Microsoft promotes upcoming Edge enhancements

Microsoft on Monday talked up a slew of future features planned to land in Edge in coming months, including tabs stacked vertically along the browser’s side and a Firefox-esque Password Monitor.

And although Microsoft has not come out and put it plainly, it appears it will mimic Google’s Chrome as it resumes releasing Edge builds, including skipping a version to make up for lost time.

“It’s time to expect more from our browsers – more control over our data and our family’s online information, new ways to organize our online research and more value back as we browse,” wrote Liat Ben-Zur, an Edge marketing executive, in a post to a company blog.

The bulk of the features touted by Ben-Zur were spun to a consumer, not commercial, angle, perhaps to sync with Microsoft’s Monday announcement of expanded and renamed Office subscriptions for consumers. Few of the listed features are available immediately, with many not yet having debuted in the browser’s Insider preview program.

Vertical tabs, for example, are to reach Insider “in the next few months,” when users will be able to open a sidebar where tabs are stacked. One big benefit: The sidebar gives each tab the space to show even long page titles, unlike top-of-the-browser tabs, which typically truncate titles to the point of uselessness when many are open at the same time.

screen shot 2020 03 31 at 9.33.35 am Microsoft

At some point, Edge will boast an option that will stack tabs vertically in a sidebar. When? Microsoft didn’t say.

Edge will also include a password monitor (again, this feature is to hit Insider in the “next few months”) that warns users when their saved username-password combinations have previously been publicly leaked by a data hack. Ben-Zur’s description of the feature resembles what Mozilla ended up with as Firefox Monitor, the results of a partnership between the browser maker and the Have I Been Pwned? site and service.

Ben-Zur did not reveal the source for the lists of leaked passwords which would fuel Edge’s tool.

Other future Edge bits trumpeted by Ben-Zur range from a smart copy feature that retains a web page’s varied content when pasted into documents to Collections, which lets users organize and store disparate clumps of information while doing research online.

Microsoft’s Ben-Zur did not match features and intended Edge releases – the browser is currently suspended in version 80 – to portray the future as does, say, Google when it segregates enhancements by edition.

But Edge will, from all evidence, copy Chrome’s next steps as it comes out of a release pause. Two weeks ago, Google suspended Chrome’s every-six-to-eight-week release schedule, declining to issue Chrome 81 on time. Microsoft followed suit, not surprisingly since Edge, like Chrome, relies on the Chromium project for its foundations.

Last week, Google said that it would restart Chrome releases with Chrome 81 on April 7 but would skip the number 82 and pick up again with Chrome 83 on May 19. Google also resumed releasing less-polished builds, including one from the Dev channel, last week when it pushed that from v. 82 to v. 83 on March 26.

Microsoft did the same for Edge’s Dev release – promoted it from v. 82 to v. 83 for the first time – a day later, on March 27. It’s almost certain that Microsoft will release the next Edge, v. 81, shortly after Chrome 81’s debut next week.

Microsoft to shift SMBs' Office subscriptions to 'Microsoft 365' brand

Microsoft today announced name changes to the Office 365 subscription plans in the Business line, substituting “Microsoft 365” instead.

The Redmond, Wash. developer did not touch subscription plans aimed at enterprise, education and government.

Plan names will automatically change on April 21, Microsoft said in an online statement. Prices of the plans will not change.

  • Office 365 Business Essentials, the lowest-priced plan in the Business line, will become Microsoft 365 Business Basic.
  • Office 365 Business, the middling plan in the trio that provides the Office applications and OneDrive, but no other services, will become Microsoft 365 Apps.
  • Office 365 Business Premium, the most capable and most expensive subscription plan of the three, will become Microsoft 365 Business Standard.

Microsoft will change the moniker of Microsoft 365 Business to Microsoft 365 Business Premium to fit it into the Business line as the top-dollar $20 per-user per-month plan. That subscription adds security and management tools to Office 365 Business Standard, née Premium. (Currently, this is the lowest-priced plan in the Microsoft 365 line. After the name changes, though, it will fall somewhere in the middle.)

Finally, the orphan of Office 365, the Office 365 ProPlus deal, which like Office 365 Business limits the bits to the Office applications and OneDrive, will get the same Microsoft 365 Apps nameplate. (Microsoft said if it needed to differentiate the two, it would append “for business” and “for enterprise” on the offerings.)

Subscription label changes aside, everything will remain untouched. “There are no price or feature changes to plans at this time (emphasis added),” Microsoft said in a short Q&A embedded in the announcement.

What’s the frequency, Redmond?

As to why Microsoft will upend its Office 365 line with a rebranding project, the company had two reasons.

“We want our products to reflect the range of features and benefits in the subscription,” the company noted, again in the Q&A. Specifically, Microsoft pointed to past additions to Office 365 Business Essentials and Business Premium plans, notably the Teams collaboration, video conferencing and online meeting software, as justifying a step up in naming.

“Second, we’re always looking for ways to simplify,” the company continued. “This new approach to naming our products is designed to help you quickly find the plan you need and get back to your business.”

Microsoft’s second reason was the weaker of the two.

Ever since the 2017 introduction of Microsoft 365 as a subscription plan label, Microsoft has had an identity problem, with that line and the much older Office 365 crossing streams. Just what was Microsoft 365? How was it different — better than, by price anyway — from the original?

Initially, Microsoft 365 was an über-suite, an über-subscription, for it started with Office 365, then added more, most importantly a subscription to Windows 10. Microsoft 365, then, was Office 365 + Windows 10. (It was more, but those pieces were the most important.)

Microsoft could be applauded by bringing more of its subscriptions under the Microsoft 365 moniker – that’s clearly the name that will rule all at some point – but the brand remains scatter-brained. Some subscriptions are for consumers, as Microsoft also today announced an Office 365-to-Microsoft 365 name change for its Personal and Home deals; others are for business but sans Windows 10; yet more are for enterprises wishing for the kitchen sink, Windows included.

That’s not a brand, that’s just a mob.

And a large swath of Microsoft’s plans will remain, at least for now, tapped as Office 365, including all the enterprise-, education- and government-aimed subscriptions, ranging from Office 365 A1 to Office 365 E5. To crowd those plans under a Microsoft 365 umbrella will take some doing, as the company will have to figure out how to untangle the duplicate x3 and x5 suffixes.

Office 365: A guide to the updates

Office 365 subscribers always have the latest version of Microsoft Office — currently Office 2016. They also get more frequent software updates than those who have purchased Office 2016 without a subscription, which means subscribers have access to the latest features, security patches and bug fixes. But it can be hard to keep track of the changes in each update and know when they’re available. We’re doing this for you, so you don’t have to.

Following are key updates to Office 365 for Windows since Office 2016 was released in September 2015 — all the 2017 updates and the most important ones from 2016 and late 2015, with the latest releases shown first. We’ll add info about new updates as they’re rolled out.

Note: This story covers updates released to regular Office 365 for Windows subscribers. If you’re a member of Microsoft’s Office Insider preview program or want to get a sneak peek at upcoming features, see the company’s “What’s new for Office Insiders” page.

Version 2003 (Build 12624.20320)

Release date: March 25, 2020

This update introduces several new features and fixes a number of bugs. In Outlook, you can now drag email to a group, and also more easily log into Wi-Fi networks. Co-authoring in Word has been sped up so that collaborators see changes more quickly. And throughout the Office suite, you can now apply sensitivity labels to prompt you for custom permissions.

Among the bugs fixed are one in which Excel crashed in certain cases when reopening a workbook embedded in Word or PowerPoint, and another in which copying a shape in PowerPoint slide might fail.

Get more info about Version 2003 (Build 12624.20320).

Version 2002 (Build 12527.20278)

Release date: March 10, 2020

This update has a single bug fix and addresses several security issues in Word. It fixes an issue in Project in which the OnUndoOrRedo event doesn’t fire without first running the OpenUndoTransaction method. It also plugs four Remote Code Execution Vulnerabilities in Word. Find more details in the security release notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2002 (Build 12527.20278).

Version 2002 (Build 12527.20242)

Release date: March 1, 2020

This update has only a single, minor change: an Outlook bug that that wouldn’t allow third-party applications to send email has been fixed.

Get more info about Version 2002 (Build 12527.20242).

Version 2002 (Build 12527.20194)

Release date: February 25, 2020

This update includes a few minor new features and fixes several bugs. In Excel and Word, you can now save objects as such as charts, shapes, ink, icons and pictures as an SVG (scalable vector graphics file). Click here for details. In Excel, you can also get at-a-glance analysis of the data in your columns, identify error and empty values, and see distribution histograms using the Query Editor.

In Excel, an issue was fixed in which CUBEVALUE functions would sometimes return an incorrect result. Among several Outlook bug fixes are one that that caused commas in the location field of a meeting to turn into semicolons, and another that could cause a crash when viewing the same item in multiple windows.

Get more info about Version 2002 (Build 12527.20194).

Version 2001 (Build 12430.20288)

Release date: February 19, 2020

This update includes “various bugs and performance fixes,” which Microsoft has not detailed.

Get more info about Version 2001 (Build 12430.20288).

Version 2001 (Build 12430.20184)

Release date: January 30, 2020

This update includes new features for Excel, Outlook and Word, along with bug fixes. In Excel, you can now respond to comments and mentions from within email without opening the workbook. Excel also gets a new XLOOKUP function that lets you search in a table by range or row. A new group naming policy in Outlook lets IT admins standardize and manage the names of groups created by users in an organization. Word now lets you save shapes as pictures and use the Lasso tool on the Draw tab to help select objects drawn with ink.

A bug has been fixed in Access that can cause Access to fail to identify an Identity Column in a linked SQL Server table, which can cause rows to be reported as deleted incorrectly. Also fixed was a bug in Excel and Outlook that caused users to experience crashes when renaming a signature.

Get more info about Version 2001 (Build 12430.20184).

Version 1912 (Build 12325.20344)

Release date: January 22, 2020

This very minor update resolves a single issue in which Microsoft Access failed to identify an Identity Column in a linked SQL Server table, which could have caused rows to be reported as deleted incorrectly.

Get more info about Version 1912 (Build 12325.20344).

Version 1912 (Build 12325.20298)

Release date: January 14, 2020

This security update addresses security issues in Excel and the entire Office suite. It plugs holes in three Microsoft Excel Remote Code Execution Vulnerabilities, and one in a Microsoft Office Memory Corruption Vulnerability. Find more details in the security release notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1912 (Build 12325.20298).

Version 1912 (Build 12325.20288)

Release date: January 8, 2019

This update includes a new feature that can create looping GIFs in PowerPoint, and new accessibility features for Outlook and PowerPoint. In PowerPoint, the new Accessibility Checker helps you arrange objects on your slides with screen readers in mind. And Outlook now displays an alert reminding you to make your content accessible when sending mail to a user who prefers accessible content.

There are also a variety of minor bug fixes, including fixing an issue in Outlook that caused users to experience hangs in Outlook when retrieving Cloud Settings, and an issue in Word in which the building blocks organizer had displayed an invalid alert: “You have modified styles, building blocks.”

Get more info about Version 1912 (Build 12325.20288).

Version 1911 (Build 12228.20364)

Release date: December 10, 2019

This update offers a few minor bug fixes and several security updates. It fixes the right-click menu for Excel’s Pivot Charts to enable the “Show Detail” option and also fixes an issue in Outlook that allowed web add-ins to access Digital Rights Managed messages.

Among the security updates are those that fix an Excel Information Disclosure Vulnerability, a Word Denial of Service Vulnerability and a PowerPoint Remote Code Execution Vulnerability. For details, see the security update release notes.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1911 (Build 12228.20364).

Version 1911 (Build 12228.20332)

Release date: December 3, 2019

This update offers a few minor features and fixes a variety of bugs. Six new functions have been added in Excel: FILTER, SORT, SORTBY, UNIQUE, SEQUENCE and RANDARRAY. Excel also now has a data visualizer add-on that can create flow charts in Visio. Word’s co-authoring capabilities have been improved, making it more likely changes will be seen by others in real time.

Among the bugs fixed are one that caused crashes when users searched for recent files in Excel while no workbook was open, and another in which Office updates unexpectedly downloaded files from the Office CDN instead of the intended source, such as a local or network share or Configuration Manager-provided location.

Get more info about Version 1911 (Build 12228.20332).

Version 1910 (Build 12130.20410)

Release date: November 22, 2019

Microsoft isn’t saying much about this update except that it includes “various [unnamed] bugs and performance fixes.”

Get more info about Version 1910 (Build 12130.20410).

Version 1910 (Build 12130.20390)

Release date: November 18, 2019

This update includes unnamed bug and performance fixes in Microsoft’s description. It also fixes two issues with Outlook, one that caused users to see the location field in meetings change unexpectedly, and another that caused users to see an empty message box with an “OK” button when trying to contact support from the Account Creation context.

Get more info about Version 1910 (Build 12130.20390).

Version 1910 (Build 12130.20344)

Release date: November 12, 2019

This security update comprises two fixes for Excel, including Remote Code Execution Vulnerability CVE-2019-1448 and Information Disclosure Vulnerability CVE-2019-1446, and two for the entire Office suite, including ClickToRun Security Feature Bypass Vulnerability CVE-2019-1449 and Information Disclosure Vulnerability CVE-2019-1402.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1910 (Build 12130.20344).

Version 1910 (Build 12130.20272)

Release date: October 30, 2019

This update introduces a wide variety of minor new features, including one for Excel, Word and PowerPoint that checks PDFs you create for accessibility issues and offers fixes, and another for Excel, Word, Outlook and PowerPoint that applies sensitivity labels to your documents and emails to keep them compliant with your organization’s information protection policies. Word also gets coauthoring improvements.

Get more info about Version 1910 (Build 12130.20272).

Version 1909 (Build 12026.20344)

Release date: October 22, 2019

This very minor non-security update fixes a bug in Microsoft Project, in which users could get several messages when opening a read-only project. And in order to protect Office users’ security, Microsoft Office updates are now being signed using the SHA-2 algorithm exclusively.

Get more info about Version 1909 (Build 12026.20344).

Version 1909 (Build 12026.20334)

Release date: October 14, 2019

This very minor non-security update fixes a single bug that affects the entire Office suite. The bug didn’t allow people to save Word, Excel, and PowerPoint documents when they tried to create a new file and bring up the “Save as Model Dialog” option after clicking on the Save icon or pressing Ctrl + S.

Get more info about Version 1909 (Build 12026.20334).

NOTE: On Oct. 15, 2019, Microsoft released an unnamed update that temporarily disables the Cloud Save dialog to address the saving issue addressed on Oct. 14. Microsoft says the feature will be re-enabled soon.

Version 1909 (Build 12026.20320)

Release date: October 8, 2019

This build includes a security update and a number of minor bug fixes. In Outlook, several bugs were squashed, including one that wouldn’t allow people to open some instances of recurring calendar items, and another that caused Outlook to crash when a profile was being created. PowerPoint had an issue fixed that caused data loss when coauthoring and offline editing.  For the entire Office suite, several issues were fixed, including one that crashed Office when files were opened. In addition, Microsoft Updates are now signed using the SHA-2 algorithm exclusively in order to improve security.

There are also fixes for two Excel Remote Code Execution Vulnerabilities, detailed in CVE-2019-1327 and CVE-2019-1331.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1909 (Build 12026.20320).

Version 1909 (Build 12026.20264)

Release date: September 30, 2019

This build offers a variety of new features and fixes several bugs. In Outlook, it’s now easier and faster to update shared calendars. In addition, when you search through your mail, the most relevant email messages are now grouped at the top of the results.

PowerPoint lets you save illustrations as SVG files, and you can now animate an ink drawing so that it replays either forward or backward during the presentation. In Excel, Word, and PowerPoint you can now more easily share files by using the “recently used” list without having to open the file.

Get more info about Version 1909 (Build 12026.20264).

Version 1908 (Build 11929.20300)

Release date: September 10, 2019

This build offers several minor bug fixes and a security update. In Outlook, a bug was fixed that caused some users to encounter authentication errors when trying to retrieve their cloud settings. In PowerPoint, an issue was fixed that prevented some animations from starting. For the entire Office suite, an issue was fixed that caused large tree views to fail.

There are also security fixes for Excel and the entire Office suite, including a Microsoft Excel Information Disclosure Vulnerability, a Microsoft Excel Remote Code Execution Vulnerability, a Jet Database Engine Remote Code Execution Vulnerability affecting the entire suite, and a Microsoft Office Security Feature Bypass Vulnerability affecting the entire suite.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1908 (Build 11929.20300).

Version 1908 (Build 11929.20254)

Release date: August 26, 2019

This build offers a several new minor features throughout Office. You now have more control over text boxes and borders in Excel, Word and PowerPoint, and you can also more easily insert and manage icons in those applications as well as in Outlook. The entire Office suite also gets new icons. In addition, there are a variety of bug fixes.

Get more info about Version 1908 (Build 11929.20254).

Version 1907 (Build 11901.20218)

Release date: August 13, 2019

This build offers two minor bug fixes and a variety of security updates for Outlook, Word and the entire Office suite. Among the security issues fixed are remote code execution vulnerabilities in Outlook and Word and a Jet database engine remote code execution vulnerability in the entire Office suite. (See the security release notes for details.)

The non-security changes include fixing an issue in Outlook in which users having their mailbox upgraded from basic to modern authentication were ending up with the wrong account associated with their Outlook profile.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1907 (Build 11901.20218).

Version 1907 (Build 11901.20176)

Release date: July 29, 2019

This build offers a variety of new features for Excel, Outlook, PowerPoint and Word. It’s now easier to code using Power Query in Excel, with enhancements including autocomplete and syntax coloring. In Outlook, when you type a person’s name in the Search box, the most relevant email messages will now be included alongside your search suggestions. PowerPoint lets you save a video to Microsoft Stream, which lets you insert a streaming video instead of the entire file into a presentation to reduce file sizes. Word now has two different sized erasers so you can fix small inking imperfections.

In addition, Excel, PowerPoint and Word make it easier to create map charts, and also let you decide whether links to Office documents should open in the appropriate app or instead in a browser.

Get more info about Version 1907 (Build 11901.20176).

Version 1906 (Build 11727.20244)

Release date: July 9, 2019

This build has security updates for Excel, Outlook, Skype for Business and the entire Office suite. For details, see these release notes. In addition, there is a fix to an Outlook bug that caused the current folder search to intermittently fail.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1906 (Build 11727.20244).

Version 1906 (Build 11727.20230)

Release date: June 27, 2019

This extremely minor build has only a single change: It fixes an issue that caused a subset of POP3 users to see all of their emails formatted as plain text, regardless of their settings. Users who want to see their messages formatted with HTML can now do so.

Get more info about Version 1906 (Build 11727.20230).

Version 1906 (Build 11727.20210)

Release date: June 24, 2019

This build offers a variety of new features for several Office applications, primarily Outlook. Outlook gets a simplified Ribbon that tames its frequently complex interface. (The simplified Ribbon has been available in a preview for quite some time, but now is officially launched.) In addition, you can now synchronize more than 500 folders when syncing shared mailboxes. The previous limit was 500. The quick action menu can also be customized.

You can now insert 3D animated graphics into Excel. In Word, multiple people can co-author documents in the open, XML-based.docm format. And in Skype, you can crop video in a meeting on a 4K monitor when the “Crop and Center my video in meetings” setting is turned on.

There are also a number of undocumented bugs and performance fixes, according to Microsoft.

Get more info about Version 1906 (Build 11727.20210).

Version 1905 (Build 11629.20246)

Release date: June 11, 2019

This build addresses two security holes in Word, remote code execution vulnerabilities CVE-2019-1034 and CVE-2019-1035.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1905 (Build 11629.20246).

Version 1905 (Build 11629.20214)

Release date: June 4, 2019

This build fixes a single, minor issue, one in which some add-ins caused unexpected errors to appear around shapes in PowerPoint charts.

Get more info about Version 1905 (Build 11629.20214).

Version 1905 (Build 11629.20196)

Release date: May 29, 2019

This build introduces minor new features to multiple Office applications. In Word, PowerPoint and Excel, if you @mention people in document comments, they will automatically receive an email notification that they’ve been mentioned, so they can check out the comments. Across all Office applications except Outlook, a new account manager is available; it displays all Office 365 work and personal accounts in a single location, making it easier to switch among them.

In addition, in PowerPoint, presenters’ words are automatically shown on screen as captions and can be translated into subtitles in the language of your choice. In Outlook, it’s now easier to add Outlook.com and Gmail accounts that use two-factor authentication.

Get more info about Version 1905 (Build 11629.20196).

Version 1904 (Build 11601.20204)

Release date: May 14, 2019

This build includes security fixes for a Microsoft Word Remote Code Execution Vulnerability, a Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability and a Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability. Go to the release notes for Office 365 ProPlus Security Updates for more details.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1904 (Build 11601.20204).

Version 1904 (Build 11601.20178)

Release date: May 8, 2019

This build includes “various bugs and performances fixes,” in Microsoft’s words, that Microsoft hasn’t provided any details on.

Get more info about Version 1904 (Build 11601.20178).

Version 1904 (Build 11601.20144)

Release date: April 29, 2019

This build includes a few minor updates. The most notable is the ability to find files by typing into the Search box on the File > Home page in Excel, PowerPoint and Word. The entire Office 365 suite sports a new set of icons, and the suite also gets an updated set of privacy controls, covering things such as the types of diagnostic data sent to Microsoft. Administrators, not Office users, have control over setting them. Here’s an overview of the new settings.

Get more info about Version 1904 (Build 11601.20144).

Version 1903 (Build 11425.20244)

Release date: April 23, 2019

This build includes “various bugs and performances fixes,” in Microsoft’s words, that Microsoft hasn’t provided any details on.

Get more info about  Version 1903 (Build 11425.20244).

Version 1903 (Build 11425.20228)

Release date: April 17, 2019

This build includes “various bugs and performances fixes,” in Microsoft’s words, that Microsoft hasn’t provided any details on.

Get more info about Version 1903 (Build 11425.20228).

Version 1903 (Build 11425.20218)

Release date: April 16, 2019

This build includes “various bugs and performances fixes,” in Microsoft’s words, that Microsoft hasn’t provided any details on.

Get more info about Version 1903 (Build 11425.20218).

Version 1903 (Build 11425.20204)

Release date: April 9, 2019

This build includes security updates for Excel and the entire office suite. Among the holes fixed are the Microsoft Excel Remote Code Execution Vulnerability, the Microsoft Graphics Components Remote Code Execution Vulnerability, and the Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability. For details, go to the security update’s release notes.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1903 (Build 11425.20202).

Version 1903 (Build 11425.20202)

Release date: April 1, 2019

This build includes minor updates for Excel, PowerPoint and Word. All three of them now have an accessibility checker which examines documents to see how accessible they are, and offers suggestions if they’re not. Go to Review > Check Accessibility to try it out. In addition, PowerPoint gives you more control over how its Morph feature works.

Get more info about  Version 1903 (Build 11425.20202).

Version 1902 (Build 11328.20158)

Release date: March 12, 2019

This build includes very minor bug and performance fixes — so minor that Microsoft has not detailed what they are.

Get more info about Version 1902 (Build 11328.20158).

Version 1902 (Build 11328.20146)

Release date: March 4, 2019

This build adds a variety of features to several Office applications. It’s now easier in PowerPoint to insert videos from YouTube and Vimeo. You can also hand-draw math expressions in PowerPoint and have them turned into standard characters.

Outlook lets you set meetings to end five to ten minutes early by default, so that people can easily attend back-to-back meetings. Outlook can now also read mail aloud. Excel lets you use @mentions in comments to let co-workers know when you’re looking for their input. And a new Ideas button in Excel lets you look for patterns in your data and uses them to create personalized suggestions for how to use the data.

Access now clearly lets you see the active tab, easily drag tabs to rearrange them, and close database objects with a click.

Get more info about Version 1902 (Build 11328.20146).

Version 1901 (Build 11231.20130)

Release date: January 31, 2019

This minor build includes small changes to Excel, Outlook, Visio and the entire Office suite. A reply box has been added to Excel, making it easier to make comments during collaboration. Outlook now lets you use animated GIFs in your emails. Visio gets a series of Azure stencils so you can design a cloud app or plan a cloud architecture. And the entire Office suite now allows Office add-ins to insert graphics in SVG format.

Get more info about Version 1901 (Build 11231.20130).

Version 1812 (Build 11126.20266)

Release date: January 14, 2019

This minor build addresses performance issues.

Get more info about Version 1812 (Build 11126.20266).

Version 1812 (Build 11126.20196)

Release date: January 8, 2019

This build includes both security fixes and a minor bug fix. The bug was an issue in Project in which you couldn’t uncheck the Critical, Late and Slack bar styles for the Gantt chart after you had checked one of them.

Security patches include closing an information disclosure vulnerability in Outlook, fixing a remote execution vulnerability and an information disclosure vulnerability in Word, and closing a remote code execution vulnerability for the entire Office suite.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about non-security changes in Version 1812 (Build 11126.20196) and security fixes in Version 1812 (Build 11126.20196).

Version 1812 (Build 11126.20188)

Release date: January 3, 2019

This build offers minor improvements to several Office applications. In Word, you can now use a feature called line focus that lets you move through a document with one, three, or five lines in view at a time. A new feature also lets you create a web page from a Word document by going to File > Transform > Transform to Web Page.

PowerPoint now lets you convert your ink to standard shapes and text, then get smart slide-design ideas from PowerPoint Designer. Outlook has new options for encrypting messages. And Word, Excel and PowerPoint all now let you keep track of accessibility issues in your documents without having to keep the accessibility checker open all the time.

Get more info about Version 1812 (Build 11126.20188).

Version 1811 (Build 11029.20108)

Release date: December 11, 2018

This build focuses only on security updates, including fixing two Microsoft Excel Remote Code Execution Vulnerabilities, two Microsoft Excel Information Disclosure Vulnerabilities, a Microsoft Outlook Remote Code Execution Vulnerability and a Microsoft PowerPoint Remote Code Execution Vulnerability.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1811 (Build 11029.20108).

Version 1811 (Build 11029.20079)

Release date: November 27, 2018

This build adds several minor features to Outlook, including letting you sort mail by flag status when using Focused Inbox and integrating the Focused Inbox better with search. PowerPoint now lets you add slide numbers to printed handouts. And for the entire Office suite, the Share, Copy Path to Clipboard, and Open File Location buttons are now more visible and more easily accessible.

Get more info about Version 1811 (Build 11029.20079).

Version 1810 (Build 11001.20074)

Release date: October 29, 2018

This build introduces new features throughout Office. In Excel, you’ll now be able to use a reply box to add and reply to comments in cells. You can also more easily edit text and formulas by using Ctrl-A to select text in a cell or the formula bar. In Outlook, it’s now easier to reserve a room via the calendar and to set your calendar to automatically dismiss reminders for events after they’ve ended.

PowerPoint gets new proofing tools. In addition, PowerPoint now takes rough, hand-drawn text and shapes it into finished diagrams. In Word, you can insert animated 3D graphics into documents.

In Access, Publisher, Project and Visio, Ribbon icons have gotten a new look. And in Excel, PowerPoint and Word you can change the opacity of a picture to, for example, allow text or information behind a picture to be visible.

Get more info about Version 1810 (Build 11001.20074).

Version 1809 (Build 10827.20181)

Release date: October 16, 2018

This non-security build fixes a variety of performance issues throughout the Office suite.

Get more info about Version 1809 (Build 10827.20181).

Version 1809 (Build 10827.20150)

Release date: October 9, 2018

This build focuses only on security updates, including fixing a Microsoft Excel Remote Code Execution Vulnerability, a Microsoft PowerPoint Remote Code Execution Vulnerability, a Microsoft Word Remote Code Execution Vulnerability, a Microsoft Graphics Components Remote Code Execution Vulnerability for the entire suite, and Microsoft Office Defense in Depth Updates for Outlook and Word.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1809 (Build 10827.20150).

Version 1809 (Build 10827.20138)

Release date: September 27, 2018

This update offers new features for Excel, Word, PowerPoint and Outlook, summarized below.

Excel

  • A new Ideas pane, which Microsoft says is powered by AI, analyzes your data and displays visuals about it, and offers suggestions on what to do with it.
  • Get & Transform has been tweaked by improving its connectors and the Column from Example feature.
  • Ribbon icons have a new look.
  • VLOOKUP, HLOOKUP, and MATCH calculations have been sped up.

Word

  • You can now use @mentions in comments to let collaborators know you want their input.
  • Equation Editor Converter lets you convert equations created using Microsoft Equation editor to Office Math ML format so they can be edited.
  • Ribbon icons have a new look.

