New Surface Pro 2017 shuts off unexpectedly? Return it while you can

Barb Bowman recommends that you turn in any Surface Pros that die unexpectedly, and take your chances with a new machine.

Computerworld Woody on Windows.

Win10 Creators Update 1703 no longer able to set “Pause Updates” to 35 days

A letter from SC:

I am running Widows 10 Pro Version 1703, Build 15063.413.

Several weeks ago I was able to set “Pause Updates” for up to 35 days.

Now I am only able to “Pause Updates” for up to 7 days.

What has happened? Is there some way to  revert to  35 days?

I don’t know what the problem might be. Do any of you? I see there’s a similar complaint from Gabe1972 on the Microsoft Answers forum.

UPDATE: I seem to recall there was a change from 35 to 7 days when the beta version of 1703 finally hit RTM. Could that be the source of the confusion?

One-Drive now limited to NTFS formatted drives

OneDrive has stopped working on non-NTFS drives

By Peter Bright | July 6, 2017

FAT disks are no longer supported—more surprisingly, nor is the new ReFS file system.

OneDrive users around the world have been upset to discover that with its latest update, Microsoft’s cloud file syncing and storage system no longer works with anything other than disks formatted with the NTFS file system. Both older file systems, such as FAT32 and exFAT, and newer ones, such as ReFS, will now provoke an error message when OneDrive starts up.

Read the full article on ArsTechnica

Mary Jo Foley has more information at All About Microsoft on ZDNet

Microsoft releases 15 Office patches for July, but some June bugs still stink

Embarrassing Office 2010 fix—KB 4011042—doesn’t make the main listing.

See Computerworld Woody on Windows.

Office non-security patches for July 2017 are here

No, you don’t want to install them yet, even if we are on DECFON 3.

Office 2013

Update for Microsoft Word 2013 (KB3213567)
Update for Skype for Business 2015 (KB3213574)

Office 2016

Update for Microsoft Office 2016 (KB3213547)
Update for Microsoft PowerPoint 2016 (KB3203481)
Update for Skype for Business 2016 (KB3213548)
Update for Microsoft Visio 2016 (KB3203473)
Update for Microsoft Project 2016 (KB3203476)
Update for Microsoft Office 2016 (KB3213549)
Update for Microsoft Word 2016 (KB3213550)
Update for Microsoft Access 2016 (KB3191926)
Update for Microsoft OneNote 2016 (KB3178665)
Update for Microsoft Office 2016 (KB3203471)
Update for Microsoft Office 2016 (KB3115145)
Update for Microsoft Office 2016 (KB3191928)

Office 2007 is on extended support. It no longer receives non-security updates. There were no updates listed for Office 2010. Security patches for all current versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday)

As Windows fades slowly into the sunset…

… hard to believe that Apple is rolling over the market.

When you compare the number of devices purchased that run Windows, as opposed to macOS or iOS, the worm has turned. Fascinating graphic from Horace Dediu at Asymco

As he puts it:

The consequences are dire for Microsoft. The wiping out of any platform advantage around Windows will render it vulnerable to direct competition. This is not something it had to worry about before. Windows will have to compete not only for users, but for developer talent, investment by enterprises and the implicit goodwill it has had for more than a decade.

I wonder how Android devices look in a similar graph. StatCounter shows usage percentages for each of the major OSs like this:

Last person turn out the lights, OK?

The first Tuesday in July is almost over, and non-security Office updates are nowhere to be seen

The first Tuesday of the month — “A Week Tuesday” in that inscrutable Microsoft parlance — is almost over on the US west coast.

A Week Tuesday, you may recall, is supposed to bring a flood of bug fixes, er, non-security updates, for Microsoft Office. Last month, we had 19 patches on June 6.

This month.. who knows? Rumor has it that the parking lots on the Redmond campus are almost empty. Everybody’s gone for the long (US Independence Day) weekend. Maybe they took the patches with them?

Widespread problems with last week’s Win10 1703 patch, KB 4022716

There’s a reason why I keep recommending that you avoid Windows 10 Creators Update. It ain’t baked yet.

Case in point: KB 4022716, the June 27 cumulative update for Win10 version 1703, which is supposed to bring the version up to build 15063.447.

There’s a lengthy Microsoft Answers forum thread about how KB4022716 kills web browser Google Chrome, Firefox, Internet Explorer. Another one about black screens with flickering cursor after unlocking, which is repeated on a Lenovo forum. A laundry list of additional problems.

Comodo says:

We strongly advise Comodo users not to update to latest MS update KB4022716, which is available for Windows 10 users till they have new fixed version of Comodo internet security products installed.

Some people are reporting that the patch has been pulled. Others say that it’s still being offered.

If you ignored my advice and upgraded to Win10 Creators Update, you would be well advised to avoid the latest cumulative update.

MS-DEFCON 3: Get patched, but watch out for Outlook

With the first non-security Office patches due out on Tuesday, July 4, we’re kinda backed up against a wall.

