A most unusual Patch Tuesday

Microsoft has released its usual Patch Tuesday flood, and it’s enormous: 358 patches addressing 96 individually identified security holes. Gregg Keizer at Computerworld just posted a thorough overview.

Martin Brinkmann at ghacks.net has the full list. Here’s the summary:

• Windows 7:  48 vulnerabilities of which 6 are rated critical, and 42 important
• Windows 8.1: 52 vulnerabilities of which 8 are rated critical, and the remaining 44 important
• Windows RT 8.1: 48 vulnerabilities of which 8 are rated critical, and 40 important
• Windows 10 version 1703: 45 vulnerabilities of which 7 are rated critical, and 38 important.

At the same time, Microsoft has released individual patches for Windows XP and Vista – both of which are beyond their end of support dates.

There’s a reason why Microsoft released XP/Server 2003 updates – they didn’t bother to patch either last month, with the WinXP patch for WannaCry.

Full details in my Woody on Windows blog, which has just moved from InfoWorld to Computerworld.

UPDATE: Microsoft even released a patch for Win10 1507 — the original, “RTM” release, which is supposed to be out of support. See KB 4022727.

Brad Sams, writing on Petri.com, calls the XP patch “a dangerous precedent.” I say hogwash. It’s an overdue CYA patch. Can you imagine what would happen with a working XP SMB worm?

Peter Bright = Dr. Pizza, writing on Ars Technica says “Microsoft’s decision to patch Windows XP is a mistake.” I say he’s wrong. Microsoft didn’t have any choice – and won’t have any choice, in the future, but to patch NSA-derived security holes in all versions of Windows from XP onward.

Dan Goodin, also on Ars Technica, now has technical details. He hits the nail on the head when he says, in conclusion:

Company officials are showing that, as much as they don’t want to set a precedent for patching unsupported Windows versions, they vastly prefer that option to a potential replay of the WCry outbreak.

And, I would add, a potential replay of the WannaCry outbreak long after learning the details from the NSA.

This doesn’t smell right.

Were KB 4020732 and KB 4020733 released early?

Reader MB advises that KB 4020732 and KB 4020733 were released to WSUS servers on Saturday.

Likely they’re intended for distribution as part of Patch Tuesday.

Anybody else see them?

Security Update for Lync 2010 X86/X64 (KB4020732)

Security Update for Lync 2010 Attendee – Administrator level installation (KB4020733)

Playing catch-up with Windows and Office patches

Patch Tuesday is just around the corner, and many of you are confused about which patches to install, which to avoid. Here’s a simple list:

• If you haven’t patched your machine in many months, get it patched. Now.
• If you haven’t applied MS17-010, do it now.

As long as you’ve applied the March patches, or later, I don’t see any pressing reason to break the usual MS-DEFCON 2 admonition: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

We’re going to get quite a slew of new patches on Tuesday. Patience. Let’s see how they turn out.

KB 3150513 on the loose again

Seems like hardly a day passes now when we don’t have a new version of KB 3150513 — the “figure out if this machine will work with Win10 Creators Update” patch.

This one’s a bit different, though, because of reports that it breaks some systems.

Have you hit a problem? Let me know in the comments….

Is the Samsung “peeping Tom” allegation pure BS – or just mostly so?

I’ve read it all. That paragon of technical insight, England’s The Sun, reports that “Samsung’s ‘peeping Tom’ smartphones can watch what you do on the web while monitoring your emails to target you with ads”

They go onto to explain:

Jim Killock, Executive Director of Open Rights Group warned that “Samsung want to get to know you – but they are behaving like a peeping Tom.. Samsung have taken spying on their customers to a whole new level.”

And then there’s a garbled description of Web beacons, with no explanation of how Samsung injects the wayward pixels into messages, ads or websites.

If there’s any meat here, I don’t see it. Tinfoil hats are fine, but at least there should be some tin in the foil, eh?

Important information about Docs.com end of service

Several weeks ago, docs.com had a search trawling issue which caused some concern.

Microsoft have now announced their decision to shut docs.com, with six months’ notice that all content will be deleted.

Microsoft’s Docs.com service to be discontinued

Microsoft is retiring the Docs.com service on Friday, December 15, 2017 and we are hereby advising all users to move their existing Docs.com content to other file storage and sharing platforms as soon as possible, as Docs.com will no longer be available after this date.

Martin Brinkmann has posted an article on ghacks.com:
Microsoft to shut down docs.com on December 15, 2017

Google Fi works great in Thailand

I just started listening to Mary Jo and Paul’s Windows Weekly. There was a comment about Google Fi in Asia – Mary Jo had a great experience in Japan.

In case there’s any doubt… Google Fi works great in Thailand, too. I’m using the same phone, same SIM card that I use in the States. I get incoming calls from the US — which is a real pain in the neck with spam calls at 2:00 in the afternoon US time, which is 2:00 am here. Learned that lesson quick.

I pay 20 cents per local call, coverage is good – equal to the best 4G coverage in Thailand, including very rural areas – and it’s still just $10 per GB. Of which I’ve used quite a few.

Hope to test it in Cambodia soon.

In fact, it works so well that my next phone – after the Nexus 6P rolls over and plays dead – will definitely be a Google Fi-compatible phone.

Yet another release of KB 3150513

The Microsoft Update Catalog lists a June 8 version of our old friend, KB 3150513, for Win 7, 8, 8.1, Win10 1511 and 1607.

Looks like Jonathan Handler nailed it a couple of days ago:

I continue to believe that KB 3150513 is for assessing readiness for Creators’ Update (1703).

Greasing the upgrade skids.

Windows 10 beta build 16215 rolls out…

… and it’s huge.

The official tally includes:

New user interface for Start and the Notification center

A few Edge improvements that slowly bring the feature set in line with IE: pinning web sites on the taskbar, full screen mode, EPUB improvements (yawn) and very minor PDF improvements.

Cortana now looks into your camera roll and, optionally, creates reminders. You can also use the pen to scrape reminder info off web pages.

Handwriting improvements. You can use the pen to scroll. Easier emojis. Dictation on the desktop. And much more.

Malware: Its Prevention, Detection & Blocking

Last week, a blogpost raised the issue about Fireball, a recently discovered browser hijacker and malware downloader.

In response, an anonymous poster has suggested:

anonymous wrote
This is why corporations should be using HOSTS files and utilizing applications like Spybot Search & Destroy and Teatimer.

Corporations and end users have differing needs, using different methods to achieve similar results. Some utilities are freely available to end users, but EULAs mean corporations pay for those services.

While one solution will not be suitable for all setups or Windows versions, what are the best methods and utilities available today? How much time, effort and skill do those methods require, to set up, update and maintain?

Running Office on the new 10.5-inch iPad requires a license

Office is free for non-commercial use on tablets up to 10.1 inches. That means the newly announced 10.5 inch iPad Pro will require a license, even for non-commercial use.

Nothing new. But many people don’t realize they’ll have to spring for a license — or switch to something other than Office.

Good overview from Gregg Keizer at Computerworld.

MS re-re-..release (again) of KB 2952664 and KB 2976978

We’re seeing a recurrence of the two snooping patches KB2952664 for Win7 and KB2976978 for Win8.1. The last time they showed up, was on March 7th, but now they’re back……

MS re-re-..release of KB2952664 and KB2976978

Microsoft describes them as a “Compatibility update for keeping Windows up-to-date.”

This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.

They are appearing as unchecked Optional now, which means they won’t be installed unless you check the corresponding box in Windows Update.
Their status may change next week to Recommended and, for some, they may show up as checked Important on Patch Tuesday.