PowerPoint

  • You can now insert animated 3D graphics in slides.
  • PowerPoint now has proofreading tools that offer grammar and writing suggestions.
  • Ribbon icons have a new look.

Outlook

  • Safe Links protect you from malicious URLs you receive, but they hide the original URL. You can now hover your mouse over a URL to see the original URL, even in links protected by Safe Links.
  • After you do a search, Outlook provides a suggested search query with spelling corrections.
  • A Coming Soon tool lets you try new features before they’re released.
  • Ribbon icons have a new look.

Get more info about Version 1809 (Build 10827.20138).

Version 1808 (Build 10730.20102)

Release date: September 11, 2018

This security update fixes four security issues: a Remote Code Execution Vulnerability and an Information Disclosure Vulnerability in Excel, a PDF Remote Code Execution Vulnerability in Word, and Win32k Graphics Remote Code Execution Vulnerability in the entire Office suite.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1808 (Build 10730.20102).

Version 1808 (Build 10730.20088)

Release date: September 5, 2018

This non-security update adds a variety of minor new features and fixes for several Office applications. In Outlook you can prevent people forwarding your meeting invitation. Visio gets 26 new stencils and lets you add diagram content, including shapes and metadata, to a Word document, then customize it to create process guidelines and operation manuals. The update also fixes an issue in Excel in which the dotted line marking the range of cells selected for copying does not disappear and remains in the clipboard even after a subsequent user operation like paste.

Get more info about Version 1808 (Build 10730.20088).

Version 1807 (Build 10325.20118)

Release date: August 14, 2018

This security update fixes vulnerabilities in Access, Excel, Outlook, and the entire Office suite. In Access there’s a fix for a remote code execution vulnerability (CVE-2018-8312), in Outlook there’s an update for Microsoft Office Defense in Depth (ADV180021), and in the Office suite, there’s a fix for an information disclosure vulnerability (CVE-2018-8378). Excel gets three security fixes: two remote code execution vulnerabilities (CVE-2018-8375 and CVE-2018-8379), and an information disclosure vulnerability (CVE-2018-8382).

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1807 (Build 10325.20118).

Version 1806 (Build 10228.20104)

Release date: July 10, 2018

This security update fixes three vulnerabilities: a Microsoft Access Remote Code Execution Use After Free Vulnerability in Access, a Microsoft Office Tampering Vulnerability in Outlook, and a Microsoft Office Remote Code Execution Vulnerability for the entire Office suite.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1806 (Build 10228.20104).

Version 1806 (Build 10228.20080)

Release date: June 25, 2018

This non-security update gives Office a variety of new features. In Excel, you can use Ctrl-A to select text in a cell or the formula bar. There’s also improved support for emojis and other complex characters. In PowerPoint, you can title your slides using a pen, and Project keeps a running list of where you’ve saved other projects. The way in which you create recurring appointments in Outlook has been tweaked — “End by” rather than “No end date” is now the default setting. Visio gets more stencils and more icons. And support for Scalable Vector Graphics (SVGs) has been added to Excel, PowerPoint, and Word.

Get more info about Version 1806 (Build 10228.20080).

Version 1805 (Build 9330.2118)

Release date: June 12, 2018

This release has on several security updates and two non-security fixes. Two security holes are fixed in Excel: a Microsoft Excel Information Disclosure Vulnerability and a Microsoft Excel Remote Code Execution Vulnerability. One security hole is fixed in Outlook: a Microsoft Outlook Elevation of Privilege Vulnerability.

In addition, a non-security issue has been fixed in Outlook in which an application calling the MAPI API could result in a crash. In Project, a non-security issue has been fixed in which users are blocked from saving a subproject when working with them through the context of a master project.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 1805 (Build 9330.2118).

Version 1805 (Build 9330.2087)

Release date: May 24, 2018

This extremely minor non-security update fixes a single issue, in which Outlook crashes when using the iCloud add-in.

Get more information about Version 1805 (Build 9330.2087).

Version 1805 (Build 9330.2078)

Release date: May 23, 2018

This update introduces a number of new minor features throughout Office. You can now chat with co-authors when collaborating in Word, Excel and PowerPoint. Voice input for a variety of purposes has been added to Outlook, PowerPoint and Word. Word now lets you use pen input to split or join words, add a new line, or insert words. Access gets 11 new charts for visualizing data. In Visio, the Organization Chart, Brainstorming, and SDL templates have new starter diagrams. In Outlook, you can more easily share your calendars. In addition, calendars shared from Outlook Desktop are now also available in Outlook Mobile.

Get more information about Version 1805 (Build 9330.2078).

Version 1804 (Build 9226.2156)

Release date: May 14, 2018

This extremely minor, non-security update fixes a single issue in which, when you open an application, you might see a message about launching in Safe mode and then the application fails to open.

Get more information about Version 1804 (Build 9226.2156).

Version 1804 (Build 9226.2126)

Release date: May 8, 2018

This security update addresses issues in Excel, Outlook and the entire Office suite. It fixes several Microsoft Excel Remote Code Execution Vulnerabilities and a Microsoft Excel Information Disclosure Vulnerability. In Outlook, a Security Feature Bypass Vulnerability is patched. And in the overall Office suite, two Remote Code Execution Vulnerabilities are fixed.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1804 (Build 9226.2126).

Version 1804 (Build 9226.2114)

Release date: April 25, 2018

This update includes a variety of minor feature enhancements. Outlook can now read your email to you. You can also set reminders in Outlook to pop up over windows in which you’re working. There’s also a new option for encrypting messages.

PowerPoint can now convert scribbled notes and drawings into readable text and crisp shapes. In Project, you can now switch from one sprint view to another, and quickly move tasks between sprints. And in Word, the Editor pane now displays an overview of proofing issues found in a document, so you can focus on fixing the ones that are most relevant to you.

Get more information about Version 1804 (Build 9226.2114).

Version 1803 (Build 9126.2152)

Release date: April 11, 2018

This update addresses a variety of security problems and fixes a number of small issues. It fixes a Microsoft Excel Remote Code Execution Vulnerability as well as two Office-wide Microsoft Office Remote Code Execution Vulnerabilities and an Office-wide Microsoft Office Information Disclosure Vulnerability. PowerPoint gets several non-security fixes, including one in which multiple users co-authoring the same presentation caused an incorrect duplication of slide masters. Word received a fix for an issue in which insufficient memory messages appeared.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1803 (Build 9126.2152).

Version 1803 (Build 9126.2116)

Release date: March 27, 2018

This non-security update fixes a number of small issues and adds several minor features. Microsoft Translator is now available from directly inside Excel and PowerPoint. Word, PowerPoint and Visio get improved support for high-definition displays. Several issues have been fixed in Excel, including one in which Quick Print of an Excel workbook attached to an Outlook email sometimes didn’t print, and another where using cube functions caused Excel to crash. And Outlook will now issue a blind carbon copy (Bcc) warning if you choose Reply All to a message that you were Bcc’ed on.

Get more information about Version 1803 (Build 9126.2116).

Version 1802 (Build 9029.2253)

Release date: March 13, 2018

This security update fixes vulnerabilities in Access, Excel and Word. A Microsoft Access Remote Code Execution Vulnerability was closed in Access, a Microsoft Office Excel Security Feature Bypass was closed in Excel, and a Microsoft Office Information Disclosure Vulnerability was closed in Word.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1802 (Build 9029.2253).

Version 1802 (Build 9029.2167)

Release date: February 26, 2018

This minor non-security update fixes a few minor bugs and adds several minor features. Among the new features are one in Outlook in which you can now see other people’s responses to meeting requests, even if you not the meeting organizer. In addition, Visio has a new database model diagram template that will let you accurately model your database as a Visio diagram. Among the issues fixed is one in which  Skype for Business hangs when using the “call using conference center” option to invite users from the roster.

Get more information about Version 1802 (Build 9029.2167)

Version 1801 (Build 9001.2171)

Release date: February 13, 2018

This security update fixes vulnerabilities in Excel, Outlook, and the entire Office suite. In Excel, it targets a remote code execution vulnerability, and in Outlook it fixes an elevation of privilege vulnerability and a memory corruption vulnerability. For the entire Office suite, it fixes a memory corruption vulnerability and an information disclosure vulnerability.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1801 (Build 9001.2171).

Version 1801 (Build 9001.2144)

Release date: February 7, 2018

This extremely minor, non-security update fixes only one very small bug in Excel: an issue in which if your editing language is Japanese, Chinese, or Korean, Excel may freeze when you try to choose a new font on the Home tab or when you edit.

Get more information about Version 1801 (Build 9001.2144).

Version 1801 (Build 9001.2138)

Release date: February 1, 2018

This minor, non-security update fixes small bugs in Project and Skype for Business. Among the bugs fixed in Project is one in which the “Progress point shape” is drawn at an unexpected location, and another in which Actual Work is still shown in the reporting tables after being removed in a Save for Sharing session.

Among the bugs fixed in Skype for Business is one in which “More Options” and “Invite More People” buttons are hidden when a meeting is in full-screen mode, and another in which the P2P audio call window or conference call window becomes transparent when you attempt to join.

Get more information about Version 1801 (Build 9001.2138).

Version 1712 (Build 8827.2179)

Release date: January 30, 2018

This minor, non-security update fixes two small bugs. In Excel, an issue was fixed in which scroll bars were missing when a workbook was opened with Excel minimized. In Outlook, an issue was fixed in which search failed with “No matches found” when search was set to All Mailboxes.

Get more information about Version 1712 (Build 8827.2179).

Version 1712 (Build 8827.2148)

Release date: January 17, 2018

This non-security update adds a variety of minor features throughout the Office suite. Excel, PowerPoint, Outlook, Visio, and Word can now transform SVG pictures and icons into Office shapes so their color, size, and texture can be changed. An issue was fixed in Excel in which workbook references failed when opening multiple workbooks by double-clicking on the file names in File Explorer. In PowerPoint, you can add animations to 3D models. Skype for Business gets a number of minor additions, including a new call transfer button in the toast user interface for incoming PSTN calls.

Get more information about Version 1712 (Build 8827.2148).

Version 1711 (Build 8730.2175)

Release date: January 9, 2018

This security update fixes 14 security holes in Outlook, Excel, Word and the entire Office suite. It fixes a number of separate remote code execution vulnerabilities in each of those applications and the entire suite, in which an attacker can run arbitrary code or take control of the entire system if the current user is logged on with administrative user rights. It also fixes several memory corruption vulnerabilities in Word, which would allow an attacker to take control of the entire system if the current user is logged on with administrative user rights.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1711 (Build 8730.2175).

Version 1711 (Build 8730.2165)

Release date: January 2, 2018

This very minor update fixes two bugs. It resolves a PowerPoint issue in which removing document properties and personal information prevents saving to SharePoint. And it fixes a Project issue in which VBA code gets lost from projects.

Get more information about Version 1711 (Build 8730.2165).

Version 1711 (Build 8730.2127)

Release date: December 12, 2017

This security update fixes one vulnerability in Outlook and one in PowerPoint. It fixes the Microsoft Office Information Disclosure Vulnerability in Outlook, in which an attacker could potentially extract plain-text content from DRM-protected draft emails because Outlook failed to enforce copy/paste permissions on them. It also fixes a Microsoft PowerPoint Information Disclosure Vulnerability that would allow an attacker to craft a special document file, convince a user to open it, and then compromise the user’s computer and its data.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1711 (Build 8730.2127).

Version 1711 (Build 8730.2122)

Release date: December 6, 2017

This non-security update adds two very minor features and has a variety of bug fixes. In PowerPoint, when you export a presentation to video, you can now save it in Ultra HD (4K) resolution. In Word, you can have the status bar display a document’s word count as you type. Enable the option from the Customize Status Bar menu.

Project has six bug fixes, including one where the application hangs when using the Task Path feature, and another in which you can’t drag tasks in the Timeline and Team Planner view. Skype for Business has nine bug fixes, including for one in which LinkedIn data does not appear in the Skype for Business Contact Card, and another in which in Conversation History, the caller is shown instead of the called person. This would happen when the called person’s work number is modified using Active Directory.

Get more information about Version 1711 (Build 8730.2122).

Version 1710 (Build 8625.2139)

Release date: November 22, 2017

This extremely minor update has only two bug fixes. It fixes an issue in which users incorrectly see a “catastrophic failure” error message when opening an Office 2007 or older workbook (.xls or .xla) with macros. And it also fixes a bug in which Office crashes when users try to activate Office using the Activate Office dialog box.

Get more information about Version 1710 (Build 8625.2139).

Version 1710 (Build 8625.2132)

Release date: November 20, 2017

This update focuses on minor bug fixes, including one in which Excel crashes when a user tries to insert an object in an existing workbook and clicks Browse, and another in Excel in which the dialog box to enter the password to unlock a protected range isn’t visible. The entire Office suite also received minor bug fixes for several issues, including one with zooming and scaling in Office Add-ins under dynamic DPI environment.

Get more information about Version 1710 (Build 8625.2132).

Version 1710 (Build 8625.2127)

Release date: November 14, 2017

This update focuses primarily on security. Included are three fixes to Excel security holes, including two memory corruption vulnerabilities and one security feature bypass vulnerability. In addition, Word and the entire Office suite received security fixes. Also included is a fix to a bug in Excel in which users couldn’t close a workbook in protected view when the file name contained square brackets.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1710 (Build 8625.2127).

Version 1710 (Build 8625.2121)

Release date: November 2, 2017

This non-security feature update adds a few minor capabilities and fixes several issues. Word, PowerPoint and Excel all get a new pencil-like digital pen texture. You can also now use Microsoft Translator from directly in Word and translate words, phrases or the entire document. Project gets a variety of bug fixes, including one in which graphical indicators weren’t displaying correctly.

Get more information about Version 1710 (Build 8625.2121).

Version 1709 (Build 8528.2139)

Release date: October 16, 2017

This non-security feature update adds a few minor capabilities and fixes a number of bugs. Word gets a SharePoint property panel that lets you display and edit SharePoint document library column values from within a document via a new button on the View tab. In PowerPoint, you can now run a slideshow using a digital pen on a touchscreen device — a feature that requires the Windows 10 Fall Creators Update. Among the bugs fixed is one in which Project can crash when going to reports that contain several images.

Get more information about Version 1709 (Build 8528.2139).

Version 1708 (Build 8431.2107)

Release date: October 10, 2017

This security update plugs holes in Outlook, Word and the entire Office suite.  Outlook gets two fixes, one for a security feature bypass vulnerability and another for an information disclosure vulnerability. Word gets one security fix, for a memory corruption vulnerability, and the entire suite gets one for a remote code execution vulnerability.

What IT needs to know: Because of the security fixes in this update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1708 (Build 8431.2107).

Version 1708 (Build 8431.2094)

Release date: October 4, 2017

This non-security, non-feature update fixes a wide variety of bugs – 10 in Excel alone. Among the Excel fixes is one where Excel crashes when opening an .XLL file, and another in which the AutoSave toggle isn’t visible. In Outlook, one of the issues fixed is when Outlook crashes when the user is trying to set up a new account and they close the window without completing the account setup. Word, PowerPoint and Access also get a variety of miscellaneous fixes.

And several issues were fixed with the entire Office suite, including one in which Office file properties aren’t displayed in File Explorer, and another in which Office add-in buttons disappear from the ribbon when there is a second document open.

Get more information about Version 1708 (Build 8431.2094).

Version 1708 (Build 8431.2079)

Release date: Sept. 18, 2017

This update adds new features and fixes a variety of bugs. You can now add 3D objects to Excel, Word, Outlook and PowerPoint that you can rotate 360 degrees and tilt up and down. Excel, Word and PowerPoint also get new ink effects with metallic pens including rainbow, galaxy, lava, ocean, gold and silver. Access has two new connectors to Microsoft Dynamics and Salesforce. A number of miscellaneous, minor bugs have been fixed in Project and Skype, including one in Project in which the status field doesn’t always calculate correctly for summary tasks, and one in Skype in which unread messages in persistent chat rooms are marked as read when you click IM conversation tabs.

Get more information about Version 1708 (Build 8431.2079).

Version 1707 (Build 8326.2107)

Release date: Sept. 12, 2017

This update focuses primarily on security issues, and includes security patches for Excel, PowerPoint, Skype and the entire Office suite. Among the fixes are two that have to do with memory corruption vulnerabilities in Excel, and two with remote code execution vulnerabilities in PowerPoint. Excel and PowerPoint also get minor, non-security patches.

What IT needs to know: Because of the security fixes in this update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1707 (Build 8326.2107).

1 2 Page 2

Version 1707 (Build 8326.2096)

Release date: Aug. 29, 2017

This extremely small non-security update fixes only a single issue, in which end-user defined characters (EUDCs) that are linked to fonts fail to display.

Get more information about Version 1707 (Build 8326. 2096).

Version 1707 (Build 8326.2087)

Release date: Aug. 24, 2017

This very minor non-security update fixes one issue in Visio and three that affect the entire Office suite. In Visio, the bug squashed occurred when COM add-ins don’t receive document opened events when a Visio file is opened by a double-click on a file icon or file name. The overall Office fixes include one in which hovering over a Common Control with a tooltip on it caused the application you’re using to crash.

Get more information about Version 1707 (Build 8326. 2087).

Version 1707 (Build 8326.2076)

Release date: Aug. 18, 2017

This very minor non-security update fixes two issues in Outlook and two in Word. In Outlook, it fixes a problem that causes intermittent crashes when opening Outlook, and another that makes it impossible to configure an IMAP account in Outlook. In Word, it fixes a problem that causes Word to crash when recovering cloud-based files, and another in which Word closes unexpectedly when loading the Grammarly add-in.

Get more information about Version 1707 (Build 8326.2076).

Version 1707 (Build 8326.2073)

Release date: Aug. 11, 2017

This extremely minor non-security update fixes only one Excel issue, in which a data refresh doesn’t succeed or Excel crashes when using data from a SQL Server Analysis Services server and the locale of Excel and the locale of the SQL Server Analysis Services server differ.

Get more information about Version 1707 (Build 8326.2073).

Version 1705 (Build 8201.2171)

Release date: Aug. 8, 2017

This extremely minor non-security update fixes only three small issues, including one that prevents the What’s New dialog from appearing, and another with how some program files are signed, causing anti-virus programs to flag those files and have problems protecting or accessing data under Windows Information Protection (WIP). Also fixed is an Outlook issue that occurs when the scrollbar is dragged to move through a list of messages.

Get more information about Version 1705 (Build 8201.2171).

Version 1707 (Build 8326.2062)

Release date: July 31, 2017

This extremely minor non-security update fixes only one problem, an issue with Skype for Business in which non-English characters in chat and chat history are garbled.

Get more information about Version 1707 (Build 8326.2062).

Version 1707 (Build 8326.2059)

Release date: July 28, 2017

This extremely minor update fixes an issue with how some program files are signed, causing antivirus programs to flag those files as potentially dangerous. It also fixes problems protecting or accessing data under Windows Information Protection (WIP).

Get more information about Version 1707 (Build 8326.2059).

Version 1707 (Build 8326.2058)

Release date: July 27, 2017

The big news in this feature update is that Excel finally gets the collaborative editing features that Word and PowerPoint have had since Office 2016 was released nearly two years ago, in September 2015. People can now simultaneously work on a workbook, seeing each other’s edits. Excel also gets an AutoSave button, which when turned on automatically saves workbooks. PowerPoint gets the same feature. Also new in PowerPoint is that slides that have been modified by others are highlighted in a color, to make it easier to see at a glance which have been changed.

Other Office applications get a variety of minor additions, such as data connectors in Access now being able to import data from or link to data stored in Microsoft Dynamics or Salesforce. In Word, you can now create and edit equations using LaTeX syntax.

What IT needs to know: This update includes several security fixes for Outlook. Because of the security fixes, the update should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1707 (Build 8326.2058).

Version 1706 (Build 8229.2103)

Release date: July 19, 2017

This non-security update fixes a variety of very minor bugs, including one in Excel in which errors appear when trying to save changes to documents synced with the OneDrive client. The update also fixes a bug in Word that prevents shapes within the drawing canvas from being rotated.

Get more information about Version 1706 (Build 8229.2103).

Version 1706 (Build 8229.2086)

Release date: July 13, 2017

This security update fixes two security vulnerabilities in Excel and one in the Office suite overall. Both holes in Excel are memory corruption vulnerabilities. Attackers who exploit either could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take control of the system. The overall Office hole is a remote code execution vulnerability, which would also allow attackers to take control of the system if the current user is logged on with administrative user rights.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1706 (Build 8229.2086).

Version 1706 (Build 8229.2073)

Release date: June 28, 2017

This feature update lets you choose a personal set of pens, highlighters and pencils in Word, Excel and PowerPoint. Choose them for one of the applications, and the same ones become available in the other two. In addition, when you insert pictures from the internet in Word, Excel and PowerPoint, attribution information for the pictures is inserted along with the pictures themselves.

In PowerPoint, when you create a chart, Designer will recommend designs for it based on the slide type and content in it. Excel gets a small Ribbon addition: You can now insert superscripts or subscripts by choosing Effects from the Font group on the Ribbon. You can also add subscripts and superscripts to the Quick Access toolbar. In addition, Outlook has gotten a new wizard for setting up new email accounts.

Get more information about Version 1706 (Build 8229.2073).

Version 1705 (Build 8201.2102)

Release date: June 13, 2017

This security update closes a variety of holes in Outlook, Skype for Business, Word, and the overall Office suite, including remote code execution vulnerabilities in Outlook, Word and Office. The update also fixes a minor bug in Excel in which Excel doesn’t set the sheet protection password when applied programmatically for workbooks created in Excel 2010 or earlier.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1705 (Build 8201.2102).

Version 1705 (Build 8201.2075)

Release date: June 7, 2017

In this feature update, Excel gets a few small additions, including rearranged buttons on the Ribbon’s Data tab and the ability to export any query definition into an Office Database Connection (ODC) file and then share it across workbooks or with others. PowerPoint lets you add closed captions to videos, and Designer now recommends design ideas for charts added to your slides.

Get more information about Version 1705 (Build 8201.2075).

Version 1704 (Build 8067.2157)

Release date: June 1, 2017

This update fixes two minor bugs in OneNote and Outlook, one where the Outlook navigation pane stops rendering when the PC is low on memory, and one in which the OneNote canvas hides content or updates when many paragraphs are in view.

Get more information about Version 1705 (Build 8201.2157).

Version 1704 (Build 8067.2115)

Release date: May 18, 2017

With this feature update, Excel users can now personalize the default PivotTable layout and more easily import data from various sources. Outlook gets a new “focused inbox” feature, which divides the inbox into two tabs, Focused and Other. The messages that Outlook determines are the most important are put into the Focused tab, based on the content of the messages and whether they’re from someone with whom you frequently interact. Also, in Excel, Outlook, PowerPoint and Word, you can now easily insert links to websites you’ve visited recently into files and emails — you’ll be able to choose them from a dropdown list.

What IT needs to know: With this update, admins can deploy and update add-ins for Excel, PowerPoint and Word to users or groups from the Office 365 admin center.

Get more info about Version 1704 (Build 8067.2115).

Version 1703 (Build 7967.2161)

Release date: May 9, 2017

This security update fixes assorted holes, including remote code execution vulnerabilities throughout Office, Word and Skype for Business.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1703 (Build 7967.2161).

Version 1703 (Build 7967.2139)

Release date: April 21, 2017

In this feature update, PowerPoint gets a QuickStarter feature, which creates an outline of the topic of your presentation, and offers suggestions for design and talking points. You can also use new Data Visualizer templates in Visio to automatically create a Basic Flowchart or Cross-Functional Flowchart from Excel data. A new Activity button in the upper right corner of Excel, PowerPoint and Word lets you see when a file shared in OneDrive for Business or SharePoint was shared, edited, renamed or restored. Excel, PowerPoint, Outlook and Word get the new Dubai font, which supports Arabic and Western European languages.

Get more information about Version 1703 (Build 7967.2139).

Version 1702 (Build 7870.2038)

Release date: April 11, 2017

This security update fixes two holes in Outlook, one of which allows an attacker to take control of a PC and install programs; view, change or delete data; or create new accounts with full user rights. It also fixes a remote code execution vulnerability in Office and WordPad that allows attackers to do the same thing.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1702 (Build 7870.2038).

Version 1702 (Build 7870.2031)

Release date: March 27, 2017

This update fixes bugs in Excel and Outlook, including one in which Excel crashes when a user tries to apply cell-level permissions, and one in Outlook in which users can’t search through .PST files.

Get more information about Version 1703 (Build 7870.2031).

Version 1702 (Build 7870.2024)

Release date: March 14, 2017

This security update fixes a variety of holes in Excel, Skype for Business and Word.

What IT needs to know: Because this is a security update, it should be applied soon. Over the next few days, check for reports about problematic issues, and if all seems well, apply the update.

Get more information about Version 1703 (Build 7870.2024).

Version 1702 (Build 7870.2020)

Release date: March 9, 2017

With this feature update, PowerPoint gets a digital ruler that make it easier to draw straight lines or align a set of objects on touch screens. Word, Excel, PowerPoint and Outlook get a new tool that lets you remove picture backgrounds to make the main image stand out more. In Word, you can use a new Side to Side command on the View tab that lets you flip through a document two pages at a time on a touch screen. Those with non-touch screens can use the horizontal scroll bar or mouse wheel to move through the pages.

Get more information about Version 1702 (Build 7870.2020).

Version 1701 (Build 7766.2060)

Release date: February 23, 2017

With this feature and bug-killing update, you can use a digital pen in Word to select and change objects. In Outlook you can collaborate in real time on attachments uploaded to OneDrive for Business. A variety of bugs have also been fixed throughout Office, including an image-cropping bug in PowerPoint that caused the cropped portion of the image to appear dark.

Get more information about Version 1701 (Build 7766.2060).

Version 1612 (Build 7668.2074)

Release date: January 31, 2017

This update fixes minor issues in OneDrive for Business and Skype for Business, including one in which Skype hangs when multiple conversation windows are open simultaneously.

Get more information about Version 1701 (Build 7668.2074).

Version 1612 (Build 7668.2066)

Release date: January 25, 2017

This feature update lets you see who has made changes to shared files in Word, PowerPoint and Excel and lets you restore earlier versions of the files. The update also lets you use a digital pen to select and change objects in Excel. In addition, there are also a variety of bug fixes, including an issue with Office’s digital ink feature that causes the ink to shift slightly when the mouse button is released.

Get more information about Version 1612 (Build 7768.2066).

Version 1611 (Build 7571.2109)

Release date: January 4, 2017

This update fixes a variety of issues, including one in which the default template doesn’t appear under File > New in PowerPoint, and another in which Excel hangs or crashes when closing.

Get more information about Version 1701 (Build 7571.2109).

Version 1609 (Build 7369.2024)

Release date: October 4, 2016

This feature update makes it easier to find and reuse content in Word and Outlook from a business’s relevant documents. (Note: This feature is available only in Office 365 Business Premium, E3 or E5.) It also lets you create a PowerPoint presentation composed of recorded slides, screen recordings and inserted videos, and share it to be viewed remotely.

Get more information about Version 1609 (Build 7369.2024).

Version 1605 (Build 6965.2053)

Release date: June 6, 2016

In this feature update, collaboration capabilities are grouped together on the Ribbon for Word and PowerPoint. In addition, in PowerPoint, multiple users can edit different elements in a SmartArt graphic simultaneously.

What IT needs to know: An AD RMS rights policy template setting will ensure that the “Grant owner (author) full control right with no expiration” setting is honored when applied to new Word, Excel and PowerPoint documents, especially if the setting is disabled. If the setting is disabled, the user will see a warning that applying the template might restrict access to the document.

Get more information about Version 1605 (Build 6965.2053).

Version 1602 (Build 6741.2017)

Release date: March 17, 2016

This feature update makes it easy to de-clutter your inbox by quickly moving an item stored in your Inbox or any other folder to an archive folder. It also introduces the Groups feature to Outlook, which lets you collaborate and communicate with others by storing all of your project or team information, such as emails, discussions and events, in one shared location.

Get more information about Version 1602 (Build 6741.2017).

Version 1601 (Build 6568.2025)

Release date: February 16, 2016

This feature update lets you use your finger or pen to write and draw, and use the tools on the new Draw tab to highlight content in Word, Excel and PowerPoint. It also adds a new black theme to Word, Excel, PowerPoint, Outlook and OneNote. Funnel charts, which display values as progressively decreasing proportions, have been added to Excel. In PowerPoint, when collaborating on a presentation with others, you can see which slide they are working on.

