{"id":11370,"date":"2018-02-05T10:30:11","date_gmt":"2018-02-05T18:30:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/02\/05\/news-5141\/"},"modified":"2018-02-05T10:30:11","modified_gmt":"2018-02-05T18:30:11","slug":"news-5141","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/02\/05\/news-5141\/","title":{"rendered":"Hold your breath, avoid the snake oil, and get Windows updated"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Mon, 05 Feb 2018 09:50:00 -0800<\/strong><\/p>\n

January 2018 was a month that will go down in patching infamy. Looking back on <\/span>my notes<\/span><\/a>, we had patches released, yanked, re-released and\/or re-re-released on 15 different days in January. Untold thousands of machines were bricked by Microsoft patches. Millions of hours were lost chasing down bad patches and bad advice.<\/span><\/p>\n

Although there were a couple of real bugs fixed in the January patches \u2014 the Equation Editor vulnerability being suspect #1 \u2014 most of the angst was completely superfluous. The Meltdown\/Spectre patches at the heart of the drama attacked a problem that wasn\u2019t \u2014 and isn\u2019t \u2014 there. We still have <\/span>no known<\/span><\/a> Meltdown or Spectre exploits in the wild. None.<\/span><\/p>\n

If you ever wanted a good reason to <\/span>hold off patching Windows<\/span><\/a> to see if others are having problems, you just saw it played out in slo-mo.<\/span><\/p>\n

At this point, I\u2019m seeing a few reported problems with the Win10 1709 cumulative update released on Jan. 31, KB 4058258:<\/span><\/p>\n

Failure to install with error 0x80070643 is an <\/span>acknowledged bug <\/span><\/a>in this and other Win10 patches this month. Microsoft\u2019s advice is to ignore it. <\/span><\/p>\n

Microsoft has also fessed up to bugs in several of the latest Win10 cumulative updates (too many of \u2018em to count!), saying:<\/span><\/p>\n

After installing this update, some users may experience issues logging into some websites when using third party account credentials in Microsoft Edge.<\/span><\/p>\n

There\u2019s no known fix. My suggestion is that you join the <\/span>vast majority of Win10 customers <\/span><\/a>and use a different browser.<\/span><\/p>\n

There\u2019s one other persistent problem with this month\u2019s patches that doesn\u2019t have an easy solution. After installing this month\u2019s Win10 cumulative updates (not sure which ones), your computer throws a blue screen when it starts, with the error <\/span>Inaccessible Boot Device<\/strong>. There\u2019s a very lengthy thread on the <\/span>Microsoft Answers forum<\/span><\/a>, with a possible manual solution for some people (helps to have a degree in Advanced Microsoft Bugology), but it doesn\u2019t work in all cases.<\/span><\/p>\n

Microsoft <\/span>does acknowledge the problem<\/span><\/a> for sites running WSUS update servers, and the solution for admins is bizarre: do not run \u201cautomatic repair\u201d but manually delete a registry key. If you go through the steps in either solution and can\u2019t get your machine going again, it looks like the only solution is to re-install Windows.\u00a0<\/span><\/p>\n

I\u2019ve seen reports of a wide array of additional problems \u2014 everything from blue screens to frozen logons to unexplained crashes \u2014 but I don\u2019t see any definitive patterns. Make sure you have that backup ready to get you out of any tight spots, OK?<\/span><\/p>\n

I\u2019m looking forward to Windows for Pacemakers.<\/span> In S Mode<\/span><\/a>, no doubt. Just not sure how to boot to recovery media. Can you imagine an autonomous driving system based on Windows?<\/span><\/p>\n

For those of you who held off installing the December cumulative update for Win10 1709, you should get patched up, in spite of the problems noted above. Microsoft released three cumulative updates in January just for you. <\/span><\/p>\n

In the normal course of events, I\u2019d just chalk January\u2019s patches up to experience and recommend that you not install them at all \u2014 wait for the February patches to roll out and listen for screams as they go through the usual unpaid beta-testing phase. Unfortunately, this month, we have the, uh, specter of Spectre breathing down our collective necks.<\/span><\/p>\n

So it is with no small amount of fear and trepidation that I urge you to take the plunge and get the January patches installed \u2014 but use your head about it. If you want no-brainer patching, get a Chromebook. Seriously.<\/span><\/p>\n

