Category Archives: Microsoft

MORE Windows 10 update problems

Today’s nightmare is brought to you by Microsoft

An open letter to Microsoft:

Dear Microsoft –

Please either allow us to disable Windows 10 updates, or stop pushing out updates that break millions of computers worldwide every few weeks.

Sincerely,
Almost a billion Windows 10 users

The problems with Windows 10 updates are getting worse, not better. The last major feature update (1903) had major issues at release, and more seem to be turning up with each new set of “quality” updates. Those quotes around the word ‘quality’ are very intentional, by the way.

I’ve just spent most of a day troubleshooting and fixing a heinous set of problems related to printing, affecting most of the computers at a retail client. Printing is a critical function for this client, as it is for most businesses.

What follows is the sequence of events leading up to the printing problem, and what finally fixed it.

All of the computers are running 64-bit Windows Professional release 1903 (build 18362.356).

SUMMARY: Update 4522016, which apparently caused these printing problems on some computers, was never installed on any of the affected PCs at this business. Update 4524147 caused the printing problems it was supposed to fix. Uninstalling update 4524147 fixed the printing problems on three otherwise up-to-date Windows 10 PCs.

  1. 2019Oct03: Update 4524147 was installed automatically on all affected PCs. This happened overnight, which is normal for these PCs.
  2. 2019Oct04: The client reported printing problems on several PCs.
  3. 2019Oct04: The usual troubleshooting for printing issues was ineffective. Research eventually showed that a recent Windows update (4522016) was causing printing problems for many users. But that update was never installed on any of the affected PCs.
  4. 2019Oct04: Since printing was working fine before 4524147 was installed, I uninstalled that update, and printing started working again. Repeating this on all affected computers resolved all the printing problems.
  5. 2019Oct05: On trying to log into one of the recently-fixed PCs, Windows 10 told me that the Start menu was broken. Research showed that update 4524147 was causing this problem (the second time an update broke the Start menu in recent weeks). I checked, and sure enough, 4524147 had been reinstalled automatically overnight. Uninstalling it fixed the Start menu.
  6. 2019Oct05: To delay recurrence of the printing problem, I used the Advanced settings on the Windows Update screen to delay updates as long as possible. On most of the PCs, I was able to delay updates for between 30 and 365 days. On one PC, these settings were inexplicably missing. I eventually had to use the Local Group Policy Editor to make the necessary changes.
  7. 2019Oct04: I reported this bizarre situation to Microsoft via its Windows 10 Feedback hub. It’s difficult to know whether anyone at Microsoft will actually see this, or take it seriously. I have doubts, which means that this problem seems likely to reappear at some point.

As predicted

This is in fact the nightmare scenario envisioned by myself and others when it became clear that Windows 10 updates would not be optional. While Microsoft has — grudgingly — made it possible to delay updates, it’s still not possible to avoid them completely, and if you’re one of the unlucky Windows 10 Home users, even that’s not an option.

Questions for Microsoft

Why did an update intended to fix printing problems actually cause those exact problems?

Why are some of the advanced Windows Update settings missing from one of several identically-configured Windows 10 PCs running the same build?

Why are you inflicting this garbage on us? Do you hate us?

WHY DON’T YOU LET US TURN OFF UPDATES? This is the simplest solution, and while I understand that you want Windows 10 installs to be secure (and that means installing fixes for security vulnerabilities), until you can produce updates that don’t cause massive problems, we don’t want them.

Related links

Update 2019Oct10: Apparently update 4517389, released on October 8 along with the rest of October’s updates, addresses this problem.

Emergency fix for Internet Explorer

If you’ve ignored the almost continuous advice of IT experts over the last decade or so, and are still using Internet Explorer for web browsing, you should stop what you’re doing and install a new security update, just released by Microsoft.

The update fixes a critical vulnerability (CVE-2019-1367) in IE 9, 10, and 11 that could allow a remote attacker to execute code on your computer, if they are able to trick you into visiting a specially-crafted web page.

Even if you don’t actively use IE, if it’s installed on your Windows computer (and it almost always is), you may run it accidentally, or it may become the default web browser because of another Microsoft update. In other words, everyone running Windows 7, 8.1 and 10 needs to install the fix, which exists in several different versions, each for a specific combination of Windows version and IE version (as outlined in Microsoft’s related security bulletin).

For example, on my main Windows computer, on which I run 64-bit Windows 8.1 and IE 11, the relevant update is designated 4522007.

