{"id":10148,"date":"2017-10-27T12:30:05","date_gmt":"2017-10-27T20:30:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/10\/27\/news-3921\/"},"modified":"2017-10-27T12:30:05","modified_gmt":"2017-10-27T20:30:05","slug":"news-3921","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/10\/27\/news-3921\/","title":{"rendered":"Get Windows and Office patched \u2013 but watch out for creepy-crawlies"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Fri, 27 Oct 2017 13:23:00 -0700<\/strong><\/p>\n

Those of us who have to keep Windows 10 working have hit yet another rough course. This month\u2019s patches haven\u2019t been pretty. In fact, if your admin set the WSUS or SCCM update servers to automatically approve Windows 10 updates, you may have had to deal with oceans of blue screens.<\/p>\n

Right now, the biggest threat is not KRACK \u2013\u00a0Computerworld<\/em>‘s Gregg Keizer has an overview here<\/a>\u00a0and the Krackattacks.com site<\/a> has the latest details; it hasn\u2019t (yet) started infecting normal Windows users. The big threat now is from that Wacky Wascal\u00a0BadRabbit<\/a>, which started with a fake Flash update on a Russian site and an ancient DDEAUTO field exploit in Word (and Excel and Outlook and OneNote) and is being used to carry Locky and other ransomware.<\/p>\n

The DDEAUTO exploit isn\u2019t a bug, according to Microsoft, because you have to click through three warning dialogs before it\u2019ll bite. (The first of which is \u201cEnable Editing.\u201d Sound familiar?) See Catalin Cimpanu\u2019s overview in Bleepingcomputer<\/a>, and a drill-down on the DDE-born Hancitor malware from Brad Duncan on the SANS Internet Storm Center<\/a>.<\/p>\n

The good news is that there are steps you can take to manually block each of those potential nasties:<\/p>\n

Microsoft\u2019s cleared up some of the problems with this month\u2019s patches, but plenty of problems persist. Here\u2019s where we\u2019re stuck.<\/p>\n

Microsoft continues its push users to move from .NET 4.6 and later to .NET 4.7 or 4.7.1<\/a>. If you really want to stay with .NET 4.5.2, you have to manually install updates. It looks like .NET 4.7 works <\/a>\u2013 even on Windows 7. Your life will be much simpler if you simply join the borg and use the Monthly Rollups to get .NET updated. As usual, don\u2019t check anything that isn\u2019t checked for you by Windows Update.<\/p>\n

Some good news. The disaster that we saw with merged cells in tables in Word<\/a> and Outlook has been fixed in KB 4011140<\/a>, as have the garbled language problems<\/a> in Outlook.<\/p>\n

The Outlook script-disabling patches<\/a> KB 4011089, KB 4011090 and KB 4011091 \u2013 the ones that turn off printing in some circumstances, disable retrieval of archived emails in others \u2013 are still there. But we\u2019re seeing more vendors issue warnings and workarounds. Earlier this week, Veritas\u00a0published<\/a> a workaround for the Veritas Enterprise Vault archiving system.<\/p>\n

I\u2019m ready to throw in the towel and recommend that you install those Office patches, if they\u2019re offered. If something breaks \u2013 you used to be able to click on an Outlook form and it doesn\u2019t print any more, or you can\u2019t retrieve archived messages \u2013 the company that made the broken add-in should have a solution for you. Or you can uninstall the patch.<\/p>\n

Microsoft has a list of other known problems<\/a> with Office apps.<\/p>\n

The big news this month is with a Monthly Rollup Preview. Remember that I never, ever<\/em> recommend that you install Monthly Rollup Previews. Here\u2019s one good reason why.<\/p>\n

AskWoody poster abbodi86 has detected<\/a> a retrograde bug in KB 4041686, the 2017-10 Win7 Preview of a Monthly Rollup. If you install it, an SFC (System File Check) scan will report and fix an error in system32driversen-USusbhub.sys.mui \u2013 even though there is no error. This is precisely the problem @abbodi86 reported to Microsoft after installing the old KB 3125574<\/a>, which is the \u201cconvenience rollup\u201d I call \u201cWin7 SP 2.\u201d The bug was fixed in KB 3181988<\/a>, but it\u2019s back again. If you install KB 4041686, you\u2019ll trigger a bogus SFC error, even if you have KB 3125574 installed.<\/p>\n

It looks like Microsoft is making good on its promise to gradually put old patches into the Monthly Rollups. Unfortunately, in this case, it’s reinstating old bugs, too. Progress. If next month\u2019s Win7 Monthly Rollup rolls out with this bug intact, you\u2019ll know that Microsoft isn\u2019t listening.<\/p>\n