I don\u2019t care if they have security certificates from the Vatican. If your Dell Update or SupportAssist or HP Update Tools or Lenovo System Update or Fujitsu DeskUpdate tool tells you that you absolutely have to have this juicy new version of your machine\u2019s microcode or firmware (BIOS or UEFI update), laugh demonically as you click No Way.<\/span><\/p>\n

Neither Intel nor AMD have reliable Meltdown\/Spectre patches just yet. And we\u2019ve <\/span>seen the mess <\/span><\/a>created by Intel\u2019s garbage patches, even though they had six months to build and test them.<\/span><\/p>\n

Yes, I know Microsoft updated the Surface firmware with patches in January. I haven\u2019t heard any loud scream about those patches, so if they\u2019re being offered for your Surface machine, they\u2019re probably OK.<\/span><\/p>\n

If you have a reasonably recent version of your antivirus software \u2014 updated in the past few weeks \u2014 you\u2019ll be fine. If you\u2019re running Windows Defender, you\u2019re fine. But if you have a weird antivirus product, or you\u2019ve stopped doling out antivirus payola, I figure it\u2019s best to uninstall your current\u00a0antivirus\u00a0and get Windows Defender or Microsoft Security Essentials working, just for as long as it takes to get Windows updated. Check with your antivirus vendor for details.<\/span><\/p>\n

If you don\u2019t want to trust your PC to Microsoft \u2014 who can blame ya? \u2014 check out Kevin Beaumont\u2019s <\/span>detailed list<\/span><\/a> of antivirus vendors and their patch proclivities. If you want to check to see if your machine, specifically, is ready for the January patches, follow the steps <\/span>posted by OscarCP<\/span><\/a> on AskWoody.com.<\/span><\/p>\n

This month more than ever, there\u2019s a non-zero chance that the patches \u2014 even the latest, greatest patches of patches of patches \u2014 will hose your machine. Best to have a backup that you can re-install even if your machine refuses to boot. This, in addition to the usual need for System Restore points.<\/span><\/p>\n

There are plenty of full image backup products including at least two good free ones: <\/span>Macrium Reflect Free<\/span><\/a> and <\/span>EaseUS Todo Backup<\/span><\/a>.<\/span><\/p>\n

The \u201cS\u201d in Windows 10 S stands for \u201csucker.\u201d Based on some insider info unearthed by Paul Thurrott and Brad Sams, it looks like Win10 S is <\/span>headed to the trash can<\/span><\/a> where it belongs, replaced by a complex series of ill-defined \u201cin S mode\u201d inanities. The Win10 S version that some of you have now is worse than lame, it\u2019s dangerous.<\/span><\/p>\n

Microsoft <\/span>claims <\/span><\/a>that the bugs in the early-January versions of the .Net patches <\/span>have been fixed<\/span><\/a> in the later January versions of the .Net patches. I remain skeptical, but patching .Net has been such an <\/span>unholy mess<\/span><\/a> for so long that it\u2019s hard to say.<\/span><\/p>\n

Once again this month, Microsoft\u2019s ongoing list of <\/span>acknowledged bugs<\/span><\/a> in Office updates offers some worthwhile caveats. (Will Windows ever get anything comparable?) The January <\/span>Outlook buglist <\/span><\/a>includes misbehaving searches and a warning about not being able to use Outlook 2010 on Windows XP after installing the January patches. The <\/span>Word <\/span><\/a>and <\/span>Excel <\/span><\/a>buglists include many bugs that have been floating around for months.<\/span><\/p>\n

I\u2019ve seen so many bugs in the January patches that I simply lost count. At this point, though, the situation seems to be much more stable than it was two weeks ago.<\/span><\/p>\n

Microsoft is blocking updates to Windows 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that\u2019s a year old or newer, follow the instructions in<\/span> AKB 2000006<\/span><\/a> or<\/span> @MrBrian\u2019s summary of @radosuaf\u2019s method<\/span><\/a> to make sure you can use Windows Update to get updates applied.<\/span><\/p>\n

If you\u2019re very concerned about Microsoft\u2019s snooping on you and want to install just security patches, realize that the privacy path\u2019s getting more difficult. The old \u201cGroup B\u201d \u2014 security patches only \u2014 isn\u2019t dead, but it\u2019s no longer within the grasp of typical Windows customers. If you insist on manually installing security patches only, follow the instructions in @PKCano\u2019s<\/span> AKB 2000003<\/span><\/a> and be aware of<\/span> @MrBrian\u2019s recommendations<\/span><\/a> for hiding any unwanted patches. Note that AKB 200003 has been modified to incorporate Microsoft\u2019s fixes-of-fixes in January.<\/span><\/p>\n

