|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
-
Windows 10 beta build 15042 (64-bit only) is out
I’m downloading it now.
https://blogs.windows.com/windowsexperience/2017/02/24/announcing-windows-10-insider-preview-build-15042-pc-build-15043-mobile/#oLaIMUa2u8xX57dT.97
-
Substantial security improvements coming to Microsoft Edge
I’m as skeptical as the next guy – moreso, actually – but I’m impressed by the security enhancements planned for the next version of Edge.
Matt Miller has an overview here.
Part 2 should be out shortly.
Long and short of it:
Most modern browser exploits attempt to transform a memory safety vulnerability into a method of running arbitrary native code on a target device. This technique is prevalent because it provides the path of least resistance for attackers by enabling them to flexibly and uniformly stage each phase of their attack. For defenders, preventing arbitrary native code execution is desirable because it can substantially limit an attacker’s range of freedom without requiring prior knowledge of a vulnerability. To this end, Microsoft Edge in the Creators Update of Windows 10 leverages Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG) to help break the most universal primitive found in modern web browser exploits: loading malicious code into memory.
I don’t know how quickly the bad guys will be able to break CIG and ACG, but if they hold up as long as ASLR, it’ll be a significant improvement.
-
iPad smackdown: Microsoft Office vs. Apple iWork vs. Google G Suite
A meticulous, in-depth comparison of the three Office apps on the iPad – and some real insight into whether an iPad is “good enough” for most Windows users.
Galen Gruman on InfoWorld.
-
We’re still at MS-DEFCON 2
We just upgraded the site to PHP 7, and it looks like the MS-DEFCON banner at the top of the page took a hit.
We’re still at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.
-
Next big update for Windows 10, Redstone 3, hits the radar
First sightings of Win10 “Redstone 3” appear on BuildFeed – and what that means to you.
InfoWorld Woody on Windows.
-
At death’s door for years, widely used SHA1 function is now dead
The two most common file encryption/hashing methods are now officially compromised. MD5 was hacked years ago. Now, Google has come up with an algorithm that generates two different PDF files with the same SHA1 hash.
Still unscathed: SHA-256 and SHA-3
Important article by Dan Goodin, Ars Technica
-
Amazon resists request for Echo recordings in Arkansas slaying
This is an important privacy case. You should be aware of it, especially if you use OK Google, Siri, Cortana – or even the voice recognition system in your car, GPS device, or other Internet of Things, uh, things.
Tafi Mukunyadzi Associated Press.
-
Muslims unite to repair Jewish cemetery
Credit: KTTNSt. Louis Muslims are raising money to repair Chesed Shel Emeth Cemetery, which was trashed over the weekend.
Donate here. I did.
-
Flash player patch rolls out in a strange way
It’s like a retro patch: Security Bulletin, but it’s not in any cumulative updates.
InfoWorld Woody on Windows
-
More non-news: Microsoft will release another Win10 version later this year
The MSblogosphere (TM) seems to be bloviating over the discovery of a slide in a Ch9 video from Bill Karagounis’s presentation at Microsoft’s Ignite Australia conference. (Look at 22 to 24 minutes, if you’re really interested.)
The slide shows that Microsoft plans on shipping another version of Windows 10 in late 2017.
If that comes as a surprise to you, then you haven’t been following along. Windows 10 has received version bumps every eight months or so, since the first bump appeared four months after the original version of Win10.
We were originally told that Win10 version changes (“feature updates”) would appear two to three times a year. Two weeks ago, Dani Halfin posted on TechNet in his Overview of Windows as a Service that:
Windows as a service will deliver smaller feature updates two to three times per year
The rhythm now is definitely set at 8 months, give or take a bit. That would equate to two versions of Win10 in 2017, and one in 2018.
Where’s the mystery?
-
Looks like KB 2952664 (for Win7) and KB 2976978 (Win 8.1) are back
These are the two patches implicated with various snooping proclivities, and tied into upgrading from Windows 7 to Win10, or Win8.1 to Win10 — which should be a non-starter tat this point.
I can see them in the Microsoft Update Catalog:
They’re both listed as “Last Updated 2/17/2017.”
They aren’t listed on the Windows Update official page, but PKCano reports that she’s seeing the Win 8.1 patch, released today, optional and unchecked.
Of course you should avoid them.
-
Flash patches for Internet Explorer and Edge due today
Many thanks to those of you who sent me copies of the email Microsoft distributed yesterday.
This is going to be interesting.
InfoWorld Woody on Windows
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
‘Minority Report’ coming to NYC
by 1 hour, 53 minutes ago
-
Apple notifies new victims of spyware attacks across the world
by 2 hours ago
-
Tracking content block list GONE in Firefox 138
by 1 hour, 24 minutes ago
-
How do I migrate Password Managers
by 1 hour, 37 minutes ago
-
Orb : how fast is my Internet connection
by 12 hours, 19 minutes ago
-
Solid color background slows Windows 7 login
by 13 hours, 40 minutes ago
-
Windows 11, version 24H2 might not download via Windows Server Updates Services
by 12 hours, 10 minutes ago
-
Security fixes for Firefox
by 17 minutes ago
-
Notice on termination of services of LG Mobile Phone Software Updates
by 1 day ago
-
Update your Apple Devices Wormable Zero-Click Remote Code Execution in AirPlay..
by 1 day, 9 hours ago
-
Amazon denies it had plans to be clear about consumer tariff costs
by 1 day ago
-
Return of the brain dead FF sidebar
by 11 hours, 39 minutes ago
-
Windows Settings Managed by your Organization
by 10 hours, 48 minutes ago
-
Securing Laptop for Trustee Administrattor
by 11 hours, 48 minutes ago
-
The local account tax
by 13 hours ago
-
Recall is back with KB5055627(OS Build 26100.3915) Preview
by 1 day, 22 hours ago
-
Digital TV Antenna Recommendation
by 1 day, 15 hours ago
-
Server 2019 Domain Controllers broken by updates
by 2 days, 10 hours ago
-
Google won’t remove 3rd party cookies in Chrome as promised
by 2 days, 12 hours ago
-
Microsoft Manager Says macOS Is Better Than Windows 11
by 2 days, 15 hours ago
-
Outlook (NEW) Getting really Pushy
by 1 day, 17 hours ago
-
Steps to take before updating to 24H2
by 2 hours, 5 minutes ago
-
Which Web browser is the most secure for 2025?
by 1 day, 22 hours ago
-
Replacing Skype
by 1 day, 10 hours ago
-
FileOptimizer — Over 90 tools working together to squish your files
by 2 days, 9 hours ago
-
Excel Macro — ask for filename to be saved
by 1 day, 6 hours ago
-
Trying to backup Win 10 computer to iCloud
by 1 day, 10 hours ago
-
Windows 11 Insider Preview build 26200.5570 released to DEV
by 4 days, 15 hours ago
-
Windows 11 Insider Preview build 26120.3941 (24H2) released to BETA
by 4 days, 16 hours ago
-
Windows 11 Insider Preview Build 22635.5305 (23H2) released to BETA
by 4 days, 17 hours ago
Remembering Woody
