Category Archives: Patches and updates

Patch Tuesday for June 2017

In a somewhat surprising move, Microsoft is releasing more updates for Windows XP today. To be clear, Microsoft had already created these updates for corporate (paying) clients. All they’re doing is making those updates available to the rest of us. While the updates are welcome to those still running Windows XP, one wonders how paying customers feel about it.

Here’s Microsoft’s explanation: “In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations.” What that probably means is that Microsoft believes — along with the rest of us — that last month’s WannaCry threat was only the beginning of the havoc coming our way in the wake of The Shadow Brokers‘ leaks. The bit about ‘government organizations’ is presumably to get people to take notice.

That announcement is also somewhat misleading, in that it talks about ‘enabling Windows Update’ in supported versions of Windows, when in fact they’re referring to automatic updates. Further, automatic updates in Windows 10 cannot be disabled.

From the June 2017 security update release announcement: “we recommend those on older platforms, such as Windows XP, prioritize downloading and applying these critical updates, which can be found in the Download Center (or alternatively in the Update Catalog).”


The Download Center site doesn’t work particularly well in Internet Explorer 8, the version my poor old Windows XP Virtual Machine is stuck with. The page does show a prompt to try Edge, which is not particularly helpful as Edge won’t run on Windows XP. Okay, how about the Update Catalog? All I get there is ‘The website has encountered a problem’.

The Download Center works a lot better in Chrome, but clicking the Microsoft Update link only tells me that I have to use Internet Explorer for that. Entering the Windows category just invites me to visit the Update Catalog. That site also seems to work with Chrome, but it’s basically just a search form. What do I search for to get the available updates for Windows XP? Searching for ‘Windows XP’ produces 870 results. Sorting the list by date shows the most recent update was in 2014.


A post on the Technet site provides additional information about the vulnerabilities: Microsoft Security Advisory 4025685 – Guidance related to June 2017 security update release. Fifteen vulnerabilities are addressed, almost all of which are flagged as Critical. But there’s nothing on that page about how to install the updates on Windows XP.

The general guidance page links to additional guidance pages, one for supported versions, and another for older versions of Windows.

The page for older versions starts by pointing out that “All security updates Microsoft provides do not check Windows Genuine Advantage status.” That means even people running bootleg copies of Windows XP can install these updates. It goes on to say “For customers on these older platforms, the following table provides information to manually download applicable security updates.”

So installing these updates on Windows XP involves manually downloading them with the links provided on the Microsoft security advisory 4025685: Guidance for older platforms page. Some of the links go to the Update Catalog, and some involve additional navigation, but I was able to use Chrome to download and install all twelve of the updates linked from the guidance page on my WinXP VM. Not exactly convenient, and certainly not fast, but it did work.

Microsoft security advisory 4025685: Guidance for supported platforms includes a summary of the month’s updates for supported software. Numerous vulnerabilities are addressed, affecting the usual software: Windows, Office, Internet Explorer, Edge, Silverlight, Skype and Flash. Extracting the complete details from the Security Update Guide is still annoyingly awkward, and the release notes are rather light on details.

Chrome 59.0.3071.86

With thirty security fixes in Chrome 59.0.3071.86, I would expect Google to emphasize the need for users to update as soon as possible. Instead, the release announcement says “This will roll out over the coming days/weeks.” Presumably Google feels that the fixed security issues are too obscure to represent any imminent threat.

To be fair, personal experience has shown that Chrome is great at detecting updates, often very soon after they become available. Visiting the About page is usually enough to trigger an update. Click the three-vertical-dots menu button, then choose Help > About.

If you have several hours to kill, you might want to check out the change log for Chrome 59.0.3071.86, which by my count contains 10,911 entries.

More bungled Windows updates

If you’re on the Windows Insider program — the one that gets you early looks at where Windows 10 is heading — you may have noticed some unusual updates in the last day or so.

First, a new development version of Windows 10 was rolled out to some unlucky users. This version was not intended for users, even those on the Insider Preview program. Microsoft caught the error and stopped the update, but if your computer was affected, you may notice some new “issues that impact usability of your PC.” You can roll back to the previous release, or live with any new issues until the next release.

Second, a development version of the mobile variant of Windows 10 was pushed out, again unintentionally. If your mobile device received this unfortunate update, it’s probably no longer usable. Microsoft recommends using their Windows Device Recovery Tool to fix the problem.

Microsoft wants us all to trust them to install updates whenever they want, but mistakes like these are not helping.

Ars Technica has more.

Opera 45.0.2552.812

An Opera release somehow got past my “infallible” system for not missing anything important. Back to the drawing board I guess.

The Opera users among you probably noticed the browser having trouble disengaging itself from the Windows taskbar lately. Opera 45.0.2552.812, released on May 15, finally fixes this annoying issue. A handful of other minor bugs are addressed in the new version. None of the fixes are related to security.