Category Archives: Microsoft

Patch Tuesday for March 2019

You know, it’s theoretically possible that we could get a Patch Tuesday with no updates to install. We’ve had months like that for Adobe products. Not for Microsoft, though, at least not in my memory.

Anyway… this month from Microsoft we have thirty-four updates, addressing seventy-five security vulnerabilities in Internet Explorer, Edge, Flash in Microsoft browsers, Office, and Windows. At least that’s what my analysis shows. The source of this information, Microsoft’s Security Update Guide, is a complex beast.

Reminder: these updates are only for versions that are still supported. Windows XP is no longer supported, and Windows 7 won’t be for much longer. Versions of Office older than 2010 are no longer supported, and Office 2010 support will end later in 2019.

It was a busy month for Adobe, with updates to Flash, Reader, and Shockwave.

Flash 32.0.0.171 includes fixes for two vulnerabilities in earlier versions.

Acrobat Reader DC, the variant of Adobe’s Acrobat/Reader product line you probably use, is up to version 2019.010.20099. The new version addresses twenty-one vulnerabilities in earlier versions.

Shockwave Player 12.3.5.205 addresses seven security bugs in earlier versions. You’re slightly less likely to have this software installed on your computer, but it’s worth checking if you’re not sure.

There are links to download the new versions on all the release announcement pages linked to above.

Patch Tuesday for March, 2019

According to Microsoft’s Security Update Guide, March’s updates, twenty-eight in all, include fixes for at least sixty-five security vulnerabilities in .NET, Flash Player (in IE and Edge), Internet Explorer, Edge, Office, Visual Studio, and Windows.

Even if you have automatic updates enabled on Windows 7 and 8 computers, it’s a good idea to check for and install the new updates. If you’re running Windows 10, auto-updates can’t be disabled, but you can still check for updates, and get them sooner that way.

There are no updates for Flash or Reader from Adobe so far in March.

Patch Tuesday for February 2019

Analysis of Microsoft’s Security Update Guide for February 2019 reveals that there are sixty-one distinct updates and corresponding articles in Microsoft’s support knowledge base.

At least seventy-seven vulnerabilities in Windows, Office, .NET, Internet Explorer, Edge, and Visual Studio are addressed by the updates. Twenty of the updates are flagged as Critical. Included in the updates is a new version of Flash for Internet Explorer and Edge.

As always, the easiest way to update Microsoft software is to use Windows Update, found in the Control Panel or System settings of your version of Windows.


Adobe once again adds to the patching load with new versions of Flash and Reader. Flash 32.0.0.142 addresses a single security vulnerability in earlier versions. The easiest way to check your Flash version and grab an update is to visit the Flash Help page.

Adobe Reader DC 2019.010.20091 includes fixes for at least seventy security bugs in earlier versions. Newer versions of Reader support auto-updates, but you can check for new versions by running Reader, and selecting Help > Check for Updates from its menu. If there’s a new version available, you’ll be prompted to install it.

Problems with Windows 7 shares

Do you still run a Windows 7 computer that has shared folders? If you do, and those shares are set up so that they require user authentication, and the user involved is a member of the Administrators group on the Windows 7 computer, then you may find that those shares stopped working recently.

This problem was triggered by one of the Windows 7 updates from January 2019. Uninstalling that update fixes the problem, but doing that also rolls back some important security updates. So that’s not really a viable option.

Thankfully, Microsoft issued a fix for the problem. I’ve tested this fix and confirmed that it does work. To install it on your affected Windows 7 computer, locate the appropriate update (KB4487345 for 32-bit computers; KB4487345 for 64-bit computers) on this Windows Update Catalog page, click to download it, run the download and respond to the prompts. You’ll probably need to restart the computer.

Born’s Tech and Windows World has additional details.

Patch Tuesday for January 2019

Patch Tuesday: the gift that keeps on giving. Imagine a world where the second Tuesday in a month came and went, with no updates to install. Something to celebrate. Meanwhile, back in the real world, there’s an apparently infinite supply of software bugs out there, most as-yet undiscovered.

But back to the matter at hand. Microsoft’s Security Update Guide is still annoying to use on the web, so I recommend downloading this month’s patch details in the form of a spreadsheet. Navigate to the SUG, which by default will show the updates for this month. You should see a ‘Download’ link to the far right of the Security Updates heading. Click that link and open the spreadsheet in Excel or something compatible. In Excel, depending on the version, you should be able to enable the Filter feature, which makes each column heading a drop-down control, allowing you to filter and sort on any column. Very handy.

This month Microsoft is issuing seventy-three bulletins, each corresponding to an update for one or more security vulnerabilities. Forty-eight vulnerabilities are addressed by the updates, which affect the usual targets, namely Windows, Internet Explorer, Edge, Office, .NET, Flash (in IE and Edge), Visual Studio, and Exchange Server.

Windows 10 users will get relevant updates whether they want them or not, as will anyone using older versions of Windows with automatic updates enabled. The rest of us will need to head to Windows Update and click the Check for Updates button.

Adobe logoFrom Adobe, we get a new version of Flash, to go along with last week’s new version of Reader.

The latest Flash is version 32.0.0.114, and it includes fixes for feature and performance bugs, but — surprisingly — none for security bugs.

