Newsletter Archives

• MS-DEFCON 4: It’s time to get patched

  Posted on November 1, 2019 at 10:59 CDT by woody • Comment in the Forums

  The moment you’ve all been waiting for…

  It looks like the October Windows patches are ready for prime time. The usual caveats — and there are many — apply. We also have special warnings for people running Win10 1903 with certain RealTek LAN adapters, and for folks who need to run older VisualBasic programs on 32-bit version 1903.

  There’s no rush this month, by the way. Nothing in the patches screams for installation. But in the normal course of events you want to get patched. We’ve entered the normal course of events.

  Full step-by-step updating details for everybody, from Win7 to Win10 1903, are in Computerworld Woody on Windows.

  Windows Patches/Security MS-DEFCON 4, October 2019 Black Tuesday

• Another patch-induced conflict: Transport Layer Security fails with error 0x8009030f

  Posted on October 30, 2019 at 11:08 CDT by woody • Comment in the Forums

  Microsoft has acknowledged a problem with the latest patches for Win7, 8.1, Server 2008,  2008 R2, 2012, 2012 R2 and Server 2016 – Monthly Rollups, Security-only or (apparently) Previews of Monthly Rollups.

  When attempting to connect, Transport Layer Security (TLS) and Secure Sockets Layer (SSL) might intermittently fail or timeout.  You might also recieve one or more of the with the following errors:

  • “The request was aborted: Could not create SSL/TLS secure Channel”
  •  error 0x8009030f
  • An error logged in the System Event Log for SCHANNEL event 36887 with alert code 20 and the description, “A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.​”

  If TLS is failing on your up-to-date Win7, 8.1 or related Server based machines, now you know why. There’s a fix, documented in the KB article, but it’s messy.

  Thx @abbodi86

  Windows Patches/Security October 2019 Black Tuesday, TLS

• Where we stand with the October patches

  Posted on October 29, 2019 at 13:26 CDT by woody • Comment in the Forums

  What a weird month. First we got the third round of patches for a zero-day in Internet Explorer (which never materialized) and then Start, Search and print bugs reappeared.

  To date, most — but not all — of the bugs have been fixed.

  Details in Computerworld Woody on Windows.

  Windows Patches/Security October 2019 Black Tuesday

• Microsoft posts its second October cumulative update for Win10 version 1903

  Posted on October 24, 2019 at 13:36 CDT by woody • Comment in the Forums

  Microsoft just released its second October cumulative update for Win10 version 1903. It’s KB 4522355, “optional, non-security” patch. You only get it if you click on Check for Updates.

  At this point, I haven’t heard of any problems.

  But the day is yet young.

  Worth noting: Microsoft released three different versions of KB 4522355 to Insider testers in the Release Preview ring. This is the third one, which raises the build number to 18362.449.

  Also worth noting: Those of you still on the Release Preview ring, who have installed Win10 version 1909, will see the same patch. Your build number will go to 18363.449. That’s the build number I see on my 1909 test machine at this moment.

  @EP adds: also Intel DCH Graphics driver version 26.20.100.7323 is available from Intel’s web site (adds 1909 support; may also work with older Win10 versions from 1709 to 1903) 

  Windows Patches/Security KB 4522355, October 2019 Black Tuesday

• So where are all those horrible zero-days?

  Posted on October 23, 2019 at 11:50 CDT by woody • Comment in the Forums

  I haven't heard of an out-in-the-open CVE-2019-1367 exploit, either. We got four off-the-wall patches for that boogeyman last month.

  — Ask Woody https://infosec.exchange/@askwoody (@AskWoody) October 23, 2019

   

  Windows Patches/Security October 2019 Black Tuesday

• Yet another Win10 version 1903 cumulative update video bug: Installing this month’s first cumulative update clobbers some Intel video drivers

  Posted on October 16, 2019 at 13:41 CDT by woody • Comment in the Forums

  Mayank Parmar at Windows Latest has connected the dots on another Win10 version 1903 cumulative update KB 4517389 bug. (See the next post for yet another unacknowledged bug.)

  Per Parmar:

  If you install Windows 10 KB4517389 (Build 18362.418) on a PC that has Intel display driver version 26.20.100.7157 or possibly other versions, basic features like Start menu, Windows Search or Google Chrome will render incorrectly… At the time of writing this story, more than 60 users have confirmed display issues on Microsoft’s community forum. Users have documented the following bugs:

  • Windows Search and Internet Explorer with ‘X’ across dialog and links
  • Triangled images in Microsoft Word.
  • Chrome rendering a black screen.

  This one hasn’t been acknowledged by Microsoft, either.

  Looks to me like the folks running the Release Status Information page are asleep at the wheel.

  UPDATE: Details in Computerworld Woody on Windows.

  Windows Patches/Security October 2019 Black Tuesday

• Getting the error “unexpected error; quitting” in Win10 version 1903? Blame the latest cumulative update

  Posted on October 16, 2019 at 13:27 CDT by woody • Comment in the Forums

  Yet another bug in this month’s first cumulative update for Win10 version 1903, KB 4517389.

  Our own Mark Busby described the symptoms:

  After installing KB4517389 on these Windows systems, when opening 16-bit applications an error message is displayed “unexpected error; quitting” …  After removing the update the application works fine once more.

  An anonymous poster on AskWoody pointed to this Answers Forum post, which gives more details:

  I have a Windows 10 Home 1903 32bit machine.

  After installing the windows update KB4517389 any programs that were coded in Microsoft Visual Basic 3 no longer run and give the message ‘unexpected error; quitting’

  This message appears to be part of VBRUN300.DLL

  If I uninstall the update the programs work ok again.

  I have tried running these programs as administrator but this makes no difference.

  Microsoft hasn’t confirmed the bug – and the only fix appears to be uninstalling the latest patch.

  Windows Patches/Security October 2019 Black Tuesday

• Second October patches mostly harmless – but the resurgence of the potentially unwanted “nag” patch, KB 4493132, raises questions

  Posted on October 16, 2019 at 07:44 CDT by woody • Comment in the Forums

  
  Screenshot credit: @speccy

  How doth the little crocodile
  Improve his shining tail,
  And pour the waters of the Nile
  On every golden scale!
  How cheerfully he seems to grin
  How neatly spreads his claws,
  And welcomes little fishes in
  With gently smiling jaws!

  — C.L. Dodgson

  Are you Win7 Pro users seeing KB 4493132 as Optional/Unchecked or Important/Checked — or do you have it installed already?

  Details in Computerworld Woody on Windows.

  Windows Patches/Security October 2019 Black Tuesday
• « Older Entries