Get more information about Version 1601 (Build 6568.2025).

Version 1509 (Build 4229.1024)

Release date: September 22, 2015

This was the Office 2016 release. Here’s a summary of what was new:

  • Office 2016 introduced a new Sharing pane that allows live collaboration with others in Word, PowerPoint and OneNote if the document is stored in OneDrive, OneDrive for Business or SharePoint Online.
  • Delve and Office 365 Planner were introduced for business versions of Office 365. Delve lets you see in-depth information about people with whom you work. Office 365 Planner makes it easier to plan and projects with others, using a central Planner Hub.
  • Outlook took on email overload with the introduction of a “Clutter” folder, where Outlook sends mail it determines to be non-essential. (It learns, over time, what is essential and what isn’t.) A Groups folder was introduced to business versions of Outlook, making it easier to track communications in the group, including conversation threads, meeting requests and videos.
  • TellMe was introduced, which makes it easier to find out how to accomplish tasks in Excel, Word and PowerPoint: Just type what you want to do in a “Tell me what you want to do” text box at the top of the screen.
  • Smart Lookup was introduced, which makes it easier to do research or fact-checking by doing a Bing search on a word or group of words. It’s available in Word, PowerPoint or Excel.
  • The Ribbon was given a solid color rather than white, with each Office application given its own identifying color.
  • Excel added six new charts, including Treemap, Sunburst, Waterfall, Histogram, Pareto and Box & Whisper.
  • Backstage (get there by clicking File on the Ribbon) shows you the email addresses of cloud-based services you’ve connected to your account, including SharePoint and OneDrive.

For a full review of Office 2016, see “Review: In Office 2016 for Windows, collaboration takes center stage.”

What IT needs to know:

  • Data loss protection (DLP) features were added to Word, PowerPoint and Excel. Previously, DLP was available only in communications-oriented tools, including Exchange, SharePoint, Outlook and OneDrive for Business.
  • System requirements for running Office 2016 were changed, including requiring 2MB of RAM.
  • Outlook received under-the-hood improvements, including some designed to improve Outlook’s stability on unreliable networks and others designed to reduce the download time of email. Outlook’s speed of search was also improved.
  • An updated MAPI-HTTP protocol that Microsoft claims is more internet-friendly was released for Outlook.
  • Users were given the ability to reduce the amount of storage space Outlook uses by choosing to keep one, three, seven, 14 or 30 days of email on their devices.
  • A new service, Background Intelligence Transfer Service (BITS), was introduced; it prevents network congestion during Office updates.
  • Office was better integrated with System Center Configuration Manager (SCCM) so administrators can more efficiently distribute monthly updates as well as control the number and pace of feature updates and bug fixes.

For more information about changes to Office 2016 that affect IT, see “What’s new for admins in Office 2016.”

Get more information about Version 1509 (Build 4229.1024).

Slack to integrate Microsoft Teams calling feature

Slack plans to integrate Microsoft Teams calling features into its own popular collaboration app, further enhancing available connections between the rival platforms. 

“We’re working on Teams integrations for calling features,” Slack co-founder and CEO Stewart Butterfield said during a call with a financial analyst on Thursday, according to CNBC.

Details about the integration, including an expected timeframe for availability, were not immediately available. 

Slack, which announced a major redesign last week, already integrates with Teams in a variety of ways. The company announced last year that it would connect with a range of Office 365 apps in several ways. That includes the ability to export emails from Outlook to Slack, as well as preview Word, Powerpoint and Excel files without switching between the tools.

Although the two companies are considered to be competitors in the workstream collaboration market, integrations between the two rival platforms are to be expected. Slack prides itself on having a wide array of integrations available to users, with more than 2,000 third-party tools in its app store. 

Both apps have seen a huge increase in use in recent weeks as the Covid-19 outbreak has forced more people to work from home. Teams, which launched in 2017 and has replaced Skype for Business as Microsoft’s core video meetings tool, now has 44 million daily active users – and added 12 million in one week as remote working surged. 

“This is a symbiotic relationship: Slack does not want the video conferencing market, and Microsoft recognizes the significance of the Slack and its growing corporate customer base,” said Wayne Kurtzman, a research director at IDC.  

“In my view, Slack and Microsoft work better together, and that underscores what a Slack partnership can offer Microsoft,” he said. “It would not surprise me to see more companies selecting Slack and Microsoft Teams integrations that are very beneficial to customers with fast-evolving needs.”

Butterfield announced in a series of tweets this week that use has increased rapidly as demand for team collaboration tools surges. 

The number of simultaneously concurrent users rose from 10 million on March 10 to 12.5 million on March 25, particularly in areas most affected by the outbreak; the creation rate of new Slack workspaces increased by “hundreds of percent” between  March 12 and to March 25, the company said.

Microsoft to stop serving non-security monthly updates to Windows

Beginning in May, Microsoft plans to halt the delivery of all non-security updates to Windows, another step in its suspension of non-essential revisions to the OS and other important products.

The optional updates, which Microsoft designates as Windows’ C and D updates, are released during the third and fourth week of each month, respectively.

“We have been evaluating the public health situation, and we understand this is impacting our customers,” Microsoft said to some understatement in a March 24 post to the Windows 10 messaging center. “In response to these challenges we are prioritizing our focus on security updates.”

Security updates, labeled as B updates, are better known as those released on Patch Tuesday – Microsoft prefers Update Tuesday – or the second Tuesday of each month. The stoppage of C and D updates will not affect the company’s patching efforts. “There is no change to the monthly security updates; these will continue as planned to ensure business continuity and to keep our customers protected and productive,” the message read.

The C and D updates are used to test non-security fixes which are to be officially released the following month as part of the all-encompassing Patch Tuesday cumulative update. According to Microsoft, the C and D updates should not be distributed to all Windows client systems. Instead, the D update, which Microsoft ships two weeks after one Patch Tuesday and two weeks before the next, should be used to “…test the updates included in the release and provide feedback, reducing the amount of testing necessary following Update Tuesday and, thereby, improving our ability to solve issues before they even happen.”

Because they’re optional, some customers simply skip them.

The most recent D update was released Tuesday for Windows 10 1903 and Windows 10 1909._

Windows 10’s C updates are relatively rare. In the five months since Microsoft released Windows 10 1909, for example, the version has been served three D updates but zero C updates.

Wednesday’s May shuttering of C and D updates is the latest move by Microsoft to limit update efforts to security fixes or reduce IT overhead while the COVID-19 pandemic upends business, businesses in general and business processes. So far this month, Microsoft has extended support for Windows 10 1709 an additional six months for customers running Windows 10 Enterprise or Education, and curtailed feature upgrades for its Edge browser.

Microsoft gave no explanation as to why it’s waiting until May to suspend the non-security updates, rather than put the policy into immediate effect and thus block potential updates expected on April 21 (C) and/or April 28 (D).

Reading between the lines about Microsoft 'pausing optional updates'

Yesterday, a post on the official Windows Release Information site said that Microsoft will, at least temporarily and starting in May, stop sending out the pesky “optional, non-security, C/D Week” patches we’ve come to expect. 

Those “optional” second-monthly patches are usually laden with many dozens of fixes for miscellaneous, minor bugs in Windows. For example, the second-monthly cumulative update for Win10 version 1903 released yesterday lists 31 different fixes, most of which only matter in very specific cases.

For example:

  • Addresses an issue that fails to return search results in the Start menu Search box for users that have no local profile.
  • Addresses an issue that prevents applications from closing. 

…and many more of that ilk.

Starting with Win10 1903, those “optional, non-security, C/D Week” patches aren’t automatically applied to your PC. They aren’t installed when you click Check for updates, either – a horrendous relic of a bygone era. In order to install the patches these days, you have to click on a specific link just for that patch that says Download and install now.

The “optional, non-security, C/D Week” patches are nothing more than a surrogate for a Windows Insider ring devoted to testing non-security patches on a released version of Win10. Microsoft should’ve turned the patches into an Insider ring years ago. But I digress.

Here’s what I don’t get. The official announcement goes like this:

Timing for upcoming Windows optional C and D releases

We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all supported versions of Windows client and server products (Windows 10, version 1909 down through Windows Server 2008 SP2).

There is no change to the monthly security updates (B release – Update Tuesday); these will continue as planned to ensure business continuity and to keep our customers protected and productive.

That’s the whole announcement.

I see what it’s trying to do – stop releasing “optional, non-security, C/D Week” patches – and that’s a laudable goal. That means fewer people will click and install a beta test version of Win10 without realizing what they’ve stepped into. But the specific wording of the announcement still has me scratching my head.

Here’s the ugly truth: Microsoft isn’t going to stop doing non-security patches. It can’t. Windows is so buggy in its current form that important things go bump in the night and need to be fixed. For example, this fix in the February “optional non-security, C/D Week” patch:

  • Updates an issue that prevents the Windows Search box from rendering properly. 

… tackled a problem that was encountered by thousands (millions?) of users. Then there are specific bugs that cry out for fixing, like this one from yesterday:

  • Addresses an issue that fails to return search results in the Start menu Search box for users that have no local profile. 

Win10 bugs aren’t going away any time soon, and Microsoft would be foolish to ignore them completely.

With that in mind, here’s what I think Microsoft is trying to say:

We won’t be sending out any more bundles of “optional, non-security, C/D Week” patches after April. (Hey, can we get an Insider Ring, folks?)

Patch Tuesday patches continue. Starting in June, the Patch Tuesday patches will include as few non-security patches as possible.

Of course, the point of this exercise is to improve the stability of Windows patches. I’m skeptical – after all, the non-security patches inevitably slipped into Patch Tuesday won’t be tested any more than the security patches. But there is hope. Perhaps by increasing the number of “Won’t Fix” bugs, the resulting patches will be more stable.

Perhaps.

And there’s one huge, looming question: How does Win10 version 2004 fit into all of this? Is Microsoft saying that the latest version of Windows will ship so bug-free that it doesn’t need loads of non-security patches?

One can always hope.

We’ll be following intently on AskWoody.com.

Pandemic will push Microsoft to repeat 2019's major-minor Win10 upgrade cadence

Although Microsoft has not yet said how it will deal out the year’s Windows 10 feature upgrades, it’s becoming clear there’s next to no reason for the company to diverge from 2019’s major-minor cadence.

As the death toll from the COVID-19 pandemic continues to climb worldwide, and the disruption of modern life and business continues to sow chaos, 2020 will be a tough year no matter how one cuts it. In a time of unprecedented changes triggered by the novel coronavirus, there’s no rationale to change what worked for Windows 10 last year.

Microsoft, of course, will do what it wants – and commercial customers will have to deal with the results. But there are good reasons why the Redmond, Wash. company should seriously rethink any plan to mess with 2019’s release scheme.

First, a short recap of last year

For the two years 2017 and 2018, Microsoft’s Windows 10 feature upgrade practice consisted of two more-or-less-equally-robust refreshes containing new features and functionality. Those upgrades arrived in the spring and fall, typically in April and October, and were tagged as yy03 and yy09, respectively.

But last year Microsoft altered that schedule. The spring upgrade, 1903 was a feature-and-functionality refresh. But the fall’s 1909 was little more than a rerun of its predecessor, albeit with a small number of additional minor features. (It was so like the long-unused “service pack” concept Microsoft relied on through Windows 7 that older customers immediately labeled it as such.) The two, 1903 and 1909, shared the same code by October, allowing Microsoft to deliver the latter as a standard monthly update, which users who migrated from spring to fall could install much faster than a typical feature upgrade.

Pundits and news outlets, including Computerworld, labeled the 2019 cadence as “major-minor” to describe the volume of change in each and their relative value. Enterprises that deployed 1909 – under Microsoft’s policy, that version provided 30 months of support to Windows 10 Enterprise and Windows 10 Education, a year’s worth more than 1903 – were generally upbeat about the fall upgrade, simply because there was less to it.

Still, Microsoft has so far declined to say how it would deliver Windows 10 upgrades in 2020. Two feature-rich releases? Or one real upgrade and a follow-up that is one in name only?

The company hasn’t yet shown its cards.

Delay Windows 10 2004

Microsoft may have finished 2004, the year’s first Windows 10 feature upgrade, but it’s not announced when it will release it.

But really, what’s the rush?

While the moniker may foretell April as its release (or even May, acknowledging the company’s habit of delivering upgrades a month after the designation), there’s no reason why Microsoft couldn’t delay its delivery to the summer or even later.

Developers have already made moves like this: Google suspended Chrome upgrades last week; Microsoft quickly followed suit, saying it would do the same for its Edge browser. Microsoft also extended support for Windows 10 1709 to Enterprise and Education SKU (stock-keeping units) customers by six months, until Oct. 13.

All these calls were made because of the pandemic’s impact on business, motivated by developers’ own decisions to send workforces home and by the realization that upgrades are superfluous when a crisis is at hand. IT personnel have enough to do to keep the technological lights on and users don’t need the kind of stress a botched upgrade would provoke when there is already a stress surplus generated by the virus.

“If it’s not broken, don’t fix it” never made so much sense.

If Microsoft issues Windows 10 2004 later than its numeric name implies – mid-to-late summer, say, for argument’s sake – the need for another feature-filled upgrade during the remainder of the year falls to zero when next year’s 2103 should land in April.

A service-pack-esque release in the vein of 1909 would do just fine.

Why not just bag 2009 altogether?

If times are so tough that Microsoft shouldn’t go back to its 2017-2018 pattern, why can’t the company just forget about the fall upgrade and be done with it?

Microsoft can, of course. (It’s the one making the rules, and there’s no referee saying different.)

But the fall upgrade serves a crucial purpose under Redmond’s current policies: It’s the version that awards 30 months of support to Windows 10 Enterprise and Windows 10 Education customers. Sans Windows 10 2009, IT admins whose charges are running 1903 or earlier would be between the rock of no upgrade and the hard place of no security patches.

Enterprise/Education customers will not want to adopt a yy03 version because it offers only 18 months of support, far too little (as Microsoft acknowledged when it bent to customer pressure and debuted the 30 months nearly two years ago). But with 2009 out of the picture, the next fall refresh, a putative 2109, won’t be available until around October 2021, probably not reliable enough for businesses until early 2022.

Only Windows 10 1909 has an end-of-support date after that: Its retirement is currently to be May 10, 2022.

Expecting organizations to be able to migrate to a new version in just a few months? That’s a fool’s errand.

Dumping 2009 would put enterprises in a bind, not this year but at the end of the next and the beginning of the year after that (hopefully long after COVID-19 is in the rearview mirror). They would be forced to migrate to one of the spring upgrades and settle for just 18 months of support, knowing that they would have to shortly do it all over again.

By “shortly,” Computerworld means sooner than wanted. Let’s say Microsoft does scratch 2009. An enterprise with PCs running Windows 10 1809 would normally target 2009 as the replacement, aiming to upgrade every two years. But with Windows 10 2009 missing, the firm would have only poor choices, as the following figure shows.

No Windows 2009 IDG/Gregg Keizer

If Microsoft decides to simply not do a fall Windows 10 refresh, enterprises would have to depart from an every-two-year upgrade schedule.

More options for Microsoft

One option would be to accelerate migration to annually and upgrade to Windows 10 1909 starting in the last months of 2020 or the first of 2021. (Windows 10 1809 falls off support in May 2021.) Later, the company could return to the every-two-year tempo by moving from 1909 to 2109 during the opening months of 2022.

Another would be to deploy the delayed 2004 later this year, even though that version comes with only 18 months of support, then get back to a release with 30 months of support, such as 2109. Making that might be tough, though, as 2004’s support would expire just six months into 2109’s lifespan. (If Microsoft doesn’t shove 2004’s release back several months, this move would be impossible.)

A missing fall upgrade, even one in the mold of a feature-free service pack, would clearly ruin the rhythm businesses have set for managing Windows 10. That’s why Microsoft would almost certainly issue something other than 2004 this year.

Microsoft Patch Alert: March 2020 brings two ‘sky-is-falling’ warnings, with no problems in sight

It’s been another strange patching month. The usual Patch Tuesday crop appeared. Two days later, we got a second cumulative update for Win10 1903 and 1909, KB 4551762, that’s had all sorts of documented problems. Two weeks later, on Monday, Microsoft posted a warning about (another) security hole related to jimmied Adobe fonts.

Predictably, much of the security press has gone P.T. Barnum.

The big, nasty, scary SMBv3 vulnerability

Patch Tuesday rolled out with a jump-the-gun-early warning from various antivirus manufacturers about a mysterious and initially undocumented security hole in the networking protocol SMBv3.

Later that day, Microsoft released a broad description of the SMBv3 security hole in Security Advisory ADV200005 – apparently trying to close the door after the cow escaped. And the crowd went wild. How could Microsoft tell these antivirus vendors about a forthcoming fix, then fail to deliver the fix – and not warn the AV folks in time to pull their press releases? Tales of impending doom ran rampant.

Then, on Thursday, we saw another cumulative update for Win10 versions 1903 and 1909. KB 4551762 patches the SMBv3 security hole and, being a cumulative update, includes all earlier patches. The rush was on to install the patch-of-a-patch, but we started seeing all sorts of problems: errors on installation; random reboots; performance hits; and the return of our old profile-zapping bug, which leaves folks with empty desktops and hidden files.

Here’s the punch line. (Tell me if you’ve heard this one before.) After all the sturm un drang, researchers (notably including Kevin Beaumont) discovered that they couldn’t effectively use the security hole to take over a system:

“Windows Defender, which is enabled by default, detects exploitation even if unpatched.”

As of this writing, I don’t know of any real-world attacks using the SMBv3 vulnerability. Certainly, one will appear sooner or later, but it isn’t a big deal right now.

The big, nasty, scary Adobe Type Manager font bugs

Yesterday, Microsoft released another Security Advisory. ADV200006  — Type 1 Font Parsing Remote Code Execution Vulnerability describes a security hole in the way Windows handles fonts. We’ve seen a lot of those in Windows over the years. This one came with the usual zero-day language, advising that Microsoft has seen “limited targeted attacks that could leverage un-patched vulnerabilities.” The advisory shows that every version of Windows – going back to Win7 – is vulnerable.

Once again, the blogosphere went nuts. Microsoft’s warning meeeeeeelions of Windows users that their systems are under attack!

Yeah. Sure.

When Microsoft says it’s seen “limited targeted attacks,” that means some well-heeled hacking group is using the security hole against a very specific target – usually a government agency or a high-stakes corporate group. For normal people, in normal situations, it’s not a big deal.

We’ve seen these “sky-is-falling” scenarios play out over and over again in the past year or so. Some security holes (e.g., for EternalBlue/WannaCry and BlueKeep) need to be plugged shortly after the patches are released. But in the vast majority of cases, waiting a week or two or three to install the latest crop of Windows and Office patches just makes sense.

Windows Defender ‘Items skipped during scan’

Many – but not all – Windows 10 users report that a manual scan by Windows Defender triggers this “Items skipped during scan” notification (screenshot).

Windows Defender items skipped during scan 2 Microsoft

It appears to be a bug. According to Lawrence Abrams at BleepingComputer:

“It seems that in the older Windows Defender engines network scanning was enabled by default… [in newer versions of the engine] you can see that the Windows Defender preferences show that network scanning has now been disabled by a newer engine. It is not known why Microsoft decided to make this change, but the alerts appear to just indicate that network scanning was skipped.”

Günter Born originally reported on the bug. He has come up with a manual workaround to enable network scanning.

Other developments

More on the patching front:

  • Microsoft has announced that it’s extending end-of-life for Win10 version 1709 Enterprise (and Education) to Oct. 13, 2020.
  • Abbodi86 has discovered a way to install the latest Windows 7 security patches, even if you haven’t yet set up Extended Security Updates. Many people, including Patch Lady Susan Bradley, are asking Satya Nadella to offer Win7 Extended Security Updates to all “genuine” Win7 customers, particularly because of the increase in work-from-home.
  • In the same vein, there’s a lot of discussion about throttling back on Windows auto updates, specifically to help keep work-from-home systems stable. Many advocate holding off on the inevitable Win10 version 2004 update. No indication that Microsoft has heard the pleas.

If there ever were a time for Windows patching stability, this is it.

We’ll keep pushing on AskWoody.com.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 2

February 2020

The real stinker this month, KB 4524244, rolled out the automatic update chute for four full days until Microsoft yanked it – leaving a trail of wounded PCs, primarily HP machines, in its wake. The other big-time bug in this month’s patches, a race condition in the KB 4532693 Win10 version 1903 and 1909 cumulative update installer, hasn’t been officially acknowledged by Microsoft outside of a blog post. But at least it’s well known and understood.

Folks running SQL Server and Exchange Server networks need to get patched right away.

Win10 UEFI update KB 4524244 blockages

Patch Tuesday brought KB 4524244 for Windows 10 owners, a bizarre single-purpose patch apparently directed at one specific UEFI bootloader. I talked about it last week.

The patch was pulled on Friday, but in the interim lots of people reported problems. Most notably, many folks running HP machines with Ryzen processors saw their machines hang, followed by an HP Sure Start Recovery message saying Sure Start had “detected an unauthorized change to the Secure Boot Keys.” HP has posted a list of affected machines:

HP EliteBook 735 G5 Notebook PC, 735 G6, 745 G5, 745 G6,  755 G5, and HP ProBook 645 G4 Notebook PCs. HP EliteDesk 705 35W G4 Desktop Mini PC, 705 65W G4 Mini PC, 705 G4 Microtower PC, 705 G4 Small Form Factor PC, 705 G4 Workstation Edition, 705 G5 Desktop Mini PC, 705 G5 Small Form Factor PC, HP mt44 Mobile Thin Client, mt45 Mobile Thin Client, and HP ProDesk 405 G4 Small Form Factor PC.

If you have any of those machines and left your PC open to Microsoft’s updates during Patch Week, you got clobbered. In addition, Microsoft documents a bug in the “Reset this PC” function but doesn’t give any details.

There’s nothing you can do about it now. If KB 4524244 installed successfully, everything’s OK. If it didn’t, you need to follow HP’s removal instructions or Microsoft’s removal instructions to get things working again.

Win10 Cumulative Update KB 4532693 clears desktops, moves files

Shortly after the Patch Tuesday patches arrived, we started seeing reports from folks who installed the Win10 1903 and 1909 cumulative update, KB 4532693, saying that their desktops got wiped out. A little poking revealed that all of their customizations had been tossed – icons, wallpaper – and many of their files weren’t where they left them.

Long story short, it looks like the patch gets ensnared in a race condition bug, which I wrote about last week. We’ve never been able to pin down which other programs trigger the race condition, but at least in some cases certain antivirus and “secure banking software” programs will leave your PC with a dangling temporary profile.

Microsoft hasn’t identified the offending software. Nor has it even acknowledged the problem either on the Knowledge Base article page or the Windows Release Information status page, two places that bugs like this are traditionally documented. (Perhaps Microsoft figures it’s the other software’s problem, so it has no need to report it?)

Fortunately, there’s a Microsoft Answers forum post that addresses the problem:

Microsoft is aware of some customers logging into temporary profile after installing KB4532693, on both versions 1903 and 1909.

Rebooting into Safe Mode* and then starting back in normal Mode should resolve this issue for most customers.

You may uninstall any secure banking software or anti-virus in the temporary profile which may resolve this if the above steps do not help.

If you didn’t accidentally find that explanation, or don’t know what a temporary profile is, or how it could get secure banking software, heaven help ya. But at least Microsoft “is aware” of the problem.

What’s the big deal?

How many people were affected by those high-profile bugs? I don’t know. Judging by the number of complaints online – hardly a reliable metric – both of the problems were widespread and became apparent shortly after release.

HP could probably come up with a tally of the number of afflicted machines and whether or not those machines installed the buggy UEFI patch. But the only organization that has comprehensive numbers about these bugs is Microsoft, and it’s not talking.

Think of all of that lovely telemetry we’re providing to Microsoft.

Odds ‘n Ends

That “exploited” Internet Explorer JScript hole, CVE-2020-0674 – the one that prompted computer security “experts” to tell you that you had to get patched RIGHT NOW? It hasn’t gone anywhere. This is the second month in a row that we’ve been inundated by Chicken Little warnings about the need to get patched immediately. Look where knee-jerk installation of new patches has left folks running HP Ryzen computers, or the unidentified “secure banking software,” this month.

Those of you running Windows 7, who haven’t paid for Extended Security Updates, should know that 0patch has released a micro patch for that particular security hole. It also has an online test you can use to confirm that your Win7/IE 11 system has properly swallowed the micro fix.

To be sure, there are major security holes that need your attention, but only if you’re in charge of a network running SQL Server or Exchange Server. That latter vulnerability is particularly vexing because anyone who can get access to any Exchange account on your server can take over Exchange. Seems that somebody forgot to delete hard-coded keys.

We’re looking into a report that Win10 version 1903 running Hyper-V is throwing “Synthetic_Watchdog_Timeout” errors. There are unconfirmed reports that there will be a fix in late March.

There seems to be a way to cheat the 35-day “Pause updates” limitation imposed in Win10 version 1903 and 1909. In a nutshell, if you tell Windows to Resume Updates, then unplug the computer from the internet, you may be able to reboot and get 35 more days paused, without installing the outstanding updates. In addition, @abbodi86 has a more complex but apparently foolproof way to wipe out the 35 day limitation.

Join the patch watch on AskWoody.com.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 3

January 2020

The big patching problems this month fell at the feet of admins who had to deal with an unholy mess of pressing exposures: Fixing the holes in Microsoft’s RD Gateway (CVE-2020-0610; see Susan Bradley’s Patch Watch, paywalled); dealing with Server 2008 R2 systems that booted to Recovery mode after installing the January patches; scrambling to pick up after breaches in Citrix networking products; or the 334 Oracle security patches. They all took a toll.

Those of us not in charge of multinational networks could breathe a little easier. In spite of a stellar advertising campaign from the National Security Agency (NSA), the Chain of Fools/CurveBall CVE-2020-0601 hole hasn’t turned into an active attack. As I said at the time, it’s a long way from a third-degree polynomial to working ransomware.

Yes, you need to patch sooner or later. But, no, the sky isn’t falling. Those reports of the internet’s impending CurveBall doom were just a little bit overblown.

As usual.

Still no ‘optional, non-security’ patches

I would conjecture that the January Patch Tuesday crop is relatively well-behaved because, at least apparently, they only contain security patches. Normally, Microsoft releases dozens of “optional, non-security” patches every month – bug fixes – but those annoying little gnats haven’t made an appearance since October.

I expect that will change shortly. We’ll no doubt see dozens – if not hundreds – of smaller patches out in the usual “C Week/D Week” cadence soon. Since we’ve seen no such infestation in three months, you’d be smart to avoid the “optional” patches, once they arrive, until they’ve been well vetted.

Common patching problems persist

Günter Born has put together a comprehensive list of printing problems associated with recent patches. They seem to come and go – many different printers, many different symptoms.

There are also many reports of January cumulative updates failing to install, with various error message.

None of the problems seem particularly remarkable – or even replicable – to me, but if you get stuck trying to install one of the January patches, your opinion may vary.

Upgrades to 1909 press forward, Microsoft continues to honor 1803 deferrals

If you “seek” by clicking on the “Check for updates” button in Win10 1809 or 1903, Microsoft warns that it may upgrade you to Win10 version 1909:

Current status as of Jan. 21:

Windows 10, version 1909 is available for any user on a recent version of Windows 10 who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel.

Of course, Microsoft disavowed any use of the bafflegab phrase “Semi-Annual Channel” a year ago. Consistency. Hobgoblins. Little minds. Microsoft may feel that 1909 is ready for widespread deployment, but I’m still seeing many reports of problems with Win10 version 1909 – the well-documented Search in File Explorer bugs, power problems, video problems, Your Phone oddities.

In addition, Microsoft has warned that it’s starting to force Win10 version 1809 customers onto 1909:

“We are starting the next phase in our controlled approach to automatically initiate a feature update for an increased number of devices running the October 2018 Update (Windows 10, version 1809) Home and Pro editions, keeping those devices supported and receiving the monthly updates that are critical to device security and ecosystem health. Our rollout process starts several months in advance of the end of service date to provide adequate time for a smooth update process.”

For reference, Win10 version 1809 is supposed to hit end of service on May 12. You 1809 users are getting four months shaved off of your promised end of life. As a Service.

Remarkably, tests by @PKCano show that Microsoft is still honoring the “Defer feature updates” setting in Win10 version 1803 Pro. It looks like the methods for staying on 1803, 1809, and 1903 as documented in How to block the Windows 10 November 2019 Update, version 1909, from installing still work. And if you want to upgrade to 1903, avoiding 1909 for the time being, the method described here also works.

