{"id":12307,"date":"2018-05-16T06:30:02","date_gmt":"2018-05-16T14:30:02","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/05\/16\/news-6076\/"},"modified":"2018-05-16T06:30:02","modified_gmt":"2018-05-16T14:30:02","slug":"news-6076","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/05\/16\/news-6076\/","title":{"rendered":"Lots of little Microsoft patches, but nothing for this month\u2019s big bugs \u2014 and no Previews"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 16 May 2018 06:32:00 -0700<\/strong><\/p>\n

Third Tuesday of the month and it\u2019s time for bug fixes and Monthly Rollup Previews, right?<\/span><\/p>\n

Well, no. May\u2019s Third Tuesday brought a big bag of .Net Framework Previews, microcode patches for Win10 1803 and Server 2016, and a Win10 1803 upgrade nag, but no respite at all for the major problems introduced by this month\u2019s earlier patches.<\/span><\/p>\n

Unless you\u2019re testing your own .Net-based software to make sure it won\u2019t explode next month, you don\u2019t need to think about these. There\u2019s the usual assortment of Previews for .Net Framework 2.0, 3.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 for all the usual versions of Windows and Server. <\/span><\/p>\n

There are two patches \u2014\u00a0<\/span>KB 4134660<\/span><\/a> for Win10 1703 and<\/span> KB 4134661<\/span><\/a> for Win10 1709 \u2014 whose purpose eludes me. The KB articles say:<\/span><\/p>\n

This Windows update provides a notification of an improved privacy experience on upgrade to the Windows 10 April 2018 release<\/span><\/p>\n

This update will be downloaded and installed automatically.<\/span><\/p>\n

\u2026 and that\u2019s it. Microsoft\u2019s \u201cimproved privacy experience\u201d in 1803 isn\u2019t much. Martin Brinkmann, who literally <\/span>wrote the book<\/span><\/a> about Win10 privacy, <\/span>puts it this way<\/span><\/a>:<\/span><\/p>\n

Microsoft’s description is vague and it is not clear right now what these updates do when they are installed. The most likely explanation is that they inform users about the improved privacy options during setup which Microsoft added to Windows 10 version 1803. Microsoft added two new switches to the <\/span>privacy options<\/span><\/a> during Windows 10 Setup<\/span><\/a>: Find my device and improve inking & typing. Find my device uses the device’s location data to inform you where it is in case you misplaced it or in cases where it has been stolen. Improve inking & typing on the other hand defines whether inking and typing data is submitted to Microsoft. The description suggests that the update is not essential when it comes to the upgrade experience to Windows 10 version 1803 as it appears to add no fixes for existing issues.<\/span><\/p>\n

Which leads me to believe that KB 4134660 and KB 4134661 are two more upgrade-begging patches that you neither need nor want. After the Get Windows 10 debacle<\/a>, and the “oops” forced upgrades from 1703 to 1709<\/a>, I want no part of it.<\/span><\/p>\n

As I <\/span>noted on May 4<\/span><\/a>, when Microsoft hurriedly released Win10 version 1803 at the end of last month, it forgot to include the Meltdown\/Spectre fixes that are in Win10 1703 and 1709. With <\/span>KB 4100347<\/span><\/a>, it appears as if Microsoft has finally released the Spectre V2 microcode patches for Win10 1803 and Server 1803 \u2014 but only for Intel Kaby Lake, Coffee Lake, Broadwell, SkyLake, Haswell, Ivy Bridge and Sandy Bridge processors.<\/span><\/p>\n

Of course, there are no known Spectre V2 attacks in the wild.<\/span><\/p>\n

I\u2019ve seen reports from many people who say they\u2019re getting this bizarre Surface driver update, even though they don\u2019t run, or have, or even want a Surface. G\u00fcnter Born has tracked it down on his <\/span>Borncity blog<\/span><\/a>:<\/span><\/p>\n

Currently strange things are happening on Windows systems again. Windows Update suddenly offers users a \u2018Surface \u2013 HIDClass 4\/26\/2018 12:00:00 AM \u2013 3.3.206.0\u2019 driver update. Surface device owners will accepting this update. But owners of normal Windows desktop devices are amazed at least, because what is this driver update for?<\/span><\/p>\n

If you search the Internet for this device ID, you will find many websites that offer the driver for download. But that doesn\u2019t get you anywhere. The best source is <\/span>this GitHub address<\/span><\/a>, which contains an extract from an .inf file. <\/span><\/p>\n

; itpcdless.inf <\/span><\/p>\n

; Driver for plug and play installations of USB Input Devices <\/span><\/p>\n

; Copyright (c) Microsoft Corporation. All rights reserved. <\/span><\/p>\n

Ends up that the \u201cSurface \u2014 HIDClass\u201d driver is for Microsoft USB keyboards. It has nothing to do with Surface.<\/span><\/p>\n

On the third Tuesday of the month, we\u2019re traditionally treated to previews of the next month\u2019s Win7 and 8.1 Monthly Rollups. Not so this month. Nobody seems to know why.<\/span><\/p>\n

Nothing. Zilch.<\/span><\/p>\n

I was hoping for a fix for the truly embarrassing Win10 1803 solid-state drive bugs, where Win10 1803 crashes and burns on <\/span>Intel SSD 600p, SSD Pro 6000p<\/span><\/a>, <\/span>Toshiba XG4, XG5 and BG3<\/span><\/a> solid-state drives.<\/span><\/p>\n

Redeeming social value: Microsoft now <\/span>acknowledges the problems<\/span><\/a>.<\/span><\/p>\n

There\u2019s no mention of the Win7\/Server 2008R2 bug that <\/span>clobbers network drivers<\/span><\/a>. Worth noting: The 0patch organization has <\/span>already released a fix<\/span><\/a> for the VBScript 0day fixed in this month\u2019s Win7 patch. You have to wonder why Microsoft hasn\u2019t done something similar, if only as a stopgap.<\/span><\/p>\n

I\u2019m also seeing reports of a nasty <\/span>Desktop Windows Manager crash<\/span><\/a> after installing the May Monthly Rollup, a <\/span>perpetual reboot loop<\/span><\/a>, and lots of miscellaneous problems.<\/span><\/p>\n

The hunt for bugs \u2014 and solutions \u2014 continues on the <\/span><\/i>AskWoody Lounge<\/span><\/i><\/a>.<\/span><\/i><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 16 May 2018 06:32:00 -0700<\/strong><\/p>\n

\n
\n

Third Tuesday of the month and it\u2019s time for bug fixes and Monthly Rollup Previews, right?<\/span><\/p>\n

Well, no. May\u2019s Third Tuesday brought a big bag of .Net Framework Previews, microcode patches for Win10 1803 and Server 2016, and a Win10 1803 upgrade nag, but no respite at all for the major problems introduced by this month\u2019s earlier patches.<\/span><\/p>\n

The .Net Framework Previews<\/strong><\/h2>\n

Unless you\u2019re testing your own .Net-based software to make sure it won\u2019t explode next month, you don\u2019t need to think about these. There\u2019s the usual assortment of Previews for .Net Framework 2.0, 3.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 for all the usual versions of Windows and Server. <\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10525],"class_list":["post-12307","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12307","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12307"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12307\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}