Newsletter Archives

  • Outlook 2019 – recent update makes it impossible for an admin to uncheck “Always ask before opening this type of file”

    Posted on August 26, 2020 at 11:46 CDT by Comment in the Forums

    This in from BW:

    Until the June Outlook 2019 updates, I’ve always been able to uncheck “Always ask before opening this type of file” for various extensions by starting Outlook as administrator. It’s always been necessary after MS Office updates but at least it worked. Now it doesn’t. Remains greyed out even when running as admin. Really annoying since I know what I’m doing and don’t need the extra warning. Plus I open attachments all the time. It’s especially annoying when it’s an attachment in an email that I’ve saved and need to go back to often. Note that it also doesn’t work if you’ve, say, saved an Excel spreadsheet or Word document directly in an outlook folder, not as an attachment.

    I know there used to be registry settings for this. I no longer have those and could look them up online but given this latest change not sure even that would work.

    Anybody out there seeing the same problem? Got a solution?

    Office, Office Patches/Security

  • MS-DEFCON 3: Time to get the June patches installed

    Posted on July 8, 2020 at 08:19 CDT by Comment in the Forums

    Looks like the patching scene has stabilized sufficiently to go ahead with the June patches.

    Some of the bugs have been ironed out. Others can be fixed if you know what happened, and how to get the antidotes installed.

    I’m moving to MS-DEFCON 3: Get Windows and Office patches installed, but watch out for the bugs.

    (No, that doesn’t include yesterday’s Office non-security patches. Nobody needs those. They’ll come back around soon enough.)

    Step-by-step details in Computerworld Woody on Windows.

    Windows Patches/Security ,

  • Those two weird Microsoft Store fixes for Windows security flaws keep getting stranger

    Posted on July 4, 2020 at 07:50 CDT by Comment in the Forums

    In my monthly patch roundup, I kvetched about the bizarre (unprecedented?) security patches MS decided to distribute through the Microsoft Store. The approach to distributing the cures for CVE-2020-1425 and CVE-2020-1457 make no sense.

    The Store may be the worst possible place to hide security patches except, maybe, individual emails. And the documentation for these guys rates among the worst in Microsoft’s history. Believe me, that’s saying something.

    When the patches were first released on Tuesday, there was no – zero – description of the reason for the patches. Then, on Wednesday, somebody decided to enlighten us a bit and posted this:

    Is Windows vulnerable in the default configuration?

    No. Only customers who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.

    How do I get the updated Windows Media Codec?

    Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update.

    Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here.

    Why are these security updates offered to affected clients via the Microsoft Store and not Windows Update?

    These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store. Updates for optional store apps/components are provided via the Microsoft Store.

    The distribution method is riddled with all sorts of obvious holes – I mean, anybody with any sort of updating experience should’ve been able to compile a list of a half dozen ways that this could go wrong.

    Then came the outright errors.

    First, @abbodi86 pointed out that the first point isn’t complete (I’m giving MS the benefit of the doubt here):

    The optional HEVC codec exists by default in Windows Client editions since version 1809, except N and LTSC editions.

    Now, Karl Webster-Ebbinghaus has tweeted that the second and fourth points aren’t exactly right either:

    CVE-2020-1425 / CVE-2020-1457 might (silently) fail with “access denied”

    Günter Born  on Borncity talks about the conundrum.

    Yet another unholy mess.

    Windows Patches/Security , ,

  • June 2020 patch overview: Three different ways MS is fixing its bugs this month

    Posted on July 1, 2020 at 14:21 CDT by Comment in the Forums

    June was a very strange month for Windows patching:

    • A traditionally botched patch with a manual-download-only Out of Band fix
    • A botched Windows patch that knocked out Outlook Click-to-Run, fixed by a fix for Outlook
    • A couple of patches distributed via the Windows Store

    But at least Microsoft figures Win10 version 2004 is ready for Surface computers.

    Many details in Computerworld Woody on Windows.

    UPDATE: The KB article was updated last night with answers to several of the questions posed in the article. Highlights:

    • Only customers who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.
    • These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store. Updates for optional store apps/components are provided via the Microsoft Store.
    • You can check the version of the installed package. For example, click on Settings, Apps & Features and slect HEVC, Advanced Options. You will see the version there. The secure versions are 1.0.31822.0, 1.0.31823.0 and later.

    ANOTHER UPDATE: @abbodi86 has a correction to the KB FAQ:

    • The optional HEVC codec exists by default in Windows Client editions since version 1809, except N and LTSC editions.

    That’s quite a discrepancy – especially because it basically invalidates MS’s approach to distributing the fix via the Microsoft Store.

    Windows Patches/Security

  • June 2020 Patch Tuesday rolls out

    Posted on June 9, 2020 at 12:08 CDT by Comment in the Forums

    We have cumulative updates for Win10

    • Win10 version 2004 – KB 4557957
    • Win10 versions 1903 and 1909 – KB 4560960. Looks like 1909 has the same fixed bugs as 1903, again.

    Cumulative updates for all the earlier versions of Windows are out, too.

    Dustin Childs’s report is out on the ZDI blog:

    • 129 separately identified security holes (CVEs). Apparently that’s a record number of CVEs, although counting security holes by the number of CVEs is like counting puppies by the number of wet spots. (Yes, I’m still house-training.)
    • None identified as “Exploited” (i.e., zero-days) and none as Publicly Known — although ZDI published details about three of them more than two weeks ago.

    Childs calls out four security holes for special scrutiny:

    None of the holes seem particularly dire at this point – particularly not for “normal” Windows users.

    Martin Brinkmann has his usual definitive list on Ghacks.net.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.