Windows 7 gets its butt slapped on the way out

Everybody’s favorite whipping boy, Windows 7, got slapped with two bugs in the final round of free patches.

Anybody using Win7 who installs the January patches will find that their “stretched” desktop wallpaper comes out black, which can look disconcertingly like a Black Screen of Death. Lawrence Abrams has a full description, and a clever workaround, at BleepingComputer.

More alarmingly, Microsoft posted Security Advisory ADV200001 on Jan. 17. The Advisory details yet another security hole in Internet Explorer’s JScript engine, CVE-2020-0674. There’s a manual workaround with numerous side-effects, at least some of which have been overcome by a 0patch micropatch that you can install if you feel threatened.

Here’s the big open question: Will Microsoft fix Windows 7 later this month, in spite of the Jan. 14 end of service deadline? Or will Win7 drift into the sunset with a Black Screen bug and a known IE hole?

Seven semper fi.

Microsoft’s tone-deaf threat to hijack Google Chrome’s search engine

This isn’t a widespread problem. It only applies to those who are running Office 365 ProPlus, which is directed at (but not limited to) Enterprises with savvy admins. But it’s an astounding push nonetheless.

In an official post from ‘Softie Daniel Brown entitled, Microsoft Search in Bing and Office 365 ProPlus, Microsoft seems to be saying that everyone who installs the latest patch for Office 365 ProPlus will have their default search engine in Google Chrome changed to Bing.

I fully expect someone with some sense at Microsoft will swoop down in the next week or two and rescind the decision. But until that happens, this stands as a browser hijacking threat of unprecedented proportions.

Join us for the latest on AskWoody.com.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 4

December 2019

It was the kind of month admins dread: Mysterious problems on hundreds of machines, with no apparent cause or cure. Toss in the holidays, and we had a whole lot of Mr. and Ms. Grinches in the industry.

Fortunately, it looks like the problems have been sorted out at this point. Individual users had many fewer problems. Microsoft’s left and right hands still aren’t talking on the 1909 team, but what else is new…

Win7 hang on ‘Preparing to configure Windows’

Microsoft dropped a new Servicing Stack Update for Windows 7 on Dec. 10, and it gummed up the works for many. Here’s a good summary on Reddit from poster Djaesthetic:

“We had over 100 Windows 7 Professional endpoints all stuck on “Preparing to configure windows” screen. We couldn’t get beyond that error in any simplistic manner. We eventually got a remediation to get beyond that error (involving booting each one from an ISO and making several registry hive edits to TrustedInstaller). Unfortunately, even after we were able to log in, the entire OS is functionally broken….

“…We are having this same issue on 111 different Windows 7 machines, each one consistently having the same environment problems. We are unable to roll back the KB4530734 Windows Update, likely because the Windows Module Installer (TrustedInstaller.exe) service itself is broken… I’ve been working non-stop all weekend. Currently waiting for (yet another) callback from Microsoft….

As Djaesthetic later posts, the problem is triggered by the Dec. 10 Servicing Stack Update, KB 4531786:

“In our investigation we confirmed the problem having to do with KB4530734 (December Monthly Rollup for Windows 7 Service Pack 1). More specifically, we believe it had something to do with KB4531786 (Servicing stack update for Windows 7 SP1 and Server 2008 R2 SP1: December 10, 2019) applying out of order. Interestingly, if you look at the notes for the December rollup it specifies a recommendation to install the SSU afterward (not a requirement). Lastly, we found some (not all) machines in various states of “Uninstall_Pending” regarding the November Monthly Rollup….”

Those of you using plain old single-system Monthly Rollups won’t encounter the problem. But if you or your system’s admin is manually installing patches, getting them in the wrong order can cause all sorts of problems. Manually installing the Servicing Stack Update can be particularly vexing because SSUs won’t show up until you’ve installed (or hidden) all outstanding patches.

Server 2012 (not R2) reboots

There were lots of reports of Server 2012 (not R2) servers going into reboot loops after last month’s updates. I originally reported on AskWoody that the problem appeared to be with KB 4533096, the “Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012.” But I now think that a bad Malicious Software Removal Tool (MSRT) version may have been at fault.

Manually rebooting cleared up the issue. And the mid-December version of MSRT is long gone. There’s no official confirmation or explanation that I can find.

Win10 version 1909 bugs continue

The December patch didn’t fix the long-decried File Explorer Search bug in Win10 version 1909. You may recall that Microsoft’s known about the bug – which makes Search in File Explorer unusable – since 1909 shipped. They fixed the bug in a Win10 version 2004 beta test version

Microsoft still hasn’t confirmed the bug in the official Release Information Status page. I’ve seen Twitter threads where Microsoft employees claim no knowledge of the problem – in spite of the fact that the bug’s been reported over and over again in many different places (including the Feedback Hub) for months. @navh2009 nails it:

“If they are going to keep half baking these new changes, then they should stop making changes to things [that] were never broken. File Explorer search didn’t need windows search. Delete key still doesn’t work. How does basic functionality like this get forgotten every time?”

@railmeat goes on to say:

“These kinds of problems reoccur [due] to inadequate testing. These should be found in regression and functionality testing. Microsoft has the resources to do that testing, but apparently chooses not to.”

@abbodi86 has an explanation:

“In 1909, the upper bar of File Explorer (address + search box) no longer belongs to the Win32 platform. It’s a hybrid WinRT (UWP) feature. It’s half-baked, ugly, slow, and requires some prerequisite tasks to even semi-function (clipboard and other services including the MsCtfMonitor task schedule).”

I still recommend that folks avoid 1909 for precisely this reason.

Join us for the latest on AskWoody.com.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 5

November 2019

What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches – including two .NET non-security previews that apparently did nothing – but that’s the worst of it.

November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped “exploited” zero-day security hole in Internet Explorer (again) that didn’t amount to a hill of beans (again).

As promised, we received no “optional, non-security” Windows 10 patches in November – and Microsoft promises there won’t be any this month, either. I think that’s great. If Microsoft wants to roll out beta test versions of Windows, it should have testers sign up for an Insider ring.

About those buggy Office patches

All of the Office patches in November throw a “Query is corrupt” error message in Access under certain circumstances. Access says “Query xxxx is corrupt,” when in fact the query in question is just fine.

corrupt query dialogue Microsoft

 I talked about the bug on Nov. 13. Microsoft finally acknowledged it almost a week later.

Microsoft rolled out a patch for Access 2016 on Nov. 18, but didn’t get the other installed (“MSI”) versions patched until Nov. 27. We’re still waiting for patches to the Click-to-Run versions of Office, which are currently scheduled for Dec. 10 – the next Patch Tuesday.

Inscrutable .NET previews

Along with Win7 and 8.1 Monthly Rollup previews, we were also graced with four optional preview .NET patches – two of which don’t appear to do anything – and a group of one-off patches (not cumulative updates), available by manual download only, to fix a weird bug in ClickOnce.

In short, there weren’t any .NET patches in November worth the distraction.

Another ‘exploit’ fizzle

Speaking of distractions…, November saw a fix for an “exploited” security hole, CVE-2019-1429. The parallels to September’s CVE-2019-1367 are hard to ignore. Like -1367, -1429 is a “Scripting Engine Memory Corruption Vulnerability” that is known (by Microsoft) to be used in some sort of attack. Like the earlier doppelganger, this new incarnation hits Internet Explorer directly, but can be leveraged by an aberrant Office document that links to IE. Both exploits seem full of sound and fury – 800 million Windows users exposed! Hurry and get patched! Click here! – but in the end, neither leaked into the wild.

There’s one big difference between the old -1367 and the new -1429: Microsoft didn’t start flailing around like a beached whale this time. If you recall, the September hole was subject to four – count ‘em, four – different out-of-band updates, poorly conceived and worse implemented. Local news broadcasts predicted the Windows sky was falling. Meh.

My advice then – and now – is to ignore the “exploited” designation, stop using Internet Explorer, set any other browser as your default, and read up on False Authority Syndrome (thanks, Rob).

Win10 version 1909, not yet ready for prime time

If you’re thinking about moving on to Win10 version 1909, make sure you weigh the benefits (are there any real benefits?) against the problems. Several bugs in Win10 1903 are running over into 1909, and 1909 has a handful of its own:

It remains to be seen whether there are any 1909-specific bugs. But it also remains to be seen whether there are any real benefits to moving to 1909.

Choose your version of Win10

Those of you running Win10 1809 Home may be distressed to discover that, unless you take significant steps to prevent it, Microsoft now upgrades your machine to version 1909, not 1903. That may be what you want – if so, I salute you! – but moving to Win10 1903 now gives you the opportunity to choose when you’ll get pushed onto 1909.

In fact, if you’re running Win10 version 1803 or 1809 (or don’t know what version you’re running!), there’s a relatively easy way to make sure you end up on the version you want. Full step-by-step instructions are here in, Running Win10 version 1803 or 1809? You have options. Here’s how to control your upgrade.

Get the latest on AskWoody.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 6

October 2019

October started out on an extraordinarily low note. On Oct. 3, Microsoft released an “out of band” security update to protect all Windows users from an Internet Explorer scripting engine bug, CVE-2019-1367, once thought to be an imminent danger to all things (and all versions) Windows.

It was the third attempt to fix that security hole and each of the versions brought its own set of bugs.

What? You haven’t heard of any CVE-2019-1367 exploits in the wild? Me, neither. What was once the bogeyman du jour, topic of many local TV station warnings and plenty of PC-busting online screams of terror, turned into another…meh.

Since then, we’ve had the usual crop of two cumulative updates (security and “optional”) for each current version of Windows 10, as well as monthly rollups, security-only patches and monthly rollup previews for Win7 and 8.1. Pretty typical.

Here’s the rest of the story.

Lingering problems with Win10 1903 Start and Search

start menu errorMicrosoft

Günter Born opines that this bug is a retrograde mistake from an earlier buggier patch, KB 4512941, the second (“optional,” non-security) August Win10 1903 patch released on August 30. Whatever its origin – and in spite of Microsoft’s claim that it has fixed the bug – I’m seeing lots of reports that it’s still breaking systems.

Here’s what Microsoft posted on Sept. 19:

Some users report issues related to the Start menu and Windows Desktop Search

“Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.

“Affected platforms: Client: Windows 10, version 1903

“Resolution: At this time, Microsoft has not found a Search or Start issue significantly impacting users originating from KB4515384 [the first cumulative update for September -WL]. We will continue monitoring to ensure users have a high-quality experience when interacting with these areas.”

You don’t need to look very far to see complaints that Start in particular – and for some, Search – don’t work right after installing any of the most recent patches. On Oct. 11, MS engineer Paul Sey said on the Answers Forum, “We are aware of this issue and estimate a resolution to be released in late October.”

At this point, KB 4522355, the only Win10 1903 patch “released in late October,” still throws both Start and Search errors, as Lawrence Abrams discusses in BleepingComputer.

Continuing problems with RDP, disconnects and unresponsive VMs

Microsoft has had another lingering problem – this one with disconnected Remote Desktop connections triggering big time redline spikes – that may be solved in this month’s second (“optional” non-security) cumulative update for Win10 version 1903. That bug, and one described by Noel Carboni as triggering jitters in mice running over RDP, may be connected to a change in display driver model used in RDP.

There’s a post on the Microsoft Answers forum from Kevin Marchant that complains about the “high CPU after disconnecting” problem on Win10 1903, which is now marked “*** PROBLEM RESOLVED BY KB4522355 RELEASED OCTOBER 24TH 2019. ***”

It’s possible that the KB 4522355 cumulative update may have fixed the problem. This is one (of many!) changes listed in the KB article:

“Addresses an issue with high CPU usage in Desktop Window Manager (dwm.exe) when you disconnect from a Remote Desktop Protocol (RDP) session.”

It’s still too early to tell, but that may have finally fixed the bug.

Older programs using Visual Basic on Win10 1903 throw “unexpected error”

It took a while for this one to surface, but it appears as if older programs running on 32-bit Win10 Home version 1903 may fall over with the error “unexpected error; quitting.” Granted, there aren’t many people running programs on Win10 1903 that use VBRUN300.CLL – the apparent proximate cause of the error message – but Microsoft hasn’t acknowledged the problem.

I’m also seeing reports of the Win10 version 1903 cumulative updates for both September and October causing a Realtek LAN adapter to stop working with an Error 10. Again, the problem hasn’t been officially acknowledged.

Don’t get me started on the Autopilot sorta-security patch that was pushed out the automatic update chute then pulled without any warning or description. A Microsoft engineer has confessed that they made a mistake in releasing it – and, no, you don’t need to uninstall it.

We’re still shaking our fists at clouds on AskWoody.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 7

September 2019

So you think Windows 10 patching is getting better? Not if this month’s Keystone Kops reenactment is an indicator.

In a fervent frenzy, well-meaning but ill-informed bloggers, international news outlets, even little TV stations, enjoyed a hearty round of “The Windows sky is falling!” right after the local weather. It wasn’t. It isn’t – no matter what you may have read or heard.

The fickle finger of zero-day fate

Microsoft has a special way of telling folks how important its patches might be. Every individual security hole, listed by its CVE number, has an “Exploitability Assessment” consisting of:

  • Publicly disclosed – whether there has been open discussion of the security hole. Many holes are disclosed privately to Microsoft.
  • Exploited – whether there’s an active attack in the wild
  • Denial of Service – whether the security hole can be used to knock out a computer

There is also an indicator of how “likely” it is for a given hole to become a problem with the current software release and/or older versions.

It probably won’t surprise you to know that the definitions of the terms are fluid, inexact, and very hard to nail down.

Security people tend to get excited when they see an “Exploited: Yes” entry for a newly publicized security hole: Obviously, that particular bug needs to be fixed quickly because it’s out there on the loose.

Except that isn’t always the case, and it’s becoming less and less pressing as time goes on. Why? Because most of the “Exploited: Yes” zero-days are directed at a very, very narrow target population. Governments attacking governments. Big, shadowy criminal enterprises spearing high-profile targets. If you’re protecting state secrets or billion-dollar projects, sure, you need to watch out for the zero-days, and right away. If you’re a normal user, normal business, normal organization – not so much.

We saw that ambivalence in action this month. When Patch Tuesday arrived on Sept. 10, Microsoft listed two separate security holes as “Exploited: Yes” – the holes identified as CVE-2019-1214 and CVE-2019-1215. Security folks were tripping over themselves insisting that normal users needed to get both of those patches applied right away.

And then, without announcement or fanfare, sometime late on Sept 11 or early Sept. 12, Microsoft simply switched those two patches from “Exploited: Yes” to “Exploited: No.” Few people noticed. The red flags had been thrown, the whistle blown, and those two patches remained Patching Public Enemy Nos. 1 and 2.

This month’s IE zero-day patch CVE-2019-1367

That brings me to this month’s big, scary, exploited, emergency-patched IE security hole CVE-2019-1367. In what may be the worst rollout in modern Windows patching history, Microsoft rolled all over itself.

Sept. 23: Microsoft released the CVE-2019-1367 bulletin, and published Win10 cumulative updates in the Microsoft Catalog for versions 1903, 1809, 1803, 1709, 1703, Server 2019 and Server 2016. It also released an IE rollup for Win7, 8.1, Server 2012 and Server 2012 R2. Those were only available by manual download from the Catalog – they didn’t go out through Windows Update, or through the Update Server. Admins in charge of networks were going crazy because this “Exploited: Yes” patch was out, but not in a form that they could readily push to all of their machines.

Sept. 24: Microsoft released “optional, non-security” cumulative updates for Win10 version 1809, 1803, 1709, 1703, 1607/Server 2016. Nothing for Win10 version 1903. We also got Monthly Rollup Previews for Win7 and 8.1. Microsoft didn’t bother to mention it, but we found that those Previews include the IE zero-day patch as well. This bunch of patches went out through normal channels – Windows Update, Update Server – but they’re “optional” and “Preview,” which means most savvy individuals and companies won’t install them until they’ve been tested.

Sept. 25: Microsoft “clarified” its badly botched patching strategy:

Starting September 24, 2019, mitigation for this vulnerability is included as part of the 9C optional update, via Windows Update (WU) and Microsoft Update Catalog, for all supported versions of Windows 10, with the exception of Windows 10, version 1903 and Windows 10, version 1507 (LTSB).

It makes me wonder who was minding the store last week.

Sept. 26: Microsoft releases the “optional, non-security” patch for Win10 version 1903. It apparently includes the fix for this IE zero-day.

Sept. 30: As of early morning, Microsoft hasn’t provided additional details about the security hole or the patch. If there are exploits in the wild, I don’t know anyone who’s seen them. We also don’t know whether exploiting the security hole requires IE, or whether it can somehow be triggered without using the browser. The situation’s so absurd that Patch Lady Susan Bradley says (paywalled):

At this time, the IE exploits appear to be highly targeted and narrowly applied. But the company hasn’t clearly spelled out the extent of the threat — except indirectly by making the fix relatively difficult to get. So in what might be a first — and with some concern — I’m recommending skipping the still-optional zero-day IE patches, both the standalone updates and in the preview cumulative updates. I believe it’s safer to wait and ensure that the possible side effects are fully investigated.

We have three reported bugs in the latest IE patches.

Other problems

While September’s most spectacular patching failure incorporates innovative new screw-ups, there are plenty of mundane problems as well:

  • Microsoft tried to fix the System File Checker bug in the July 2019 updates with a new version of the Defender Antimalware engine – which didn’t work.
  • There were more reported problems with the Win10 version 1903 upgrade. Even though Microsoft has declared Win10 1903 “ready for broad deployment,” the upgrade is still being blocked on Microsoft’s own Surface Book 2 because it knocks out the separate (expensive) dGPU graphics card.
  • Many users reported a problem in this month’s first Win10 1903 cumulative update, where audio got knocked out or turned down substantially. The bug was fixed in the third cumulative update this month.
  • And in another case of déjà vu all over again, the September Security-only patches for Win7 and 8.1 install Microsoft’s telemetry Security-only, Microsoft style.

There is a bit of good news: In spite of initial reports that a working exploit of the BlueKeep vulnerability has hit the fan, there still aren’t any signs of an imminent major infection. We could use a little good news, eh?

Still and all, Win10 patching – Windows patching in general – isn’t getting better. Of this I’m sure.

Join us for free help and commiseration on AskWoody.com

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 8

August 2019

What happens when Microsoft releases eight – count ‘em, eight – concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?

Pan. De. Moaaan. Ium.

The VB/VBA/VBScript debacle

No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive “invalid procedure call error” messages when using apps that had been working for decades.

Some companies’ commercial applications stopped working intermittently. More importantly, many large corporations’ internal custom programs turned belly-up.

The bug affects every single version of Windows – all the way from Win7 to Win10 version 1903. I think of it as Patching as a Keystone Kops Service.

If you’ve been following the details, you know that on Aug. 16, three days after Patch Tuesday, Microsoft released fixes for the bug in:

  • Win10 version 1709
  • Win7
  • 1
  • Server 2008
  • Server 2008 R2
  • Server 2012
  • Server 2012 R2

Then on Saturday (!), Aug. 17, we got fixes for:

  • Win10 1809
  • Win10 1703
  • Win10 1607
  • Win10 1507
  • Server 2016
  • Server 2019

And on Monday, Aug. 19, Microsoft released a fix for:

  • Win10 1803

As of today, Aug. 30, we still don’t have a fix for Win10 1903, the latest version of the last version of Windows. It’s not clear why, but I have a guess that Microsoft’s so wrapped up in beta testing Win10 1903 that it somehow fell through the cracks. We still don’t have the second August cumulative update for Win10 1903 – the one that’s common called “optional non-security,” with varying degrees of accuracy. And therein lies a tale.

The unholy mess that is Win10 1909 beta testing

Normally, beta testing doesn’t have much of an influence over month-to-month patching. But this month it looks like we had a significant divergence of direction.

For the past year, Microsoft has been testing its Win10 1903 patches thoroughly, using the Windows Insider Release Preview ring. That’s great – it’s what the Release Preview ring was made for.

During the month of August, though, the Microsoft beta people took over a corner of the Release Preview ring and pushed the beta version of 1909 onto (supposedly) 10% of the 1903 testers. The official announcement came on Aug. 26:

For a small subset of Insiders (around 10%) in the Release Preview ring, we have enabled the “seeker” experience for version 1909 [Editor’s note: MS calls it 19H2, just to confuse you]. For these Insiders, if they go to Settings > Update & Security > Windows Update, they will see that there is a Windows 10, version 1909 update available. They will be able to choose to download and install this update on their PC. After the update finishes, they will be on version 1909 [Editor’s note: I changed it again] Build 18363.327.

That seems complicated, but reasonable enough – until you realize that the Win10 1909 beta currently has eight different versions. Some of those versions are being distributed to people who are in the Release Preview ring. In particular, the 18362.327 preview of the Win10 1903 patch went out at the same time “the 10%” got a Win10 1909 patch called 18363.327 (see how 18362 changes to 18363?)

Apparently that build wasn’t good enough, so on Aug. 29 we got the latest bifurcated patch 18362.329 (for the 90%) and 18363.329 (for the 10%). It looks like we’re waiting until Microsoft gets the bifurcated patch to work on both Win10 version 1903 and on the beta of version 1909.

Regardless of the genesis, those of you waiting to get a fix for the VB/VBA/VBScript problem in Win10 version 1903 will have to wait a little longer.

While DejaBlue simmers

All of this would be frustratingly academic, if it weren’t for the fact that DejaBlue – a new set of “wormable” security holes in Windows itself – made its debut this month. While I’ve read lots of Chicken Little reports that DejaBlue has been exploited, none of those warnings has come true. As of this moment, there are no publicly available DejaBlue exploits.

Of course, plenty of people are trying to build them.

Until Microsoft releases a fix for the VB/VBA/VBScript problem in Win10 1903, you have two choices – either patch, protect yourself from DejaBlue, but break VB. Or you can hold back on patching, keep VB working, but leave your system open to a DejaBlue infection.

Nice choice, eh?

From the oldies but goodies file

We’ve had loads of additional fun ‘n games this month:

  • Microsoft was blocking August Win7 patches on systems running Symantec/Norton antivirus, apparently because of the shift to SHA-2 encryption, which has been widely anticipated for six months. The block was lifted – but apparently nothing was changed. We still don’t know why.
  • There have been many reported problems with this month’s .NET updates.
  • We found out that the August Security-only Win7 patch does NOT contain the telemetry subsystem so evident in the July Security-only patch.
  • There’s a hue and cry about a 20-year-old security hole in MSCTF.DLL, which is apparently fixed in this month’s patches. I haven’t heard of any exploits in the wild.
  • Several folks have reported that the Win7 boot error 0xc0000225 happens if you haven’t properly installed the SHA-2 patch. Don’t worry about the alphabet soup, just install the BitLocker patch KB 3133977.

Have a patching problem? Don’t we all. Join us on AskWoody.com.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 9

July 2019

This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions… and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Win7 Security-only patch brings telemetry

Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

We don’t know what information Microsoft’s collecting with the new patch, but if you’ve been hoping to minimize Microsoft snooping by staying on the increasingly difficult Security-only path, the jig is up. You have two options:

  • Install the July Security-only update and start sending your telemetry to Microsoft, or
  • Stop patching entirely (“Group W”), six months before Win7’s end of life

It’s not an easy choice.

In my opinion, if you want to continue to patch Win7, you’re better off paying the devil his due and installing the Win7 Monthly Rollup, KB4507449 (“Group A”). That’ll give you the full version of Win7 telemetry, along with many small bug fixes.

To be sure, there are two sides to this development. On the one hand, you have people who feel that Microsoft should start collecting all of the data it can to guide the inevitable demise of Win7 and help customers onto Win10. On the other hand, you have people who just don’t like the intrusion.

I’m surprised that regulators haven’t launched an investigation into Microsoft’s newfound nosiness, but the fact remains that we don’t know what telemetry is being collected along either the Monthly Rollup or Security-only path.

Win10 1903 upgrade block for Intel RST drivers

Microsoft has halted Win10 version 1903 upgrades for PCs that have older versions of the Intel Rapid Storage Technology (RST) drivers. (Think Optane memory or certain RAID drivers.) The latest official Release Information status page says:

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST driver version between 15.1.0.1002 and 15.5.2.1053 installed from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Just one problem. Many, many people report that the Win10 1903 upgrade refuses to proceed in spite of the fact that they have recent Intel RST drivers. When they try to upgrade to 1903, they’re getting a block notice, which looks like this:

win10 1903 rst blockIDG

This is in spite of the fact that these folks have moved heaven and earth to try to get the latest versions of the RST drivers. An anonymous poster on AskWoody has a workaround that may or may not apply in all situations.

To my point of view, this is a feature, not a bug. It’s still too early to move to Win10 version 1903. There are still too many bugs lurking about — this being an excellent case in point. Give 1903 a few more months to mature, and then let’s take a new look.

It’s very difficult to keep the 1903 upgrade from changing your drivers

Speaking of problems with the Win10 1903 upgrade, Rick Corbett has been trying to get the 1903 upgrade to bypass updating his drivers — he has his drivers set up the way he likes, and he doesn’t want the upgrader to come in and mess with them.

So far, we don’t have a definitive method for blocking new drivers. In particular, the techniques that worked for 1809 and earlier aren’t working right in 1903.

Second monthly Win10 cumulative updates are all available

The second, “optional” Win10 July cumulative updates are all out, although the 1903 patch was posted last Thursday, pulled, then released again last Friday.

Miscellaneous problems with Visual Studio, SQL Server

If you couldn’t get the Visual Studio patch KB4506161 installed, you aren’t alone. Microsoft messed up the version detection mechanism. It was fixed in a re-release on July 19, leaving admins everywhere scratching their heads for 10 days.

Also, in case you missed it, SQL Server 2008 has been relegated to the big bit bucket in the sky. Susan Bradley has the full story, including some workarounds, in her Patch Watch column.

Updated support sites

We have a new set of Servicing Stack Updates for all versions of Win10, as well as Win8.1. (If you use Windows Update to get your updates, you don’t need to worry about the new SSUs. They only apply if you manually install updates.)

There are new lists of cumulative updates for .NET:

There aren’t any entries in the latter list, so far.

Get Windows XP, Vista, Win7 systems patched to May

I would remiss if I didn’t repeat, loudly, the BlueKeep message I’ve been posting for months. If you run a WinXP, Vista, Win7, Server 2003, or Server 2008 machine and you haven’t installed the May patch, you’re playing with fire. Tell your friends to get patched. There are still many hundreds of thousands of machines sitting out there with “Kick me” signs facing the internet.

Although there’s a BlueKeep exploit available for sale, it hasn’t turned into a for-real threat. Yet.

Don’t let the heat get to you. We’re cool on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 10

June 2019

How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?

Ends up that June’s one of the buggiest patching months in recent memory – lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.

In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets – all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It’s a congenital defect in the patching regimen – bugs introduced by security patches get fixed by non-security “optional” patches, while waiting for the next month’s cumulative updates to roll around.

The Win10 Silver Bullets

Every modern version of Win10 except 1903 – which is to say, versions 1607, 1703, 1709, 1803, 1809, Server 2016 and Server 2019 – all got three cumulative updates this month. The third cumulative update for June resolves this one issue:

Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4497934. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

In other words, it’s a silver bullet – an optional patch that fixes a bug introduced in an earlier patch that you’ll only get if you download and install it manually, or if you click on “Check for updates.”

What’s strange about this bevvy of patches is the timing. Apparently, the bug arrived with the third May cumulative updates on May 21. I first saw mention of it on a Dell support forum, on June 11 and posted about it on June 19. Microsoft hadn’t acknowledged the bug at the time. (The first official  announcement I saw was on June 26, the date all four silver bullets appeared.)

That’s more than a little disconcerting because Microsoft should be warning us about these problems quickly on the Release Information Status page.

The Win7 and 8.1 silver bullets

On June 20, Microsoft released silver bullet patches for Win7, 8.1, Server 2008 R2 SP1, 2012, 2012 R2, and Internet Explorer 11 to fix bugs introduced in the June 11 Monthly Rollups and Security-only patches.

The update for 7 SP1 and Server 2008 R2 SP1 KB 4508772, for Windows 8.1 and Server 2012 R2 KB 4508773 and for Server 2012:

“Addresses an issue that may display the error, ‘MMC has detected an error in a snap-in and will unload it.’ when you try to expand, view, or create Custom Views in Event Viewer. Additionally, the application may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs.”