As usual, the Flash embedded in Chrome will update itself along with the browser, while IE and Edge updates are provided via Windows Update. Your Flash installation may be configured to install updates automatically, but if not, head to the main Flash Player page, which will let you know if you need an update, and provide links.

The new version of Reader (Acrobat Reader DC), made available by Adobe on January 3, is A2019.010.20069. Flash 2019.010.20069 includes fixes for two Critical security issues.

Newer installations of Reader seem to keep themselves up to date, but you can grab the latest version at the Get Reader page. Remember to disable the optional applications, or you’ll get what is likely unwanted software such as McAfee antivirus products.

Special security update for Internet Explorer

Last week Microsoft issued an unscheduled security update that fixes a serious security vulnerability in Internet Explorer 9, 10, and 11.

According to Microsoft, this vulnerability is currently being exploited on the web, which means that malicious activity that takes advantage of the security hole has been observed.

Details of the vulnerability can be found in Microsoft’s Security Update Guide.

Anyone who still uses Internet Explorer for web browsing should install this update by running Windows Update in the Windows Control Panel or system settings.

Patch Tuesday for December 2018

It’s the second Tuesday of the month, so it’s once again time to play Patch Or Else, brought to you by Microsoft and Adobe.

It’s easy to get complacent about updating software: diligently installing updates as soon as they become available is an essential part of a good security strategy, and it means you’re less likely to fall afoul of malicious activity. But it also means that after a while you can lose sight of the risk of not staying up to date, and gradually become lax about installing updates. History is filled with stories of lost lessons; it’s apparently in our nature to forget what’s important when we aren’t reminded of the reasons for that importance.

Analysis of Microsoft’s Security Update Guide for the December 2018 updates reveals that this month we have sixty-seven distinct updates, half of which are flagged as having Critical severity. The updates address security issues in Adobe Flash (embedded in Internet Explorer and Edge), Internet Explorer, Edge, .NET, Office, Visual Studio, and Windows.

Update Windows and your other Microsoft software via Windows Update. In Windows 10, open the Start Menu and click on Settings > Update & Security settings > Windows Update. In older versions of Windows, you can find Windows Update in the Control Panel.

Presumably as part of the ongoing push for transparency in response to Windows 10 update problems earlier this year, Microsoft Corporate VP Michael Fortin posted an article, coinciding with this month’s updates, that explains some of the planning that goes into the monthly updates. Fortin points out that “During peak times, we update over 1,000 devices per second”.

Adobe’s contribution to the patch pile this month is a new version of Adobe Reader. The new Reader includes fixes for at least eighty-seven vulnerabilities, many having Critical severity. The release notes for Adobe Reader DC 2019.010.20064 provide additional details. Update Reader by pointing your browser to the Acrobat Reader Download Center.

Microsoft resumes rollout of Windows 10 October Update

Last month, after users reported file deletion issues, Microsoft took the Windows 10 October Update offline. Yesterday, the (now fixed) update was again made available. Microsoft has slowed their rollout this time, and for now, you can only get the update by manually checking for updates in Windows Update. If there are no new problems, Microsoft will gradually push the update out to all Windows 10 computers over the coming weeks.

In the month since the October update was pulled, Microsoft did a lot of soul-searching (aka process review), and the results of that work, detailed in a November 13 blog post, make for interesting reading. Here are the highlights:

  • Microsoft is trying to be more transparent about how it tests new versions of Windows before they are released. This is a good thing.
  • Adequate testing is difficult because there are so many possible combinations of hardware and software being used on Windows 10.
  • Base functional testing is the responsibility of the development teams. Presumably dedicated testing staff did this previously.
  • Data and user feedback are being used to gauge quality.
  • According to Microsoft, October update issues aside, overall quality and user satisfaction are increasing with each new Windows 10 update.
  • Employees working on Windows 10 have to ‘eat their own dog food’, meaning that they are required to use Windows 10 themselves.
  • As many as 15,000 new device drivers are added to Windows each month.
  • “The first principle of a feature update rollout is to only update devices that our data shows will have a good experience.” I find this wording amusing: in this case a ‘good experience’ means one where you’re less likely to throw yourself off a building after trying to update your O/S.

Update 2018Dec19: “Rollout Status as of December 17, 2018: Windows 10, version 1809, is now fully available for advanced users who manually select “Check for updates” via Windows Update.” See Windows 10 Update History.

Patch Tuesday for November 2018

This month, we have fifty-six updates from Microsoft. The updates fix security issues in .NET, Office, Internet Explorer, Edge, Microsoft Project, SharePoint, PowerShell, Skype, and Windows. Analysis of the Security Update Guide for this month shows that a total of sixty-three vulnerabilities are addressed by the updates. Twelve of the vulnerabilities are flagged as Critical.

Windows 10 computers will have relevant updates installed automatically over the next few days. Those of you running older versions of Windows that don’t have automatic updates enabled will need to use Windows Update (in the Windows Control Panel) to check for new updates.

Adobe logoMeanwhile, Adobe released new versions of Flash and Reader. Flash 31.0.0.148 addresses a single security vulnerability in earlier versions. Reader DC 2019.008.20081 fixes a single security bug in earlier versions. Adobe software will usually update itself, unless you’ve explicitly disabled its automatic update features.