Newsletter Archives

  • MS-DEFCON 3: Time to get July security patches applied

    Posted on August 1, 2016 at 05:02 CDT by Comment in the Forums

    The initial wave of changes, coinciding more or less with the expiration of the “free” Windows 10 upgrade, have rippled through the system. It’s time to get your security patches installed.

    For Win7 and 8.1 users, that’s no easy task. For you Win10 users who block updates, it’s time to put through the latest cumulative update, KB 3172985, bringing version 1511 up to build 10586.494. That’s likely to be the last patch to 1511, before you’re upgraded to version 1607, the Anniversary Update.

    Public Service Announcement: If you know anyone who upgraded to Windows 10, and now has Upgrader’s Remorse, point them to my article about recovering from a Win10 upgrade.

    We had some problems this month with Office security patches – in particular the Excel patches KB 3115322, KB 3115262, and Office 365 Click-to-Run version 1605 build 6965.2066. More about that below.

    In a nutshell, now’s a good time to get your Windows security patches applied. To-wit:

    Vista: If you haven’t yet followed the trick for speeding up Windows Update scans, use the method described in this InfoWorld article to first grease the skids. Start Internet Explorer and verify (Help > About) that you’re running Internet Explorer 9. Go into Windows Update (see the Windows Update tab on this page), make sure security patches are checked and non-security patches are unchecked, then run the update.

    Windows 7: I’m no longer recommending that you use Microsoft’s approach to fixing their ridiculously slow Windows Update scans. If you find yourself waiting more than half an hour for Windows Update to scan for updates, follow the instructions on wu.krelay.de to speed up the scans. I hope to have an InfoWorld article out before too long that explains how to put together the fix, but for now, if you have questions, hit me in the comments.

    Check to make sure you’re running Internet Explorer 11. If you’re still running GWX Control Panel, you can safely uninstall it (Control Panel, Add/Remove Programs).

    Go into Windows Update (Start > Control Panel > System and Security > under Windows Update, click Check for updates). Click the link that says “XX important updates are available.” CHECK the boxes next to items that say “Security Update,” “Windows Defender” and “Malicious Software Removal Tool.” UNCHECK the boxes next to any items that aren’t specifically marked as “Security Update.”

    On the left, click the link that says Optional. Uncheck every box that you see, except “Windows Defender,” which should stay checked. (If you installed KB3161608 to speed up Windows 7 update scans, it was replaced/superseded by KB3172605, so you might want to check that one. ) Yes, I’m saying that if a box is checked, uncheck it. Click OK, then Install updates. Reboot.

    Windows 8.1: Follow the instructions for Windows 7, but in Step 3 go into Windows Update by right-clicking on the Start icon and choosing Control Panel. (If you’re running Hyper-V, don’t check KB 3161606. It shouldn’t be offered, as it’s been replaced by KB 3172614. See this scathing report from Aidan Finn.)

    Windows 10: If you’re using the metered connection trick to block updates (still highly recommended), unblock the metered connection long enough to get caught up. If you’re using the wushowhide approach from Noel Carboni, it’s OK to unhide KB 3172985 and KB3173428 (the servicing stack update).

    Office: The latest round of Office security patches broke Excel. Microsoft hasn’t fixed the problem. If you (or your friends or clients) can no longer open Excel files the way they used to — double-clicking on the file brings up a blank spreadsheet — you can blame Microsoft. We’ve been promised a fix, some day, some how. The workaround is abysmal.

    In short, if you have Excel files generated by your own programs (using the technique described in the article), think two or three times before you install KB 3115322 or KB 3115262. If you’re using Office 365 Click-to-Run version 1606, keep it from updating.

    Everybody: Either watch here on AskWoody.com, or follow me on Twitter (@woodyleonhard) or Facebook to keep up on the latest. Microsoft’s releasing patches at a breathtaking rate. It’s a jungle out there. And if you catch something, shoot me email (click on the mail icon in the upper right corner of this page), or post a reply to this blog.

    I’m putting us at MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

    My usual boilerplate advice:

    For those of you who are new to this game, keep in mind that… You should always use Windows Update to install patches; downloading and installing individual patches (other than the Win7 speedup patch) is a clear sign of impending insanity. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source). I use Chrome and Firefox, and only pull out IE when I feel very inclined — but even if you don’t use IE, you need to keep up with its patches.

    Thanks, as always, to Susan Bradley and her in-depth work in Windows Secrets Newsletter.

    Windows Patches/Security , ,

  • Is it time to install the July security patches?

    Posted on July 27, 2016 at 08:30 CDT by Comment in the Forums

    Good question from JM:

    I’ve been following the site on and off for a little while, and have had good results so far. With the recent releases though I was wondering if 5 of the security updates are ok to install or not. I get that the recommended updates (non-security) ones should be avoided, but I didn’t want to ignore it all for now and possibly leave my machine open. In years part, I would’ve downloaded it without question, but now with the things MS has tried to do, I wanted verify first.

    The KB’s in question are:

    KB3163245 – Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems

    KB3164025 – Security Update for Microsoft .NET Framework 4.6.1 on Windows 7 and Windows Server 2008 R2 for x64

    KB3168965 – Security Update for Windows 7 for x64-based Systems

    KB3170455 – Security Update for Windows 7 for x64-based Systems

    KB890830 – Windows Malicious Software Removal Tool x64 – July 2016

    Is it a good rule of thumb that the security updates won’t create issues?

    Thanks for you time!

    I think it’s premature to install the security patches for July. We just had a bug in the Excel updates raise its ugly head a few days ago. There’s still a chance we’ll see problems with this month’s patches.

    As long as you don’t use Internet Explorer, none of the security patches are really pressing. See https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+July+2016/21249/ for a rundown.

    Best to sit it out and wait for MS-DEFCON 3 or better. (The MSRT can run anytime.)

    There’s an extra reason for waiting it out this month: Microsoft has to make some changes on or around July 29, just to yank the “free upgrade” nags, if nothing else. I have  no idea what will happen, but it may affect outstanding patches.

    I think it’s smart to wait and see what happens over the weekend. Not to worry, I’ll raise the MS-DEFCON level when it looks like things are OK.

    Windows Patches/Security

  • July 2016 Patch Tuesday – lots of hype, not much cause for alarm

    Posted on July 13, 2016 at 10:37 CDT by Comment in the Forums

    Remember, everybody, it’s MUCH TOO EARLY to install the July patches. Hold onto your horses, and watch the MS-DEFCON rating.

    InfoWorld Woody on Windows

    Microsoft News

  • MS-DEFCON 2: Turn off Automatic Update and pray for peace

    Posted on July 11, 2016 at 07:34 CDT by Comment in the Forums

    Patch Tuesday take cover

    Image credit: Render

    We have a big Patch Tuesday coming tomorrow. Now’s a good time to make sure automatic update is turned off.

    Use the instructions in the “Automatic Updates” tab up at the top of this page to ensure that Vista, Win7 and 8.1 Windows Update set to “Notify but don’t download” or “Don’t check.” While you’re at it, make sure you have “Give me recommended updates the same way I receive important updates” unchecked.

    If your Windows 10 machine is set up with a Wi-Fi connection, set it to a metered connection. To do all of that, see the Automatic Update tab above.

    We’re now at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.