Among the updates from Microsoft this month is a fix for the Windows vulnerability recently reported by Google. You may recall that Microsoft was rather annoyed with Google for making the vulnerability public according to their own rules (sooner than Microsoft wanted). Microsoft did credit Neel Mehta and Billy Leonard of Google’s Threat Analysis Group for their assistance.
There are fourteen bulletins from Microsoft this month. The associated updates address seventy-five vulnerabilities in Windows, Edge, Office, and Internet Explorer.
Adobe’s monthly contribution to the festivities is a new version of Flash, 23.0.0.207. A release announcement provides an overview of the changes, while the associated security bulletin provides some background about the nine vulnerabilities addressed.
When Microsoft releases a new version of Windows 10, it’s delivered in the form of a bandwidth-annihilating all-inclusive package. Windows 10 basically downloads a new copy of itself. Most Windows 10 users also don’t have much control over whether and when these massive updates occur.
Earlier this week, Microsoft publicly admitted that this arrangement is perhaps not ideal, and announced upcoming changes that will make the Windows 10 upgrade system less awful. Users will be given slightly more choice for scheduling upgrades, and the updates will only include what’s actually changed in the O/S, making them significantly smaller.
What’s really weird is the way that Microsoft is portraying these changes, as if they’ve discovered something new. Sorry, Microsoft. The rest of the world already knew that limiting update packages to what’s actually changed is a good idea.
Microsoft’s big Windows 10 giveaway is over, and with it, interest in the new operating system. The latest numbers from netmarketshare.com show that growth in the number of Windows 10 devices has slowed to a crawl. Windows 7 growth in the last month or so is actually higher than for Windows 10.
To see the numbers on netmarketshare.com, select Operating Systems > Desktop Share by Version from the drop-down lists under Market Share Reports.
Thanks to Microsoft’s rules, it’s no longer possible to buy a new PC with any version of Windows other than 10. But Windows 7 and 8.1 are still available, so if you don’t mind installing Windows from scratch, you still have options.
Windows 7 will continue to receive support – and security updates – from Microsoft until January 14, 2020. Windows 8 will be supported until January 10, 2023. See the official Windows lifecycle fact sheet for details.
Google’s Threat Analysis Group recently discovered critical flaws in Flash and Windows that could allow an attacker to bypass Windows security mechanisms. Attacks based on these flaws have already been observed in the wild.
The flaw in Flash was fixed immediately by Oracle; hence the out-of-cycle Flash update on October 26. But Microsoft decided to delay the corresponding Windows fix until next Patch Tuesday (November 8), and is now rather annoyed with Google for reporting the vulnerability publicly. Google was following its own rules for vulnerability disclosure, but such rules differ widely between organizations. In any case, Microsoft would have been happier if Google had waited a bit longer before spilling the beans.
According to Google’s announcement, Chrome 54.0.2840.87 fixes at least one security issue. The change log lists forty-seven changes, none of which look particularly interesting or important. Still, this is a security fix, so you should make sure that Chrome has updated itself – if you use it.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.