{"id":8464,"date":"2017-07-26T10:30:11","date_gmt":"2017-07-26T18:30:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/07\/26\/news-2238\/"},"modified":"2017-07-26T10:30:11","modified_gmt":"2017-07-26T18:30:11","slug":"news-2238","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/07\/26\/news-2238\/","title":{"rendered":"Tiptoe through the bugs and get Windows and Office updated"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt0.staticworld.net\/images\/article\/2016\/04\/3_patches-100654092-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Woody Leonhard| Date: Wed, 26 Jul 2017 09:55:00 -0700<\/strong><\/p>\n<p>The fourth Tuesday of the month has come and gone, and it now looks reasonably safe to patch Windows and Office. I was expecting two big releases yesterday \u2014 one to fix numerous bugs in Win10 Creators Update, version 1703; the other to plug the bugs <a href=\"http:\/\/www.computerworld.com\/article\/3209710\/microsoft-windows\/where-are-the-fixes-to-the-botched-outlook-security-patches.html#tk.drr_mlt\">introduced by June\u2019s Office security patches<\/a> \u2014 but neither trove appeared. Given Microsoft\u2019s past patterns, it\u2019s unlikely that we\u2019ll see any more serious patches until next month\u2019s Patch Tuesday, on Aug. 8.<\/p>\n<p>There\u2019s also a bit of additional impetus right now. On July 17, security researcher Haifei <a href=\"https:\/\/justhaifei1.blogspot.nl\/2017\/07\/bypassing-microsofts-cve-2017-0199-patch.html\">published a proof of concept<\/a> for running malware scripts directly in Office apps. I haven\u2019t seen any exploits in the wild as yet, but it would be a good idea to install <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/3213640\">KB 3213640<\/a> (Office 2007), <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/3213624\">KB 3213624<\/a> (Office 2010), <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/3213555\">KB 3213555<\/a> (Office 2013) and\/or <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/3213545\">KB 3213545<\/a> (Office 2016) in the short term. (Thx to @LeaningTowardsLinux.) Note that none of these patches, as best as I can tell, correct the Office bugs introduced in June.<\/p>\n<p>July was a particularly problematic month for Windows and Office patches. At this moment, I see the following outstanding problems \u2014 none of which are overwhelming, but all of which may prove to be a pain to you, depending on your configuration and expectations:<\/p>\n<p>On the brighter side, the Surface Pro 4\/Surface Book firmware\/driver update difficulties I <a href=\"http:\/\/computerworld.com\/article\/3209736\/microsoft-windows\/problems-with-surface-pro-4surface-book-firmware-update.html\">talked about two days ago<\/a>\u00a0didn&#8217;t turn into major problems. Microsoft has provided the documentation, at last, and it looks like the driver update is good to go.<\/p>\n<p>As always, I strongly recommend that you avoid installing the Preview Rollups on offer, such as <a href=\"https:\/\/social.technet.microsoft.com\/Forums\/windowsserver\/en-US\/9c8e637e-d42a-479e-a703-110986281ee9\/kb4025335-kills-certificate-based-computer-authentication\">KB 4025335<\/a>. That\u2019s easy \u2014 you have to check the right box to install the Preview, and you shouldn\u2019t be checking any boxes!<\/p>\n<p>Here are my recommendations:<\/p>\n<p><strong>Windows 7 and 8.1<\/strong><\/p>\n<p>If you\u2019re very concerned about Microsoft\u2019s snooping on you, and only want to install security patches, realize that the path\u2019s getting more difficult. The old \u201cGroup B\u201d \u2014 security patches only \u2014 isn\u2019t dead, but it\u2019s no longer within the grasp of typical Windows customers. If you insist on installing security patches only, follow the instructions in @PKCano\u2019s <a href=\"https:\/\/www.askwoody.com\/forums\/topic\/2000003-ongoing-list-of-group-b-monthly-updates-for-win7-and-8-1\/\">AKB 2000003<\/a>.<\/p>\n<p>Microsoft is still blocking updates to Win 7 and 8.1 on recent computers. If you are running Windows 7 or 8.1 on a PC that\u2019s a year old, or newer, follow the instructions in <a href=\"https:\/\/www.askwoody.com\/forums\/topic\/2000006-see-if-microsoft-is-blocking-windows-update-on-your-new-computer\/\">AKB 2000004<\/a> or <a href=\"https:\/\/www.askwoody.com\/forums\/topic\/installing-win-updates-on-win-7-or-8-1-computers-with-kaby-lake-or-ryzen-cpus\/\">@MrBrian\u2019s summary of @radosuaf\u2019s method<\/a> to make sure you can use Windows Update to get updates applied.<\/p>\n<p>If you want to minimize Microsoft\u2019s snooping but still install all of the offered patches, turn off the Customer Experience Improvement Program (Step 1 of <a href=\"https:\/\/www.askwoody.com\/forums\/topic\/2000007-turning-off-the-worst-windows-7-and-8-1-snooping\/\">AKB 2000007: Turning off the worst Windows 7 and 8.1 snooping<\/a>) before you install any patches. (Thx @MrBrian).