your solution is probably the same as mine:

Pass1
Pass2
Pass3
Pass4

and so on. With the way technology has changed (I hesitate to use the term “improved”), frequently changed short passwords don’t hold a candle to LongPasswordsThatYouCanEasilyRemember. Even old LongPasswordsThatYouCanEasilyRemember work better than Shorter1, Shorter2, Shorter3. Forcing you to change them every 30 days only pushes you toward less secure passwords.

Of course, you use a password manager such as LastPass or OnePass or KeePass. In that case, changing your password every 30 days is just a pain in the neck. No security improvement at all.

The topic has come up because Microsoft just released its newly revised “Security baseline” for Win10 version 1903. It’s still marked Draft, but should be solidified before too long. Here’s what MS says:

When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords. When passwords or their corresponding hashes are stolen, it can be difficult at best to detect or restrict their unauthorized use.

Bravo and huzzah!