Apparently Microsoft has fixed the bug<\/a> in the September Windows 8.1 patch that made it impossible to use a Microsoft Account to log on after the patch was applied.<\/p>\n

Microsoft is still blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that\u2019s a year old or newer, follow the instructions in AKB 2000006<\/a> or @MrBrian\u2019s summary of @radosuaf\u2019s method<\/a> to make sure you can use Windows Update to get updates applied.<\/p>\n

If you\u2019re very concerned about Microsoft\u2019s snooping on you and want to install just security patches, realize that the privacy path\u2019s getting more difficult. The old \u201cGroup B\u201d \u2013 security patches only \u2013 isn\u2019t dead, but it\u2019s no longer within the grasp of typical Windows customers. We\u2019re actively discussing<\/a> whether it\u2019s worthwhile continuing to post information about the security-only patching path. Microsoft has made that option considerably more obtuse than it was a year ago. If you insist on manually installing security patches only, follow the instructions in @PKCano\u2019s AKB 2000003<\/a>.<\/p>\n

For most Windows 7 and 8.1 users, I recommend following AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups<\/a>. If you want to minimize Microsoft\u2019s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program (Step 1 of AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping<\/a>) before you install any patches. (Thx, @MrBrian).<\/p>\n

Watch out for driver updates \u2013 you\u2019re far better off getting them from a manufacturer\u2019s website. After you\u2019ve installed the latest Monthly Rollup, if you\u2019re intent on minimizing Microsoft\u2019s snooping, run through the steps in AKB 2000007: Turning off the worst Win7 and 8.1 snooping<\/a>. Realize that we don\u2019t know what information Microsoft collects on Window 7 and 8.1 machines.<\/p>\n

If you\u2019re in the unpaid beta testing phase of Windows 10 Fall Creators Update, version 1709, you\u2019re already up to build 16299.19. Nothing you can do about it. There are plenty of problems with FCU, which I documented earlier this week<\/a>. Susan Bradley added several more<\/a> to the list. Of course, I recommend that you proactively block<\/a> the upgrade to 1709. There’s still more than three months to go before we’re in Current Branch for Business territory, no matter what Microsoft calls it.<\/p>\n

The big build 15063.674<\/a> update for Creators Update version 1703 has a few acknowledged problems:<\/p>\n

There was a big patch for the Anniversary Update, version 1607, on Patch Tuesday, and another huge patch a week later. If you install the latest patch, you\u2019ll be up to build 14393.1794<\/a>. That patch also has the acknowledged bugs with \u201cUnexpected error from external database driver\u201d and borked UWP apps.<\/p>\n

Anyone still on 1511, the Fall Update (later renamed to \u201cNovember Update\u201d), needs to move to 1703 now. The last 1511 security patch, build 10586.1176, is now history.<\/p>\n

To get Windows 10 patched, go through the steps in “8 steps to install Windows 10 patches like a pro<\/a>.”<\/p>\n

Keeping in mind the persistent problems with Office and the .NET funnies documented above, all of the other updates should be okay, including Servicing stack updates and \u00a0Office, MSRT or .NET updates (go ahead and use the Monthly Rollup if it\u2019s offered).<\/p>\n

As is always the case, DON\u2019T CHECK ANYTHING THAT\u2019S UNCHECKED<\/strong>.<\/p>\n

Time to get patched. Tell your friends, but make sure they understand what\u2019s happening. And for heaven\u2019s sake, as soon as you\u2019re patched, turn off automatic updating! Full instructions are in the referenced guides to patching.<\/p>\n

Have a patching problem? Join the club on the AskWoody Lounge<\/a>.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Fri, 27 Oct 2017 13:23:00 -0700<\/strong><\/p>\n

\n
\n

Those of us who have to keep Windows 10 working have hit yet another rough course. This month\u2019s patches haven\u2019t been pretty. In fact, if your admin set the WSUS or SCCM update servers to automatically approve Windows 10 updates, you may have had to deal with oceans of blue screens.<\/p>\n

Right now, the biggest threat is not KRACK \u2013\u00a0Computerworld<\/em>‘s Gregg Keizer has an overview here<\/a>\u00a0and the Krackattacks.com site<\/a> has the latest details; it hasn\u2019t (yet) started infecting normal Windows users. The big threat now is from that Wacky Wascal\u00a0BadRabbit<\/a>, which started with a fake Flash update on a Russian site and an ancient DDEAUTO field exploit in Word (and Excel and Outlook and OneNote) and is being used to carry Locky and other ransomware.<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[13764,714,10761],"class_list":["post-10148","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-pcs","tag-security","tag-windows-10"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10148"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10148\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10148"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}