These updates are not available via Windows Update. To install the update for your computer, follow the appropriate link in the security bulletin. Eventually you’ll end up at the Microsoft Update Catalog. Locate the update you want, then click the Download button to begin.

Patch Tuesday for September 2019

It’s another Patch Tuesday, and this month we have the usual pile from Microsoft, along with a new version of Flash.

Analysis of the summary spreadsheet — helpfully provided by Microsoft on the Security Update Guide site — shows that there are forty-nine updates, addressing eighty vulnerabilities in Windows, Internet Explorer, .NET, Edge and Office. Seventeen of the vulnerabilities are critical.

Those of you running Windows 10 will get these updates automatically, unless you’ve explicitly configured Windows to delay updates. Everyone else should navigate to Windows Update in the Windows Control Panel or Windows Settings.

The new version of Flash is 32.0.0.255. It addresses two critical security bugs in earlier versions, both of which were discovered and reported by independent security researchers.

Anyone who still uses Flash, especially if it’s enabled in any web browser, should update Flash as soon as possible. Go to the Flash applet in the Windows Control Panel to check your version and install the new version.

Patch Tuesday for August 2019

It’s another day of updates, with the usual load from Microsoft, and a new version of Reader from Adobe.

Analysis of the monthly data dump from Microsoft’s Security Update Guide shows that this month we have fifty-two updates (with associated bulletins), addressing ninety-five vulnerabilities in Office applications, Windows, Internet Explorer 9 through 11, Edge, Exchange, SharePoint, and Windows Defender.

Twenty-nine of the vulnerabilities are characterised as having Critical severity, and all of the usual nightmarish potential impacts are represented, including Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing, and Tampering.

If you’re running Windows 10, there’s not much you can do to avoid these updates, although you can at least delay them. The risks associated with installing updates as soon as they become available are still arguably lower that the risks of delaying them as much as possible, or somehow avoiding them altogether.

In this particular case, however, you definitely should install the updates immediately. That’s because they include fixes for a set of dangerous vulnerabilities in RDS (Remote Desktop Services) in all versions of Windows, including Windows 10. Still not convinced? This month’s updates also include a fix for a terrible vulnerability in the Text Services Framework that’s existed in all versions of Windows since XP. The RDS and Text Services vulnerabilities were discovered very recently; no related exploits or attacks have been observed, but it’s a safe bet that malicious persons are working on exploits right now.

Anyway, as always, Windows Update is your friend. Your annoying, can’t-seem-to-shake-them kind of friend.

Adobe logoAdobe released updates for several of its products today, of which only Acrobat Reader presents a significant risk, because malicious hacker types enjoy embedding various kinds of nastiness in PDF files, pretty much every computer on Earth has Acrobat Reader installed, and most people with computers open PDF files without even thinking about the risk.

The latest Acrobat Reader (DC Continuous, which is the variant most likely to be installed on your computer) is version 2019.012.20036. It addresses at least seventy-six security vulnerabilities in previous versions. The release bulletin gives credit to a number of non-Adobe security researchers who discovered and reported some of the vulnerabilities.

You can check your version of Acrobat Reader by navigating its menu to Help > About Adobe Acrobat Reader DC. Also on the Help menu is the handy Check for Updates option, which is probably the easiest way to update Reader.

Patch Tuesday for July 2019

Microsoft’s Security Update Guide provides the raw material for understanding each month’s pile of patches, but it’s not exactly easy to use in its current form. I use the almost-hidden Download link to the far right of the Security Updates heading about halfway down the page. The downloaded file is an Excel spreadsheet, which I find much easier to navigate that the SUG site. Your mileage may vary.

This month, Microsoft has issued sixty-seven updates and associated bulletins. The updates address seventy-eight vulnerabilities in Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Microsoft Exchange Server.

The vulnerabilities range from Moderate to Critical in severity, and they can lead to one or more of the usual horrors, including Denial of Service, Elevation of Privilege, Remote Code Execution, Information Disclosure, Spoofing, and Security Feature Bypass. Brrrrr.

Release Notes for July 2019 Security Updates

By far the easiest way to install all these updates is to let Windows Update do the work. Of course to some extent that means trusting Microsoft not to hose your computer, so there’s that. My current thinking is that I’m willing to trust Microsoft to do this, as long as they at least give me a way to roll back any faulty updates.

Adobe released some security updates to coincide with Microsoft’s patch cycle, but none for the ubiquitous Flash Player or Acrobat Reader.

