Newsletter Archives

• MS-DEFCON 3: Get your August patches installed

  Posted on September 5, 2017 at 07:15 CDT by woody • Comment in the Forums

  

  There are easy ways to work around remaining problems with the August Windows and Office patches. Get patched now!

  Computerworld Woody on Windows

  Windows Patches/Security August 2017 Black Tuesday, MS-DEFCON 3

• Between Windows and Office, Microsoft dropped patches on 14 different days this month

  Posted on August 31, 2017 at 13:38 CDT by woody • Comment in the Forums

  Some of them actually worked the first time. Or so I’m told.

  Computerworld Woody on Windows

  Windows Patches/Security August 2017 Black Tuesday

• Where we stand with this month’s Windows and Office security patches

  Posted on August 15, 2017 at 09:08 CDT by woody • Comment in the Forums

  August has seen a relatively normal number of bugs in Windows and Office patches, some acknowledged by Microsoft, some not

  Computerworld Woody on Windows

  Note: There was a weird out of band Outlook 2016 patch last night. Still no word on whether it’s OK.

  Another note: I’m getting email from people concerned about CVE-2017-8620, the Windows Search service remote code execution vulnerability described in this Microsoft Security Update. Check Point calls it “The Next WannaCry,” but there’s no evidence it’s been exploited. I think it’s overblown, but your opinion may vary. If you’re very concerned, install the latest Monthly rollup or — better — take Microsoft’s workaround advice and disable the WSearch service. And let me know if you see anything in the wild.

  Windows Patches/Security August 2017 Black Tuesday

• Lots and lots of patches

  Posted on August 8, 2017 at 13:31 CDT by woody • Comment in the Forums

  Martin Brinkmann at gHacks just posted his usual comprehensive list:

  • Windows 7:  9 vulnerabilities of which 2 are rated critical, 7 important
  • Windows 8.1: 11 vulnerabilities of which 4 are rated critical, 7 important
  • Windows 10 version 1703: 14 vulnerabilities of which 5 are rated critical, 9 important
  • Internet Explorer 11: 8  vulnerabilities, 7 critical, 1 important
  • Microsoft Edge: 28 vulnerabilities, 21 critical,  7 important, 1 moderate
  • And a new Security Advisory 4038556 regarding the WebBrowser Control

  The Security Portal lists 130 separate security patches issued between August 4 and 8.

  Win10 version 1703 Creators Update KB 4034674 goes up to build 15063.540. Five bug patches and a big bunch of security updates.

  Win10 version 1607 Anniversary Update KB 4034658 goes up to build 14393.1593. One bug fix, one fix to a bug introduced in the June update, and the security patches.

  Nine June 13 patches for Edge were re-released on August 4. This one, for example. No idea why.

  16 new Office patches. Haven’t yet had a chance to double-check the new list of August 1 patches with our old list (which had to be modified because the original list from Microsoft was wrong).

  As usual, I recommend that you sit and wait until the complaints start rolling in.

  UPDATE: There’s a slightly more usable aggregation of the security bulletins by Johannes Ullrich on the SANS Internet Storm Center.

  Also worth noting: There are no known exploits for any of the security patches.

  Office Patches/Security, Windows Patches/Security August 2017 Black Tuesday

• MS-DEFCON 2: It’s time to check your Windows machines and temporarily turn off Automatic Update

  Posted on August 7, 2017 at 10:23 CDT by woody • Comment in the Forums

  With Patch Tuesday just around the corner, you should seriously consider disabling Automatic Update, and wait until the unpaid beta testers have their say

  Computerworld Woody on Windows.

  Windows Patches/Security August 2017 Black Tuesday

• Office non-security patches for August 2017 are available

  Posted on August 1, 2017 at 13:22 CDT by PKCano • Comment in the Forums

  No, you don’t want to install them yet. WAIT! Microsoft’s track record hasn’t been the best of late. You don’t have to be a Guinea Pig!

  Aug 2017 non-security for Office 2013

  Update for Microsoft Excel 2013 (KB4011080)
  Update for Microsoft Office 2013 (KB3172443)
  Update for Microsoft Office 2013 (KB4011070)
  Update for Microsoft Office 2013 (KB4011077)
  Update for Microsoft Project 2013 (KB4011084)
  Update for Microsoft SharePoint Server 2013 Client Components SDK (KB3213571)
  Update for Microsoft Word 2013 (KB4011045)
  Update for Skype for Business 2015 (KB4011046)

  Aug 2017 non-security for Office 2016

  Update for Microsoft Office 2016 (KB3203472)
  Update for Microsoft Office 2016 (KB3213650)
  Update for Microsoft Office 2016 (KB4011037)
  Update for Microsoft Office 2016 (KB4011051)
  Update for Microsoft Office 2016 Language Interface Pack (KB3191930)
  Update for Microsoft OneDrive for Business (KB3178707)
  Update for Microsoft OneNote 2016 (KB4011030)
  Update for Microsoft Project 2016 (KB4011034)
  Update for Microsoft Publisher 2016 (KB3178696)
  Update for Microsoft Visio 2016 (KB4011033)

  Office 2007 is on extended support. It no longer receives non-security updates. There were no updates listed for Office 2010. Security patches for all current versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday)

  Corrections posted August 8, 2017

  Office Patches/Security August 2017 Black Tuesday, Microsoft Office, Office 2013, Office 2016, Office patches