Category Archives: Patches and updates

Patch Tuesday for November 2021

To paraphrase butcher Oscar Wilde: the only thing worse than having to install security updates every month is having no security updates at all. If you’re not getting a steady supply of security updates, your software is probably no longer being developed or supported. If you’re just choosing not to install the available updates, you’re asking for trouble. Either is bad, but at least you can do something about the latter.

It’s my duty to inform you that — at least by my count — Microsoft has made available this day approximately twenty-nine updates for Windows, Office, Edge, Visual Studio, Exchange Server, SharePoint, Visual Studio Code, and Windows Server. A total of fifty-five vulnerabilities are fixed by the updates.

The source of this information is Microsoft’s Security Update Guide (SUG). It’s a sluggish and weirdly complicated system to navigate, but does seem to contain the necessary information.

As usual, this month’s collection includes updates for Windows 7, but those updates remain tantalizingly out of reach for most Windows 7 users, because obtaining them involves entering into a special agreement with Microsoft that’s way too expensive for regular folks.

Windows 10 systems get the updates automatically, and Windows 8.1 users — if automatic updates are disabled — should navigate to the Windows Control Panel and Windows Update to install them.

Java 8 update 311

Oracle just released its quarterly Critical Patch Update Advisory for October 2021.

As usual, there’s a section in the advisory for Java. The details show that previous versions of Java, including Java 8 Update 301, have fifteen known security vulnerabilities.

Java: What is it and why do I need it?

There’s a new version of Java that addresses the vulnerabilities in version 8u301: Java 8 Update 311.

If Java is installed on your computer, it’s a good idea to keep it up to date. If you’re not sure whether Java is installed, go to the Windows Control Panel and look for a Java entry. If it’s not there, great! You don’t use (or apparently need) Java.

Otherwise, click the Java Control Panel entry and go to the Update tab. Click the Update Now button to start the update process.

Patch Tuesday for October 2021

Like clockwork, Microsoft has once again provided us with a month’s worth of new security updates.

According to Microsoft’s Security Update Guide, this month there are patches for one hundred and seven vulnerabilties, in Office (2013, 2016, and 2019), Edge, Exchange Server, SharePoint, Visual Studio, System Center, Windows (7, 8.1, 10, and 11) and Windows Server.

As usual, Microsoft is taunting Windows 7 users with updates for that O/S, because most of us regular folks can’t afford them.

Windows 8.1 users — of which I’m one of the very few remaining — can either enable automatic updates, or navigate the Start menu to Windows Update to install available updates manually.

Windows 10 users can still delay updates, though just how long a delay is allowed depends on the flavour of Windows 10 you’re running. Windows 10 Home doesn’t give you much to work with in that respect.

Since Windows 11 isn’t even officially released yet, it’s difficult to predict exactly how updates will be handled for that O/S. However, it’s a safe bet that updates will be shoved down our throats as they are with Windows 10.

Patch Tuesday for September 2021

Summer is winding down, young folks are risking their health going back to school, and anti-vaccination cretins are revealing to the world how incredibly stupid they are by protesting at hospitals.

The good news is that you can easily distract yourself from the bad news for a few minutes by doing something straightforward and comfortable. I’m referring, of course, to installing Microsoft updates on your Windows computers.

If you’re looking for detailed information about the updates being made available by Microsoft today, the best place to start is the official source: the Security Update Guide (SUG). I’m not saying you’ll find it easy to navigate (you likely won’t). But it is the official source.

For those of you not inclined to risk a migraine by looking at the SUG, I’ve done my usual analysis of this month’s offerings, based on data downloaded from the SUG and viewed in a spreadsheet application (any one will do).

This month’s patches address a total of ninety-three security vulnerabilities, in Office, Edge, SharePoint, Visual Studio, Visual Studio Code, Windows Server, Windows 10, Windows 7, and Windows 8.1.

The Windows 7 patches are not available to regular folks, and can only be obtained (legally) by paying Microsoft a large amount of money. Windows 7 users are encouraged to upgrade to, well, I guess Windows 10, which is currently somewhat less terrible than it was when it was released.

Windows 8.1 users — the few of us who remain — have the luxury of deciding whether and when to install updates via Windows Update.

Windows 10 users can only delay updates, and then only if you’re running the Pro (not Home) version.

Patch Tuesday for August 2021

It’s another Patch Tuesday, which these days matters less and less, given that software makers are increasingly forcing updates onto us.

There are still plenty of people running Windows 7 and Windows 8.x: almost 20%, with Windows 10 taking the rest, at close to 80%. That’s according to Statcounter.

Sadly for Windows 7 users, official patches for that O/S are few and far between, with Microsoft only releasing Windows 7 updates to the general public when the vulnerability being addressed is particularly nasty.

That leaves Windows 8.1, for which we continue to receive updates, and for which the process has not changed much since the O/S was introduced in 2013.

The updates

This month, Microsoft is making available updates that address a total of eighty-seven security vulnerabilities in .NET, Office, Edge, SharePoint, Visual Studio, and Windows. That count is based on my interpretation of the official Security Update Guide, and it may differ from totals provided by others, because counting these things is not as simple as it sounds.

If you’re running Windows 10, hold onto your britches as Microsoft installs the new updates remotely on your computer, and hopefully doesn’t break anything this time.

Windows 8.1 users can either enable automatic updates, or head to the Control Panel and fire up Windows Update.

Windows 7 and XP users are basically out of luck. If you are using those systems, I strongly recommend that you don’t also use them for email or web browsing.

