AuthorWoody Leonhard

All’s clear to install Microsoft’s November patches

The November passel of patches didn’t include anything earth-shattering; there were no emergency security breaches storming the gates, but good patching hygiene dictates that you get your machine braced for the next round.

If you install patches manually one by one (“Group B,” which I don’t recommend for mere mortals), you need to make sure you have the proper Servicing Stack Updates in place. They’ve all changed in the past month.

To read this article in full, please click here

All’s clear to install Microsoft’s November patches

The November passel of patches didn’t include anything earth-shattering; there were no emergency security breaches storming the gates, but good patching hygiene dictates that you get your machine braced for the next round.

If you install patches manually one by one (“Group B,” which I don’t recommend for mere mortals), you need to make sure you have the proper Servicing Stack Updates in place. They’ve all changed in the past month.

To read this article in full, please click here

Microsoft Patch Alert: November patches behave themselves – with a few exceptions

What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches – including two .NET non-security previews that apparently did nothing – but that’s the worst of it.

November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped “exploited” zero-day security hole in Internet Explorer (again) that didn’t amount to a hill of beans (again).

To read this article in full, please click here

Microsoft starts releasing fixes for Access bugs introduced in Office security patches this month

Although we’ve been promised no “C” or “D” week second cumulative updates for the rest of the year — at least for Windows — Microsoft has acknowledged a bug it created in last week’s Patch Tuesday Office patches, and now promises that it’ll update the bad fixes on most machines this week or next. Those are "C" week and "D" week, respectively.

The cause du jour: a bug in all of this month’s Office security patches that throws an error in Access saying, “Query xxxx is corrupt,” when in fact the query in question is just fine. Microsoft describes the erroneous error message on its Office Support site:

To read this article in full, please click here

Patch Tuesday arrives with Access error, 1909 in tow, and a promise of no more ‘optional’ patches this year

Editor's note: An earlier version of this story incorrectly included references to a re-released version of Windows 10 1809. That version of Windows has not been re-released.

The patches haven’t yet been out for 24 hours and already we’re seeing a lot of activity. Here’s where we stand with the initial wave of problems.

Malicious Software Removal Tool installation error 800B0109 

Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again. Poster IndyPilot80 says:

To read this article in full, please click here

Patch Tuesday alert: Make sure Windows Auto Update is temporarily disabled

For those of you who haven’t patched since May, there’s exceedingly bad news on the horizon. Per Catalin Cimpanu at ZDNet, Metasploit’s working-but-just-barely BlueKeep exploit is about to get a significant bug fix. That'll put BlueKeep infection capabilities in the hands of mere mortals. The script kiddies won’t be far behind.

If you’re using — or you know someone who’s using — Windows XP, Vista, Win7, Server 2003, Server 2008 or Server 2008 R2, get patched nowThe fix is easy. Even  Aunt Martha can handle it.

To read this article in full, please click here

With a few exceptions, all’s clear to install Microsoft’s October patches

If you had automatic update turned on at the beginning of October, you got clobbered with a bug-infested, out-of-band update for an IE-related zero-day that never appeared in real life. Later in the month, those with automatic update turned on were treated to a wide assortment of bugs (Start and Search fails, RDP redlines, older Visual Basic program blasts) – only some of which were solved with the month’s final, optional, non-security patches.

To read this article in full, please click here

Microsoft Patch Alert: October updates bring problems with Start, RDP, Ethernet, older VB programs

October started out on an extraordinarily low note. On Oct. 3, Microsoft released an “out of band” security update to protect all Windows users from an Internet Explorer scripting engine bug, CVE-2019-1367, once thought to be an imminent danger to all things (and all versions) Windows.

It was the third attempt to fix that security hole and each of the versions brought its own set of bugs.

To read this article in full, please click here

Microsoft releases even more patches for the CVE-2019-1367 IE zero-day, and the bugs are having a field day

You may recall the Keystone Kops reenactment that goes by the code name CVE-2019-1367. In short:

Sept. 23: Microsoft released the CVE-2019-1367 bulletin, and published Win10 cumulative updates in the Microsoft Catalog for versions 1903, 1809, 1803, 1709, 1703, Server 2019 and Server 2016. It also released an IE rollup for Win7, 8.1, Server 2012 and Server 2012 R2. Those were only available by manual download from the Catalog — they didn’t go out through Windows Update, or through the Update Server. 

Sept. 24: Microsoft released “optional, non-security” cumulative updates for Win10 version 1809, 1803, 1709, 1703, 1607/Server 2016. Nothing for Win10 version 1903. We also got Monthly Rollup Previews for Win7 and 8.1. Microsoft didn’t bother to mention it, but we found that those Previews include the IE zero-day patch as well. This bunch of patches went out through normal channels — Windows Update, Update Server — but they’re “optional” and “Preview,” which means most savvy individuals and companies won’t install them until they’ve been tested.

To read this article in full, please click here

Time to install Microsoft’s mainstream September patches – and avoid the dregs