The simple problem: Some of the patches dribbled out in June still don’t work right. For example, the June 27 patch for Outlook 2010, KB 3015545, was pulled a few days ago because it crashes 32-bit Outlook.

The original download package for the 32-bit version was removed from the Download Center after a problem was discovered that could cause Outlook to crash when you preview messages that have attachments. If you already downloaded and installed the 32-bit update, we recommend that you remove it until a new version is available.

A new update for 32-bit Outlook 2010 is under development and will be posted in this article when it becomes available.

According to the official bug-tracking list at Outlook known issues in the June 2017 security updates, we also have these problems:

There is no Outlook 2007 fix for Issue #1, the “program is not installed” and/or “unsafe attachments” error when opening an attachment. In addition, the 32-bit Outlook 2010 fix has been pulled because it, you know, crashes Outlook.

There is no Outlook 2007 fix for Issue #2, the “untrustworthy source” bug. Same comment about 32-bit Outlook 2010.

Issue #4 (VBScript doesn’t run on custom Outlook forms) has not been fixed for any version of Outlook.

Issue #5 (iCloud doesn’t work with Outlook) hasn’t been fixed for Outlook 2007. For other versions of Outlook, you need to uninstall and reinstall iCloud.

Issue #7 (iframe part of a web page doesn’t print) has been fixed by various Windows patches.

That’s the kind of garbage we’re facing at the moment. As many of you know, I’ve never been a fan of Microsoft’s patching. This month marks (yet another) new low in patch quality. Believe me, that’s saying something.

Over on the Win10 side of the patching puddle, in addition to the iSCSI problems I reported last week, we have a new, officially acknowledged, bug:

After you install this update, Internet Explorer 11 may close unexpectedly when you visit some websites. When the problem occurs, you may receive an error message that resembles the following:

We were unable to return you to [previous URL].
Internet Explorer has stopped trying to restore this website. It appears the website continues to have a problem.
The problem may occur if the website is complex and uses certain web API’s.

Microsoft is researching this problem and will update this article when more information becomes available.

The solution, of course, is to avoid Internet Explorer, but I’ve been saying that for more than a decade.

If you’re having trouble printing iframes from inside web pages, using IE, I recommend the same solution – ditch IE. But if you insist on using IE, and want to be able to print inside iframes, you have to install one of the recent Windows patches.,

Anyway, it’s time to strap on your hip waders and get patched. Here are my latest recommendations. Remember you have three basic choices for Win7 and 8.1:

• Group A – installation of Monthly Rollups via a manual run of Windows Update
• Group B – manual installation of specific Security-Only patches
• Group W – folks who sat on the bench and didn’t patch at all.

In this post-Shadow-Brokers era, where Microsoft is screwing up patches by the bushelfull and compounding bugs in security patches (which is to say, patches for security bugs appear in non-security patches), I figure you only have a few choices:

Win7/8.1 Group W — R.I.P.

With Shadow Brokers guaranteeing that major Windows vulnerabilities are coming every month, Group W is just plain dangerous. It’s not an option. Sorry.

Win7/8.1 Group B — Only for experts with a high tolerance for pain

Group B, which is based on Microsoft’s commitment to deliver Security-only updates every month, has gone from relatively simple to very complex. Officially, Internet Explorer patches have been broken off from the main download. There’s all sorts of confusion about .NET patches — which are Security-only, which Rollups? We’ve seen security patches released outside the monthly Security-only stream. There have been bugs in Security-only patches that were fixed outside of the Security-only stream. There’s a host of problems documented in this Topic.

Group B isn’t dead, but it’s no longer within the grasp of typical Windows customers. Many of you reading this post are fully capable of sticking with Group B. Most Windows customers are not.

If you want to pursue Group B, in spite of the warnings, look at PKCano’s AKB 2000003.

Win7/8.1 Group A – Go ahead and patch, but understand the consequences

Microsoft is still blocking updates to Win 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that’s a year old, or newer, follow the instructions in AKB 2000004 or @MrBrian’s summary of @radosuaf’s method to make sure you can use Windows Update to get updates applied.

If you want to minimize Microsoft’s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program (Step 1 of AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping) before you install any patches. (Thx @MrBrian).

For those of you interested in the nuances, @ch100 has a good synopsis here and a follow-up here.

For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Watch out for driver updates — you’re far better off getting them from the manufacturer’s web site.

Microsoft also has huge Monthly Rollup Preview, KB 4022720 for Win 8.1, and a smaller KB 4022168 for Win7. As usual, I don’t recommend that you install the Previews. You’ll be able to pick up the patches when they roll out for real later in July.

After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. Realize that we don’t know what information Microsoft collects on Win7 and 8.1 machines.

Windows 10

It’s still too early to jump to Win10 Creators Update, version 1703. Wait for it to be designated “Current Branch for Business.” You can block the upgrade with a few simple steps, detailed in this Computerworld post.

