{"id":13286,"date":"2018-09-05T12:30:13","date_gmt":"2018-09-05T20:30:13","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/09\/05\/news-7053\/"},"modified":"2018-09-05T12:30:13","modified_gmt":"2018-09-05T20:30:13","slug":"news-7053","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/09\/05\/news-7053\/","title":{"rendered":"Get caught up on your July and August Windows\/Office patches"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 05 Sep 2018 12:29:00 -0700<\/strong><\/p>\n

With the arrival of \u201cFourth Week\u201d patches on the last working day of August, and having had a few days to vet them, it looks as if we\u2019re ready to release the cracklin\u2019 Kraken. <\/span><\/p>\n

Microsoft continues to unleash <\/span>microcode patches<\/span><\/a> for Meltdown and Spectre (versions 1, 2, 3, 3a, 4, n for n >=4). You won\u2019t get stung by any of them, unless you specifically go looking for trouble. <\/span><\/p>\n

Considering there still haven\u2019t been any garden-variety Meltdown or Spectre attacks, I strongly suggest you ignore Microsoft\u2019s Intel microcode patches, unless you\u2019re in charge of a server that multitasks users with sensitive data. Wait till Microsoft (and Intel) gets the kinks worked out.<\/span><\/p>\n

If you really feel like beta-testing for Microsoft, follow <\/span>RetiredGeek\u2019s recommendations<\/span><\/a> for Meltdown\/Spectre mitigations on 1803. Make special note of the fact that he flashed his Dell XPS 8920 firmware prior to pursuing the Herculean labors.<\/span><\/p>\n

Microsoft has a bug in its Win7 Monthly Rollup that\u2019s been, uh, <\/span>bugging us since March<\/span><\/a>. If you installed any Win7\/Server 2008R2 patches after March and your network connections didn\u2019t go kablooey, you\u2019re almost undoubtedly OK to proceed with this month\u2019s patches.<\/span><\/p>\n

On the other hand, if you\u2019ve been waiting to install patches on your Win7 or Server 2008R2 machine, you need to be aware of a bug that Microsoft has acknowledged. <\/span><\/p>\n

Symptom<\/strong>: There is an issue with Windows and third-party software that is related to a missing file (<\/span>oem<number>.inf<\/span><\/i>). Because of this issue, after you apply this update, the network interface controller will stop working.<\/span><\/p>\n

Workaround<\/strong>: To locate the network device, launch devmgmt.msc; it may appear under Other Devices. <\/span><\/p>\n

1. To automatically rediscover the NIC and install drivers, select\u00a0<\/span>Scan for Hardware Changes<\/strong> from the Action menu.<\/p>\n

2. Alternatively, install the drivers for the network device by right-clicking the device and selecting <\/span>Update<\/strong>.<\/span> Then select <\/span>Search automatically for updated driver software<\/strong> or <\/span>Browse my computer for driver software<\/strong>.<\/span><\/p>\n

That\u2019s a bizarre, convoluted series of steps. Microsoft still hasn\u2019t confirmed which third-party software is at fault, but reports have it that it\u2019s largely a VMware problem. Five months later, the bug\u2019s still there, still acknowledged, still unfixed.<\/span><\/p>\n

If you\u2019re worried that installing this month\u2019s updates will clobber your Network Interface Card, make sure you take a full backup before installing the updates. You can also take <\/span>@GoneToPlaid\u2019s advice<\/a> and edit certain registry entries in advance.<\/span><\/p>\n

Microsoft broke Single Sign On (SSO) in IE 11 in the first set of August patches. Per the <\/span>KB article<\/span><\/a>:<\/span><\/p>\n

In Internet Explorer 11, a blank page may appear for some redirects. Additionally, if you open a site that uses Active Directory Federation Services (AD FS) or Single sign-on (SSO), the site may be unresponsive.<\/span><\/p>\n

Microsoft says you can fix that problem by installing the Monthly Preview (<\/span>KB 4343894<\/span><\/a> for Win7; <\/span>KB 4343891<\/span><\/a> for Win8.1). Confusingly, there\u2019s also a <\/span>KB 4459022<\/span><\/a>\u00a0\u2014 a \u201cCumulative Update for Internet Explorer: August 30, 2018\u201d \u2014 but that KB article says that you need to install one of the Monthly Previews to fix the problem.<\/span><\/p>\n

Monthly Previews, of course, are supposed to contain advance copies of non-security patches expected in the following month. They\u2019re designed for folks who need to test the next month\u2019s patches, to vet them before they hit the mainstream.<\/span><\/p>\n

Increasingly, Microsoft isn\u2019t fixing bugs that it introduces with proper patches. Instead, it’s throwing them into the Monthly Preview stew and hoping that those affected figure out they need to jump ahead to fix what was just broken.<\/span><\/p>\n

Susan Bradley\u2019s Master Patchlists for <\/span>July <\/span><\/a>and <\/span>August <\/span><\/a>show that the past two months\u2019 patches look clean, finally, except for the Meltdown\/Spectre inanities. The official <\/span>Fixes or workarounds articles <\/span><\/a>for Office include many specific problems and a few possible solutions.<\/span><\/p>\n

Ready to take a chance on messing up your NIC? Here\u2019s how to proceed. The patching pattern should be familiar to many of you.<\/span><\/p>\n

There\u2019s a non-zero chance that the patches \u2014 even the latest, greatest patches of patches of patches \u2014 will hose your machine. Best to have a backup that you can reinstall even if your machine refuses to boot. This, in addition to the usual need for System Restore points.<\/span><\/p>\n

There are plenty of full-image backup products, including at least two good free ones:<\/span> Macrium Reflect Free<\/span><\/a> and<\/span> EaseUS Todo Backup<\/span><\/a>. For Win 7 users, If you aren\u2019t making backups regularly, take a look at this <\/span>thread started by Cybertooth<\/span><\/a> for details. You have good options, both free and not-so-free.<\/span><\/p>\n