Patch Tuesday for July 2021

It could be argued that Microsoft has done us all a favour in making Windows 10’s updates unavoidable. Certainly, as long as nothing goes wrong, it’s less work than futzing around with Windows Update on every computer. And forced updates mean that Windows computers used by less tech-savvy folks stay up to date with security fixes, which makes everyone safer.

It’s also true that increasingly, software and firmware updates for all our devices happen whether we want them or not. By default, mobile devices update themselves. Other electronic equipment, like smart televisions, digital video recorders, amplifiers, and even some network equipment are now doing the same.

But I just can’t shake the feeling of discomfort I get when I think about my computer being messed with at the whim of some Microsoft flunky. Perhaps some day I’ll be more comfortable with it. In the meantime, as long as Microsoft continues to screw up updates, sometimes breaking thousands of computers worldwide, I’ll continue to feel this way.

This month’s Microsoft updates

According to my analysis of the data available from Microsoft’s Security Update Guide, we’ve got updates for Edge, Office, Exchange Server, SharePoint, Visual Studio Code, Windows (7, 8.1, and 10), and Windows Server, addressing a whopping one hundred and thirty-three vulnerabilities in all.

As usual, Windows 10 updates will be installed automatically over the next few days, although you may — depending on your version of Windows 10 — be able to delay them for about a month. You can check for available updates and install them right away by heading to Start > Settings > Update & Security > Windows Update.

Windows 8.1 users also have the option of using automatic updates, but if that’s disabled, you’ll need to go to Start > PC Settings > Update & Recovery > Windows Update.

There seem to be one or two updates that are freely available for all Windows 7 computers, so it’s worth checking Windows Update. When Microsoft releases free updates for Windows 7, you know they’re important. Go to Start > Control Panel > Windows Update to check.

Adobe Updates

Adobe joins the fun again this month, with an updated version of the free and still ubiquitous Adobe Acrobat Reader. Version 2021.005.20058 of Reader includes fixes for thirteen security bugs.

Reader normally updates itself, but you can make sure, by navigating its menu to Help > Check for updates...

Firefox 90

Perhaps coincidentally, there’s also a new version of Firefox today. Firefox 90 addresses nine security vulnerabilities in earlier versions.

By default, Firefox will update itself, but you can encourage it by clicking its ‘hamburger’ menu at the top right, and navigating to Help > About Firefox.

Microsoft issues special fix for Windows print spooler vulnerability

On Tuesday, Microsoft once again broke with its normal update cycle, publishing a series of updates to address a bad security flaw in the Windows print spooler service.

The print spooler exists in all versions of Windows, including Windows 7, and the vulnerability is serious enough that Microsoft issued an update for that O/S, which is technically no longer supported.

The print spooler vulnerability, which is often referred to as PrintNightmare, is documented in CVE-2021-34527.

Although technically the vulnerability could be exploited on any Windows computer, an attacker would need direct or remote access to that computer, and be able to log in as a regular user. Although that scenario is somewhat unlikely for most home users, the risk increases for computers with Remote Desktop enabled, public or shared computers, and computers on business and educational networks that connect to domain controllers.

Because Microsoft now bundles updates together, it can be difficult to identify which downloads apply to any particular update. In almost all cases, the best approach is to check Windows Update.

On Windows 10, navigate to Settings > Update & Security > Windows Update. Check for updates. If you see the update KB5004945 pending, install it. If you don’t see that update, click the link to ‘View update history’ and make sure KB5004945 has been installed.

The process is the same for older versions of Windows, except that Windows Update is accessed via the Windows Control Panel. The update number will also vary, depending on the Windows version. On Windows 8.1, it’s KB5004954.

Update: Windows print spooler problems persist.

New version of Reader fixes two security bugs

Adobe logoAnother new version of Adobe Reader (aka Adobe Acrobat Reader DC) was released last week. Reader version 2021.005.20048 includes fixes for two security vulnerabilities, both of which were apparently discovered by independent security researchers.

Unless you’ve disabled the function, Reader will update itself shortly after a new version becomes available. I usually find that by the time I become aware of a new version, Reader has already updated itself on my main PC.

You can check Reader’s version by navigating its menu to Help > About Adobe Acrobat Reader DC. You can check for and install any pending updates by navigating its menu to Help > Check for Updates...

Patch Tuesday for June 2021

According to my count, which is based on the official Security Update Guide, Microsoft’s patch pile for June addresses forty-nine security vulnerabilities.

There are approximately thirty-two updates, affecting .NET, Office, Windows (7, 8.1, and 10), SharePoint, and Visual Studio.

Only people paying through the nose for them will get the Windows 7 updates; the rest of us are out of luck. Windows 8.1 updates can be installed via the Windows Update control panel. Windows 10 systems will receive the updates when Microsoft feels like rebooting your computer, usally at the most inopportune time.

New versions of Acrobat and Reader

Adobe logoEarlier this week, timed to coincide with Microsoft Patch Tuesday, Adobe released new versions of its PDF authoring tool Acrobat, as well as its free PDF viewer, Reader.

The new versions address ten security vulnerabilities in earlier versions. The new version of Acrobat Reader (DC) is 2021.001.20155.

If you have Adobe Reader installed on any of your computers, you should check whether it’s up to date, and install the new version if it’s not. You can do that by running Reader, and navigating its menu to Help > About Adobe Acrobat Reader DC.

You can install the latest version of Reader by navigating its menu to Help > Check for Updates.