Newsletter Archives

• MS-DEFCON 3: Get patched but, man, there are a lot of outstanding bugs

  Posted on September 29, 2017 at 11:48 CDT by woody • Comment in the Forums

  Unfixed problems with patches in Win7, Win 8.1, .NET and Office, among others. It’s a jungle out there.

  Computerworld Woody on Windows.

  Windows Patches/Security MS-DEFCON 3, September 2017 Black Tuesday

• Patch Alert: Where we stand with September’s Windows and Office patches

  Posted on September 26, 2017 at 06:52 CDT by woody • Comment in the Forums

  It ain’t a pretty sight.

  Any updates, folks?

  Computerworld Woody on Windows.

  Office Patches/Security, Windows Patches/Security KB 4011086, KB 4011089, KB 4011090, KB 4011091, KB 4011110, KB 4036586, KB 4038777, KB 4038782, KB 4038788, KB 4038792, KB 4038801, KB 4039473, KB 4040724, KB 4043361, KB 4043601, September 2017 Black Tuesday

• Outlook 2007 and 2010 security patches scramble languages, break printing on custom forms

  Posted on September 15, 2017 at 06:00 CDT by woody • Comment in the Forums

  Both Outlook 2007 and 2010 security patches for September have been implicated in switching languages — Swedish menus in the Hungarian version, for example. Outlook 2010’s patch has the additional distinction of breaking custom form print function.

  Computerworld Woody on Windows

  Office Patches/Security KB 4011086, KB 4011089, September 2017 Black Tuesday

• A warning about this month’s security patches

  Posted on September 14, 2017 at 07:47 CDT by woody • Comment in the Forums

  If you can’t avoid Word’s “Enable Editing” button, you’re better off installing this month’s .NET patches right now. If you’re running Win10, yes, that means you need to install the cumulative updates – bugs and all.

  Of course, the smarter alternative is to just cut off your clicking finger.

  It’s a damned-if-you-do situation, but in this case – if you can’t keep from clicking “Enable Editing” – you’re better off installing the patch(es) and dealing with the bugs later.

  Computerworld Woody on Windows

  Windows Patches/Security CVE-2017-8759, September 2017 Black Tuesday

• Bloated Patch Tuesday brings fix for nasty Word/RTF/Net vulnerability

  Posted on September 13, 2017 at 05:58 CDT by woody

  For you folks guarding Russian-language espionage worthy secrets, there’s a hundred or so patches I need to tell you about.

  For the rest of you, hang tight. We’re still at MS-DEFCON 2. Let’s wait and see what problems flush out of this month’s huge round of Patch Tuesday patches.

  Computerworld Woody on Windows.

  UPDATE: Ars Technica’s Dan Goodin just tweeted that there is now public exploit code for CVE-2017-8759 making the rounds. That steps up the pressure to patch, considerably.

  ANOTHER UPDATE: Good question from an anonymous commenter:

  does this same vuln still apply if RTF file is opened instead in Wordpad?

  Answer: No. It requires Word, and Word cannot be running in Preview Mode. If you open RTF files with Wordpad, the Word Viewer, or any of a gazillion RTF readers (including OpenOffice), the .NET bug is NOT triggered.

  Windows Patches/Security September 2017 Black Tuesday

• September Security patches for Windows and Office are out

  Posted on September 12, 2017 at 12:06 CDT by woody

  I’ll keep this post updated (as I furtively watch the Apple announcement – there’s a reliable one on YouTube).

  Overall list here. I see 259 individual security patches.

  Martin Brinkmann just posted his overview on the Ghacks site.

  • Windows 7:  22 vulnerabilities of which 3 are rated critical, 19 important
  • Windows 8.1: 26 vulnerabilities of which 4 are rated critical, 22 important
  • Windows 10 version 1703: 25 vulnerabilities of which 2 are rated critical, 23 important

  I swear, I don’t know how Martin gets his list out so quickly.

  The release notes still refer to the 1507 LTSB edition (now known as the Win10 2015 LTSC).