Microsoft is blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that\u2019s a year old or less, follow the instructions in<\/span> AKB 2000006<\/span><\/a> or<\/span> @MrBrian\u2019s summary of @radosuaf\u2019s method<\/span><\/a> to make sure you can use Windows Update to get updates applied.<\/span><\/p>\n

If you\u2019ve already installed any Monthly Rollups after March, your Network Interface Card should be immune to the latest slings and arrows. But if you haven\u2019t been keeping up on patches, see the discussion in the Network Cards section above to protect yourself.<\/span><\/p>\n

If you\u2019re very concerned about Microsoft\u2019s snooping on you and want to install just security patches, realize that the privacy path\u2019s getting more difficult. The old \u201cGroup B\u201d \u2014 security patches only \u2014 isn\u2019t dead, but it\u2019s no longer within the grasp of typical Windows customers. If you insist on manually installing security patches only, follow the instructions in @PKCano\u2019s<\/span> AKB 2000003<\/span><\/a> and be aware of<\/span> @MrBrian\u2019s recommendations<\/span><\/a> for hiding any unwanted patches. <\/span><\/p>\n

For most Windows 7 and 8.1 users, I recommend following<\/span> AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups<\/span><\/a>. Realize that some or all of the expected patches for July and August may not show up or, if they do show up, may not be checked. DON’T CHECK any unchecked patches. Unless you’re very sure of yourself, DON’T GO LOOKING for additional patches. In particular, if you install the August Monthly Rollups or Cumulative Updates, you won\u2019t need (and probably won\u2019t see) the concomitant patches for July. Don’t mess with Mother Microsoft. Take what’s being offered, and checked, and don’t grab something unchecked just because it sounds good.<\/span><\/p>\n

If you want to minimize Microsoft\u2019s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program (Step 1 of<\/span> AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping<\/span><\/a>) before you install any patches. (Thx, @MrBrian.) If you see KB 2952664 (for Win7) or \u00a0its Win8.1 cohort, KB 2976978 \u2014 the patches that so helpfully make it easier to upgrade to Win10 \u2014 uncheck them and drive a wooden stake through your motherboard. Watch out for driver updates \u2014 you\u2019re far better off getting them from a manufacturer\u2019s website.<\/span><\/p>\n

After you\u2019ve installed the latest Monthly Rollup, if you\u2019re intent on minimizing Microsoft\u2019s snooping, run through the steps in<\/span> AKB 2000007: Turning off the worst Win7 and 8.1 snooping<\/span><\/a>. Realize that <\/span>we don\u2019t know <\/i><\/strong>what information Microsoft collects on Window 7 and 8.1 machines. But I\u2019m starting to believe that information pushed to Microsoft\u2019s servers for Win7 owners is nearing equality to that pushed in Win10.<\/span><\/p>\n

If you\u2019re running Win10 Creators Update, <\/span>version 1703<\/strong> (my current preference), or <\/span>version 1709<\/strong>, and you want to stay on 1703 or 1709 and not get sucked into the 1803 vortex, follow the<\/span> instructions here<\/span><\/a> to ward off the upgrade. Of course, all bets are off if Microsoft, uh, <\/span>forgets to honor<\/span><\/a> its own settings. <\/span><\/p>\n

Remember: If you want to avoid 1803, don\u2019t click \u201cCheck for Updates\u201d until you\u2019ve gone through all the precautions <\/span>listed in this article<\/span><\/a>, including running wushowhide. If you forget, you may be <\/span>tossed in the seeker heap<\/span><\/a> and shuffled off to 1803 land.<\/span><\/p>\n

Worried about 1809? Yeah, me too. Those of you running Win10 1703 will need to upgrade to 1709, 1803 or possibly 1809 at some point in October. (It isn\u2019t clear if Microsoft will release Fourth Tuesday or C\/D Week patches for 1703 in October.) I\u2019m still sitting on a fence, and suggest you join me in MSmugwump land until we have a clearer view of the horizon. <\/span><\/p>\n

If you have trouble getting the latest cumulative update installed, make sure you\u2019ve checked your antivirus settings and, if all is well, run the<\/span> newly refurbished<\/span><\/a> Windows Update Troubleshooter<\/span><\/a> before inventing new epithets.<\/span><\/p>\n

To get Windows 10 patched, go through the steps in “<\/span>8 steps to install Windows 10 patches like a pro<\/span><\/a>.”<\/span><\/p>\n

Thanks to the dozens of volunteers on AskWoody who contribute mightily, especially @sb, @PKCano, @abbodi86, @gborn, @GoneToPlaid, @Cybertooth, @RetiredGeek and @MrBrian.<\/span><\/i><\/p>\n

We\u2019ve moved to MS-DEFCON 4 on the<\/span><\/i> AskWoody Lounge<\/span><\/i><\/a>.<\/span><\/i><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 05 Sep 2018 12:29:00 -0700<\/strong><\/p>\n

\n
\n

With the arrival of \u201cFourth Week\u201d patches on the last working day of August, and having had a few days to vet them, it looks as if we\u2019re ready to release the cracklin\u2019 Kraken. <\/span><\/p>\n

The steaming pile of Windows Intel microcode patches<\/strong><\/h2>\n

Microsoft continues to unleash <\/span>microcode patches<\/span><\/a> for Meltdown and Spectre (versions 1, 2, 3, 3a, 4, n for n >=4). You won\u2019t get stung by any of them, unless you specifically go looking for trouble. <\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10909,714,10525],"class_list":["post-13286","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-microsoft-office","tag-security","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=13286"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13286\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=13286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=13286"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=13286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}