Newsletter Archives

  • MS-DEFCON 1: Beware of Win10 build 16212

    Posted on June 1, 2017 at 18:49 CDT by Comment in the Forums

    There’s a lot of confusion at the moment, but it looks like Microsoft released a “rogue” version of Windows to at least some Win10 PCs and many phones.

    The bad version is identified as 16212.1001.rs_iot.170531-1800

    You’re glad that you have automatic updating turned off, yes?

    The problem started appearing about an hour ago. Dona Sarkar, the head Windows Insider spokesperson, tweeted

    #WindowsInsiders: pls do not install any builds being offered til you hear from us with a blog post. If you have installed, reset with WDRT.

    The implication is that the problematic build is only going out to Windows Insiders – people who are actively beta testing new versions of Windows 10. Since the Windows Device Recovery Tool is only used for Windows phones (er, Mobile devices), there’s a secondary implication that the bad build is only going out to phones.

    Both of those implications appear to be false, at least in some cases.

    @tfwboredom tweeted less than an hour ago that he had a production (which is to say, non-Insider) x86 (which is to say, not mobile) machine that was being pushed build 16212.1001.rs_edge_case.170531-2234 (UUP-CTv2)

    It’s not clear what build 16212 does to PCs, but mobile devices are getting hit hard. Wayne Williams at Betanews reports:

    Build 16212 for Windows 10 Mobile has been sending phones into a loop.

    Until Microsoft gets its act together, you would be well advised to avoid Windows Update entirely.

    Accordingly, I’m moving us to MS-DEFCON 1: Current Microsoft patches are causing havoc. Don’t patch.

    If you’ve already installed 16212 on a phhave to wipe it out completely, using WDRT.

    If you’ve already installed 16212 on a PC, I’d sure like to hear from you! At this point, the only advice I can give is to bend way over and kiss your keester goodbye.

    UPDATE: Dona Sarkar advises that those outside of the Insider Program (which is to say, those not beta testing the next version of Windows) may see 16212, but they won’t be able to install it.

    We’re continuing to work on our build release situation. For non-Insiders, you might see the build being offered, but it will not install

    And now the final story  https://blogs.windows.com/windowsexperience/2017/06/01/note-unintentional-release-builds-today

    Windows Patches/Security , ,

  • MS-DEFCON 3: Get patched and brace yourself for a Malware-as-a-Service future

    Posted on May 21, 2017 at 18:15 CDT by Comment in the Forums

    The times are a-changin’.

    Last October, Microsoft started lumping together all of its Windows 7 and 8.1 patches. Before October, we had separate patches — separate KBs — for individual security holes, and for non-security improvements. After October’s patchocalypse, we were given two big monthly globs. You could choose to have all of your patches in one fell swoop — a choice I call “Group A” with Monthly Rollups — or you could take just the security patches, in a different fell swoop — “Group B” in my parlance, with Security-Only updates.

    There have been a few changes since then — Internet Explorer patches got pulled out, for example — and a lot of confusion over, e.g., .NET Security-only and Monthly Rollups, but by and large, the Windows 7 and 8.1 patching world a month ago was divided into three parts:

    • Group A – automated installation of Monthly Rollups
    • Group B – manual installation of specific Security-Only patches
    • Group W – folks who sat on the bench and didn’t patch at all.

    That neat (if controversial and not really so neat) version of the world changed forever when, earlier this month, Shadow Brokers not only released the NSA’s trove which gave rise to the WannaCry worm, it also set up an auction for the “Shadow Brokers Monthly Data Dump” — what I’ve called Malware as a Service. You can bet that there are some very nasty malware surprises coming, all lovingly crafted by the US National Security Agency, stolen, then spread by Shadow Brokers.

    In the not-so-good-old-days, supercharged Windows hacks were tools for expensive, targeted, usually politically motivated attacks. In the near future, that will no longer be the case. With the Shadow Brokers Monthly Data Dump comes democratization of the malware industry. Anybody, it seems, can strap their favorite piece of junk malware onto one of these souped-up infection methods and start attacking normal folks.

    Group W — R.I.P.

    With Shadow Brokers guaranteeing that major Windows vulnerabilities are coming every month, Group W is just plain dangerous. It’s not an option. Sorry.

    Group B — Only for experts with a high tolerance for pain

    Group B, which is based on Microsoft’s commitment to deliver Security-only updates every month, has gone from relatively simple to very complex. Officially, Internet Explorer patches have been broken off from the main download. There’s all sorts of confusion about .NET patches — which are Security-only, which Rollups? We’ve seen security patches released outside the monthly Security-only stream. There have been bugs in Security-only patches that were fixed outside of the Security-only stream. There’s a host of problems documented in this Topic.

    Group B isn’t dead, but it’s no longer within the grasp of typical Windows customers. Many of you reading this post are fully capable of sticking with Group B. Most Windows customers are not.

