Microsoft to stop serving non-security monthly updates to Windows

Credit to Author: Gregg Keizer| Date: Wed, 25 Mar 2020 14:03:00 -0700

Beginning in May, Microsoft plans to halt the delivery of all non-security updates to Windows, another step in its suspension of non-essential revisions to the OS and other important products.

The optional updates, which Microsoft designates as Windows’ C and D updates, are released during the third and fourth week of each month, respectively.

“We have been evaluating the public health situation, and we understand this is impacting our customers,” Microsoft said to some understatement in a March 24 post to the Windows 10 messaging center. “In response to these challenges we are prioritizing our focus on security updates.”

To read this article in full, please click here

Read more

Reading between the lines about Microsoft 'pausing optional updates'

Credit to Author: Woody Leonhard| Date: Wed, 25 Mar 2020 06:44:00 -0700

Yesterday, a post on the official Windows Release Information site said that Microsoft will, at least temporarily and starting in May, stop sending out the pesky “optional, non-security, C/D Week” patches we’ve come to expect. 

Those “optional” second-monthly patches are usually laden with many dozens of fixes for miscellaneous, minor bugs in Windows. For example, the second-monthly cumulative update for Win10 version 1903 released yesterday lists 31 different fixes, most of which only matter in very specific cases.

To read this article in full, please click here

Read more

Microsoft Patch Alert: March 2020 brings two ‘sky-is-falling’ warnings, with no problems in sight

Credit to Author: Woody Leonhard| Date: Tue, 24 Mar 2020 10:48:00 -0700

It’s been another strange patching month. The usual Patch Tuesday crop appeared. Two days later, we got a second cumulative update for Win10 1903 and 1909, KB 4551762, that’s had all sorts of documented problems. Two weeks later, on Monday, Microsoft posted a warning about (another) security hole related to jimmied Adobe fonts.

Predictably, much of the security press has gone P.T. Barnum.

The big, nasty, scary SMBv3 vulnerability

Patch Tuesday rolled out with a jump-the-gun-early warning from various antivirus manufacturers about a mysterious and initially undocumented security hole in the networking protocol SMBv3.

To read this article in full, please click here

Read more

Take your time, get it right for March Patch Tuesday

Credit to Author: Greg Lambert| Date: Thu, 12 Mar 2020 11:41:00 -0700

This is a big update to the Windows platform for the Microsoft March Patch Tuesday release cycle. Consisting of 115 patches, mostly to the Windows desktop, with almost all of the critical issues relating to browser-based scripting engine memory issues, this will be a difficult set of updates to release and manage.

The testing profile for the Windows desktop platform is very large, with a lower than usual exploitability/risk rating. For this month, we do not have any reports of publicly exploited or disclosed vulnerabilities (zero-days), so my recommendation is to take your time, test the changes to each platform, create a staged rollout plan and wait for future (potentially) imminent changes from Microsoft.

To read this article in full, please click here

Read more

Microsoft Patch Alert: February 2020 patches bring fire and ice but seem to have settled – finally.

Credit to Author: Woody Leonhard| Date: Wed, 26 Feb 2020 09:44:00 -0800

The real stinker this month, KB 4524244, rolled out the automatic update chute for four full days until Microsoft yanked it – leaving a trail of wounded PCs, primarily HP machines, in its wake. The other big-time bug in this month’s patches, a race condition in the KB 4532693 Win10 version 1903 and 1909 cumulative update installer, hasn’t been officially acknowledged by Microsoft outside of a blog post. But at least it’s well known and understood.

Folks running SQL Server and Exchange Server networks need to get patched right away.

Win10 UEFI update KB 4524244 blockages

Patch Tuesday brought KB 4524244 for Windows 10 owners, a bizarre single-purpose patch apparently directed at one specific UEFI bootloader. I talked about it last week.

To read this article in full, please click here

Read more

Microsoft springs last-minute demand on buyers of Windows 7 after-expiration support

Credit to Author: Gregg Keizer| Date: Sat, 15 Feb 2020 05:35:00 -0800

Microsoft this week threw a wrench into the workings of its long-touted Windows 7 post-retirement support, telling IT administrators that there was a brand new prerequisite that must be installed before they can download the patches they’d already paid for.

The last-minute requirement was titled “Extended Security Updates Licensing Preparation Package” and identified as KB4538483 in Microsoft’s numerical format.

The licensing prep package can be downloaded manually from the Microsoft Update Catalog. It should also appear in WSUS (Windows Server Update Services), the patch management platform used by many commercial customers. It will not, however, be automatically delivered through the Windows Update service, which some very small businesses rely on to provide them necessary patches.

To read this article in full, please click here

Read more

A large – but manageable – February Patch Tuesday brings critical browser updates

Credit to Author: Greg Lambert| Date: Thu, 13 Feb 2020 03:00:00 -0800

With 99 reported vulnerabilities and patches to both Microsoft browsers, Office and Windows, this month’s Patch Tuesday update is not as large an administrative burden as you might initially think. We’ve rated the browser updates as a “Patch Now” update due to issues with the Chakra engine, but both Office and Windows can be scheduled according to a regular patch cadence. Unfortunately, we have another Adobe Flash update to deploy, but no critical development updates for February.

You can find more information in our helpful infographic here.

To read this article in full, please click here

Read more

Patch Tuesday: 99 holes, 'exploited' IE fix, Win7 mayhem and UEFI ghost

Credit to Author: Woody Leonhard| Date: Wed, 12 Feb 2020 09:40:00 -0800

What a month it’s been – and the Patch Tuesday patches have only been out for 24 hours. There are many February patching foibles to report.

Every version of Windows 10, stretching back to the beginning of time (except for the long-neglected version 1511) got patches this month.

Welcome to the new, improved, paid-for Win7 patches

There was no free Windows 7 update this month, even though Microsoft released a Monthly Rollup Preview in January. Anyone concerned about the well-documented “Stretch” black wallpaper bug caused by last month’s Win7 Monthly Rollup apparently can pound sand – or manually download and install the fix. Your choice.

To read this article in full, please click here

Read more