Cumulative Update for Internet Explorer 11 KB 4508646

“Addresses an issue that causes Internet Explorer 11 to stop working when it opens or interacts with Scalable Vector Graphics (SVG) markers, including Power BI line charts with markers.”

The bug fixes are not included in the June Monthly Rollups or Security-only patches (June 11, 2019), but are included in the Preview Monthly Rollups released on June 20.

Once again, bugs introduced by security patches are getting the latest fixes in non-security patches.

More Win10 1903 bugs

The second monthly cumulative update for Win10 1903 appeared late, as usual, on June 27. KB 4501375 includes fixes for several acknowledged bugs, including the MMC error with Custom Views described in the preceding section.

Many people are complaining that this particular patch was downloaded without their consent – which is to say, without clicking “Check for updates.” @abbodi86 looked into it and discovered:

Based on my tests… KB4501375 (18362.207) behaves exactly the same way that Feature Updates behave on 1809 and 1803 – the “download and install now” behavior. In other words, KC 4501375 will be bundled and offered as [a] secondary update with any available update even if you don’t “Check for updates.” It’s possible that the latest .NET cumulative update will trigger this behavior.

That said, deferring Feature Updates (version updates) for just 1 day makes KB4501375 go away.

Win10 1903’s disappearing Update advanced Options

We’re still in a quandary about the behavior of Win10 1903’s update deferrals.

In Win10 1903 Pro, if you go into Windows Update, advanced options, you get a pane that looks like this.

1903 pro update advanced settings Microsoft

Windows 10 1903 Pro update advanced settings.

Several of you have noted that if you specify deferral options as I have here (non-zero numbers in either of the two bottom boxes), the entire “Choose when updates are installed” part of the advanced options dialog disappears.

@abbodi86 has undertaken some experiments with the settings. Here’s what he has concluded:

Yep, the Feature Update deferral box disappears once i change the entries to non-zero. Maybe it’s an intentional move so the user cannot change the period frequently? 🙂

Anyway, the Feature Update deferral period can be still controlled with registry setting

Group policy can be used to show you the feature update deferral period. The box will show up greyed, but at least you can know the period

@abbodi goes on to say that he tested changing the Quality Update deferral period the same way, with the same result — if you set it to anything other than zero, the whole section disappears. It may be related to an internal conflict with the way Semi-Annual Channel (Targeted) was removed.

Maybe, just maybe, this is the way it’s supposed to work. If so, I’d like to nominate this particular behavior for the “Harebrained Design” hall of fame. Giving a user an option, any option, then forcing them to dig into Group Policy to modify it, stinks.

On the radar

If you’ve been struggling with the “Intel” microcode updates for Meltdown/Spectre and other “Side Channel vulnerabilities,” you aren’t alone. The latest twist appears with Karl-WE’s enormous leg work, posted on GitHub, that brings some sense to the ongoing litany of patches.

In particular, Karl notes – and MS Security Response Center guru Jorge Lopez confirms – that the phrase in KB 4346085 that says:

Important Install this update for the listed processors only.

is, quite simply, wrong. Some of the updates apply to processors that are not listed. You’re better off trusting Windows Update to pick the ones that are right for your machine. Says Lopez:

“The team didn’t want to mislead anyone reading this KB in isolation to think that installing this KB/deploying across a fleet would mean they have met the requirement for microcode for these side-channel issues – that is only true for the processors listed on the KB. We will update the line, that’s not the right way to provide that warning. So yes, you don’t have to go through some complicated deployment matrix on this KB, but you still have to do so to determine what is protected or not (vuln scanning tools should help).  The logic to apply or not a microcode update is part of the boot sequence in the OS – if the processor has a microcode revision that is older than what the OS has, the OS will update the CPU microcode as part of the boot sequence.

Expect to see a correction to the KB article shortly.

To end on a positive note… remember the BlueKeep vulnerability? The one that had me crying that the sky is falling and you needed to install the May patches, like, right away? Kevin Beaumont (Twitter’s @GossiTheDog) has good news:

If anybody is pondering why there’s no public BlueKeep Remote Code Execution exploit, it’s a mix of difficulty [There’s a high bar for exploitation – in theory it is ‘just’ a use after free bug, but to be able to kernel spray you have to reverse engineer the RDP driver. There’s no documentation on how to do it for this.] and a handful of people in the InfoSec world being very responsible.

Yes, you still need to make sure you have the fix installed. You should’ve done it in May. When the exploit hits it’ll be painful. But at least we’ve been spared a bloodbath of unprecedented proportions.

Join us for more thrilling Tales from the Crypt on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 11

May 2019

In a normal month, you need a scorecard to keep track of Windows patches. Now, your scorecards need a scorecard. One ray of hope: It looks like some Windows 10 cumulative updates will include the new “Download and install now” feature.

The May 2019 Windows updates have taken so many twists and turns it’s hard to pin things down, but as of Thursday morning, here’s what we’ve seen.

Windows 10 cumulative updates

As of now, all of the recent versions of Win10 (1607/Server 2016, 1703, 1709, 1803, 1809/Server 2019) have had three cumulative updates in May. Depending on where you live (or, more correctly, which locality you’ve chosen for your machine), you’ve been pushed one or two of them. If you’re a “seeker” (and clicked “Check for updates” or downloaded and installed the patches), you’ve had at least two, and maybe three. Got that?

The reason for all the hilarity: The original Win10 cumulative updates broke access to certain sites that end with “gov.uk” for Internet Explorer and Edge users. All 10 of you.

The latest “optional” (meaning for “seekers” only) non-security patches include the usual laundry list of fixes for an unconscionable number of bugs. Win10 1809, which has had an inordinate amount of work lavished on its bug fixes over the past eight months, still has several acknowledged flaws including this one:

When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive the error, “Your printer has experienced an unexpected configuration problem. 0x80070007e.”

The special case of Win10 version 1903

Microsoft officially started pushing Win10 version 1903 on May 21 (see Gregg Keizer’s birth announcement), although I haven’t heard from anyone yet who’s had 1903 pushed onto their systems. Lots of people upgraded to 1903 by clicking on “Check for updates,” and many were already on 1903 when it went legit, by virtue of being in the Windows Insider Release Preview or Slow rings.

For good measure, Microsoft put its first “real” Win10 1903 cumulative update, KB 4497935, through the Release Preview wringer – a practice formerly reserved for Win10 1809 patches, which were notoriously late and arguably better vetted. All sorts of confusion resulted when KB 4497935, the May 29 cumulative update for 1903, was released to the teeming masses. (I heard lots of complaints about update deferral settings not being honored.)

As it happens, the settings for those still in the Insider program are different from the settings for those who received their copies of 1903 without being beta testers. Günter Born has a detailed explanation of what he’s seen in various permutations and combinations.

The single most important fix to Win10 this month arrived on Wednesday with the Win10 1903 KB 4497935 update:

Addresses an issue that may cause an external USB device or SD memory card to be reassigned to an incorrect drive during installation.

Win10 1903, as shipped, had a bug in it that swapped drive letters willy-nilly on external USB drives, SD memory cards, and even some internal drives. Susan Bradley put it this way:

My Lenovo laptop is “throttled” because I have an external usb drive that I am using to upgrade this device. This doesn’t bode well for my Acer that only has 32 gigs that I HAVE to attach an external hard drive in order to upgrade it.

So it now appears as if this cumulative update will fix Win10 1903. But in classic Catch-22 fashion, you can’t install the cumulative update on a machine that needs a USB drive in order to install the update.

In more Win10 1903 news, Trend Micro now says it won’t have a fix for Win10 1903 compatibility problems with its Apex One/OfficeScan XG SP1 products until early June. Microsoft’s release information page doesn’t mention the gaffe, although it does acknowledge the Sandbox fail to start with error code “0x80070002” bug, Dolby Atmos bugs, AMD RAID driver incompatibilities, display brightness issues, and a dozen additional bugs that should keep you from installing 1903 until Microsoft gets its act together.

See what I mean about scorecards?

Hope that the ‘Download and install now’ option will work with cumulative updates

Microsoft has been talking about – and showing off – a new feature called “Download and install now” that will give everyone some control over when Win10 updates get installed. It’s a tremendous new feature – arguably the most important new feature in Windows 10 since the very first version shipped almost four years ago.

The official explanation of the feature states without reservation that the “Download and install now” option will be available for version changes: Before your machine is upgraded to a new version of Win10, you have to explicitly ask for it. Great. The explanation doesn’tspecifically say that the same “Download and install now” option will be available for cumulative updates.

Earlier this month, I wrote about the implications: “Download and install now” for version changes is tremendous. “Download and install now” for cumulative updates would be a game-changer, at least for those of us concerned about bad patches.

Now comes word from Leopeva64 – who’s been right about several Windows Update revelations – that Microsoft may implement “Download and install now” for (many? most? all?) of the monthly second (or third or fourth) “optional non-security” patches.

Time will tell, but we may be witnessing a real breakthrough.

‘Wormable’ BlueKeep still on the horizon

Earlier this month we had quite a shock when Microsoft announced, with appropriate fanfare, that every Windows XP, Win7, Server 2003, 2008 and 2008 R2 machine needed an inoculation to protect against a very mean “wormable” hole in Windows Remote Desktop Services. Billed as the son of WannaCry, Microsoft had everyone – including me – sounding the alarm to get the crazy thing patched. 

Now, two weeks later, BlueKeep (as Kevin Beaumont has named the hole) is still a threat, but it’s nowhere to be seen. Ends up that creating a real, working, destructive worm using the security hole is a highly non-trivial task.

I’ve asked every expert I can find about an obvious solution — isn’t it sufficient to simply turn off the Remote Desktop Protocol in the user interface? (In Win7, Start > Control Panel > System and Security > System > Remote Settings, in the System Properties dialog box, click Don’t Allow Connections to This Computer.) That, and/or blocking port 3389 (the port RDP uses by default) should be enough to keep any RDP-related malware at bay. At least, it appears that way to me.

But I haven’t received a positive response from any of those experts. The ones who know ain’t sayin’. And the ones who probably do know aren’t willing to stick their necks out. It’s hard to fault them: Microsoft hasn’t provided any guidance on the matter, one way or another, so if blocking RDP ends up being insufficient — no matter how logical — there’s a lot of exposure to the person making the recommendation.

Oh. For the dozens of you who still use Vista, Microsoft initially forgot to mention that the Server 2008 SP2 version of the patch also works with Windows Vista.

Peruse the Patching Pilgrim’s Progress on the AskWoody Lounge

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 12

April 2019

You have to wonder who’s testing this stuff.

Admins, in particular, have had a tough month. April brought widespread breakdowns – bluescreens, hangs, very sluggish behavior – to hundreds of thousands of Win7 and 8.1 machines. This wasn’t a “small percentage” kind of event. For some companies, rebooting overnight on Tuesday brought seas of blue screens on Wednesday morning.

The first round of cumulative updates and Monthly Rollups arrived on Patch Tuesday, but the now-ubiquitous second round didn’t show up until late Thursday afternoon, two and a half weeks later. Talk about admins taking a beating.

We still have one Tuesday left this month – the mythical “E week” that Microsoft never talks about – so the month may yet end with both a bang and whimper.

Here’s how things look as early Monday morning.

Still no ‘optional non-security’ cumulative update for 1809

It took a while, but the second round of April patches finally arrived. The one exception is for Windows 10 version 1809, which still hasn’t seen an “optional non-security” patch. (They’re “optional” because you have to be a seeker – click Check for updates – in order to get hit with the patch.)

We have a reliable report that the second patches this month were held up because of continuing problems with the Japanese new era date bugs. That same report also says that even the latest patches have bugs. I find it all amazing – Microsoft’s been working on this problem for at least a year, and the patches-of-patches have been stumbling all over themselves.

Even Win10 1903 – the version still in beta testing – got a new patch, KB 4497093, bringing the build number up to 18362.86. It’s for “Insiders who are currently in the Fast ring only and on Build 18362.53. We’ll roll this out to the Slow and Release Preview rings in a bit.”

Six dirty patches, five blasted antivirus companies

April’s Patch Tuesday brought immediate complaints of Win7 bluescreens. Within a couple of days we found out that six patches – for Win 7, 8.1, Server 2008 R2, 2012 and 2012 R2 – had conflicts with five different companies’ antivirus products. The current tally:

Sophos – The company now says it’s figured out the source of the problem:

“We have identified a permanent fix and are now automatically rolling out the fix to customers starting 25th April 2019. This will take place over a two- to three-week period.”

Microsoft continues to block the six dirty patches on systems running Sophos Endpoint.

Avira – The folks at Avira have been remarkably quiet. Our latest report from UAz says they may have finally hit upon a solution – verified in the very early hours of Monday morning. Earlier attempts at an Avira solution failed, sometimes spectacularly. Microsoft has not changed its terse announcement:

“Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed. We are presently investigating this issue with Avira and will provide an update when available.”

Arcabit – The small Polish-language AV supplier has released an update that solves the problem, according to Microsoft, although the Microsoft link to Arcabit’s support article points to a Technical Assistance phone number, and no discussion.

Avast/AVG – The company has issued hotfixes to avoid the bluescreens. (Avast owns AVG.) Oddly, though, the way to install the hotfixes isn’t what you might expect:

  1. Boot your machine
  2. Let the machine stand for approximately 15 minutes while emergency updater works. The updater runs on system context rather than the user, so you do not need to log in for it to activate.
  3. Reboot your machine. Your machine should now operate normally, even with the Microsoft updates listed above.

That, to me at least, is a very distressing way to apply a hotfix.

Microsoft no longer blocks the six dirty patches on machines running Avast or AVG.

McAfee – Late to the game, McAfee has acknowledged that installing the dirty six patches may lead to slow boot up times or slow performance. The only solution to the problem, at present – aside from uninstalling the dirty six – is to disable any user-defined (non-default) Access Protection rules.

Microsoft says it is “presently investigating this issue with McAfee,” but they’ve been saying that for a week.

A few more patch problems

I’m seeing scattered reports that Win7 users are being offered KB 3185319 — an update from Sept. 13, 2016 — as a checked Important update to Win7. It’s part of the MS16-104 bundle. I wrote about bugs in this patch back in October 2016. This isn’t the first time we’ve seen KB 3185319 appear out of the blue.

There are also reports of locked Server 2008 machines after installing this month’s Monthly Rollup, KB 4493471.

Keep up with the latest on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 13

March 2019

March was an unusually light patching month – all of Office only had one security patch – and there don’t appear to be any immediate patching worries. Just as in the past few months, Microsoft’s holding off on its second cumulative update for Windows 10 1809, raising hopes that it’s taking Win10 quality more seriously.

Win10 1809 deployment proceeded at a positively lethargic rate, even though Microsoft declared the OS fit for business consumption last week, leading to all sorts of speculation about the next-next update, Win10 version 1903, ultimately overtaking its younger sibling.

Dell’s Encryption Console gets clobbered by March’s Patch Tuesday Win10, 8.1, 7 patches

Dell has confirmed that every Windows patch in March – every one of them — bowled over its Encryption Local Management Console. The only solution offered is to either roll back the March patch or upgrade to Dell Encryption 10.2.1.

Few individual users have the Encryption Console, but it’s not uncommon on corporate machines.

Win10 version 1809 second cumulative update still MIA

All of the Windows 10 versions had two cumulative updates in March, except for Win10 version 1809, the latest version of the last version of Windows. I take it as a hopeful sign that Microsoft’s spending more time to get the bugs ironed out before delivering the “optional non-security” Win10 patch. (It’s “optional” in the sense that you’ll only get it if you click on “Check for updates.”)

There are five irritating, acknowledged bugs in Win10 1809 that haven’t been fixed yet:

  • IE 11 authentication issues
  • Audio devices stop working unexpectedly
  • MSXML6 may freeze the system
  • Custom URI schemes may not work correctly
  • Windows Deployment Services PXE may not work

Other versions of Win10 have some of the same bugs, introduced by earlier patches.

Just what Windows 7 needs – another round of ‘Get Windows 10’ nags

We’re covering the demise of Windows 7 intently over on AskWoody. But there’s one thing you definitely don’t need – another nagging patch from Microsoft. KB 4493132, a Win7 patch that does nothing bug nag, is definitely worth skipping.

We have some late-breaking news from Michael Horowitz that Win7 now has a scheduled task called refreshgwxconfig-B that seems to be associated with the widely despised “Get Windows X” campaign. It’s not clear at this point where the unwanted task came from.

Win10 1809 now ready for prime time, with 1903 on its heels

Microsoft changes its Windows updating terminology capriciously and with absolutely no consideration for settings baked into earlier versions of Win10. But never mind. With word from on high that Win10 version 1809 has been deemed worthy of business deployment, we also have assurances that we’ll get similar confirmation for Win10 versions from 1903 onward. (And that makes me wonder whether we’ll have yet another change in terminology soon.)

In general, March’s patches seem quite tame. Let’s hope that’s the new normal.

Questions answered and discussions dissed on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 14

February 2019

Microsoft continues to hold Windows 10 version 1809 close to the chest. While all of the other Win10 versions have had their usual twice-a-month cumulative updates, the latest version of the last version of Windows, 1809, still sits in the Windows Insider Release Preview Ring.

For most people, that’s excellent news. It seems that Microsoft is willing to hold off until they get the bugs fixed, at least in the 1809 releases. May I hear a “hallelujah” from the chorus?

Mystery update bulldozer KB 4023057 hits the Catalog

You’ve heard me talk about KB 4023057 many times, most recently in January. It’s a mysterious patch that Microsoft calls an “update reliability improvement” whose sole reason for existence, as best I can tell, is to blast away any blocks your machine may have to keep the next version of Windows (in this case, Win10 1809) from installing on your machine.

KB 4023057 and its predecessor KB 4022868 have gone through 50 or so versions over the past three-plus years, and it’s always been distributed stealthily – you get it when you install updates, unless you go to great pains to block it. @PKCano has a thorough description of the tortuous procedure for preventing its installation.

Now comes word from @abbodi86 that on Thursday, for the first time, KB 4023057 has appeared in the Microsoft Update Catalog. It’s not clear why the old bete noire has been elevated to Catalog status – and I doubt Microsoft will ever tell us.

Old Access bugs fixed. Mostly.

February’s earlier Windows patches wreaked havoc on old Access databases. In January, Access 97 file format databases got clobbered by all of the Windows updates. Then Access 95 databases got the shiv. It’s almost as if nobody tests the Win10 cumulative updates against older databases, wouldn’t you say?

As of this writing, all is well (apparently), except for Win10 version 1809, which hasn’t yet received the Access 95 inoculation.

Word to the wise: If you have an older database program that you really need to use, watch out.

Fixing with a wing, a prayer, and a silver bullet

There’s a smattering of new bugs introduced by the Patch Tuesday patches, and subsequently fixed by Third Tuesday patches. The most entertaining of the lot is the Internet Explorer backslash bug. Of course, you don’t use IE, but for those who do…

February’s Patch Tuesday patches for Win7 and 8.1 contained this weird, acknowledged, bug:

After installing this update, Internet Explorer may fail to load images with a backslash () in their relative source path.

That bug, and several others, were fixed in the Third Tuesday Monthly Rollup preview patches – but those aren’t distributed through normal channels. You have to wait until later in March, when the Monthly Rollup Preview patches will (presumably) be added to the March Monthly Rollups. Got that? A bug in the February security update is fixed by a patch in the next month’s (presumably non-security) monthly rollup.

Here’s where things get weird. On Feb. 19, Microsoft released KB 4491113, a “Cumulative update for Internet Explorer: February 19, 2019,” which is a silver bullet patch with one intent:

This cumulative update includes improvements and fixes for Internet Explorer 11 that is running on Windows 8.1 or Windows 7, and resolves the following issue:

Internet Explorer cannot load images that have a backslash () in their relative sources path.

So we have a cumulative update, KB 4491113, that fixes a bug introduced in this month’s Monthly Rollups, but which is also fixed in this month’s Monthly Rollup previews. The previews fix other bugs as well, but I guess this one was problematic enough to warrant a single silver bullet.

Except… now comes word (from an anonymous poster) that KB 491113 is causing problems:

FWIW, this “silver bullet” isn’t quite ready to be fired; it caused problems with the game Halo: Spartan Strike by omitting some of the sound and then letting the game hang after a few minutes. It may also have caused some problems with videos on Firefox. Upon uninstalling, the Spartan is again killing Covenanters and Prometheans with full sound.

If you’re using Win10, the bug was fixed in the Third Tuesday patches – except for Win10 1809, which doesn’t yet have a Third Tuesday patch.

Moral of the story: Internet Explorer isn’t a browser. It’s a decorative appendage.

To further complicate matters, the Win8.1 Monthly Rollup Preview, which fixes this bug, introduces a truly bizarre bug that enables Location Services and makes a nuisance of itself in the Notification (er, Action) Center.

Windows 10 1809 still not ready for prime time

Microsoft changed its terminology, again, but it hasn’t yet officially declared that version 1809 is ready for business deployment. You can think of that as CBB, or SAC-not-T, SP1, or VGBS (venerable gray beard status), but whatever hokey name you put to it, the fact remains that Microsoft has not yet come out and said that Win10 version 1809 is suitable for mass consumption.

The official Windows 10 release information page still lists it as “Semi-Annual Channel (Targeted),” which is old terminology but with a judicious nod and wink – and with a dearth of additional reassurances – it’s clear that Microsoft isn’t yet recommending that businesses move onto the latest and greatest.

Hard to say when that’ll happen, but there’s lots of pressure to brand Win10 1809 as “ready for business” (CBB, SAC, SP1, VGBS, whatever) before Win10 1903 arrives…. which should be in 3… 2… 1…

Keep up on the parts of Windows that matter on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 15

January 2019

In general, the January patches look relatively benign, but for some folks in some situations they can bite. Hard.

On the surface we’ve seen the usual Patch Tuesday Cumulative Updates and secondary Cumulative Updates for all versions of Windows 10. Microsoft calls the secondary Cumulative Updates “optional” because you only get them if you click “Check for updates.”

Windows 7 and 8.1 got their usual Monthly Rollups, but there’s a problem. Specifically, this month’s Win7 Monthly Rollup has a couple of bugs that are only fixed if you install the preview of February’s Monthly Rollup. Which makes no sense at all, but that’s Microsoft. There’s another Win7 Monthly Rollup bug that’s fixed by installing a different “silver bullet” patch.

A Win10 version 1809 .NET patch, KB 4481031, rolled out as a Preview when it wasn’t. Some folks woke up one morning to a notification that their PC was no longer activated. That was a bug on Microsoft’s side. Oops.

Office 2010 took one on the chin. Two, actually. And it looks like the Japanese calendar problem’s still there, with “fixes” bringing Word, Excel and Access to a halt.

And then there’s a reprisal of the mysterious KB 4023057 “update reliability” patch, throwing error 0x80070643 on some machines.

It’s been a patch pokin’ month.

Windows 10

All of the extant versions of Windows 10 got Patch Tuesday cumulative updates this month, and then the usual second round of cumulative updates. The former came down the Automatic Update chute; the latter lie in wait unless you click “Check for updates.” That’s been the common, infuriating, behavior for several months. Nothing new.

What isnew is the remarkable delay in releasing the second patch for Win10 version 1809 – the KB 4476976 “October 2019 Update.” Microsoft held onto that patch for an extra week, putting it through an unusual second round of beta tests in the Windows Insider Preview Ring. That’s great news: It shows Microsoft’s taking its time to push out the 1809 updates.

 It remains to be seen if the new-found restraint will result in less-buggy patches, but slowing down the gauntlet certainly rates as a step in the right direction.

The two major bugs in all of this month’s Win10 patches are the acknowledged ones:

  • Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.
  • After installing KB4480966, some users report that they cannot load a webpage in Microsoft Edge using a local IP address. Browsing fails or the webpage may become unresponsive.

The first bug strikes (old!) applications written in Access 97 and in other database packages. There’s a manual solution, but it isn’t pretty, and it requires you to convert the database to a newer format. That’s not welcome news to anyone who’s nursing an old database.

The second bug has a simple workaround: Don’t use Edge. As if you needed me to tell you that.

Win10 version 1809 .NET patch KB 4481031

This was yet another Keystone Kops patch. Microsoft originally released KB 4481031 with a KB article that said it was a “Preview of Cumulative Update.” It was actually a real patch. Microsoft pushed KB 4481031 out the Windows Update chute. That, we were told two days later, was a mistake. Right now, I’m told, KB 4481031 is a for-real cumulative update that’s only being pushed to people who click “Check for updates.”

Windows 7 and 8.1

I don’t believe the conspiracy theories – that Microsoft’s intentionally planting bugs in Win7 patches to prod people on to Win10. But I do believe the complacency theories – that Microsoft’s focusing on Win10 efforts to the detriment of Win7 users, in particular.

This month we saw two big bugs introduced in the Win7 Monthly Rollup, along with the Access 97 file format problem in Win10:

  • Local users who are part of the local “Administrators“ group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing the Jan. 8 security updates. This does not affect domain accounts in the local “Administrators” group.
  • Some programs don’t display F1 Help correctly.

The first problem is pretty specific: You have to be running a peer-to-peer network, and the person trying to get to the shared folders has to have an administrator account on the shared folder’s PC. Microsoft released a “Silver Bullet” patch for this specific problem, KB 4487345. Susan Bradley has a more detailed explanation – and advice if KB 4487345 doesn’t work – in her Patch Watch column.

The second problem (which isn’t acknowledged in the Monthly Rollup KB article) can be fixed by installing the preview of next month’sWin7 Monthly Rollup, KB 4480955.

There’s an additional problem. Installing KB 4480970 (this month’s Monthly Rollup) or KB 4480960 (security-only) breaks RDP on Server 2008 R2 systems. It looks like installing the Silver Bullet patch KB 4487345 also fixes this problem.

Patch Tuesday also brought an embarrassing barrage of activation failures and “Not genuine” / ”counterfeit copy of Windows” notifications on Win7 machines with volume licenses. Microsoft has confirmed that the problem isn’t with this month’s update, it’s with Microsoft’s activation servers. Which have since been fixed. Supposedly.

Windows 8.1 continues its admirable stretch as the most stable version of Windows yet.

KB 4023057 reappears

Now in its 50th-or-so incarnation, KB 4023057, the “update reliability improvement” rolled out to Win10 1507, 1511, 1607, 1703, 1709 and 1803 machines. Microsoft still hasn’t said what KB 4023057 actually does, the KB article is a baffling bit of bull… pablum.

Speculation is that KB 4023057 blasts away any impediments you’ve set to the automatic installer. @ch100 on AskWoody has offered the only explanation that makes sense to me:

KB4023057 was and still is one of the most weird and unexplained updates in the recent times. This update has never been offered to WSUS, but only to Windows Update. This would indicate that it [was] meant for unmanaged end-users and unmanaged small business users…

This patch may be harmless, but why it was released and where it actually applies, it is still a mystery.

More Office 2010 messes

Patch Tuesday also brought KB 4461614, an Office 2010 security update. Unfortunately, as soon as you install that patch, Access and Excel stop working. Ten days later, Microsoft issued a replacement, KB 4462157. Now we have notices that KB 4462157 breaks Office 2010 entirely on Windows XP machines.

Pro tip: If you’re still running XP, you have worse things to worry about.

We’ll keep you posted on patches on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 16

December 2018

Just when you’re ready to settle in for some egg and nog and whatever may accompany, Windows starts throwing poison frog darts. This month, a fairly boring patching regiment has turned topsy turvey with an unexplained emergency patch for Internet Explorer (you know, the browser nobody uses), combined with an Outlook 2013 patch that doesn’t pass the smell test.

Mysterious bug fix for IE

Microsoft set off the shower of firecrackers on Dec. 19 when it released a bevy of patches for Internet Explorer:

Win10 1809 KB 4483235 – build 17763.195

Win10 1803 KB 4483234 – build 17134.472

Win10 1709 KB 4483232 – build 16299.847

IE 11 on Win7 and 8.1 – KB 4483187

As Gregg Keizer explains in his Computerworld analysis:

Microsoft issued a rare emergency security update to plug a critical vulnerability in the still-supported IE9, IE10 and IE11. The flaw was reported to Microsoft by Google security engineer Clement Lecigne. According to Microsoft, attackers are already exploiting the vulnerability, making it a classic “zero-day” bug.

That’s what Microsoft claimed; from the description it sounds like a drive-by hole, where you can get infected by merely looking at a bad website. But in spite of dire warnings from many corners, there’s exactly no information about the vulnerability making the rounds. In a situation like this, one would expect some sort of detailed explanation from Microsoft, Google or Lecigne. As of early Friday morning, we’ve seen nothing.  