Patch Tuesday for June 2019

It’s update time once again, and along with the updates from Microsoft and Adobe, I’m going to annoy you with yet another reminder that Only You Can Prevent Internet Worms. That sounds kind of gross, actually.

Analysis of the Security Update Guide spreadsheet, so thoughtfully provided by Microsoft each month, shows that this month there are thirty-three updates, addressing eighty-eight security vulnerabilities in Windows (7, 8.1, 10, and Server); Flash in Internet Explorer and Edge; Internet Explorer 9 through 11; Edge; and Office 2010, 2016, and 2019. At least twenty-one of the vulnerabilities are categorized as Critical.

If you missed last month’s update festivities, you may not be aware that there’s a very dangerous vulnerability (CVE-2019-0708) in Microsoft’s Remote Desktop feature in Windows XP, Windows 7, and Server 2008. Updates for Windows 7 and Windows Server 2008 computers are available in the usual way, via Windows Update. An update for Windows XP is also available, but you’ll have to download and install it manually, from the Microsoft Update Catalog.

I’m pestering you about this because the last time a vulnerability like this appeared, we got the global WannaCry worm mess. Patch those systems and prevent a similar worm from giving the world another major headache. Here’s Microsoft on the subject, as well as Ars Technica.

As usual, Adobe has released software updates to coincide with Microsoft’s Patch Tuesday, which makes things nice and tidy with Flash being integrated into IE and Edge. Flash 32.0.0.207 fixes a single security vulnerability.

There are a few ways to update Flash on Windows, but starting with the Flash Player Control Panel works for me. On the Flash CP’s Updates tab, you’ll find a Check Now button, which will take you to the Get Adobe Flash page. That will tell you which version you’re running. If you need an update, click the Player Download Center link on that page.

Patch Tuesday for May 2019

From Microsoft this month, we get forty-six updates, addressing seventy-nine distinct vulnerabilities in the usual gang of idiots, namely Windows, Office, Internet Explorer, Edge, .NET, Flash in Internet Explorer, and Visual Studio. Nineteen of the updates have been flagged with Critical severity. Head over to Microsoft’s Security Update Guide for more details.

Those of you running Windows 10 may actually be satisfied with its automatic updates, despite the problems. Either that or you’ve given up fighting Microsoft. And of course there are plenty of folks running Windows 7 and 8 with automatic updates enabled, in response to which I can only tip my hat and tell you that you’re braver than I. The rest of us will (or should) be making the trudge over to Windows Update today.

Microsoft dons a white hat

One of the updates made available by Microsoft today fixes a serious vulnerability (CVE-2019-0708) in older versions of Windows, including Windows 7, XP, and Server 2008. Despite the fact that official support for these versions has ended, Microsoft decided to make the world a slightly better place, taking the time to develop, test, and publish these updates. Which is good, because the hole being fixed is a bad one, in that it could provide a handy new conduit for malicious software worms to propagate… just like WannaCry did in 2017.

So, two things: first of all, thanks Microsoft! Second, if you run Windows 7 or Windows Server 2008 computers, please check Windows Update and install the May 2019 monthly security rollup as described on this Microsoft page. For any computers running Windows XP, you’ll have to download the appropriate update from the Microsoft Update Catalog, as decribed on this Microsoft page.

More about Microsoft’s unusual move

Adobe

Adobe logoAdobe’s contribution this month consists of new versions of Flash and Acrobat Reader. Flash 32.0.0.192 addresses a single security vulnerability, while Acrobat Reader DC 2019.012.20034 addresses a whopping eighty-four vulnerabilities in earlier versions.

Reader will generally update itself, but you can make sure by navigating its menu to Help > Check for Updates.... The easiest way to update Flash is to look for it in the Windows Control Panel. Go to the Updates tab of the Flash control panel widget and click Check Now. This will take you indirectly to the download page for Flash. Make sure you opt out of any additional software offered for install on that page.

Microsoft relents; cedes more Windows 10 update control to users

Microsoft is finally waking up to what we’ve all been saying since before Windows 10 was released: forcing operating system updates on users is not a good idea. Amusingly, they are presenting their findings and announcing related changes as if these things were previously unknown to the world of computing.

Microsoft refers to the process of installing Windows updates as an ‘experience’, and uses adjectives like ‘great’ when describing what they want the experience to be like for users. I don’t know about you, but I’ve never thought about installing updates as a ‘great experience’. Nightmarish, never-ending, endurable, and dreaded are more familiar ways to describe my update experiences. The word I’d most like to use in connection with updates is ‘uneventful’.

