Newsletter Archives

• MS-DEFCON 4: Get the September 2020 patches installed

  Posted on October 2, 2020 at 09:25 CDT by woody • Comment in the Forums

  If you’re running SQL Server 2019, surprise!, Microsoft yanked the old cumulative update and replaced it with a working one last night.

  In general, it looks like a pretty healthy bunch of patches, with the usual (undocumented) problems: the “temporary profile” bug; stealthy installation of KB 4023057; odd miscellaneous blue screens and interface bleeps.

  I still won’t install version 2004 on my production machines, even though about one-third of all Win10 users have swallowed that pill. There’s nothing in version 2004 that warrants even the slightest bit of sweat off your brow.

  So I’m moving us to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

  Full story in Computerworld Woody on Windows.

  Windows Patches/Security MS-DEFCON 4, September 2020 Black Tuesday

• Microsoft drops KB 4577063, the “optional, non-security, E Week” patch for Win10 version 2004

  Posted on October 1, 2020 at 13:55 CDT by woody • Comment in the Forums

  At least they made it before F Week.

  Microsoft just pushed 48 separately identified bug fixes in KB 4577063, the E Week optional, non-security patch for Win10 version 2004.

  Looks like the Linux-under-Windows bug has been fixed, as has an uncommon bug that makes Windows appear as if your internet connection dropped. Details at BleepingComputer.

  No, you don’t want it. Wait for Patch Tuesday.

  There’s also a .NET preview for version 2004, KB 4576945.

  Looks like they fixed the Linux bug. I don’t see anything else that’s particularly interesting. Do you?

  Windows Patches/Security September 2020 Black Tuesday

• Where we stand with the September patches

  Posted on September 28, 2020 at 13:21 CDT by woody • Comment in the Forums

  Although the September Win10 version 2004 “optional, non-security, C/D/E Week” patch still hasn’t surfaced, bumps in this month’s patches have been largely worked out.

  Win10 version 2004 is still beset with bugs. Give it another month to mature.

  Details in Computerworld Woody on Windows.

  Windows Patches/Security September 2020 Black Tuesday

• Outlook 365 update bug with iCloud: Changing a contact throws “Your changes cannot be saved” error

  Posted on September 18, 2020 at 04:52 CDT by woody • Comment in the Forums

  I first heard about this from WSsabfish:

  Both my wife and I are having the identical problem on our PC’s running Office 2016 (I have Windows 8.1; she has Windows 10). I believe this problem was caused by an Office update. Both computers have an iCloud account tied to them. When we attempt to change a contact in Outlook, we are greeted with a message stating “Your changes cannot be saved because you do not have permission to modify some or all of the items in this folder. Do you want to save a copy of this item in the default folder for this item?

  Microsoft has acknowledged the bug – in a one-line post to the Microsoft Answers forum:

  A fix is being worked on and ETA by end of week ~9/18.

  I’ve seen the bug reported for Office 2010, Office 2016, and Microsoft (nee Office) 365.

  We’ll see if the fix actually fixes the problem, and how it gets distributed.

  Office Patches/Security September 2020 Black Tuesday

• MS acknowledges blue screen bug when installing the Aug or Sept cumulative update on Win10 version 2004 Lenovo machines

  Posted on September 17, 2020 at 14:29 CDT by woody • Comment in the Forums

  Mayank Parmar at Windows Latest has the rundown on Microsoft’s latest confession:

  In a new support document that was quietly published over the weekend, Microsoft has warned that it has observed a number of other critical errors caused by KB4568831 or newer, which also includes the September 2020 patch…

  The problem appears to have been caused by a compatibility issue between Windows 10’s cumulative update, UEFI settings, and Lenovo’s Vantage app. With a cumulative update, Microsoft made a change that restricts how processes can access PCI device configuration and feature in UEFI could trigger this behaviour, which causes a Blue Screen.

  KB 4568831 is the Win10 version 2004 “optional, non-security, C/D/E Week” preview patch released in late July.

  Yes, the bug’s been around for six weeks. No, it hasn’t been fixed. But there is a manual workaround, discussed in Parmar’s article.

  Tell me again how version 2004 is ready for prime time.

  Windows Patches/Security August 2020 Black Tuesday, September 2020 Black Tuesday

• Many identified problems with this month’s patches

  Posted on September 10, 2020 at 07:03 CDT by woody • Comment in the Forums

  It’s still early in the game, and I’m already seeing lots and lots of problems with the September cumulative updates.

  Take a look at my list (in Computerworld Woody on Windows) and tell me if you see anything else.

  I have a feeling it’s gonna be a rocky month.

  Windows Patches/Security September 2020 Black Tuesday

• The September 2020 Microsoft patches

  Posted on September 8, 2020 at 12:09 CDT by woody • Comment in the Forums

  The patches are out.

  I see 189 new entries in the Microsoft Update Catalog, plus 23 Intel microcode updates that were released last week.

  Win10 version 2004 cumulative update KB 4571756 appears to contain the fix that updates the defrag date, but it doesn’t fix the TRIM command running on hard drives. Lawrence Abrams on BleepingComputer has details. Hey, it only took Microsoft eight months to fix the defrag bug.

  Win10 version 1903 and 1909 cumulative update KB 4574727 is the same for both versions (as usual).

  There are new .NET patches, including KB 4576478, the September 8, 2020 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004.

  There are also new Servicing Stack Updates, including KB 4577266 for Win10 version 2004. If you use Windows Update, you don’t have to worry about Servicing Stack Updates – they come along for the ride.

  Dustin Childs just posted his usual in-depth analysis on the Zero Day Initiative blog:

  • 139 separately identified security holes
  • None are marked as “Public” (i.e., with detailed descriptions widely available) or “Exploited” (i.e., zero-days).

  If you’re running an Exchange Server (as opposed to just using one), there’s a heads-up for  CVE-2020-16875 , which Microsoft lists as “2 – Exploitation Less Likely.” There’s yet another security hole in the Windows HEVC video stream processor.

  The SANS Internet Storm Center list adds a warning about CVE-2020-1210, a SharePoint application package vulnerability. That’s another “2 – Exploitation Less Likely,” although its CVSS rating of 9.9 makes it notable.

  Martin Brinkmann has his usual thorough list on Ghacks.net.

  Looks like a big, but dull, crop. You can go back to panic scrolling.

  UPDATE: Great catch from Catalin Cimpanu, via @tx_drewdad. The description of CVE-2020-1252 includes this gem:

  To exploit the vulnerability, an attacker would first have to log on to the target system and then run a specially crafted application.

  Which is hardly a “Remote Code Execution” vulnerability. It’s listed as “Critical.”

  Windows Patches/Security September 2020 Black Tuesday

• MS-DEFCON 2: Here comes the September Patch Tuesday. Batten down the hatches.

  Posted on September 7, 2020 at 07:35 CDT by woody • Comment in the Forums

  Tomorrow’s Patch Tuesday.

  Now would be a good time to check and make sure you have Windows Update paused.

  Or, if you’re particularly adept and are running Pro/Ed/Enterprise, set Windows Update to Notify before downloading and installing.

  Full step-by-step instructions in Computerworld Woody on Windows.

  Windows Patches/Security MS-DEFCON 2, September 2020 Black Tuesday