Perhaps all the explainers are already beset with visions of sugarplums, but it’s mighty odd for an emergency patch to hit the offal fan with nary a hint of what’s wrong, or why it needs to be fixed with such abandon. This isn’t a garden variety “C” or “D” week non-security patch. It’s a full 10-claxon call to arms at a time when most people are taking an early vacation. Or at least a languid liquid lunch.

To add to the urgency, Microsoft Thursday night issued a similar tiny IE patch for the latest beta test round of the next version of Win10 – KB 4483187 brings the “19H1” beta build up to 18305.1003. So something’s afoot, but we don’t know what.

As most of you know, patching IE isn’t just for people who actually use IE. Microsoft has woven IE into the fabric of Windows – and it’s still there despite a decade-or-so of extraction effort. An IE patch is an important event because a hole in IE can manifest itself in many ways. But in this case, with no clear explanation, we don’t know what ways, or whether you’re only at risk if you actually use IE.

It gets worse.

I’m seeing reports that the Win7 patch, KB 4483187, triggers random crashes. Removing the update restores the machines. But with the holidays about to go into full swing, it’s hard to say if that’s an isolated incident or a lump of cantankerous coal.

Outlook 2013 patch Three Card Monty

Also on Thursday, Microsoft released yet another mysterious patch, KB 4011029, the “December 20, 2018, update for Outlook 2013.” According to the KB article, it fixes a bug where Mail delivery rules stop working. When you try to open the “Manage Rules & Alerts” dialog box in Outlook 2013, you receive the following error message:

The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.

Nice little holiday bug for anyone using rules in Outlook 2013. But, again, there’s more to the story.

Three days ago, Microsoft acknowledged a bug in Outlook that’s identical to the one described in the KB 4011029 article, but it affects three different “perpetual” (which is to say, bought and installed) versions of Outlook – Outlook 2010, 2013 and 2016 — plus bugs in four different subscription (which is to say, rented versions) releases of Office 365:

Version 1810 build 11001.20108
Version 1808 build 10730.20205
Version 1803 build 9126.2315
Version 1708 build 8431.2329

Apparently, the bug was introduced in the November security patches, but hadn’t been acknowledged until three days ago.

I’ve found no explanation for why Outlook 2013 has been patched, but the other six versions have not. It’s possible that there are five more patches waiting in the wings. It’s possible that this one patch is actually intended for other versions of Office. All we know for sure is that somebody’s left us hanging out to dry – no explanation, no release plan.

Sounds like a pretty common state of affairs, eh?

The 1809-pound elephant in the room

All of this is happening against a backdrop of Microsoft’s newly restored zeal in pushing Win10 version 1809 on all Win10 users. Reports on 1809 have been good, in general – although the new feature set won’t wow anyone but the most diehard Windows (and Notepad) fans – but Microsoft itself hasn’t yet declared version 1809 as fit for businesses.

Those who click “Check for updates” are most likely to get the new version, but it’ll get pushed on non-seekers soon enough.

The bottom line

I’ve seen exactly zero reports of machines being taken over by the Internet Explorer bug, zero detailed descriptions of the problem (or its solution), zero bonafide cause for alarm, but the “Sky is Falling – Patch Right Now!” cry continues to ring throughout the blogosphere. That could mean one of two things:

  • The problem is so bad that people in the know don’t want to let the cat out of the bag, or,
  • It’s a typical zero-day that’ll have to be patched eventually unless you’re the target of well-heeled nation state scoundrels and the people who do the explaining are taking the weekend off

I’m convinced the latter is far more likely. But your level of paranoia may well differ. Hey, you may actually enjoy putting your PC through the wringer while the world’s taking a well-deserved break.

We’ll keep a watchful eye through the holidays on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 17

November 2018

By far the most important reason for this month’s relative patching calm: Microsoft decided to wait and get the Windows 10 (version 1809) patch right instead of throwing offal against a wall and seeing what sticks.

What remains is a hodge-podge of Windows patches, some mis-identified .NET patches, a new Servicing Stack Update slowly taking form, a bunch of Office fixes – including two buggy patches that have been pulled and one that’s been fixed – the usual array of Flash excuses and Preview patches.

Win10 version 1809 – patching done right

In a day that will live in patching infamy, Microsoft released Windows 10 version 1809 on Oct. 2, then pulled it on Oct. 5, responding to cries of anguish and deleted data. Win10 1809 was officially re-released on Nov. 13, but very few people took the bait, and it appears as if Microsoft isn’t pushing 1809 onto any machines. Although I remain skeptical of their sampling method, AdDuplex reports that version 1809 now runs on 2.8% of all Win10 machines.

The most important patching news this month – indeed, I would argue, the most important patching news this year – is that Microsoft has finally (re-) discovered the Windows Insider Release Preview Ring. Some folks would have you believe that the Insider Release Preview Ring was designed for testing new versions of Windows. But that isn’t the way it was designed.

Here’s what Microsoft’s official Insider Program overview documentation says:

Release Preview Ring

If you want to be on the current public release of Windows 10 but still get early access to updates, applications, and drivers without taking the risk of moving to the Development Branch, the Release Preview Ring is your best option. The Release Preview Ring is only visible when your Windows build version is the same as the current Production Branch. The easiest way to go between the Development Branch to the current Production Branch is to reinstall Windows using the Media Creation Tool, see instructions at Download Windows 10.

Now we’re seeing builds of the Windows 10 September-October-November-soon-to-be-December 2018 Update going through a proper test cycle. Not surprisingly, Microsoft has uncovered (and apparently fixed) tons of bugs in 1809, including the notorious filename extension bug and mapped drive bug. While Microsoft once said that its fixes would arrive in late November, the official status page now says they’ll arrive in early December.

At the same time, other companies have had time to get their products ready for 1809. Apple has a new version of iCloud that works with 1809. Trend Micro says it has new versions of its products either in place, or coming soon, to fix its incompatibilities. That said, upgrade blocks are still in place for AMD Radeon HD2000 and HD4000 graphics cards, with no resolution yet identified; for F5 VPN clients; and for certain new Intel display drivers.

Short version: It would be, ahem, quite foolish to install 1809 until Microsoft has figured out and released its latest cumulative update. Yes, that means the Win10 September 2018 Update won’t arrive in moderately usable form until December. So be it.

Other Windows patches

Win10 1809 is being patched in a reasonable, steady way – with beta test versions of the cumulative updates appearing in the Insider Release Preview Ring, where they can be pounded appropriately.

Alas, we aren’t so lucky with the other versions of Win10, where untested non-security bug fixes continue to appear as monthly second-round cumulative updates. We had a bunch of those this month:

  • Win10 version 1803KB 4467682 brings the build up to 17134.441. Lots and lots of little bug fixes, plus a fix for the filename association bug. 1803 still shows two known issues: The SqlConnection exception in .Net (“will provide an update in an upcoming release”), and the Seek Bar is broken in Windows Media Player (“a solution will be available mid-December 2018”).
  • Win10 version 1709KB 4467681 brings the build up to 16299.820. Another big list of bugs, same acknowledged problems.
  • Win10 version 1703— KB 4467699 brings Enterprise and Education users up to build 15063.1478.
  • Win10 version 1607and Server 2016— KB 4467684 brings Server and LTSC users up to build 14393.2639.

Yes, that means Microsoft is currently supporting seven different versions of Windows – Windows 7, 8.1, Win10 1607, 1703, 1709, 1803, 1809 – plus Server versions, Xbox, Mobile (sorta), Embedded, IoT, Holographic, and heaven knows what all.

It now appears as if Microsoft is installing the second monthly Cumulative Updates for seekers – those who click Check for Updates. Ouch. I thought Microsoft had backed off that particular form of insanity.

There are also new Intel microcode updates, explained in KB 4465065 (thx @ep, @ch100), as well as a new beta test version of the Win10 1809 Servicing Stack Update, which will likely appear at the same time as the Win10 September-October-November-December 2018 Update.

As things stand now, I haven’t heard any loud screams of pain stemming from the Win10 Cumulative Updates, second monthly Cumulative Updates, or the Win7 or 8.1 Monthly Rollups.

More .NET shennanigans

The .NET patches this month have provided an ongoing source of amusement. First, we were treated to an apparent typo in the description of the Win7 Monthly Rollup for .NET 3.5.1… 4.7.2 (see this thread by FanJ in the Wilders Security Forums – thx @cesmart4125). Now we have three .NET patches for Win7/8.1 in Windows Update (thx @abbodi86):

  • An apparently undocumented re-issue of KB 4457920, the old 2018-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1. (No indication as yet if the analogous patch for Win7, KB 4457918, has re-appeared.)
  • The usual Monthly Rollup (KB 4467240 for Win7 and KB 4467242 for Win 8.1)
  • The usual Preview Monthly Rollup (KB 4467224 for Win7, KB 4467226 for Win 8.1)

I’m not showing any significant problems with any of those – and no indication what’s been changed (if anything) with the 2018-09 patches.

Oh, Office

As I explained on Nov. 19, this month’s big bunch of Office patches included two non-security patches, KB 4461522 and KB 2863821, that trigger Entry Point errors in various Office 2010 products. Microsoft’s current advice is to uninstall the patches. They aren’t being distributed and haven’t been fixed.

A Patch Tuesday security update marvel, KB 4461529, crashes 64-bit Outlook 2010 on startup. Not many people use the 64-bit version of Office 2010 because it’s so buggy. Think of this as exhibit 314159. Microsoft “fixed” the bug a couple of days ago by releasing a second patch, KB 4461585, whose sole purpose appears to be fixing the crashes caused by the original.

The bottom line

The past five months have shown, repeatedly, that you’d have to be crazy – or ignorant of the past– to continue applying Windows patches as soon as they’re released. July patching was an unmitigated disaster. After some initial mis-steps, August fared substantially better. September saw a bunch of “v2” patches that got yanked suddenly, but it all worked out in the end. If you waited long enough. October fell all over itself delivering bad news. November’s better, primarily because Microsoft put the brakes on Win10 1809 and decided to actually test things before releasing them. Novel concept, that.

If you’re in charge of protecting state secrets, the pressure’s on to get the patches installed come hell or high water. Susan Bradley’s Master PatchList remains relatively calm, if you take into consideration the problems explored in this article.

As best I can tell, the biggest threat still lies in a resurgence in Equation Editor exploits. That particular Office bug was fixed (and re-fixed) almost a year ago.  

November’s almost over and, with the return of sanity in Win10 1809 patching, it may just be a turning point. Things really couldn’t get much worse.

Patching pains? Join us on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 18

October 2018

This month’s bad patches made headlines. Lots of headlines. For good reason.

You have my sympathy if you clicked “Check for updates” and got all of the files in your Documents and Photos folders deleted. Even if you didn’t become a “seeker” (didn’t manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers — and Edge and your UWP (“Metro” Store) apps might have been kicked off the internet.

You didn’t need to lift a finger.

Worst Windows 10 rollout ever

Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked “Check for updates” wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their Documents, Pictures, Music, Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:

Word to the Win10 wise: Don’t click ‘Check for updates’ — Microsoft has unilaterally given itself permission to upgrade your Win10 PC to the brand-new version 1809, if you have the temerity to click “Check for updates.”

How to block the Windows 10 October 2018 Update, version 1809, from installing — the best ways to ensure you install 1809 when you’re ready, even in the face of recent forced updates from Microsoft.

Did you upgrade to Win10 1809 and lose all of your documents and pictures? — If, in spite of my warnings, you upgraded to the latest version of Win10, and you lost all of your Documents, Pictures, Music, Videos or other folders, DON’T DO ANYTHING until you’ve tried this fix.

Microsoft yanks buggy Win10 1809 upgrade, leaving zapped files in its wake — It took four days of complaints about deleted Documents, Photos and other files and late Friday, Microsoft finally pulled the Win10 1809 upgrade. Microsoft has known about the bug for months.

Now that we’re in October’s “C Week” — the week containing the third Tuesday of the month — version 1809 is back in beta testing, there are new patches for those who want to continue with 1809, Microsoft hasn’t come up with a fix for the deleted files, and a whole lot of people are in a whole lot of hurt.

Rule #1: Don’t trust Microsoft.

Rule #2: Don’t click “Check for updates.” In Microsoft-speak, “check for updates” means “install most (but not necessarily all) available updates.”

Rule #3: Refer to Rule #1.

Windows 7 Monthly Rollup patching sequence logic still screwed up

Microsoft vowed that it would fix the bizarre error where the patch installer isn’t smart enough to update itself prior to installing new patches. The primary symptom is an Error 0x8000FFF when installing the Monthly Rollup.

The Servicing Stack Update sequencing problem is so bad, it looks like Microsoft stopped pushing the Monthly Rollup at the end of “B Week.”

We’ve had many conflicting reports about the Monthly Rollup itself, KB 4462923, appearing in the Windows Update list checked (and thus pushed through Windows Update), unchecked and, in some cases, missing entirely. WSUS has been spinning. Patch Lady Susan Bradley puts it succinctly:

Metadata and patch dependency is totally screwed up on Windows 7 platform and because of that the October security updates detection are screwed up.

Bad driver #1 — HP keyboards

I still see reports that Microsoft pushed a buggy update to Win10 version 1809 that caused the WDF_VIOLATION blue screens that brought some systems to their knees. That’s not true. The blue screens are triggered by a bad HP keyboard driver, version 11.0.3.1, which was distributed via Windows Update to Win10 version 1803 and 1809 machines. The buggy driver causes blue screens on the latest builds of 1803 and 1809, although it’s unclear whether the driver triggers BSODs on earlier builds.

Microsoft released a “silver bullet” update that deletes the driver if it’s sitting in your PC’s queue waiting for reboot — which doesn’t do a whole lot of good, especially if you’re stuck in a BSOD loop.

Bad driver #2 — Intel audio

As if the pushed buggy HP keyboard driver weren’t enough, Microsoft also pushed a second bad driver. Some folks running Win10 1709, 1803 or 1809 with Automatic Update turned on discovered that after installing this month’s updates, the sound stopped working, with the message “No Audio Output Device Is Installed.”

Fer heaven’s sake. Why let Windows Update push its buggy drivers onto your machine? There’s a fairly straightforward procedure for telling Windows to stop pushing drivers along with its other dicey updates. At least, the steps are straightforward for those who own Win10 Pro or Education. Home users get to futz with a Registry setting.

Edge can’t find the internet

Speaking of weird Win10 version 1809 behavior… if you’re trying to run Edge (I know, I know) in Win10 version 1809, you may not be able to connect to the internet. UWP (“Metro” Store) apps might not be able to connect, either. This happens even if you have a working internet connection.

The problem? You need to turn on IPv6. Lawrence Abrams on Bleepingcomputer has a step-by-step solution.

Some day this will all go away. The latest version of the dominant Chrome browser doesn’t have that IPv6 problem, and with newfound, fledgling support for Progressive Web Apps, we’re likely looking at the beginning of the end of UWP apps. I, for one, won’t miss them.

JET database patch doesn’t work

Trend Micro’s Zero Day Initiative found a bug in the Jet Database Engine — an ancient (early ‘90s) bug-ridden database precursor to today’s SQL Server. Microsoft didn’t fix it in the ZDI-allotted 120-day fix window, so they published full details. On Day 154, this month’s Patch Tuesday, Microsoft released a fix for what is now known as CVE-2018-8423.

Except Microsoft’s CVE-2018-8423 fix doesn’t fix the whole problem. You can read the gory details on Mitja Kolsek’s 0patch Team blog.

0patch is in the business of providing short-term “micropatches” for bugs that Microsoft doesn’t fix. They initially published a micropatch when Microsoft missed the ZDI deadline. Now they’ve issued a re-patch for the still-unfixed CVE-2018-8423 bug.

I rarely recommend third-party fixes for Microsoft bugs because of the potential for problems. But when Microsoft can’t fix its own bugs, well, it gives me pause.

The bottom line

The past four months have shown, repeatedly, that you’d have to be crazy — or ignorant of the past — to continue applying Windows patches as soon as they’re released. July patching was an unmitigated disaster. After some initial missteps, August fared substantially better. September saw a bunch of “v2” patches that got yanked suddenly, but it all worked out in the end — if you waited long enough. Now October is back to the same-old same-old.

If you’re in charge of protecting state secrets, the pressure’s on to get the patches installed come hell or high water. But for most folks, there’s precious little reason to subject your machine to patching problems right away. That said, Susan Bradley’s Master PatchList remains relatively calm, if you take into consideration the problems explored in this article.

As best I can tell, the biggest threat at this point lies in a resurgence in Equation Editor exploits. That particular Office bug was fixed (and re-fixed) almost a year ago. Yes, you have to install security patches sooner or later.

This month is the first month with an “E Week” — there are five Tuesdays in October. It’ll be the first “E Week” since Microsoft adopted the “A Week” / “B Week” bafflegab. With five Tuesdays now open to official attack, we may be entering a new stage of enlightenment.

Patching problems? Join us on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 19

September 2018

As we near the end of patching’s “C Week” (which is to say, the week that contains the third Tuesday of the month), there are no show-stopping bugs in the Windows and Office patches and just a few gotchas. As long as you avoid Microsoft’s patches for Intel’s Meltdown/Spectre bugs, you should be in good shape.

Why a Patch Monday?

On Sept. 17, Microsoft released two very-out-of-band cumulative updates for Windows 10:

  • KB 4464218 brings Win10 1803 up to build 17134.286
  • KB 4464217 brings Win10 1709 up to build 16299.666

Both of the cumulative updates fix a bug that was introduced in the July 24 cumulative updates. The bug causes Microsoft’s Intune to stutter because it looks in the wrong place for user profiles. The second cumulative update also fixes an obscure VPN bug.

I have no idea why Microsoft released those patches on a Monday. They certainly could’ve waited until Tuesday – the “C Week” Tuesday traditionally being used to fix bugs introduced on Patch Tuesday. Somebody clearly jumped the gun, and folks who patch for a living aren’t really happy about having their chains jerked.

We never did get a cumulative update for Win10 1703. Maybe it wasn’t affected by the July 24 bug. Maybe it’s just too long in the tooth, with support for 1703 due to expire next month.

We also got a way-out-of-band cumulative update for Windows 7 Internet Explorer, KB 4463376, on a “B Week” Friday afternoon.

Second Win10 cumulative updates

If September follows the precedent set this year, we’ll probably see another set of Win10 cumulative updates during “D Week” – next Tuesday, Sept. 25. At the same time, we’ll likely see sets of Monthly Rollup Previews for Win7 and 8.1. Of course, you should ignore them.

More firmware updates

We’re getting more and more firmware updates for Microsoft Surface devices. In the past month, there’ve been firmware/driver patches for the Surface Pro 3, Surface Pro 4, Surface Pro 2017, Surface Book, and even the Surface Studio. It’s an across-the-board makeover (or massive fix) that hasn’t been extended to the Surface Laptop, Book 2, or Go. Yet.

Meanwhile, I’m still hearing complaints about the Surface Pro 4 update.

More Intel microcode fixes

While there has yet to be any credible Meltdown or Spectre threat (Spectre v 1, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, 2, 3, 3a, 4 or 5), Microsoft continues to release microcode updates for Intel processors on machines running Win10 version 1709 and 1803. Sometimes the installers try to install the Intel updates on AMD processors, but what the hay.

I go back to Helen Bradley’s statement last month:

Unless you are a nation state, have a key asset in a cloud server, or are running for a government office, I think we are spending way, way more time worrying about this than we should.  I still think that attackers will nail me with malware, attack me with phishing, ransomware, etc., etc. way more than someone will use these side channel attacks to gain information from me.  Remember that the attacker has to get on your system first and I still think they will use the umpteen other ways to attack me easier than this attack.  Also keep in mind that we won’t really have a full fix for this issue for several years.  Intel and AMD will need to redesign the chips to ultimately get fixed.

If you’re concerned about such things, do yourself a favor and go to Intel (probably via your PC’s manufacturer) and install the specific patches that you need. And remember that they won’t completely solve the problem.

If you insist on using the Microsoft approach to microcode, abandon all hope, and follow Bradley’s advice here.

The bottom line

July patching was an unmitigated disaster. August fared substantially better. Now, although the month isn’t yet over, September seems to be doing well – if you ignore the Patch Monday gaffe and throw up your hands over Meltdown and Spectre.

In spite of several Chicken Little warnings this month, there haven’t been any widespread attacks that warrant rushing out and installing any of the September patches just yet.

Susan Bradley’s Master PatchList looks relatively serene.

There’s something to look forward to. In October we get an “E Week” – there are five Tuesdays in October. It’ll be the first “E Week” since Microsoft adopted the “A Week” “B Week” bafflegab. What wonders await?

Thx to @sb and @PKCano

Patching problems? Join us on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 20

August 2018

So far this month we’ve only seen one cumulative update for each version of Windows 10, and one set of updates (Security only, Monthly Rollup) for Win7 and 8.1. With a few notable exceptions, those patches are going in rather nicely. What a difference a month makes.

We’ve also seen a massive influx of microcode updates for the latest versions of Windows 10, running on Intel processors. Those patches, released on Aug. 20 and 21, have tied many admins up in knots, with conflicting descriptions and iffy rollout sequences.

Big problems for small niches

At this point, I’m seeing complaints about a handful of patches:

  • The original SQL Server 2016 SP2 patch, KB 4293807, was so bad Microsoft yanked it — although the yanking took almost a week. It’s since been replaced by KB 4458621, which appears to solve the problem.
  • The Visual Studio 2015 Update 3 patch, KB 4456688, has gone through two versions — released Aug. 14, pulled, then re-released Aug. 18 — and the re-released version still has problems. There’s a hotfix available from the KB article, but you’d be well advised to avoid it.
  • Outlook guru Diane Poremsky notes on Slipstick that the version of Outlook in the July Office 365 Click-to-Run won’t allow you to start Outlook if it’s already running. “Only one version of Outlook can run at a time” — even if the “other version” is, in fact, the same version.
  • The bug in the Win10 1803 upgrade that resets TLS 1.2 settings persists, but there’s an out-of-the-blue patch KB 4458116 that fixes the problem for Intuit QuickBooks Desktop.
  • The Win10 1803 cumulative update has an acknowledged bug in the way the Edge browser interacts with Application Guard. Since about two of you folks use that combination, I don’t consider it a big deal. The solution, should you encounter the bug, is to uninstall the August cumulative update, manually install the July cumulative update, and then re-install the August cumulative update — thus adding a new dimension to the term “cumulative.”
  • The Win7 Monthly Rollup has an old acknowledged bug about “missing file (oem<number>.inf).” Although Microsoft hasn’t bothered to give us any details, it looks like that’s mostly a problem with VMware.

The rest of the slate looks remarkably clean. Haven’t seen that in a long while.

Second Win10 cumulative updates

If August follows the precedent set this year, we’ll probably see another set of Win10 cumulative updates next Tuesday, “dee” Tuesday, Aug. 28. At the same time we’ll likely see sets of Monthly Rollup Previews for Win7 and 8.1. Of course, you should ignore them.

More firmware updates

In the past couple of months, Microsoft has released massive firmware/driver updates for almost all of the latest Surface devices.

At this point, I’m still seeing problems with the July 26 set of fixes for the Surface Pro 4, which have been blamed for touchscreens that don’t touch, pens that don’t pen, batteries that go out to lunch, and all sorts of boorish behavior.

Of course, there have been no solutions.

More Intel microcode fixes

Microsoft released oodles and gobs (that’s a technical term) of microcode fixes for Win10 1803 and 1709, passing along Intel’s fixes for the Meltdown and Spectre V1, 2, 3, and 4 security holes. People have been pulling their hair out by the roots. Susan Bradley has a great birds-eye view:

Unless you are a nation state, have a key asset in a cloud server, or are running for a government office, I think we are spending way way more time worrying about this than we should.  I still think that attackers will nail me with malware, attack me with phishing, ransomware, etc etc, way more than someone will use these side channel attacks to gain information from me.  Remember that the attacker has to get on your system first and I still think they will use the umpteen other ways to attack me easier than this attack.  Also keep in mind that we won’t really have a full fix for this issue for several years.  Intel and AMD will need to redesign the chips to ultimately get fixed.

If you’re concerned about such things, do yourself a favor and go to Intel (probably via your PC’s manufacturer) and install the specific patches that you need. And remember that they won’t completely solve the problem.

If you insist on using the Microsoft approach to microcode, abandon all hope, and follow Bradley’s advice here. No matter which approach you take, make sure that you don’t publish any before-and-after performance data, which Intel has unilaterally declared verboten. See Bruce Perens’s article Intel Publishes Microcode Security Patches, No Benchmarking Or Comparison Allowed!

The bottom line

After all the problems last month, it’s a relief to have only a handful of glaring problems this month. I suggest you wait another day or two before installing the August patches.

The only significant breach of a recently patched security hole that I’ve found involves North Korea, Internet Explorer 11, VBScript, and China. That’s probably not a combination that’ll keep you up at night — and there’s little reason to rush into installing the August patches unless you’re in a Chinese organization that’s run afoul of the North Korean government.

I continue to recommend that you keep 1803 off your Win10 machines. No reason to go there until you’re forced. Susan Bradley’s Master PatchList has details for individual patches.

Thx to @sb, @abbodi86 and @PKCano

Patching problems? Join us on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 21

July 2018

If you ever wondered why people — and organizations — are taking longer and longer to willfully install patches, take a look at what happened this month. After a disastrous start, Windows 10 patches seem to be OK, but .NET and Server patches still stink.

For most of the year, we’ve seen two big cumulative updates every month for each of the supported Win10 versions. This month, so far, we’ve had three. Microsoft’s claim that it will install the Win7 and Win8.1 Monthly Rollups defies logic. The .NET patches are in such bad shape that the .NET devs have thrown in the towel. And here we sit not knowing exactly which way is up.

Three Win10 cumulative updates for each version in July

On Patch Tuesday, July 10, as usual, Microsoft rolled out cumulative updates for all of the supported versions of Windows 10. Almost immediately we heard screams of pain as four big bugs, later officially acknowledged, hit the fan. Six days later, Microsoft released a second set of cumulative updates, again for all versions of Win10. Those updates were specifically designed to fix the bugs introduced by the original updates. The build numbers in the Knowledge Base articles didn’t match the build numbers that people actually installed but, well, that’s Microsoft.

A week after that, on July 24, Microsoft released a third set of cumulative updates, again for all versions of Win10. At least, I think they were released on July 24. The dates in the Update Catalog and on the files themselves don’t line up. But we definitely have three cumulative updates for every version, so far this month. Beefy bug fixes.

It’s still too early to tell whether the third round of patches is viable. We’ve only had them for two days.

Win7 and Win8.1 get their fair share

As usual, Win7/Server 2008 R2 and Win8.1/Server 2012 R2 both received a single Monthly Rollup (along with a Security-only patch) on July 10. Both contained three of the four bugs introduced in the Win10 Patch Tuesday security patches, including the Stop 0xD1 bug. Microsoft released manual download-only fixes for the bugs for Win7 and 8.1 on July 16.

Then, on July 18, Microsoft released Monthly Rollup Previews for both Win7/Server 2008 R2 and Win8.1/Server 2012 R2, which apparently contain the manual download-only fixes. Like all good Monthly Rollup Previews, they’re released as Optional patches, so you have to specifically check them in order to get them — a procedure I never recommend.

Except, golly gee, on July 24, Microsoft announced:

The Windows Update classification for the following update packages has been changed from Optional to Recommended: KB 4338821 (Preview Monthly Rollup for Win7/Server 2008 R2), KB 4338816 (Preview Monthly Rollup for Server 2012), KB 4338831 (Preview Monthly Rollup for Win 8.1/Server 2012 R2). These packages will be installed automatically if the operating system is configured to receive automatic updates.

It’s a setting that, as best I know, is completely unprecedented in the history of Monthly Rollup Previews. Hard to imagine a Preview — by definition, a fix that isn’t ready for prime time — that’s pushed onto all machines. As of today, I haven’t seen those Previews pushed onto Win7 or 8.1 machines with automatic update enabled. It appears as if the announcement only applies to Servers — but that’s just conjecture at this point.

A poster named Francis says:

Since only the server preview rollups are updated in the catalog, I think Microsoft is not telling us the whole truth. Probably only the server preview rollups will be installed automatically if the operating system is configured to receive automatic updates AND the option to receive recommended updates is set in the Windows Update client settings

That corresponds to what I’ve seen. (If you aren’t confused, you haven’t been following along.)

