|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
Should all BIOS be updated?
This is a follow-up to my Patch Watch column on Monday. Should you update all computer systems and search out a new BIOS? In a word: No.
If you are running Windows 10 on an older computer that will not support Windows 11 or you do not plan to upgrade to Windows 11, and your computer is running just fine, I see no reason to upgrade the BIOS. My advice to seek out and upgrade your BIOS is only for those running Windows 11 23H2 who will be looking to go to 24H2 or are already there.
Updating your BIOS isn’t quite as scary as it used to be, but when you have a functional system that you do not plan on upgrading, I don’t see a reason to. Do you?
-
Wanted: Your views on Windows/Office patching
ON SECURITY
By Susan Bradley
Recently, it occurred to me that it’s been two years since I posted my survey on consumer- and business-systems updating.
Given the changes in Windows and Office, a new audit of updating perceptions is clearly overdue. This time around, you’ll find links for two surveys: one for consumer-PC patchers and another directed at businesses.
Read the full story in AskWoody Plus Newsletter 17.24.0 (2020-06-22).
-
Google Project Zero: 90-day disclosure is working, with 97.5% of reported vulns being fixed within 90 days
The details are a little more complicated, but not much. Google’s Project Zero has turned up 1,434 security vulnerabilities in the past four and a half years:
Of these, 1224 were fixed within 90 days, and a further 174 issues were fixed within the 14-day grace period [granted when it looks like the manufacturer is going to release a patch shortly]. That leaves 36 vulnerabilities that were disclosed without a patch being available to users, or in other words 97.5% of our issues are fixed under deadline.
Realize that Google has a vested interest in saying that their disclosure policy is good for all of us — debatable, but I strongly agree — and they come to the conclusion:
If most bugs are fixed in a reasonable timeframe (i.e. less than 90 days), then we are only enforcing the deadline on a very small number of unfixed cases. And if disclosing a handful of unfixed vulnerabilities doesn’t substantially help attackers in the short-term, but does lead to the demonstrated long term benefits of shortened patch timelines and more frequent patching cycles, then it would follow that a deadline based disclosure policy is good for user security overall.
Interesting report. Thank to Catalin Cimpanu, who has additional observations on ZDNet.
-
MS re-re-..release (again) of KB 2952664 and KB 2976978
We’re seeing a recurrence of the two snooping patches KB2952664 for Win7 and KB2976978 for Win8.1. The last time they showed up, was on March 7th, but now they’re back……
MS re-re-..release of KB2952664 and KB2976978
Microsoft describes them as a “Compatibility update for keeping Windows up-to-date.”
This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.
They are appearing as unchecked Optional now, which means they won’t be installed unless you check the corresponding box in Windows Update.
Their status may change next week to Recommended and, for some, they may show up as checked Important on Patch Tuesday. -
Microsoft releases 13 Optional Windows patches
There’s an obscure Azure-related fix KB 3040272. If anybody can shed light on Microsoft’s explanation, I’d appreciate it!
InfoWorld Tech Watch
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Windows 11 Windows Updater question
by 12 minutes ago
-
Key, Key, my kingdom for a Key!
by 3 hours, 52 minutes ago
-
Registry Patches for Windows 10
by 8 hours, 23 minutes ago
-
Cannot get line length to NOT wrap in Outlining in Word 365
by 8 hours, 35 minutes ago
-
DDU (Display Driver Uninstaller) updates
by 1 hour, 45 minutes ago
-
Align objects on a OneNote page
by 13 hours, 50 minutes ago
-
OneNote Send To button?
by 14 hours, 34 minutes ago
-
WU help needed with “Some settings are managed by your organization”
by 23 hours, 7 minutes ago
-
No Newsletters since 27 January
by 19 hours, 4 minutes ago
-
Linux Mint Debian Edition 7 gets OEM support, death of Ubuntu-based Mint ?
by 1 day, 3 hours ago
-
Windows Update “Areca Technology Corporation – System – 6.20.0.41”
by 27 minutes ago
-
Google One Storage Questions
by 21 minutes ago
-
Button Missing for Automatic Apps Updates
by 1 hour, 23 minutes ago
-
Ancient SSD thinks it’s new
by 4 hours, 16 minutes ago
-
Washington State lab testing provider exposed health data of 1.6 million people
by 1 day, 13 hours ago
-
WinRE KB5057589 fake out
by 1 day, 7 hours ago
-
The April 2025 Windows RE update might show as unsuccessful in Windows Update
by 21 hours, 54 minutes ago
-
Firefox 137
by 40 minutes ago
-
Whisky, a popular Wine frontend for Mac gamers, is no more
by 2 days, 2 hours ago
-
Windows 11 Insider Preview build 26120.3863 (24H2) released to BETA
by 2 days, 2 hours ago
-
Windows 11 Insider Preview build 26200.5551 released to DEV
by 2 days, 2 hours ago
-
New Windows 11 PC setup — can I start over in the middle to set up a local id?
by 22 hours, 23 minutes ago
-
Windows 11 Insider Preview Build 26100.3902 (24H2) released to Release Preview
by 2 days, 6 hours ago
-
Oracle kinda-sorta tells customers it was pwned
by 2 days, 12 hours ago
-
Global data centers (AI) are driving a big increase in electricity demand
by 2 days, 22 hours ago
-
Office apps read-only for family members
by 3 days, 1 hour ago
-
Defunct domain for Microsoft account
by 2 days, 21 hours ago
-
24H2??
by 22 hours, 16 minutes ago
-
W11 23H2 April Updates threw ‘class not registered’
by 18 hours, 10 minutes ago
-
Master patch listing for April 8th, 2025
by 22 hours, 6 minutes ago
Remembering Woody
