Deanna’s Freeware Spotlight: GIMP Photoshop Layout v2.0

Most of us cheapskates would never shell out the money for Photoshop so we use Gimp instead, the free alternative to Photoshop (portable version here).

One complaint most of us have had is the layout of Gimp. Toolbars just floating around like ticker tape. Well now there is GIMP Photoshop Layout, a tiny utility that makes Gimp look more like Photoshop’s layout. Now we can really pretend we are all rich and such. 😉

Download from OlderGeeks.com

Where we stand with the December patches

Things were looking pretty good for This Month in Patches — until two days ago.

Now, it’s anybody’s guess whether there’s a real emergency, or whether the IE patch is just a flash in the pan. But I continue to recommend that you hold off on patching — in spite of “The Sky is Falling — Patch Now” warnings from the usual suspects.

If the sky really does start falling, we’ll let you know here first.

Details in Computerworld Woody on Windows.

Another hurried fix for an Outlook 2013 bug apparently caused by the November security patch

Another stinker for the pile.

Microsoft just released this little gem: KB 4011029 December 20, 2018, update for Outlook 2013. According to the KB article:

This update fixes the following issue:

Mail delivery rules stop working. When you try to open the Manage Rules & Alerts dialog box in Outlook 2013, you receive the following error message:

The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

Here’s the weird part. On December 17, Microsoft posted this bug notice:

Last Updated: December 17, 2018

ISSUE

When you click Rules > Manage Rules & Alerts…, the following error occurs:

Error:  “The operation failed because of a registry or installation problem. Restart Outlook and try again.  If the problem persists, reinstall.”

The issue may occur after installing the following perpetual updates:

• Outlook 2016: November Security Update KB https://support.microsoft.com/help/4461506.
• Outlook 2013: November Security Update KB https://support.microsoft.com/help/4461486.
• Outlook 2010: November Security Update KB https://support.microsoft.com/help/4461529.

Could someone explain to me why there are three acknowledged bugs, but only one of them was fixed?

Reported crash with the new out-of-band IE fix on Win7, KB 4483187

Remember yesterday, when I warned you that these extreme out-of-band patches have a nasty habit of causing havoc?

Reports of problems with the patches are starting to come in.

@David Beroff reports:

Why did my Windows 7 Home Premium (ver 6.1, build 7601, SP1) system start crashing as soon as KB4483187 was installed? I had about 5 crashes in as many hours, while I was trying to work with overseas clients, before I was able to go in and uninstall it. I don’t ever use MSIE, and would uninstall it if I could. No other software was installed recently, and my system is usually as stable as a rock. (The last time I had crashing issues, I narrowed it down to Google’s Backup and Sync, which is now only run manually at night, rather than on startup, but today it was not running at all during any of these events.) Thank you.

@PKCano has a good first guess:

My guess is that there is some conflict between the javascript files that were changed in the KB4483187 update and some program you are using on your computer.

What browser are you using?
What program(s) are you using when the crash occurs?
What AV program do you run?

I know that all of the experts are scurrying around like Chicken Little, telling you that you need to install this patch, like, right now.

I don’t buy it. There have been no details released that I can find. Clement Lecigne of Google’s Threat Analysis Group, who reported the problem, hasn’t said anything publicly. Google’s TAG is quiet on the topic. No reports of infections.

When the patching world goes silent like that, it usually means that we’re looking at a very limited vulnerability. It may turn into a monster at some point – but we aren’t yet at that point. The likelihood of having your machine clobbered, in my opinion, is much higher than the likelihood of you hitting this particular security hole.

Hang on. Although you’ll have to patch sooner or later, you don’t need to do it right now. My best advice is to stop using IE. Yes, I know that security holes in IE can be exploited other ways because IE is still woven into Windows. But the worst offender — Outlook rendering of formatted emails with the IE engine — was plugged many years ago. I haven’t heard of any direct infections through IE. And it’s a big step from an IE exploit to an infection via other means.

We’re still at MS-DEFCON 2 for a reason.

Big changes ahead for AskWoody and Windows Secrets

As of the end of the year, Penton/Informa media group is handing the Windows Secrets Newsletter and Lounge baton over to the people who started Windows Secrets years ago.

Many of you will remember the original Windows Secrets “dream team” — Brian Livingston, co-author of 11 Windows Secrets books; Susan Bradley, Patch Watch diva; Fred Langa, author of LangaList, the ultimate tech Q&A; and yours truly with Woody’s Windows Watch and a bunch of books. All of us, along with former editor in chief Tracey Capen and many current and former newsletter contributors, are joining forces once again to launch a new AskWoody Plus Newsletter. Those of you who subscribe to the Windows Secrets Newsletter will see your subscriptions carry over, uninterrupted, to the AskWoody Plus moniker.

