{"id":17086,"date":"2019-12-03T12:30:09","date_gmt":"2019-12-03T20:30:09","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/12\/03\/news-10822\/"},"modified":"2019-12-03T12:30:09","modified_gmt":"2019-12-03T20:30:09","slug":"news-10822","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/12\/03\/news-10822\/","title":{"rendered":"Microsoft Patch Alert: November patches behave themselves \u2013 with a few exceptions"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Tue, 03 Dec 2019 10:29:00 -0800<\/strong><\/p>\n

What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches \u2013 including two .NET non-security previews that apparently did nothing<\/a> \u2013 but that\u2019s the worst of it.<\/p>\n

November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped \u201cexploited\u201d zero-day security hole in Internet Explorer (again<\/a>) that didn\u2019t amount to a hill of beans (again<\/a>).<\/p>\n

As promised, we received no \u201coptional, non-security\u201d Windows 10 patches in November \u2013 and Microsoft promises there won\u2019t be any this month, either. I think that\u2019s great. If Microsoft wants to roll out beta test versions of Windows, it should have testers sign up for an Insider ring.<\/p>\n

All of the Office patches in November throw a \u201cQuery is corrupt\u201d error message in Access under certain circumstances. Access says \u201cQuery xxxx is corrupt,\u201d when in fact the query in question is just fine.<\/p>\n

\u00a0I talked about the bug<\/a> on Nov. 13. Microsoft finally acknowledged it almost a week later<\/a>.<\/p>\n

Microsoft rolled out a patch for Access 2016 on Nov. 18, but didn\u2019t get the other installed (\u201cMSI\u201d) versions patched until Nov. 27. We\u2019re still waiting for patches to the Click-to-Run versions of Office, which are currently scheduled<\/a> for Dec. 10 \u2013 the next Patch Tuesday.<\/p>\n

Along with Win7 and 8.1 Monthly Rollup previews, we were also graced with four optional preview<\/a> .NET patches \u2013 two of which don\u2019t appear to do anything \u2013 and a group of one-off patches<\/a> (not cumulative updates), available by manual download only, to fix a weird bug in ClickOnce.<\/p>\n

In short, there weren\u2019t any .NET patches in November worth the distraction.<\/p>\n

Speaking of distractions\u2026, November saw a fix for an \u201cexploited\u201d security hole, CVE-2019-1429<\/a>. The parallels to September\u2019s CVE-2019-1367<\/a> are hard to ignore. Like -1367, -1429 is a \u201cScripting Engine Memory Corruption Vulnerability\u201d that is known (by Microsoft) to be used in some sort of attack. Like the earlier doppelganger, this new incarnation hits Internet Explorer directly, but can be leveraged by an aberrant Office document that links to IE. Both exploits seem full of sound and fury \u2013 800 million Windows users exposed! Hurry and get patched! Click here! \u2013 but in the end, neither leaked into the wild.<\/p>\n

There\u2019s one big difference between the old -1367 and the new -1429: Microsoft didn\u2019t start flailing around like a beached whale this time. If you recall, the September hole was subject to four \u2013 count \u2018em, four<\/a> \u2013 different out-of-band updates, poorly conceived and worse implemented. Local news broadcasts predicted the Windows sky was falling. Meh.<\/p>\n

My advice then \u2013 and now \u2013 is to ignore the \u201cexploited\u201d designation, stop using Internet Explorer, set any other browser as your default, and read up on False Authority Syndrome<\/a> (thanks, Rob).<\/p>\n

If you\u2019re thinking about moving on to Win10 version 1909, make sure you weigh the benefits (are there any real benefits?) against the problems. Several bugs in Win10 1903 are running over into 1909, and 1909 has a handful of its own:<\/p>\n

It remains to be seen whether there are any 1909-specific bugs. But it also remains to be seen whether there are any real benefits<\/a> to moving to 1909.<\/p>\n

Those of you running Win10 1809 Home may be distressed to discover that, unless you take significant steps to prevent it<\/a>, Microsoft now upgrades your machine to version 1909, not 1903. That may be what you want \u2013 if so, I salute you! \u2013 but moving to Win10 1903 now gives you the opportunity to choose when you\u2019ll get pushed onto 1909.<\/p>\n

In fact, if you\u2019re running Win10 version 1803 or 1809 (or don\u2019t know what version you\u2019re running!), there\u2019s a relatively easy way to make sure you end up on the version you want. Full step-by-step instructions are here in,\u00a0Running Win10 version 1803 or 1809? You have options. Here\u2019s how to control your upgrade<\/a>.<\/p>\n

Get the latest <\/em>on AskWoody<\/em><\/a>.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Tue, 03 Dec 2019 10:29:00 -0800<\/strong><\/p>\n

\n
\n

What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches \u2013 including two .NET non-security previews that apparently did nothing<\/a> \u2013 but that\u2019s the worst of it.<\/p>\n

November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped \u201cexploited\u201d zero-day security hole in Internet Explorer (again<\/a>) that didn\u2019t amount to a hill of beans (again<\/a>).<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10516,10909,13764,714,10525],"class_list":["post-17086","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-microsoft","tag-microsoft-office","tag-pcs","tag-security","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17086","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17086"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17086\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17086"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}