<\/p>\n<p>For most Windows 7 and 8.1 users, I recommend following <a href=\"https:\/\/www.askwoody.com\/forums\/topic\/2000004-how-to-apply-the-win7-and-8-1-monthly-rollups\/\">AKB 2000004: How to apply the Win7 and 8.1 Monthly Rollups<\/a>. Watch out for driver updates \u2014 you\u2019re far better off getting them from the manufacturer\u2019s website.<\/p>\n<p>After you\u2019ve installed the latest Monthly Rollup, if you\u2019re intent on minimizing Microsoft\u2019s snooping, run through the steps in <a href=\"https:\/\/www.askwoody.com\/forums\/topic\/2000007-turning-off-the-worst-windows-7-and-8-1-snooping\/\">AKB 2000007: Turning off the worst Win7 and 8.1 snooping<\/a>. Realize that <strong>we don\u2019t know<\/strong> what information Microsoft collects on Win7 and 8.1 machines.<\/p>\n<p><strong>Windows 10<\/strong><\/p>\n<p>It\u2019s still too early to jump to Win10 Creators Update, version 1703. Wait for it to be designated \u201cCurrent Branch for Business\u201d or, using the new bafflegab, \u201cSemi-annual Channel (Broad)\u201d ready. You can block the upgrade with a few simple steps, detailed in <a href=\"http:\/\/www.computerworld.com\/article\/3188869\/microsoft-windows\/todays-the-day-to-block-windows-10-creators-update.html\">this <em>Computerworld<\/em> post<\/a>. If you\u2019re presented with an option to review your privacy settings (screenshot), click &#8220;Remind me later&#8221; and forget about it.<\/p>\n<p>To get Win10 patched, run the steps in <a href=\"https:\/\/www.askwoody.com\/forums\/topic\/2000005-how-to-update-windows-10-safely\/\">AKB 2000005: How to update Windows 10 \u2014 safely<\/a>. You may want to use wushowhide to hide any driver updates. All of the other updates should be OK, including Servicing stack updates, Office, MSRT or .Net updates (go ahead and use the Monthly Rollup if it\u2019s offered).<\/p>\n<p>As is always the case, <strong>DON\u2019T CHECK ANYTHING THAT\u2019S UNCHECKED<\/strong>.<\/p>\n<p>Time to get patched. Tell your friends, but make sure they understand what\u2019s happening. And for heaven\u2019s sake, as soon as you\u2019re patched, turn off automatic updating! If you can follow these instructions, you don&#8217;t have to serve as Microsoft patch cannon fodder.<\/p>\n<p><em>I just changed the MS-DEFCON level on the <a href=\"https:\/\/www.askwoody.com\/forums\/topic\/ms-defcon-3-some-lingering-problems-but-its-time-to-get-windows-and-office-patched\/\">AskWoody Lounge<\/a>. Join us.<\/em><\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3211365\/microsoft-windows\/tiptoe-through-the-bugs-and-get-windows-and-office-updated.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt0.staticworld.net\/images\/article\/2016\/04\/3_patches-100654092-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Woody Leonhard| Date: Wed, 26 Jul 2017 09:55:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>The fourth Tuesday of the month has come and gone, and it now looks reasonably safe to patch Windows and Office. I was expecting two big releases yesterday \u2014 one to fix numerous bugs in Win10 Creators Update, version 1703; the other to plug the bugs <a href=\"http:\/\/www.computerworld.com\/article\/3209710\/microsoft-windows\/where-are-the-fixes-to-the-botched-outlook-security-patches.html#tk.drr_mlt\">introduced by June\u2019s Office security patches<\/a> \u2014 but neither trove appeared. Given Microsoft\u2019s past patterns, it\u2019s unlikely that we\u2019ll see any more serious patches until next month\u2019s Patch Tuesday, on Aug. 8.<\/p>\n<p>There\u2019s also a bit of additional impetus right now. On July 17, security researcher Haifei <a href=\"https:\/\/justhaifei1.blogspot.nl\/2017\/07\/bypassing-microsofts-cve-2017-0199-patch.html\">published a proof of concept<\/a> for running malware scripts directly in Office apps. I haven\u2019t seen any exploits in the wild as yet, but it would be a good idea to install <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/3213640\">KB 3213640<\/a> (Office 2007), <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/3213624\">KB 3213624<\/a> (Office 2010), <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/3213555\">KB 3213555<\/a> (Office 2013) and\/or <a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/3213545\">KB 3213545<\/a> (Office 2016) in the short term. (Thx to @LeaningTowardsLinux.) Note that none of these patches, as best as I can tell, correct the Office bugs introduced in June.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3211365\/microsoft-windows\/tiptoe-through-the-bugs-and-get-windows-and-office-updated.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10525],"class_list":["post-8464","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8464","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8464"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8464\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}