We’re also merging the AskWoody and Windows Secrets Lounges. The new combined Lounge will sit on a software foundation that’s solid and reliable unlike, ahem, what we’ve had in the past. We’re implementing some of the features you’ve requested — email Plus Alerts, downloadable Patch Watch files, a reconstituted MS-DEFCON system, and much more. All of the AskWoody and Windows Secrets Admins and MVPs will make the trek. It’s a massive effort that’s going to bring all sorts of benefits to AskWoody and Windows Secrets Loungers.

Both the new Newsletter and the new combined Lounge are tied together with a membership program called AskWoody Plus. If you join AskWoody Plus, you get the new Newsletter, the news Alerts, and full access to everything on the new combined Lounge.

You’ll also get our thanks — and recognition, via a gold flare on your Lounge avatar — for helping us keep everything going. We’ll continue to hold Microsoft’s feet to the fire. We’ll keep you in the loop on important developments, and help you with palliative care on the demise of Windows 7. We’ll give you the straight story on where Windows and Office are headed, without the clickbait and garbled explanations you find on many other sites.

AskWoody Plus works on the donation model — you can join for whatever amount you think fair. If you’d rather not join, that’s fine. New Loungers are most welcome, and there’s no charge.

Changes in the plumbing are being tested right now. The hardest part of the transition will be merging databases, which won’t be easy, but we’ll take it in steps, and we’ll have human support available at all times. We’ll let you know if you need to do anything.

For those of you who already get the Windows Secrets Newsletter, you’ll be automatically continued as a subscriber to the AskWoody Plus Newsletter. For those of you who have donated to AskWoody in the past year, we’ll set you up with a Plus Membership as well — no charge, with our thanks. Those of you who haven’t contributed are also in good hands — we’re carrying across both the AskWoody Loungers and the Windows Secrets Loungers of various stripes to the new combined Lounge.

For now, sit tight. We’ll let you know if you need to do anything.

Lisa Schmeiser, editor in chief, Windows Secrets Newsletter
PKCano and Kirsty, AskWoody MVPs
JoeP517, JWitalka, Rick Corbett, Satrow, Windows Secrets Admins

Woody Leonhard, Eponymous Factotum

Heads up — Bug fix for IE coming out through Win10 cumulative updates, Win7 and 8.1

Microsoft just posted CVE-2018-8653: Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Looks like a drive-by: You can get infected by simply viewing a bad site, but only if you’re using Internet Explorer.

Which, of course, you aren’t.

The patches:

Win10 1809 – KB 4483235 – build 17763.195

Win10 1803 – KB 4483234 – build 17134.472

Win10 1709 – KB 4483232 – build 16299.847

IE 11 on Win7 and 8.1 – KB 4483187

Way-out-of-band patches like this one have a nasty history of blowing up. I strongly suggest you avoid the patch – and avoid Internet Explorer. But you’ve heard me say that a few times already, eh?

That “new” Office app? There’s less – and more – than meets the eye

Microsoft blogland is abuzz with news about a new! improved! Office app for Windows 10 called, doh, Office.

MS 365 VP Jared Spataro just posted:

Last year, we updated Office.com with a new experience focused on two simple things: helping users get the most out of Office and getting them back into their work quickly. The streamlined site has clearly resonated with customers, and now more than 40 percent of Office 365 web users start their work by visiting Office.com.

Starting today, we’re bringing this experience to Windows 10 in the form of an app, simply called Office. It’s now available to Windows Insiders (Fast) and will roll out to all Windows 10 users soon. The app itself is free and it can be used with any Office 365 subscription, Office 2019, Office 2016, or Office Online—the free web-based version of Office for consumers.

The announcement goes on to say that you’ll be able to use this new app to, basically, do everything you can do right now pretty easily with OneDrive and the Office.com portal.

But there’s one thing the announcement doesn’t mention. Mary Jo Foley explains that this new Office (there must be two dozen things running around called “Office”) is, in fact, a Progressive Web App. Which is pretty cool. Not a UWP (“Metro” “Windows Store”) app, but a real, live presumably working PWA.

The future is coming fast.

Fred Langa: A reader asks “How can I reduce laptop noise?”

What to try, when to give up.

More good stuff from Fred Langa.