    Pick up the Pace

    In the past I’ve waited several weeks to see if any big bugs appear before recommending that you install available patches. In the future, I need to pick up the pace. That means I may throw some of you under the bus, changing the MS-DEFCON level with some possible problems intact, and for that I apologize. Given the expected upswing in Windows-targeted malware, though, there doesn’t seem to be much choice.

    That said, it’s now time to apply the May 2017 updates. Here’s what I recommend:

    Windows 10

    It’s still too early to jump to Win10 Creators Update, version 1703. Wait for it to be designated “Current Branch for Business.” You can block the upgrade with a few simple steps, detailed in this InfoWorld post.

    Go ahead and run the steps in AKB 2000005: How to update Windows 10 – safely. You may want to use wushowhide to hide any driver updates. All of the other updates should be OK, including Servicing stack updates, Office, MSRT, or .Net updates (go ahead and use the Monthly Rollup if it’s offered).

    Windows 7 and 8.1

    If you’re running Windows 7 or 8.1 on a PC made in the past 18 months, check to see if installing this month’s Windows patches will completely block Windows Update. See AKB 2000006: Check to see if Microsoft is blocking Windows Update on your new computer. In particular, if you try to run updates and get an “Unsupported hardware” notification (screenshot), Microsoft won’t willingly let you update your machine. See the AKB 2000006 article for a workaround.

    If you absolutely must avoid Microsoft snooping at all costs, go ahead with the instructions in AKB 2000003: Ongoing list of “Group B” monthly updates for Win7 and 8.1, but realize that thar be tygers here. Be particularly sure to install the March Security-Only update; that’s the one with the patches to the SMBv1 driver that’ll block WannaCry and its ilk.

    For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups. Watch out for driver updates — you’re far better off getting them from the manufacturer’s web site.

    After you’ve installed the latest Monthly Rollup, if you’re intent on minimizing Microsoft’s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping. Realize that we don’t know what information Microsoft collects on Win7 and 8.1 machines.

    Good luck patching. Keep your eyes peeled for bugs — and be sure to update when next month rolls around.

    Windows Patches/Security ,

  • Patch Tuesday is rolling out

    Posted on May 9, 2017 at 12:01 CDT by Comment in the Forums

    With 997 separate fixes, 243 Win patches, 64 Office patches, and much more, it’s a mess out there

    See the latest… InfoWorld Woody on Windows

    UPDATE: Microsoft has posted an overview of the (complex!) .NET updates. Here’s the part I like best:

    The April 2017 Monthly Update contained a bug that caused the PowerShell Stop-Computer command to stop correctly functioning. This bug has since been fixed. You can get the fix in the following ways:

    Using Windows 10

    • Install the May 2017 Update for Windows 10 (see link in the table above).

    Using an earlier version of Windows

    • Wait for the next .NET Framework monthly update, which will include this fix. This approach is recommended if you are not experiencing this problem.

    And there’s this: The new ASP.NET Core 2.0 packages can no longer be used on .NET Desktop. Good background from Tim Anderson at The Reg.

    NOTE: I do NOT recommend that you update just yet. Watch the MS-DEFCON level.

    Windows Patches/Security

  • MS-DEFCON 2: Time to temporarily block Windows Update – and ignore KB 3008923

    Posted on May 8, 2017 at 14:32 CDT by Comment in the Forums

    Check to make sure you have automatic update turned off.

    InfoWorld Woody on Windows

    Windows Patches/Security ,

  • Office non-security patches are here

    Posted on May 2, 2017 at 12:49 CDT by Comment in the Forums

    No, you don’t want to install them yet.

    Office 2010

    Update for Microsoft Office 2010 (KB3128031)
    Update for Microsoft Outlook 2010 (KB3191906)

    Office 2013

    Update for Microsoft Excel 2013 (KB3191877)
    Update for Microsoft Outlook 2013 (KB3191889)
    Update for Microsoft PowerPoint 2013 (KB3191871)
    Update for Microsoft Project 2013 (KB3191878)
    Update for Microsoft Visio 2013 (KB3178711)
    Update for Skype for Business 2015 (KB3191873)
    Update for Skype for Business 2015 (KB3191876)

    Office 2016

    Update for Microsoft Access 2016 (KB3178700)
    Update for Microsoft Excel 2016 (KB3191861)
    Update for Microsoft Office 2016 (KB3115501)
    Update for Microsoft Office 2016 (KB3178658)
    Update for Microsoft Office 2016 (KB3178692)
    Update for Microsoft Office 2016 (KB3178706)
    Update for Microsoft Office 2016 (KB3191857)
    Update for Microsoft Office 2016 (KB3191862)
    Update for Microsoft Office 2016 (KB3191867)
    Update for Microsoft Office 2016 Language Interface Pack (KB3191866)
    Update for Microsoft Outlook 2016 (KB3191883)
    Update for Microsoft PowerPoint 2016 (KB3191860)
    Update for Microsoft Project 2016 (KB3191870)
    Update for Microsoft Visio 2016 (KB3191856)

    Thanks to @PKCano!

    Office Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.