.NET’s nuts

The .NET patches released on Patch Tuesday were bad. They were so bad that Microsoft itself has disavowed any knowledge of their actions. On July 20 — 10 days late and $10 short — ‘Softie Rich Lander posted on the official .NET blog:

The July 2018 Security and Quality Rollup updates for .NET Framework was released earlier this month. We have received multiple customer reports of applications that fail to start or don’t run correctly after installing the July 2018 update… We have stopped distributing the .NET Framework July 2018 updates on Windows Update and are actively working on fixing and re-shipping this month’s updates. If you installed the July 2018 update and have not yet seen any negative behavior, we recommend that you leave your systems as-is but closely monitor them and ensure that you apply upcoming .NET Framework updates.

Since that time, we’ve seen some fancy footwork to stop the disease from spreading. It now appears as if the patches are either not available or, if available through Windows Update, aren’t checked for automatic installation. The official apology hasn’t been updated with any word of a fix.

Office

Microsoft pulled the bad Office 2016 non-security patch KB 4018385 on July 12, nine days after its release on the first Tuesday of the month. As I explained at the time:

What we’re seeing is a non-security patch for a bug in three-month-old security patch that crashed Office … and the new non-security patch also crashes Office. That’s progress.

No word on a fix.

Massive firmware updates

If you have a Surface Pro 4 or a Surface Laptop, Microsoft has released dozens of firmware/driver fixes for your machine. Some of the “new” drivers are a year or more old. I hold out some hope that the fixes will cure some of the outstanding problems we’ve seen with the Surface Pro 4, especially with flakey keyboards and super slow write speeds.

More Intel microcode fixes

On July 24, we saw another bunch of Intel microcode fixes, specifically targeting the Spectre v2 vulnerability. There are separate patches for Win10 version 1803 and 1709— and no new updates, so far at least, for earlier versions. Microsoft’s summary post for the microcode KBs contains links.

The bottom line

Just about every aspect of patching this month revealed significant screw-ups. If your machine is set to automatically install new updates as soon as they’re released, you were likely stung at least once. Add to that the stunning lack of transparency and obvious documentation inconsistencies, and you have one of the worst patching months in recent memory. Let’s hope it doesn’t get worse.

I continue to recommend that you keep 1803 off your Win10 machines. The volume (and quality!) of patches doesn’t bode well. Of course, the other Win10 versions weren’t much better this month. Susan Bradley’s Master PatchList has details for individual patches.

Thx to @sb, @abbodi86 and @PKCano

Problems with patches? Yeah, join the club. Visit us on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 22

June 2018

Microsoft’s patches in June took on some unexpected twists.

Windows 7 owners with older, 2002-era Pentium III machines got their patching privileges revoked without warning or explanation (and a documentation cover-up to boot), but there’s little sympathy in the blogosphere for elderly PCs.

Win10 1803 was declared fully fit for business, a pronouncement that was followed weeks later by fixes for a few glaring, acknowledged bugs — and stony silence for other known problems.

We’re continuing the two-big-cumulative-updates-a-month pace for all supported versions of Windows 10. The second cumulative update frequently fixes bugs introduced by the first cumulative update.

Win10 version 1803 still rough around the edges

Microsoft may think that Win10 (1803) is ready for widespread deployment, but there are a few folks who would take issue with that stance.

Yesterday, Microsoft finally released a fix for two big bugs that have dogged Win10 1803 since its inception. In theory, patch KB 4284848 fixes these acknowledged bugs:

  • Some users running Windows 10 version 1803 may receive the error “An invalid argument was supplied” when accessing files or running programs from a shared folder using the SMBv1 protocol.
  • Microsoft Edge may stop working when it initializes the download of a font from a malformed (not RFC compliant) URL.

In practice, life isn’t so simple. WSUS (the Windows Update Server software) isn’t “seeing” KB 4284848, as of late Wednesday afternoon –  which may be a good thing.

Along with the second cumulative update this month, there are additional releases to fix the Servicing Stack, and a new “Compatibility update” that, per the documentation, is designed to make it easier to upgrade Win10 1803 Enterprise to Win10 1803 Enterprise (not a typo).

Old problems remain in abundance. There are many reports of munged Intel NICs and VLAN problems after installing 1803. Josh Mayfield (whom you may recall from GWX days) reports that you’re forced to set up a PIN during fresh installs. The ancient problem with restore partitions getting assigned drive letters on install remains. Chrome continues its indigestion with 1803, although Microsoft claims the latest patch cures all ills. None of this is acknowledged anywhere I can see.

One problem that has been acknowledged – but only by a Microsoft Agent on an Answers Forum post – says that installing 1803 can clobber your peer-to-peer network. That certainly matches my experience. With earlier versions of Win10, I’d fire up the Homegroup Troubleshooter and that usually solved the problem. Unfortunately, Microsoft discontinued Homegroups in version 1803.

On the positive side, WindowsCentral’s Zac Bowden reports that yesterday’s 1803 patch fixes lagging/stuttering issues on his Surface Book 2 – a problem that’s neither acknowledged, nor described in the list of fixes.

If you think Win10 1803 is ready for prime time, you’re welcome to give it a try.

Multiple patches for supported versions of Win10

  • Version 1803 saw patches on June 5 (for a QuickBooks bug), June 12 (which introduced the Edge font bug) and June 26 (see the above);
  • Version 1709 was patched on June 12 and June 21. Now up to build 16299.522, it appears to be relatively stable. I haven’t upgraded to it, but will try to find time over the July 4 holiday;
  • Version 1703 was also patched on June 12 and June 21.

Win7 continues to draw attention

We still have an acknowledged bug, introduced by the Win7 patches in March:

There is an issue with Windows and a third-party software that is related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.

As noted by an anonymous poster last month:

It’s not only KB4103718 (May 8, 2018—KB4103718 (Monthly Rollup)) that has been updated with the missing oem<number>.inf issue. The problem seems to date back to the March 2018 Security-Only and Monthly Rollup updates.

All of the following knowledge base articles were updated with similar warnings on May 25, 2018:

  • KB4088875: March 13, 2018—KB4088875 (Monthly Rollup);
  • KB4088878: March 13, 2018—KB4088878 (Security-only update);
  • KB4088881: March 23, 2018—KB4088881 (Preview of Monthly Rollup);
  • KB4093118: April 10, 2018—KB4093118 (Monthly Rollup);
  • KB4093113: April 17, 2018—KB4093113 (Preview of Monthly Rollup);
  • KB4103718: May 8, 2018—KB4103718 (Monthly Rollup);
  • KB4103713: May 17, 2018—KB4103713 (Preview of Monthly Rollup).

Microsoft won’t say which vendor(s) and/or which network card(s) are getting cracked by the patch. There’s speculation that the bad card is from Intel, but we really don’t know. Your only real recourse is to create a full backup prior to applying this month’s patches, or to accept the possibility that you’ll have to manually re-install them. Susan Bradley has detailed instructions.

The bottom line

Windows 8.1 continues to hold the title as the most stable version of Windows. Hard to believe.

This month’s Office patches seem to be working, although there are many individual problems listed in the Office Fixes or Workarounds list.

Stay tuned.

Thx to @sb and @PKCano

Struggling with other problems? Join us on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 23

May 2018

Once more we have a monthly Windows/Office patch scorecard that needs a guidebook. Or two. And we just got a handful of buried warnings about problems in old patches, plus a brand new way to fry your network interface card.

Thus continues the tradition of two cumulative updates per month for all of the supported Windows 10 versions – that’s eight cumulative updates in total – in addition to bobs and weaves and a very long list of acknowledged bugs introduced by recent security patches in Windows 7.

Conflicts with Remote Desktop

The strange behavior of the CredSSP update – where the Patch Tuesday fixes for all versions of Windows seemed to break Remote Desktop Protocol with a strange error message: “This could be due to CredSSP encryption oracle remediation” has been resolved.

Patch Lady Susan Bradley notes (about all versions of Windows and Remote access):

Be aware — if you are seeing RDP issues post patch Tuesday, the underlying issue is that there is a mismatch between patch levels. The updates for the RDP/credssp came out in March and slowly Microsoft has been adjusting the mandate of the update. In May, the full “you must have a patch on both ends” kicked in. So if you haven’t updated your servers, but your workstations got patched you’ll see the CredSSP error message.

While there is a registry key to allow patched systems to connect to unpatched systems, it’s much wiser to patch your servers. Note that if you held off patching your servers because of the networking side effects/bugs, those were patched in the April.

That’s how you solve a CredSSP encryption oracle remediation problem. Obviously. Ahem.

Win10 version 1803 approaches ‘usable’ status

The unpaid beta testers for Windows 10 April 2018 Update (better known as version 1803) earned their salaries this month, with triple overtime. The embarrassing bug in the original 1803 (released April 30) bricked any computer with an Intel SSD6 drive– including some of Microsoft’s own Surface Pro 2017 computers.

A similar, but different, bug dogged PCs with Toshiba SSDs. The bug persisted in the first cumulative update for Win10 1803, but was finally put to sleep last week with the second cumulative update, which finally made 1803 installable on most common PCs.

Installable, mind you. Not stable. For example, there are many reports of 1803 driving batteries nuts. I’ve seen discussions of the Surface Studio mouse and keyboard lock-ups after installing 1803, but no solutions – and there may be a similar problem with earlier versions of Win10. The Reddit 1803 megathread is up to 1,800 comments– not all of which are glowing reports of happiness in 1803 land.

The greatest malfeasance, in my opinion, is Microsoft’s continuing push to install Win10 1803 on machines that are set to specifically avoid it. Win10 1709 Home users get hit the worst. AskWoody reader IG puts it this way:

I have found that (at least in my situation with my Lenovo and HP laptops) the best way to avoid the latest feature update for Windows 10 Home, is to not only set your connection to metered, but to also install the Windows update tool, (wushowhide). Despite being on a metered connection, the 1803 upgrade eventually showed up ‘available to download’ this week. Along with the 1803 update a 1709 update also showed up but required a ‘retry.’ Using the update tool I hid the 1803 upgrade, and the next time Windows automatically checked for updates, it was no longer available to download. I was also able to retry and install the current 1709 update without any issues.

I continue to strongly recommend that you not hobnob with the cannon fodder and wait for Microsoft to show some restraint. Or at least some fixes. My original recommendations for blocking 1803 still work, but you have to use all of them, altogether, all the time.

Multiple patches for all versions of Windows 10

If you’re using Windows 10, you saw big multiple patches in April:

  • Version 1709– the Fall Creators Update — the initial Patch Tuesday patch, KB 4103727, had the usual round of complaints about failure to install, random bluescreens and the like. The second cumulative update, KB 4103714, seems to be stable.
  • Version 1703— the Creators Update — got its first cumulative update, KB 4103731, on Patch Tuesday, and a second huge cumulative update, KB 4103722a week later.
  • Version 1607— the Anniversary Update (only for Win10 1607 Enterprise and Education) also got two cumulative updates.

Version 1703 remains stable (although there’s a whole lotta patchin’ goin’ on) and 1709 has finally found some maturity. About a month too late.

The ongoing Windows 7/Server 2008 R2 saga

Windows 7 continues to be singled out for back-breaking patch-induced bugs. Microsoft officially acknowledges both of these bugsin the latest Win7/Server 2008 R2 patch, KB 4103718:

  • A stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2). A long-standing problem, still with no solution.
  • There is an issue with Windows and a third-party software that is related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.That announcement appeared out of the blue on May 26. There’s no indication which “third-party software” is at fault – or who should avoid the patch – but such are the vagaries of Windows patching. There’s an in-depth discussion going on the AskWoody Lounge.

As it turns out, the missing oem<number>.inf issue dates back to the March patches. According to an anonymous poster:

It’s not only KB4103718 (May 8, 2018—KB4103718 (Monthly Rollup)) that has been updated last Friday with the missing oem<number>.inf issue. The problem seems to date back to the March 2018 Security-Only and Monthly Rollup updates.

All of the following knowledge base articles were updated with similar warnings on May 25:

  • KB4088875: March 13, 2018—KB4088875 (Monthly Rollup)
  • KB4088878: March 13, 2018—KB4088878 (Security-only update)
  • KB4088881: March 23, 2018—KB4088881 (Preview of Monthly Rollup)
  • KB4093118: April 10, 2018—KB4093118 (Monthly Rollup)
  • KB4093113: April 17, 2018—KB4093113 (Preview of Monthly Rollup)
  • KB4103718: May 8, 2018—KB4103718 (Monthly Rollup)
  • KB4103713: May 17, 2018—KB4103713 (Preview of Monthly Rollup)

We’re stuck between a rock and a hard place. Microsoft won’t say which vendor(s) and/or which network card(s) are getting cracked by the patch. There’s speculation that the bad card is from Intel, but we really don’t know. Your only real recourse is to create a full backup prior to applying this month’s patches, or to accept the possibility that you’ll have to manually re-install them. Susan Bradley has detailed instructions.

That same anonymous poster goes on to advise:

Also, there is a new, never heard before issue with the Win7 March 2018 Security-only update (KB4088878):

Symptom: A 32-bit (x86) computer won’t boot or keeps restarting after applying this security update.

Workaround: Before applying this security update and subsequent security updates, uninstall the following external drivers until they are fixed by the vendor that owns them:

  • HASP Kernel Device Driver (a.k.a. Haspnt.sys)
  • Hard Lock Key Drivers (a.k.a. hardlock.sys)

It’s not at all clear if that warning is only for 32-bit computers.

If you want to see something scary, take a look at the current version of the “Known issues” list for the Win7 Security-only patch, KB 4088878. I count nine acknowledged bugs introduced in that one Security-only patch.

Windows 8.1 / Server 2012 R2 continues to look good. By any objective measure, 8.1 is Microsoft’s most stable version of Windows. By a long shot.

Office patches keep rolling along

I don’t know of any pressing problems with this month’s Office patches. Susan Bradley’s Master Patchwatch List gives them a clean bill of health, and @PKCano’s list of non-security patches looks clean, too, although there are a number of acknowledged problems listed on the official Fixes pages.

Stay tuned.

Thx to @PKCano, @sb and the Mentats-in-Training.

Join us for the latest on the AskWoody Lounge

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 24

April 2018

People think I’m joking when I refer to bug fixing as Microsoft’s next billion-dollar business. I’m not. This month woefully demonstrated why patching Windows has become much bigger – and more critical – than developing new versions. Microsoft’s hell-bent move to bring out new versions of Windows twice a year “as a service” makes things worse, but quality control problems dog patches to every version of Windows. Except, arguably, Windows 8.1.

In April, we’ve seen a return to two massive cumulative updates per month for all supported versions of Windows 10. The second cumulative update, with luck, fixes the bugs in the first cumulative update. Windows 7 turned into a fiery pit when it was discovered in late March that every patch to Win7 (and Server 2008R2) pushed out this year enables the Total Meltdown bug. Fortunately, by April 23, we finally saw some stability return to the process.

Multiple patches for all versions of Windows 10

If you’re using Windows 10, you saw big multiple patches in April:

  • Version 1709 – the Fall Creators Update – the initial Patch Tuesday patch, KB 4093112, had the usual round of complaints about failure to install, random bluescreens and the like. It took a few days for info to surface about changes in pen behavior, which resulted in pen movements in major program (such as Adobe Photoshop) dragging the canvas. Turns out, beta testers in Win10 1803 liked the new feature so much that Microsoft decided to drop it into Win10 1709, without warning or (apparently) testing. The second cumulative update, KB 4093105, which went out on the night of April 23, fixed the aberrant pen behavior and promises to not re-install Candy Crush Soda Saga on version upgrades. We’ll see.
  • Version 1703– the Creators Update – got its first cumulative update, KB 4093107, on Patch Tuesday, and a second huge cumulative update, KB 4093117, a week later.
  • Version 1607– the Anniversary Update – received its first cumulative update, KB 4093119, on Patch Tuesday, April 10, the scheduled End of Life date for Win10 1607 Pro and Home. Version 1607 received a second monthly cumulative update a week later, KB 4093120 – but only for Win10 1607 Enterprise and Education.

There was yet another update for Win10 1709, 1703 and 1607 released on April 24. KB 4078407 is supposed to be the software side of the fix for Spectre variant 2. It has to be combined with microcode updates to work and it’s only available by download from the Microsoft Update Catalog. We’re following its progress closely on AskWoody.

Of course we’re all waiting for Win10 version 1803 to appear. There’s still no word on when that might happen, or what it’ll be called. (Inveterate leaker Faikee points to a Chinese-language letter to dealers saying it’ll be released May 9.)

The ongoing Windows 7/Server 2008 R2 saga

Two words: Total Meltdown. We now know that every 64-bit Windows 7 and Server 2008 R2 patch released this year, up to March 29, contained a bug that opens a security hole dubbed Total Meltdown. Microsoft spent most of April in Keystone Kops patching mode, where one patch after another introduced more and different bugs, and new patches replaced older patches at a truly mind-boggling rate.

As the month’s now winding down, there’s a bit of good news. As of Monday night, it appears as if the (re-re-re-released) April Monthly Rollup, KB 4093118, has lost its boorish tendency to re-re-re-install itself. That means, to a first approximation, Win7 and Server 2008 R2 users can install one patch and wipe out the Total Meltdown threat.

All of this is unfolding as a real, live working Total Meltdown exploit is in the works. Of course, Meltdown (as opposed to Total Meltdown) and Spectre have absolutely no known exploits. None.

Those who insist on installing Security-only patches, eschewing the Monthly Rollups, face an unanswered question: If you’ve installed the earlier, buggy version of the NIC and static-IP defending patch KB 4099950, do you need to uninstall it before proceeding? The official documents are mum. We’re also following that question on AskWoody.

There continue to be reports from people who installed this month’s updates and had to struggle with recovering their user profile. Microsoft acknowledged the problem, of and on, and even posted a Knowledge Base article with workaround steps.

Office patches keep rolling along

There don’t appear to be any pressing problems with this month’s Office patches. Susan Bradley’s Master Patchwatch List gives them a clean bill of health, although there are a number of acknowledged problems listed on the official Fixes pages.

In short, it looks like Microsoft has fixed the problems that it introduced earlier in the month. The fixes to security holes Microsoft installed with this year’s Win7 and Server 2008 R2 are almost ready. We just have a couple of niggling problems before it’s time to get the April patches installed.

Stay tuned.

Join us for the latest on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 25

March 2018

An enormous number of patches spewed out of Microsoft this month, with two ponderous cumulative updates for each version of Windows 10, a third “bonus” bug fix for Win10 Fall Creators Update (version 1709), and a just-described bug in Windows 7 that’ll leave you begging for a Win7 patch that works.

There’s also a bit of comic relief with a patch for Win10 1709, KB 4094276, that “makes improvements to ease the upgrade experience to Windows 10 Version 1709.” That’s a wonderful example of a self-referential fix.

Multiple patches for all versions of Win10

If you’re running Win10, you saw multiple big patches in March:

  • Version 1709 – the Fall Creators Update — saw an emergency fix, KB 4090913, on March 5, which fixed a bug introduced in the February round of patches (and rendered some machines unbootable); a “regular” Patch Tuesday patch, KB 4088776 on March 13; and a big out-of-out-of-band patch KB 4089848 on Thursday, March 22. The biggest complaints involve the usual chorus of patches that refuse to install, and driver problems. Reports of INACCESSIBLE_BOOT_DEVICE bluescreens are tapering off.
  • Version 1703 – the Creators Update — also got a bug fix, KB 4092077, on March 8, which fixed an earlier patch that crashed the user interface. 1703 also saw two big cumulative updates, KB 4088782 on Patch Tuesday and KB 4088891 on the really-out-of-band patch date: March 22.
  • Version 1607 and Server 2016 – the Anniversary Update — also got two big cumulative updates, KB 4088787 on Patch Tuesday and a big booster KB 4088889 on the way-out-of-band Thursday. Just a reminder that, unless you’re using 1607 Enterprise or Education, your version runs out of support (as it were) on April 10.

March also presented us with the third, uh, opportunity to get forcibly pushed from Win10 1703 to 1709 – even on systems specifically set to block the upgrade.

At various points in March, users also saw updates to the Servicing Stacks for all three Win10 versions. Apparently, they resolved the race condition-related bugs that left USB drivers, in particular, dead in the water. If you’re installing the Win10 cumulative updates manually, make sure you install the respective Servicing Stack Update before you install the cumulative update.

A little bit of Word poison

Microsoft released a buggy Office 2016 security patch, KB 4011730, which left Word 2016 in such a bad state that it couldn’t save – or sometimes even open – files. We discovered later that if you install the March non-security patch for Office 2016, KB 4018295, Word 2016 suddenly got its mojo back.

Microsoft is researching this problem and will post more information in this article when the information becomes available.

Of course.

Windows 7: To patch or not to patch

All of which serves as prelude to the massive cluster-cluck that engulfed Windows 7 in March.

Win7 and Server 2018 R2 received a relatively modest Monthly Rollup, KB 4088875, and the obligatory Security-only, manually installed patch, KB 4088878, on Patch Tuesday, March 13. Almost immediately, we started seeing reports of networking problems with the patches, and some bluescreens. Shortly afterward, two specific problems with broken manual IP addresses and disabled Network Interface Cards (vNICs) bubbled up.

At first, Microsoft didn’t acknowledge the bugs; instead it stopped the Monthly Rollup from installing automatically (for those of you naïve enough to have Automatic Update enabled). As days passed, Microsoft finally published a detailed list of “known issues in this update.”

At this point, some users report that KB 4088875 appears in Windows Update as an “important” update that isn’t checked, and which doesn’t install by default. But there’s more. Others say it’s off the Windows Update list, but apparently it’s still being pushed out via WSUS servers.

Microsoft released, then re-released, an ad-hoc VBScript program that was supposed to fix the problem. But the script has raised all sorts of questions. Poster MrBrian reports that the script was changed on March 27, with no notification. Poster abbodi86 has an improved version posted on Pastebin.

But there’s more to the story.

Yesterday, security researcher UlfFrisk posted a report about a new big security hole in Windows 7. Bucking the recent trend, UlfFrisk avoided a massive publicity campaign, replete with pre-defined exploit names and cute logos, but his “Total Meltdown” exploit almost defies imagination. As Günter Born says:

Microsoft’s Meltdown updates shipped in January 2018 and February for Windows 7 (and Server 2008 R2) intended to mitigate the Meltdown vulnerability rip open a huge security hole. This allows any process under Windows 7 to read and write to any memory area without exploits…

Unfortunately, an accident happened in the January 2018 [Win7] patch (and also in February 2018 patch) when… if a (user) process has read/write access to the page tables, it is [trivial] to access the entire physical memory.

This isn’t “Sky is Falling” time. But it means that if you’re running Win7 64-bit or 2008R2 64-bit on an Intel machine, and you installed either the January or February Win7 Monthly Rollups or Security-only patches, Microsoft flipped the wrong bit, and you now have a big hole in your machine that will let any running program look at and change everything in memory. Note that you have to be running a destructive program in the first place – Total Meltdown doesn’t make it easier to run bad programs – but the security hole appears to be massive, by any estimation.

The problem is solved by the March Win7 patches, but…, well, you can see what a mess those have become.

Thx to @PKCano, @sb, @MrBrian, @abbodi86.

Having problems with this month’s patches? Join us on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 26

February 2018

The January 2018 Microsoft patching cycle may have been the worst and most invasive set of Microsoft releases in recent memory. The February updates, by marked contrast, only clobber a limited number of machines. How many? We don’t know — and Microsoft isn’t saying.

Bad Win10 Fall Creators Update patch

What we do know for sure is that the buggy Win10 Fall Creators Update cumulative update KB 4074588 tossed many PCs into bluescreen hell and disabled USB devices of various stripes. That’s quite an accomplishment for version 1709 which, according to AdDuplex, is now said to run on 85% of all Windows 10 machines. To look at it a different way, Microsoft blew the cumulative update to the most-used version (1709) of the most-used Windows (Win10 now surpasses Win7).

It took Microsoft 10 days to admit to the bugs. Finally, on Feb. 23, it appended these items to the KB article. There’s no additional notification, of course – if you figured out what caused your problem, and figured the KB article would have some information, here’s what you eventually got:

After installing this update, some USB devices and onboard devices, such as a built-in laptop camera, keyboard or mouse, may stop working.  This may occur when the windows update servicing stack incorrectly skips installing the newer version of some critical drivers in the cumulative update and uninstalls the currently active drivers during maintenance.

Microsoft is working on a resolution and will provide an update in an upcoming release. Workaround steps are available in KB4091240.

After installing this update, some devices may fail to boot with INACCESSIBLE_BOOT_DEVICE.

This issue occurs when the windows update servicing stack incorrectly skips installing the newer version of some critical drivers in the cumulative update and uninstalls the currently active drivers during maintenance.

Microsoft is working on a resolution and will provide an update in an upcoming release. Workaround steps are available in KB4075150.

As you might imagine, both manual workarounds require an advanced degree in Microsoft Patch bugology.

More fixes for Win10

Late last week, on Feb. 22, we saw new cumulative updates for Win10 1703 (the Creators Update) and 1607 (the Anniversary Update). Both were the second cumulative updates this month for the respective versions. What we didn’t see was a second cumulative update for 1709. Although there’s been no official word, I think it’s likely that the 1709 second cumulative update was held because of problems with the patch – and I’d be willing to bet my eye teeth that the problems have to do with the bluescreen and USB issues.

We’ll reportedly see the second February cumulative update for Win10 1709 on  Tuesday.

In spite of its 85% lead, I’m still not moving from the Creators Update (1703) to the Fall Creators Update (1709), and suggest that you resist, too, until Microsoft has shown it can reliably keep 1709 alive and well.

Or, you can join the swelling ranks of the unpaid beta testers. Millions already have.

Win7 reboot to black

The other major problem this month is with the Windows 7 Monthly Rollups. Many users report that, after installing a Win7 Monthly Rollup, their systems no longer restart properly: Clicking through the Start / Restart sequence lands these PCs on a black screen, with the computer and fans still running. The only way to get their system working again involves a nearly-hard-restart, typically by punching the restart button on the front of a desktop or pushing and holding the power button on a laptop.

It’s not clear whether the problem affects Intel (Sandy Bridge? Ivy Bridge?) or AMD processors, or all of them – and maybe more.

It’s also not clear whether the problem started with January’s Monthly Rollup, or if it just emerged in February. I have a report that the problem didn’t occur after the January Monthly Rollup. But then again I have a report that it did.

Ben1907 on the Microsoft Answers forum has had some success, without uninstalling the patch:

I checked my C-State settings on my ASUS P8P67-M motherboard and they were set to the default settings in the ASUS manual.

  • C1E [enabled]
  • C3 Report [disabled]
  • C6 Report [enabled]

Playing around by setting different combinations, I found the C1E enabled/disabled did not matter, so left it enabled. However, by setting C6 Report to DISABLED, I have now been able to perform a normal restart/reboot from Windows 7. Tried at least half dozen times and all good so far.

Thanks for investigating this and putting me on the right path to correct this issue. Microsoft has caused me so many lost hours of troubleshooting problems they inject with updates you wonder if they have any quality control.

Two NET Previews bite the dust

On Thursday, Microsoft released a gaggle (or perhaps it’s a murder?) of Preview patches at the the same time it released a bunch of optional Windows patches (see Susan Bradley’s list). Two of those Previews were doomed from the get-go:

KB 4074805 – the February 2018 Preview of Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 – set Quickbooks Enterprise 2017 crashing at startup

KB 4073701 – the February 2018 Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 and for .NET Framework 4.6 on Server 2008 SP2 has also been implicated.

Intuit, the owner of Quickbooks, has some choice comments about the bug:

Consult your IT professional to remove patch KB4074805. If you are still experiencing the issue, you may have to uninstall patch KB 4073701 as well.

Microsoft apparently pulled the patches, although the KB articles fail to mention the bug – or the fact that KB 4074805 and KB 4073701 are no longer available.

There’s a reason why you should never install a Preview.

What are we fighting for?

Every month, I look back and try to figure out whether the damage caused by Microsoft’s patches outweighs the undeniable benefit of more-secure systems. This month’s Anubis weigh-in shows, once again, that lots of people are getting clobbered – and there’s very little benefit to the February patches at this point.

One important point for the patching-inclined: As I made clear shortly after this month’s Patch Tuesday, there’s a very real threat for folks with the installed (“MSI”) version of Office:

If you’re using Outlook 2007, 2010, 2013, or 2016 – the installed versions – you’ll be vulnerable to drive-by email attacks by previewing a bad email or just by downloading a rigged email. No, you don’t need to open the email. It just infects.