  Win10 1703 (Creators Update) cumulative update announced, build 15063.608. It’s huge – many dozens of bug fixes, in addition to multiple security patches. Watch out for this one!

  Win10 1607 (Anniversary Update) cumulative update announced, build 14393.1715. A half dozen bug fixes and all those security updates.

  September Office Updates for all versions are available here. Considering the recent track record, you may want to wait on these.

  The Windows Update release list now has the Sept. 12 entries.

  For those of you who only want to install “Group B” security patches (NOTE: I strongly recommend against it; much too early!) PKCano advises:

  Win 7 KB 4038779 – Download 32-bit or 64-bit  IE11 KB 4036586- Download 32-bit or 64-bit

  Win8.1 Security-only KB 4038793 – Download 32-bit or 64-bit  IE11 KB 4036586- Download 32-bit or 64-bit

  While this site is broken, if you want to retrieve an old version of the list of “Group B” patches, start with the Internet Archive.

  Microsoft posted an advisory about a specific security hole in Word, CVE-2017-8759, that involves opening an RTF file, then changing from Protected View to enable edits. If you’re opening RTF files in Word, then switching them to enable edits, and fear an infection from the Russian-linked NEODYMIUM group, you need to get a bunch of Windows and .NET patches installed. Yes, all versions of Windows are susceptible, including all the Win10 variants, as well as all versions of .NET, including the very new .NET Framework 4.6. Full list of patches here.

  Two critical security holes in Adobe Flash Player, security update APSB17-28.

  Windows Patches/Security September 2017 Black Tuesday

• MS-DEFCON 2: Time to make sure Windows Automatic Update is turned off

  Posted on September 11, 2017 at 12:43 CDT by woody • Comment in the Forums

  Unfortunately the comments on this site aren’t working right, but as soon as they’re up again, you’re most welcome to post about your experiences.

  Computerworld Woody on Windows

  Windows Patches/Security September 2017 Black Tuesday

• Office non-security patches for September 2017 are available

  Posted on September 5, 2017 at 12:39 CDT by PKCano • Comment in the Forums

  These are September patches. They are NOT covered under the current 9/5/2017 MS-DEFCON 3 unbrella for August patches. You do NOT want to install them yet (unless you want to be an unpaid Beta tester).

  Office 2013
  Update for Microsoft Office 2013 (KB3172484)
  Update for Microsoft Office 2013 (KB3172512)
  Update for Microsoft Office 2013 (KB3203486)
  Update for Microsoft Office 2013 (KB3213536)
  Update for Microsoft Office 2013 (KB4011087)
  Update for Microsoft Office 2013 (KB4011106)
  Update for Microsoft Project 2013 (KB4011109)
  Update for Microsoft Visio 2013 (KB3191936)
  Update for Microsoft Word 2013 (KB4011105)

  Office 2016

  Update for Microsoft Access 2016 (KB4011032)
  Update for Microsoft Office 2016 (KB3191923)
  Update for Microsoft Office 2016 (KB3191924)
  Update for Microsoft Office 2016 (KB3203478)
  Update for Microsoft Office 2016 (KB3203482)
  Update for Microsoft Office 2016 (KB4011093)
  Update for Microsoft Office 2016 (KB4011099)
  Update for Microsoft Office 2016 (KB4011102)
  Update for Microsoft Office 2016 Language Interface Pack (KB4011098)
  Update for Microsoft OneNote 2016 (KB4011092)
  Update for Microsoft Project 2016 (KB4011101)
  Update for Microsoft Visio 2016 (KB4011096)
  Update for Microsoft Word 2016 (KB4011039)

   

  Office 2007 is on extended support. It no longer receives non-security updates. There were no updates listed for Office 2010. Security patches for all current supported versions of Microsoft Office are released on the second Tuesday of the month (Patch Tuesday)

  Office Patches/Security Microsoft Office, Office 2013, Office 2016, Office patches, September 2017 Black Tuesday