To get Win10 patched, run the steps in AKB 2000005: How to update Windows 10 – safely. You may want to use wushowhide to hide any driver updates. All of the other updates should be OK, including Servicing stack updates, Office, MSRT, or .Net updates (go ahead and use the Monthly Rollup if it’s offered).

One more Win10 oddity this month: If you’re using the Creators Update, version 1703, and run Windows Update, you’ll get the massive June 27 non-security patch, KB 4022716, bringing you to build 15063.447. There are analogous patches for the earlier versions of Win 10, but they won’t be installed during a Windows Update run. You can search for the patches for Win10 Anniversary Update (version 1607), or Win10 Fall Update (version 1511), and install them manually, if you really want to, fur I don’t see any pressing reason to do so. Wait for the other guinea pigs, eh?

The only major bugs I see at this point are Internet Explorer-related — and for those of you afflicted I say, hey, you shouldn’t be using IE anyway. The rest of the world has switched to Chrome or Firefox. (Netmarketshare pegs desktop usage share at 60% Chrome, 17% IE, 12% Firefox and 6% Edge.) Get with the program and kick the Microsoft browser habit.

Office updates

There’s a post from Pim saying that, as of very early Monday morning:

This morning Outlook 2010 June 2017 update KB3203467 was (still) offered as an important update on my Windows 7 system, but unticked. It is not retired.

As is always the case, DON’T CHECK ANYTHING THAT’S UNCHECKED.

.NET updates

As of late Sunday night, @ch100 advises:

.NET Framework Preview patches released in May 2017 (latest for all versions other than 4.7) have been pulled due to conflict with the .NET Framework 4.7 installer.
https://blogs.msdn.microsoft.com/dotnet/2017/05/17/net-framework-may-2017-preview-of-quality-rollup/

Again, don’t check anything that’s unchecked.

I sincerely apologize for all the if’s and’s and but’s in this month’s go-ahead. If it’s any consolation, just about everybody at Microsoft is off for a four-day weekend, so things aren’t likely to get any worse.

Time to get patched. Tell your friends, but make sure they understand what’s happening. An for heaven’t sake, as soon as you’re patched, turn off automatic updating! I see no reason at all to believe that the July patches will be any better than the June crop.

Turn off SMBv1 on Windows, but be aware of the consequences

Good series of articles from Barb Bowman, taking normal everyday users through the steps to disable SMBv1, the Windows system utility that put the “cry” in WannaCry.

The first article explains how to turn it off.

The second article gives workarounds for common problems with disabling the ancient protocol.

Evidence that PetyaWrap is from a Russia-linked hacking group “TeleBots”

Interesting tweet stream from Catalin Cimpanu.

He connects the dots and, based on a report from ESET, deduces that PetyaWrap comes from a hacking organization known as TeleBots, which targeted the US before 2015, and the Ukraine after 2015.

ESET now confirms Telebots hacked MEDoc and installed a backdoor

which apparently was used to seed PetyaWrap.

That doesn’t explain all of the PetyaWrap infections, but it does explain the best-known infection vector.

In addition, Dan Goodin has more evidence on Ars Technica that the people behind PetyaWrap got the leaked NSA code weeks before Shadow Brokers released it to the world. Dan calls it an “unproven theory” but it’s a interesting one.

Thx @Kirsty

Contrary opinion: PetraWrap is buggy, poorly constructed ransomware

Yesterday, I ran an article that says PetyaWrap (NyetPetya, Petya.2017, nPetya, pick your name) “was designed to make headlines, not to make money.” There’s convincing evidence for that conclusion, offered by highly regarded malware researchers.

But there’s a second opinion which says, roughly, “PetyaWrap was (is) a buggy piece of real ransomware.” Vess Bontchev goes on to assert that it’s from an “idiot ransomware writer.”

Rob Graham has an excellent expose of that assertion in his Errata Security blog, NonPetya: no evidence it was a “smokescreen”:

Certainly, things look suspicious. For one thing, it certainly targeted the Ukraine. For another thing, it made several mistakes that prevent them from ever decrypting drives. Their email account was shutdown, and it corrupts the boot sector.

But these things aren’t evidence, they are problems. They are things needing explanation, not things that support our preferred conspiracy theory.

Three things I know for sure.

First, it’s still a problem. According to Ian Thomson at The Reg, FedEx reportedly halted trading on the NYSE because its TNT subsidiary got infected – likely with PetyaWrap.

Second, the antivirus companies are in hype overdrive mode, claiming this or that about their products and PetyaWrap. I don’t believe any of it.

Third, the people who say “install all Windows patches right away to prevent PetyaWrap infections” don’t have a clue. The infection method for PetyaWrap is still unknown, and the subject of much conjecture. What we do know is that, if your Windows PC has all of the March patches installed, it won’t get infected by one method, but it may get infected by a different method. Having all of your Windows patches up to date won’t protect you, in spite of what the self-proclaimed “experts” say.

As for the major network TV show that claimed you could improve protection against PetyaWrap by using strong passwords…. pffffffffffffffft.

Welcome to the scary new world of Windows, folks.