Note: phrases like ‘great update experience’ were no doubt vetted by some Microsoft committee. Microsoft writers are presumably encouraged to use these phrases — and avoid negative terminology — when discussing Windows updates.

Microsoft still seems unable to understand what people actually want to ‘experience’ from a Windows update:

  1. We don’t want updates at all, really. We want software to not be full of security holes in the first place. But that’s a fantasy, and will never happen (sigh).
  2. We want updates to not cause problems. Ever.
  3. Updates should install quickly, and with minimal fuss. Giant downloads, massive storage requirements, lengthy update durations, and high CPU usage are unacceptable.
  4. It should be possible to easily, quickly, and effectively revert updates.
  5. Automatic updates are a nice option, but only if we have full control over when they occur.

Upcoming Windows Update changes

  • Download and install now option: a new option on the Windows Update page that installs ‘feature updates’, which provide new or improved functionality. Using this option effectively updates Windows 10 to the latest version in terms of features, without installing any bug or security fixes. According to Microsoft, it’s a way to get the latest features without installing anything potentially risky.
  • Extended ability to pause updates. This further extends your ability to delay installation of updates, although it’s still limited: you can delay an update up to 35 days (seven days at a time, up to five times). This one is important for Windows 10 Home users, because the feature was previously unavailable on that version.
  • Intelligent active hours. The ‘active hours’ setting, which was added in the Anniversary Update, allows you to specify a window of time during which updates should never occur. This will now adjust itself automatically, based on when it thinks the computer is actually being used. This sounds good, but in practise, it may cause more problems than it solves. We’ll see.
  • Improved update orchestration. This new feature will detect device usage, and attempt to install updates when utilization is low, such as when there is no user activity.

For additional details on the upcoming changes, see Microsoft’s recent Windows blog post, titled “Improving the Windows 10 update experience with control, quality and transparency“.

Other Windows Update changes are being tested and may appear in upcoming releases of Windows 10, such as the ability to automatically roll back a problematic update.

These are all welcome changes, but I’m hoping Microsoft goes even further. If the Windows 10 update process improves enough, I may even consider installing it again. For now, there are still too many problems, such as Windows Update’s excessive use of disk space.

At least Microsoft is listening to the complaints about update dialogs popping up over important presentations, and worse. And they’re being surprisingly transparent during this current round of Windows improvements. Several recent Windows update problems (like this one in March and the known issues with this April update and this one) were probably the main impetus behind the changes, though.

Update 2019Jun03: The May update has arrived, and Windows 10 Home users are not impressed with the minor improvements to Windows Update.

Patch Tuesday for March 2019

You know, it’s theoretically possible that we could get a Patch Tuesday with no updates to install. We’ve had months like that for Adobe products. Not for Microsoft, though, at least not in my memory.

Anyway… this month from Microsoft we have thirty-four updates, addressing seventy-five security vulnerabilities in Internet Explorer, Edge, Flash in Microsoft browsers, Office, and Windows. At least that’s what my analysis shows. The source of this information, Microsoft’s Security Update Guide, is a complex beast.

Reminder: these updates are only for versions that are still supported. Windows XP is no longer supported, and Windows 7 won’t be for much longer. Versions of Office older than 2010 are no longer supported, and Office 2010 support will end later in 2019.

It was a busy month for Adobe, with updates to Flash, Reader, and Shockwave.

Flash 32.0.0.171 includes fixes for two vulnerabilities in earlier versions.

Acrobat Reader DC, the variant of Adobe’s Acrobat/Reader product line you probably use, is up to version 2019.010.20099. The new version addresses twenty-one vulnerabilities in earlier versions.

Shockwave Player 12.3.5.205 addresses seven security bugs in earlier versions. You’re slightly less likely to have this software installed on your computer, but it’s worth checking if you’re not sure.

There are links to download the new versions on all the release announcement pages linked to above.

Patch Tuesday for March, 2019

According to Microsoft’s Security Update Guide, March’s updates, twenty-eight in all, include fixes for at least sixty-five security vulnerabilities in .NET, Flash Player (in IE and Edge), Internet Explorer, Edge, Office, Visual Studio, and Windows.

Even if you have automatic updates enabled on Windows 7 and 8 computers, it’s a good idea to check for and install the new updates. If you’re running Windows 10, auto-updates can’t be disabled, but you can still check for updates, and get them sooner that way.

There are no updates for Flash or Reader from Adobe so far in March.