As best I can tell, there aren’t any known exploits. But anyone with installed versions of Outlook should seriously consider installing the patch for Outlook 2007 (KB 4011200, four months beyond its end-of-support date), Outlook 2010 (KB 4011711), Outlook 2013 (KB 4011697), and/or Outlook 2016 (KB 4011682).

If you use Office 2016 Click-to-Run, the patches will appear the next time CtR updates itself, with version 1708 build 8431.2215 in the Semi-Annual Channel and 1705 build 8201.2258 in the Deferred Channel.

I’m also seeing reports that last month’s Outlook 2010 patch, KB 4011273, is making Contacts View in Microsoft’s Dynamics CRM 2011 fail. This isn’t the first report of problems with KB 4011273.

Other than that, and a disclosed (but not particularly infectious) exploit in Edge (CVE-2018-0771), and ongoing, perennial threats through Flash (if you use Flash, you have nobody to blame but yourself), there are no immediate threats from the exploits fixed this month that I know about. In particular, there are no known attacks that use Meltdown or Spectre. None.

What to do now

If you’re motivated to sift through individual patches, patching guru Susan Bradley has watchlists for the February Patch Tuesday patches, the February Optional Updates, and last week’s Feb. 22 releases.

If you’d rather wait until the coast is clear, and prefer not to sweat the small stuff, make sure you have Outlook fixed if you need to then go get a cup of coffee. Check back again in a few days, to see whether Microsoft has finally given us a version of Win10 1709 that actually, you know, works – and if there are any further problems with the second cumulative updates for 1703 and 1611. Don’t expect a fix for the Win7 boot to black screen problem.

Have a problem? Don’t we all. Join us on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 27

January 2018

On the heels of a relatively benevolent December Patch Tuesday, the stream of patches pouring out of Microsoft (and Intel!) in January reached epic proportions. To be fair, it looks as if Microsoft got drawn into releasing its Meltdown/Spectre barrage early – on Jan. 3 – but they were so buggy they were withdrawn for AMD processors on Jan. 8, and gradually re-released in phases over the next two weeks.

If you had Automatic Update turned on, and you’re running an AMD machine that’s more than a couple of years old, chances are good that you woke up to a blue screen, and restoring your system took two magic incantations and an Act of Congress. Tens of thousands – possibly hundreds of thousands – of AMD machines may have been bricked by this month’s patches. But be of good cheer. Microsoft released  KB 4073578 (“Unbootable state for AMD devices in Windows 7 SP1 and Windows Server 2008 R2 SP1”) and KB 4073576 (same for Win8.1 and Server 2012 R2) to fix your problem. Of course, you have to be able to boot your computer to install the updates.

Never mind.

Then there’s .NET.

So far this month, we’ve seen patches roll out like this:

That is an enormous pile of patches; even the folks who are paid to watch patches full time are confused.

Intel BIOS/UEFI patch recalls

Not to be outdone by Microsoft, Intel created mayhem by releasing, then yanking, its Meltdown/Spectre BIOS and UEFI firmware patches for almost every Intel computer released in the past five years. Intel’s documentation rivals that of Microsoft for ambiguity, hyperbole, and obfuscation.

Here are the latest links to BIOS/UEFI Meltdown/Spectre recall advice from the major hardware manufacturers:

If you have new information about any of those vendors, please let me know on the AskWoody Lounge.

Windows patches

No matter which version of Windows you patch, you need to get your antivirus program to signal to Windows that it’s compatible with this month’s updates.

The Win10 Fall Creators Update patch on Jan. 18 seems to have shaken out the major problems with Win10 1709.

The Win10 Creators Update patch on Jan. 17, similarly, seems to fix the outstanding problems with this month’s changes to Win10 1703

The Win10 Anniversary Update patch on Jan. 17 – again, manual install only – fixes a bunch of bugs in Win10 1607, but it also clobbers Windows Defender Credential Guard (which you probably don’t use).

With the release of KB 4077561 on Jan. 24, Microsoft has fixed many of the acknowledged problems with this month’s Monthly Rollup and Security-Only (manual installation) patches for Win8.1. That said, there’s still a great deal of debate about the proper installation sequence of patches, re-patches and old patches. As usual, Microsoft hasn’t said anything.

.NET patches

This looks like a mess. You can get the details in my Jan. 19 column, but the basic idea is that the original .NET patches for .NET 4.6/4.6.1/4.6.2/4.7/4.7.1 were all bad, and have to be augmented by additional patches. The font problems in the original patches have been fixed in general, but only if you install these latest patches.

Then there’s the Fixit tool KB 4074906 that fixes “Windows Presentation Foundation (WPF) applications that request a fallback font or a character that is not included in the currently selected font.”

Office patches

It appears as if the Office 2016 patch KB 3178662 throws an installation error 0x8007006e. The Office folks, who are usually good about acknowledging problems, haven’t picked this one up yet. Solution? Uninstall “Microsoft Office Proofing Tools Kit Compilation 2016.”

There’s a laundry list of acknowledged problems with Outlook: To-Do Bar and Task List view not displaying events; Unable to “Save All Attachments” to a shared network drive; No Search results found when using All Mailboxes; Find Related option does not show results; Outlook 2010 will not start on WinXP after January updates. The bug that prevented Outlook 2016 from forwarding files attached to text messages was fixed on Jan. 24.

What to do now

Wait.

If you have an irresistible urge to click “Enable Edits” on bogus Word documents, you can disable Equation Editor with a quick registry hack. Other than that, as long as you don’t use IE or Edge, there’s absolutely no reason to dive into the roiling mess of January updates.

In spite of the “Sky is falling” screams online, there’s no sign a single PC has been compromised by the Meltdown or Spectre vulnerabilities. Contrast that to the multitudes of machines that’ve been bricked by bad patches, and the untold users wondering why they have to unwind this month’s firmware updates.

The long and short of it: If you installed any of this month’s patches from Microsoft or your PC manufacturer, you joined the swelling ranks of unpaid beta testers. If your machine’s still working, thank your lucky stars.

There’s a reason why I recommend you turn off Automatic Update and wait for carnage to clear before installing the latest missives.

Group therapy for patchers continues on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 28

December 2017

It’s hard to remember the last time we had a Patch Tuesday as inoffensive as this month’s. February 2017 comes to mind — but then again, we didn’t have a Patch Tuesday in February, as Microsoft called it off.

Part of the reason for the relatively easy going this month, I’m convinced, is the lack of attention showered on Windows 7 and earlier versions of Windows 10 (including the Creators Update, version 1703, which has become more-or-less fully baked and remains my version of choice). Aside from a few lackluster security patches, the December update for Win10 1607 fixed the “CDPUserSvc_XXXX has stopped working” bug introduced in a security patch two months ago, and the rest is largely routine.

The exception, of course, is Windows 10 Fall Security Update, version 1709. If you succumbed to the pressure (or the forced upgrade) and installed the latest version of Win10, you were rewarded for your trust by a series of unfortunate patching events worthy of Lemony Snicket. If you’re hell-bent on installing this month’s updates on a Win10 1709 machine, make sure you read the Computerworld synopsis of problems and sometime-solutions. Or, better, forget about it until next month.

The only major problem with the Office December patches that I’ve seen involves the blocking of Word {DDEAUTO} fields — an arcane topic that I covered yesterday. You’ll only notice the difficulty if you have a Word document that needs to update itself every time you open it. Thus, if you install this month’s Office patches, then open a Word doc, and it no longer responds correctly (by, say, pulling data from an Excel spreadsheet and putting the data in the doc), you need to slog through the manual workarounds, edit the registry, and put DDE right again.

As a long-time advocate of powerful documents, I’m sorry to see the “Auto” functions go. At the same time, I can understand why their days were numbered. I hate to admit it, but Microsoft made the right choice in cutting off “Auto” updating.

Bitten by a bug? Bite back. Drop by the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 29

November 2017

There are so many issues with this month’s security patches that it’s hard to decide where to begin. Let’s start with the problems that have been acknowledged, then move into the realm of what’s not yet fully defined.

Forced upgrades

Many users have remarked about how much the forced 1703-to-1709 Windows 10 upgrades feel like Microsoft’s detested forced upgrades from Win 7 and 8.1 to 10 – the “Get Windows X” campaign. Although the situation’s different on the surface, the net result is the same. Many people who were happily using Windows 10 Fall Update – version 1703 – were forcibly upgraded this month to the Fall Creators Update – version 1709 – even on systems that were not supposed to be upgraded.

At first, Microsoft ignored the uproar. But last week it quietly owned up to the move by putting this notification in the description for November’s Win 10 1703 Patch Tuesday cumulative update:

Known issues in this update:

Windows Pro devices on the Current Branch for Business (CBB) will upgrade unexpectedly.

Microsoft is working on a resolution and will provide an update in an upcoming release.

On the same day, Nov. 22, Microsoft released another cumulative update for 1703, KB 4055254, which doesn’t mention the problem. I’m going to guess it was fixed.

Those who were forcibly upgraded from 1703 to 1709 are now in limbo; if you allowed Win10 to automatically update itself, and the 1709 installer decided to take over, you’re stuck on 1709. Users had 10 days to roll back to the older version, and those days are gone.

That’s not good news if you hit problems with 1709, like the folder permissions problem or the autostart after boot problem. Those who got hit were upgraded without warning.

Broken Epson dot matrix printers

There are lots and lots of Epson dot matrix (and POS terminal) printers alive and well, thank you very much.

To recap, this month’s Patch Tuesday patches broke the Epson dot matrix driver for every supported version of Windows: Win10 1709, Win10 1703, Win10 1607/Server 2016, Win10 1511 Enterprise, Win10 1507 LTSC, Win 8.1/Server 2012 R2, Server 2012, and Win7/Server 2008 R2. (It’s quite remarkable: Microsoft is now actively supporting 11 versions of Windows – 14 if you count the Server versions separately.)

As noted yesterday, there are now fixes for six of those versions: Win 8.1/Server 2012 R2, Server 2012, and Win7/Server 2008 R2 and Win10 1703. There was a fleeting fix for Win10 1709, but it disappeared. As of this morning, there’s a spot reserved for a Win10 1709 cumulative update, KB 4051963 for build 16299.96, but there’s no KB article as yet and no reports of it rolling out. Presumeably, it’ll include a fix for the Epson printing bug.

But there’s still no word on Epson printer fixes for Win10 1511 Enterprise or for Win10 1507 LTSC.

.NET patches appear, disappear, then reappear

Microsoft released four .NET Framework patches on Patch Tuesday:

  • 2017-11 Quality Rollup for .Net Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB 4049016)
  • 2017-11 Quality Rollup for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB 4049017)
  • 2017-11 Quality Rollup for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012 (KB 4049018)
  • 2017-11 Quality Rollup for .Net Framework 2.0 on Windows Server 2008 (KB 4049019)

The company then pulled all of them down before Thanksgiving. There was no official notice, just a string of comments on the MSDN TechNet blog that said, in effect, Microsoft hadn’t handled the supercedence chain on the patches properly and would fix the problem sometime after the U.S. holiday.

Sure enough, they were re-released yesterday.

CDPUserSvc_XXXX has stopped working

This bug, introduced in the Win10 1607 October cumulative update and both of the November 1607 cumulative updates, was finally acknowledged a little over a week ago. The three cumulative updates now contain this notice:

After installing KB4041688, KB4052231, or KB4048953, the error “CDPUserSvc_XXXX has stopped working” appears. Additionally, Event ID 1000 is logged in the Application event log. It notes that svchost.exe_CDPUserSvc_XXXX has stopped working and the faulting module name is “cdp.dll”.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Until then, follow the steps in the Per-user services in Windows 10 and Windows Server article.

To be clear, the bug has not been fixed, although it’s been well documented for six weeks. It even appears in the Win10 1703 Cumulative Update, KB 4051033, which was released on Nov. 27. Expect a real fix in the December Patch Tuesday crop.

Win10 1709 group policy setting incorrectly blocking cumulative updates

In Win10 1709 Fall Creators Update, adjusting the setting “After a Preview Build or Feature Update is released, defer receiving it for this many days” may, in fact, defer cumulative updates (which Microsoft insists on calling “quality updates”).

Poster Klaasklever who first described the bug on the TechNet, pointed to “reports that this issue is also caused by setting to defer Feature Updates in the Windows Update Settings within the normal Windows Settings App.”

It’s clearly a bug in Win10 1709, though it’s not clear which versions are afflicted – and there’s a possibility that the not-yet-released Win10 1709 cumulative update, KB 4051963 for build 16299.96, may fix it. As noted, there’s no KB article as yet, and no reports of it rolling out.

‘Unexpected error from external database driver’ bug resolved

This bug, introduced in Microsoft’s October security patch release, led to Microsoft pushing out five patches in early November:

  • KB 4052234 for Windows 7 SP1 and Server 2008 R2 SP1
  • KB 4052235 for Windows Server 2012
  • KB 4052233 for Windows 8.1 and Server 2012 R2
  • KB 4052232 for Windows 10 Fall (“November”) Update, version 1511
  • KB 4052231 for Windows 10 Anniversary Update, version 1607, and Server 2016

Users who installed those patches (they had to be manually downloaded and installed) soon discovered that they all brought back old Windows security patches which themselves had bugs. Those buggy patches were yanked a few days later, and all mention of them was scrubbed as if they never existed.

In their stead, the Patch Tuesday Win7 and 8.1 Monthly Rollups and Security-only Updates and the Patch Tuesday patches for Win10 1709, 1703, 1607, 1511 and 1507 all claim to solve the problem.

Equation Editor bug resolved

Two weeks ago, I talked about the Equation Editor bug, CVE-2017-11882. There are a few exploits out in the wild at this point. If you’re concerned about them, you can bypass Equation Editor and eliminate the security hole by changing two Registry entries described in the Embedi article on the subject.

Good news? The HP Spyware update doesn’t appear to be a Windows problem. It’s all on HP.

Special thanks to @MrBrian, @abbodi86 and @PKCano

Did I miss a bug? Need a scorecard? I sympathize! Drop by the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 30

October 2017

Microsoft’s foray into quantum computing sure sounds neat, but those of us stuck with real programs on real computers have been in something of a quandary. Once again this month, we’ve hit a bunch of stumbling blocks, many of which were pushed down the Automatic Update chute.

Before we dissect the creepy-crawlies this month, it’s important to remember that you have to get the .Net patches installed, unless you fastidiously refrain from clicking the “Enable Editing” button in Word.

Windows 10

After telling us that Windows 10 Creators Update, version 1703, is “the most performant and reliable version of Windows 10 ever!” you might expect some stability with version 1703 patches. This month, that didn’t happen. After releasing cumulative update KB 4038788 on Patch Tuesday, we got a new out-of-band fix for bugs introduced by that same update. The new cumulative update, KB 4040724, appeared in Windows Update on Monday, Sept. 25. It brings 1703 up to build 15063.632. So far, I haven’t heard of any problems with the new cumulative update — but it’s been less than a day.

The situation with Win10 Anniversary Update, version 1607, isn’t as straightforward. Apparently, there were a host of problems that appeared after this month’s Patch Tuesday cumulative update, KB 4038782. It isn’t clear if that update introduced bugs of its own, but the situation’s bad enough that we got a second cumulative update this month, again on Monday. KB 4038801 brings Win10 version 1607 to build 14393.1736. It’s a hotfix; it isn’t distributed via Automatic Update. You have to download KB 4038801 and install it manually. I haven’t seen a detailed analysis of the security holes fixed by this odd Monday patch – but to date I haven’t seen any complaints, either. The day is still young.

For reasons as yet unexplained, KB 4038801 is only for Win10 1607; it’s explicitly not released for Server 2016.

There’s a note on the 1607 patch site that says:

Windows Update Client Improvement

Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that have not installed any recent cumulative updates and are not currently managed (e.g., domain joined).

As noted by @abbodi86 on AskWoody.com:

The note means [they] are going to release a separate “small” update for WUC, similar to this one for version 1507. They could also release the update directly as a SelfUpdate for WUC like they used to do with Windows prior [to] Windows 8 (for example, latest for Windows 7 is v7.6.7600.320 before they shifted to separate WUC updates starting with KB2990214).

Windows Server 2016

When you run the Get-PhysicalDisk cmdlet, some disks may display an operational status of “In Maintenance Mode.” The Get-VirtualDisk cmdlet may also display the operational status of the virtual disk as “Degraded.” There’s a manual workaround described in KB 4043361.

On Windows Server 2016, when you try to download updates by using Windows Update (stand-alone or WSUS), the process hangs at 0 percent completion. Microsoft has a description of the problem and two manual overrides in KB 4039473.

Windows 8.1

Everyone’s favorite whipping boy just took another lash. Many folks report that, after installing KB 4038792 — the September Monthly Rollup for Win 8.1 — they can no longer log on to their computers with a Microsoft account. I posted the details yesterday. Still no word from Microsoft – not even an acknowledgment of the problem on the KB article.

Windows 7

There’s a well-publicized problem with Internet Explorer 11 suddenly sprouting a search box on the address bar after installing KB 4038777 (the Windows 7 Monthly Rollup) or KB 4036586 (the September Internet Explorer Security-only patch). For a detailed look at what’s happening, with screenshots, see ElderN’s post on the Microsoft Answers forum. Turns out up the flim-flammery is a result of font sizes changed behind the scenes and a possible undocumented switcheroo in one of the IE settings. See @PKCano’s post.

Poster Richard has also identified a problem with starting IE 11 after this month’s Windows 7 updates — and he found a solution. Again, it’s related to undocumented changes in the Tab View settings and in font size. See post 8 on the AskWoody Lounge.

Office

I’ve seen no change from the sorry state we were in a week ago: Microsoft pulled the September Outlook 2007 security patch KB 4011086 and replaced it with KB 4011110, but you have to manually uninstall the bad patch before you install the new one. Microsoft posted incorrect information about the uninstallation method. Both that patch and the Outlook 2010 patch, KB 4011089, have a nasty habit of changing languages in menus.

.Net

The .NET Security and Quality Rollups make certain custom images turn black. As Microsoft puts it: “After you install the September 12, 2017, .NET Security and Quality Rollups that apply to the .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7, you experience rendering issues in Windows Presentation Foundation (WPF) applications that use WPF types in a Windows service.”

There’s a description of the problem on the Visual Studio forum and a workaround in KB 4043601. The workaround suggests that you uninstall the Security and Quality Rollup and install the Security-only patch.

In addition, Microsoft has released a preview of next month’s .Net Framework patches.

Recommendations

Assuming you don’t click “Enable Editing” in Word, there are no immediately pressing September patches. I say it’s wise to wait and see if any of the outstanding bugs get fixed — and wait to see if the patches-of-patches generate new problems of their own.

Remember when patching was easy?

Please join us for an ongoing Patch Festschrift on the AskWoody Lounge.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 31

September 2017

September’s retinue of Microsoft patches includes one very important .NET fix that blocks a security hole brought to life when you open an RTF file in Word. So far, it’s only been seen in the wild in a Russian-language RTF document, apparently generated by NEODYMIUM, allegedly used by a nation-state to snoop on a Russian-speaking target.

Several researchers have found ways to leverage the security hole, and it’s only a matter of time before some enterprising folks come up with ways to turn it into a widespread infection vector. Bottom line: If you can’t keep your finger off the “Enable Editing” button in Word, you better get this month’s security patches installed.  

  • The Win10 Creators Update cumulative update, KB 4038788, brings Win10 1703 up to build 15063.608. It contains 25 security patches as well as dozens of plain old bug fixes. I’m seeing a number of complaints about Edge misbehaving after the update: behind-the-scenes crashes showing in Event Viewer and Reliability Monitor, and occasional stops with an application error event id of 1000. So far, there aren’t enough reports to confirm that there’s a bona fide problem with Edge, but it’s a concern.
  • The bug in Word and Outlook that I described earlier this week, Buggy Word 2016 non-security patch KB 4011039 can’t handle merged cells, is still around. That’s the same bug I wrote about a couple of weeks ago in Word, Outlook merged-cell problem arises after install of patch KB 3213656. Microsoft has (finally!) confirmed both of the bugs. The only solution offered:
  • “You can uninstall both KBs and your tables will return to normal,” Microsoft said. “We anticipate releasing the fix for this issue in the next monthly update, tentatively scheduled for October 3, 2017.”
  • Excel 2016’s security patch KB 4011050 can put spurious black borders around rows or cells. If you’re getting unexpected black borders, download and manually install KB 4011165. As best I can tell, that bug isn’t listed on the official Fixes or workarounds for recent issues in Excel for Windows site.
  • Multiple language problems with the Outlook 2007 security patch KB 4011086Reports of Hungarian switched to Swedish, Italian to Portuguese, Slovenian to Swedish, Italian to Spanish, Dutch to Swedish, and who-knows-what-else. The solution, offered by TechNet poster Sitz-AIR:
  • 1) uninstall KB4011086. If you have two of them listed, uninstall both of them.
2) hide them
3) restart Windows
4) Outlook 2007 UI original correct language was restored.

A general reminder: If you have trouble installing Windows 10 updates, make sure you go through the list at Windows 10 install issues — and what to do about them.

For up-to-the-second notices, see the Patch Alert update on AskWoody

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Page 32

August 2017

One week after Patch Tuesday, and would-be Windows Updaters are facing a handful of bugs. Some will find them minor annoyances. Others … not so much. Here are the known bugs, and where we stand in the struggle to resolve the problems.

Worthy of note: Microsoft is now acknowledging many bugs that in the past would’ve gone without comment. There’s hope.

Here are the known, significant buggy security patches:

  • Windows 10 Anniversary Update, version 1607 – Cumulative update KB 4034658 wipes out Update History, unhides hidden updates, and effectively disconnects some updated computers from WSUS. Microsoft has acknowledged all three of those bugs in the KB 4034658 article with the usual “Microsoft is investigating this issue and will provide an update as soon as possible.”
  • The first undocumented buggy driver this month for the Surface Pro 4, “Surface – System – 7/21/2017 12:00:00 AM – 1.0.65.1,” was released on August 1. It was replaced by a second driver “Surface – System – 7/31/2007 12:00:00 AM – 1.0.75.1” on August 4. The second one was documented. But then we saw four more undocumented Surface Pro 4 drivers — “Intel driver update for Intel(r) Dynamic Platform and Thermal Framework Generic Participant,” “Power Participant,” Processor Participant” and “Manager” — all released on Saturday, August 12. Sometime late on August 14, Microsoft posted information about two of the drivers.
  • Both the Windows 7 August Monthly rollup KB 4034664 and the manually installed security-only patch KB 4034679 are causing problems with two-screen systems: The second screen starts showing gibberish with many applications, including Office. The problem has been widely reported — even replicated with a Proof of Concept program — but Microsoft hasn’t yet acknowledged it.
  • The only bug reported by Microsoft in its August Windows 7 security patches is an old bug, continuing from July, in which a buggy LDAP plugs up TCP dynamic ports. That bug hasn’t been fixed.
  • The Windows 8.1 Monthly rollup listing mentions a known bug: NPS authentication may break, and wireless clients may fail to connect. The solution is to manually set a registry entry on the server.

Dozens of patches were made to Office earlier this month but, so far, I’m not aware of any bugs.

Depending on which version of Windows you’re using, and how you’re using it, those bugs may be important or they may be annoyances.

I continue to recommend that you hold off on applying this month’s patches. I haven’t seen any malware outbreaks that are blocked by the August patches, and we may get some surprises — good, bad or indifferent — later today.

Have a question or a bug report? Drop by the AskWoody Lounge.

Microsoft unveils Teams-equipped 365 subscription for front-line workers

Microsoft has announced a new Microsoft 365 plan that will serve as the bottom rung for a group it has dubbed “firstline workers,” people who take calls, ring up sales, interact with customers and spend their shift on factory floors or in the field.

The subscription, unveiled last week, will be labeled Microsoft 365 F1 and is to go on sale April 1.

Because that product title was already taken – a same-named subscription launched two and a half years ago in September 2017 – the previous Microsoft 365 F1 was rebranded as Microsoft 365 F3. (Microsoft has an aversion to even-numbered IDs for its subscriptions.)

Not surprisingly considering its lower-numbered name, Microsoft 365 F1 contains fewer components, offers less functionality and costs less than the new F3 (née F1).

Microsoft 365 F1 costs $4 per user per month, less than half the $10 per user per month of its older, bigger sibling. (That $10 for what’s now marked as F3 was the same as its launch price in 2017.)

That price is the same as Office 365 F3, which was also renamed from its previous F1 designation. That subscription offers many of the same bits as the new Microsoft 365 F1 but lacks some of what the latter contains and includes some of what the rival doesn’t. Among the former: Office 365 F3 doesn’t have access to Enterprise Mobility + Security (EMS), the comprehensive security and management platform that’s in Microsoft 365 F1. Microsoft 365 F1, meanwhile, doesn’t include OneDrive for Business storage space or rights to Windows Virtual Desktop, which is available in both Microsoft 365 F3 and Office 365 F3.

Another step-down for Microsoft 365 F1 is that the access to online Office and Office Mobile apps is read-only: Workers on F1 will be able to read missives in Word or PowerPoint format, for instance, but cannot create their own.

M365 f1 comparison chart Microsoft

The new Microsoft 365 F1 subscription costs less than half of the original – which has been renamed as “F3,” spelled out in the middle of the three columns – but lacks many of the components in the higher-priced plan.

The original price of Microsoft 365 F1 (now F3…yes, this is confusing) of $10 per user per month was one of the things that stuck out when Redmond debuted the subscription in 2017, for it was more than twice the price of the somewhat-similar Office 365 F1 (which will be dubbed F3 on April 1; more confusion, yes, we know).

For $48 annually ($4 per user per month), companies will be able to equip an employee with either Microsoft 365 F1 (the new subscription) or Office 365 F3. There is no plan that combines the two. Instead, Microsoft left the rebranded Microsoft 365 F3, née F1, in that spot, which for the now-and-former $120 a year ($10 per user per month), contains every bit of both, plus a license to Windows 10 and Virtual Desktop rights.

Teams, Teams and more Teams

Given the COVID-19 pandemic’s upending of the workplace and work, Microsoft also made much of the enhanced Teams component in 365 F1.

“We are also expanding the Microsoft Teams value included in our Firstline plans (Microsoft 365 F1, Office 365 F3, and Microsoft 365 F3) to include full audio/video capabilities, meeting rights, Walkie Talkie, and adding enhanced identity and access management features,” Microsoft’s announcement of F1 read.

Although the original Microsoft 365 F1 (again, for the last time, it’s now F3) included a Teams component, it was a restricted version of the collaboration platform, notably allowing only one-to-one audio/video conversations.

Teams in the new F1 – as well as in the renamed version, named F3, and Office 365 F3 – now includes the complete Teams skillset. That should be a selling point for Microsoft 365 F1 and F3, what with the explosion in Teams use as employers have sent workers home. That is, if the front-line employees are still working in some fashion as state after state orders complete lockdowns.

Microsoft Teams cheat sheet

Email is everywhere, and it has been around seemingly forever. But is it really the most effective way for groups of people to collaborate on work and advance business objectives? Several newish team messaging products, most notably Slack, wager that the answer is indeed no. Slack and its rivals try to remove threaded email conversations as a common platform of communication in organizations and replace it with instant message-like short bursts organized into channels based on the context or subject of the conversation.

Microsoft Teams is the Redmond behemoth’s suggested alternative to Slack. Teams, which is included with Office 365 business and enterprise subscriptions and is also available as a free product, is essentially group chat software with some interesting features thrown in around working with documents and spreadsheets, especially those stored in SharePoint and OneDrive for Business. It also incorporates videoconferencing capabilities, which taking on increasing importance as the spread of the novel coronavirus (a.k.a. COVID-19) prompts more companies to encourage telecommuting.

Why would you want to use Teams over email?

  • Everyone in a discussion stays on topic. Conversations happen in channels that are dedicated to certain topics. While email messages and threads make it easy to say, “oh, while we’re here” and divert the discussion onto an entirely different topic, conversations in channels are more likely to stay on topic, and thus the friction of getting information you need is reduced.
  • You will get less email. As more and more team members log on to Teams and move their work-related conversations to the platform, it is inevitable that short conversations that would have happened over email naturally find themselves happening in a channel where everyone can see and respond.
  • All resources are right there in front of you. Documents and conversations can all be found in one place, even if physically the objects are stored in different parts of Office 365. For instance, documents and shared files live in SharePoint but magically appear in relevant conversations in Teams.
  • Teams has a real-time feel to it, making collaboration “in the moment” easier than trying to trade emails with colleagues.

What follows is a cheat sheet — a head-start guide to using Teams to more efficiently work with your colleagues and save time.