Newsletter Archives

• MS-DEFCON 3: Get patched while everybody’s out of town

  Posted on July 1, 2016 at 11:13 CDT by woody • Comment in the Forums

  Looks like Microsoft’s offices are clearing out for the long (US) weekend. It’s time to get your machine patched up.

  As you saw last month, these once-brief MS-DEFCON patch warnings have turned into horrendous beasts. I’m going to try to cut through the offal, starting this month. Suffice it to say there were lots of problems with the June 2016 patches — you can read about the details here, and in Susan Bradley’s lengthy Patch Release Grid — but most of them have been ironed out.

  If you’re in charge of a server there are lots of niggling problems. I strongly suggest you admins subscribe to the Patchmanagement.org mailing list, and subscribe to Windows Secrets Newsletter, where Susan has another important roundup of server-related problems.

  For the rest of you…

  Vista: If you haven’t yet followed the trick for speeding up Windows Update scans, use the method described in this InfoWorld article to first grease the skids. Start Internet Explorer and verify (Help > About) that you’re running Internet Explorer 9. Go into Windows Update (see the Windows Update tab on this page), make sure security patches are checked and non-security patches are unchecked, then run the update.

  Windows 7: If you haven’t yet followed this month’s trick for speeding up Windows Update scans, you should first install KB  3161647, which involves installing the update rollup KB 3161608 and seven other patches you probably don’t want. With any luck, KB 3161647 will solve the slow update problem once and for all. Details in my InfoWorld article.

  Check to make sure you’re running Internet Explorer 11. Run GWX Control Panel and set it to block OS upgrades (if you have GWX Control Panel set to run in the background, there’s no reason to run it again).

  Go into Windows Update (Start > Control Panel > System and Security > under Windows Update, click Check for updates). Click the link that says “XX important updates are available.” CHECK the boxes next to items that say “Security Update,” “Windows Defender” and “Malicious Software Removal Tool.” UNCHECK the boxes next to any items that aren’t specifically marked as “Security Update.” (If you’re running Hyper-V, don’t check KB 3161606.)

  On the left, click the link that says Optional. Uncheck every box that you see, except “Windows Defender,” which should stay checked. Yes, I’m saying that if a box is checked, uncheck it. Click OK, then Install updates. Reboot. If you don’t have GWX Control Panel in monitor mode (I don’t), run it again.

  Windows 8.1: Follow the instructions for Windows 7, but in Step 3 go into Windows Update by right-clicking on the Start icon and choosing Control Panel.

  Windows 10: If you’re using the metered connection trick to block updates (still highly recommended), unblock the metered connection long enough to get caught up.

  Office: I haven’t heard any loud wails of pain. If you know otherwise, I’d sure like to hear about it!

  Everybody: Either watch here on AskWoody.com, or follow me on Twitter (@woodyleonhard) or Facebook to keep up on the latest. Microsoft’s releasing patches at a breathtaking rate. It’s a jungle out there. And if you catch something, shoot me email (click on the mail icon in the upper right corner of this page), or post a reply to this blog.

  I’m putting us at MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

  My usual boilerplate advice:

  For those of you who are new to this game, keep in mind that… You should always use Windows Update to install patches; downloading and installing individual patches (other than the Win7 speedup patch) is a clear sign of impending insanity. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source). I use Chrome and Firefox, and only pull out IE when I feel very inclined — but even if you don’t use IE, you need to keep up with its patches.

  Thanks, as always, to Susan Bradley and her in-depth work in Windows Secrets Newsletter.

  Windows Patches/Security June 2016 Black Tuesday

• Patch Tuesday: 16 security bulletins, IE and Edge share an exploit, Win10 at 10586.420

  Posted on June 15, 2016 at 06:47 CDT by woody • Comment in the Forums

  Lots of news, including a new fast way to scan for Windows 7 Updates.

  InfoWorld Woody on Windows

  Windows Patches/Security June 2016 Black Tuesday

• New patches are out: 16 security bulletins, plus Win10 cumulative update

  Posted on June 14, 2016 at 12:26 CDT by woody • Comment in the Forums

  Security bulletins are on the TechNet site. Don’t see anything from ISC yet.

  Good overview of Win10 patch KB 3163018, build 10586.420, on the Windows 10 update history page.

   

  Windows Patches/Security June 2016 Black Tuesday

• MS-DEFCON 2: Make sure you have Automatic Update turned off

  Posted on June 14, 2016 at 05:42 CDT by woody • Comment in the Forums

  Patch Tuesday is here. Time to make sure all of your doors are locked.

  Make sure you have your Vista, Win7 and 8.1 Windows Update set to “Notify but don’t download” or “Don’t check.”  If your Windows 10 machine is set up with a Wi-Fi connection, set it to a metered connection. To do all of that, see the Automatic Update tab above.

  Back to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  Windows Patches/Security June 2016 Black Tuesday