For most Windows 7 and 8.1 users, I recommend following<\/span> AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups<\/span><\/a>. If you want to minimize Microsoft\u2019s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program (Step 1 of<\/span> AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping<\/span><\/a>) before you install any patches. (Thx, @MrBrian).<\/span><\/p>\n

Watch out for driver updates \u2014 you\u2019re far better off getting them from a manufacturer\u2019s website. After you\u2019ve installed the latest Monthly Rollup, if you\u2019re intent on minimizing Microsoft\u2019s snooping, run through the steps in<\/span> AKB 2000007: Turning off the worst Win7 and 8.1 snooping<\/span><\/a>. Realize that <\/span>we don\u2019t know <\/i><\/strong>what information Microsoft collects on Window 7 and 8.1 machines, but I\u2019m starting to believe that snooping on Win7 is getting closer and closer to that on Win10.<\/span><\/p>\n

With the caveats noted above, Microsoft\u2019s Win10 patches have finally stabilized. Go ahead and install them.<\/span><\/p>\n

If you\u2019re running Win10 Creators Update, <\/span>version 1703<\/strong> (my current preference), or <\/span>version 1607<\/strong>, the Anniversary Update, and you want to stay on 1607 or 1703 while those on 1709 get to eat Microsoft\u2019s dog food, follow the<\/span> instructions here<\/span><\/a> to ward off the upgrade. As you go through the steps, keep in mind that Microsoft, uh,<\/span> forgot to honor<\/span><\/a> the \u201cCurrent Branch for Business\u201d setting \u2014 so you need to run the \u201cfeature update\u201d (read: version change) deferral setting, if you have one, all the way up to 365. And hope that Microsoft doesn\u2019t forget how to count to 365.<\/span><\/p>\n

If you\u2019re running an earlier version of Win10, you\u2019re basically on your own. Microsoft doesn’t support you anymore.<\/span><\/p>\n

If you have trouble getting the latest cumulative update installed, make sure you\u2019ve checked your antivirus settings (see ProTip #2 above) and, if all is well, run the <\/span>Windows Update Troubleshooter<\/span><\/a> before inventing new epithets. If you still can\u2019t get it installed, check out <\/span>this Reddit page<\/span><\/a> and follow the instructions to reset your Hosts file. Weird, but it seems to help.<\/span><\/p>\n

To get Windows 10 patched, go through the steps in “<\/span>8 steps to install Windows 10 patches like a pro<\/span><\/a>.”<\/span><\/p>\n

As is always the case, <\/span>DON\u2019T CHECK ANYTHING THAT\u2019S UNCHECKED<\/strong>. In particular, don\u2019t be tempted to install anything marked \u201cPreview.\u201d <\/span><\/p>\n

It\u2019s time to get patched. Tell your friends and warn your enemies. Or vice versa. If you bump into some self-described security \u201cexpert\u201d who tells you to install all Windows security patches as soon as they\u2019re released, send \u2018em over to the Lounge. We\u2019ll take care of \u2018em.<\/span><\/p>\n

For lots of help, and a bit of sympathy, join us on the <\/span><\/i>AskWoody Lounge<\/span><\/i><\/a>.<\/span><\/i><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Mon, 05 Feb 2018 09:50:00 -0800<\/strong><\/p>\n

\n
\n

January 2018 was a month that will go down in patching infamy. Looking back on <\/span>my notes<\/span><\/a>, we had patches released, yanked, re-released and\/or re-re-released on 15 different days in January. Untold thousands of machines were bricked by Microsoft patches. Millions of hours were lost chasing down bad patches and bad advice.<\/span><\/p>\n

Although there were a couple of real bugs fixed in the January patches \u2014 the Equation Editor vulnerability being suspect #1 \u2014 most of the angst was completely superfluous. The Meltdown\/Spectre patches at the heart of the drama attacked a problem that wasn\u2019t \u2014 and isn\u2019t \u2014 there. We still have <\/span>no known<\/span><\/a> Meltdown or Spectre exploits in the wild. None.<\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10761],"class_list":["post-11370","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11370"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11370\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}