windows

There’s no question that you need to keep your Windows machine patched. In this age of EternalBlue and Shadow Brokers, Wikileaks and the CIA, avoiding Windows security patches is like hanging a sign out on the internet that says, “Kick me.”

That said, there’s no reason for savvy Windows users to succumb to Microsoft’s patching pace. Windows Automatic Update is great — vital — for your sainted aunt Martha, who’s afraid that anything other than playing mahjong will break her computer. But Auto Update’s an unnecessary risk for people who know how to use Windows and who keep up to date on Windows developments. If you’re knowledgeable enough to be reading this, you should seriously consider taking Windows patching into your own hands.

To read this article in full or to leave a comment, please click here

Last night, Microsoft released a new Surface Camera driver called “Surface – System – 7/31/2007 12:00:00 AM – 1.0.75.1” which is intended to fix the Windows Hello problem introduced by the completely undocumented driver “Surface – System – 7/21/2017 12:00:00 AM – 1.0.65.1.” Many of you complained that, after installing the buggy driver, your Surface Pro 4 no longer supported Windows Hello.

As best as I can tell, this 1.0.75.1 driver update fixes the problem. But there’s more to the story.

The original, buggy driver was dated July 21, the files were dated July 26, and the driver was sent down the Automatic Update chute on July 29 without warning or description.

To read this article in full or to leave a comment, please click here

A week ago, I lamented the lack of a fix for the bad June Office security patches. On June 13, those of you with Automatic Update turned on were treated to seven different, documented bugs that persisted until today.

I expected to see these patches on Tuesday, in normal cadence. For reasons that are only known to Microsoft, they waited until today, Thursday, to release the files.

To read this article in full or to leave a comment, please click here

The fourth Tuesday of the month has come and gone, and it now looks reasonably safe to patch Windows and Office. I was expecting two big releases yesterday — one to fix numerous bugs in Win10 Creators Update, version 1703; the other to plug the bugs introduced by June’s Office security patches — but neither trove appeared. Given Microsoft’s past patterns, it’s unlikely that we’ll see any more serious patches until next month’s Patch Tuesday, on Aug. 8.

There’s also a bit of additional impetus right now. On July 17, security researcher Haifei published a proof of concept for running malware scripts directly in Office apps. I haven’t seen any exploits in the wild as yet, but it would be a good idea to install KB 3213640 (Office 2007), KB 3213624 (Office 2010), KB 3213555 (Office 2013) and/or KB 3213545 (Office 2016) in the short term. (Thx to @LeaningTowardsLinux.) Note that none of these patches, as best as I can tell, correct the Office bugs introduced in June.

To read this article in full or to leave a comment, please click here

On June 13—five and a half weeks ago—Microsoft released a series of buggy patches for Outlook. We know they’re buggy because Microsoft acknowledged seven bugs (including one primarily caused by bugs in Windows patches) in those four original June 13 security patches. As of this morning, we still don’t have fixes for those seven bugs.

Here are the known buggy original security patches:

• KB 3191898 – Security update for Outlook 2007, released June 13, 2017
• KB 3203467 – Security update for Outlook 2010, released June 13
• KB 3191938 – Security update for Outlook 2013, June 13
• KB 3191932 – Security update for Outlook 2016, June 13

If you have Automatic Update turned on, you were treated not only to those patches, but to all of these three later, interim fixes for the bugs in the security patches. Don’t get too excited about them. In fact, they didn’t fix the bugs:

To read this article in full or to leave a comment, please click here

Strap on your hip waders. This particular “scare” article should have you thinking yet again about the advisability of installing Windows updates as soon as they’re available. As you’ll see, Microsoft itself has flip-flopped on the resolution and those who subscribe to Windows Update have been taken along for the ride.

Buggy June patches to Windows, Internet Explorer and Edge left customers in the horns of a dilemma:

• You can plug a security hole known as CVE-2017-8529, in which IE or Edge reveal the presence of a specific file on your computer when you simply surf to a compromised web site, OR
• You can print content on web pages that are inside an HTML construct known as an iFrame, using IE 9, 10 or 11.

Microsoft’s up against a hard bug that makes this an either-or proposition: Until Microsoft figures out how to fix both problems at the same time, either you patch the security hole, or you can print inside iFrames with IE, but not both.

To read this article in full or to leave a comment, please click here

Strap on your hip waders. This particular “scare” article should have you thinking yet again about the advisability of installing Windows updates as soon as they’re available. As you’ll see, Microsoft itself has flip-flopped on the resolution and those who subscribe to Windows Update have been taken along for the ride.

Buggy June patches to Windows, Internet Explorer and Edge left customers in the horns of a dilemma:

• You can plug a security hole known as CVE-2017-8529, in which IE or Edge reveal the presence of a specific file on your computer when you simply surf to a compromised web site, OR
• You can print content on web pages that are inside an HTML construct known as an iFrame, using IE 9, 10 or 11.

Microsoft’s up against a hard bug that makes this an either-or proposition: Until Microsoft figures out how to fix both problems at the same time, either you patch the security hole, or you can print inside iFrames with IE, but not both.

To read this article in full or to leave a comment, please click here