Category Archives: Patches and updates

Windows 10 lands

You can now download the release version of Windows 10 directly from Microsoft. The tools on that page allow you to upgrade the computer you’re using, or to create bootable disc or thumb drive images, which can then be used to install Windows 10 from scratch on another computer. Both the Home and Pro versions are available, in 32 and 64 bit form.

If you’re running Windows 7 or 8.x, and you choose to perform an upgrade from the site linked above, you’ll get the Home version if you’re currently running one of the Home variants, and Pro otherwise.

It’s still not completely clear what happens when you don’t have a legitimate Windows 7 or 8.x license. At some point, you’ll be asked to enter a license key, and without one, presumably Windows 10 will stop functioning or suffer from reduced functionality. The same goes for in-place upgrades; as Microsoft has said, if you have a non-valid install of Windows 7 or 8.x and upgrade it to Windows 10, it will continue to be non-valid, with all that entails.

Update: My Windows 10 test computer is running whatever version is being provided via the Windows Insider program. It looks like the final release version, and has the build number Microsoft planned to use for the release: 10240. Because I joined the Windows Insider program (which involved having updates pushed to the computer regularly, and being asked to provide ratings and feedback), I’m now running Windows 10 Pro on a computer that previously ran Windows XP, and it didn’t cost anything, and it’s completely legit. Of course, if I ever want to stop logging in to Windows 10 with my Microsoft ID, I’ll have to purchase a Windows 10 license.

Deciding whether to upgrade to Windows 10

Windows 10 is scheduled for release on July 29. Microsoft really wants people to upgrade, offering the new O/S for free to anyone running legitimate installs of Windows 7 and 8.x, at least until July 28, 2016. Anyone who’s been running the Windows Insider Preview version of Windows 10 will also be able to install the release version for free. It sounds enticing, but is it right for you?

Questions remain

Unfortunately, there are still some unanswered questions regarding the free Windows 10 upgrades. How long will a ‘free’ install of Windows 10 remain free? If I try to reinstall it from scratch a few years from now, will I be forced to pay for it? What if my computer’s hard drive fails and I have to replace it and reinstall Windows 10? Microsoft has yet to produce definitive answers to these questions.

But the biggest unknown is the issue of forced updates. Windows 10 updates will be installed on ‘Home’ versions without allowing the user any choice whatsoever. That includes security updates and other bug fixes, but also new and changed features. ‘Pro’ users will be able to delay updates for several weeks, but have no way to prevent them indefinitely. While forced updates are arguably a good thing for most (especially non-technical) users, many power users find this prospect alarming. I don’t want Microsoft messing with my computer when I’m asleep. I want to be the only person who installs updates. I don’t want to see mysterious WAN bandwidth spikes that turn out to be huge, unwanted Windows 10 updates. Note: there may be a way to block certain updates indefinitely, according to Ed Bott, but the details are sketchy.

How to decide?

Is Windows 10 right for you? If you want the latest version of Windows, with the most up to date technologies and support for current hardware, and you don’t mind that the user interface is a hodgepodge of old and new (touch/tablet/mobile) style elements, you don’t mind forced updates, and your hardware supports it, then by all means upgrade to Windows 10.

If you’re running Windows 8.x, there’s no reason to hold back, since Windows 10 is basically Windows 8.2, and it addresses many Windows 8.x problems, including the lack of a Start menu.

The decision is not so easy for Windows 7 users. Windows 7 support (mostly in the form of security updates) will continue until January 14, 2020, so there’s no urgency. If you don’t like the new user interface, with its focus on touch and mobile devices, stay away. If you want to be able to use newer apps – the ones designed for the new UI – then you’ll have to upgrade. Support for Windows 7 by software and hardware makers is sure to decline over the next few years, which may force your hand.

I’ve been using the Windows 10 Insider Preview on a test machine, and so far, I like it. That machine was previously running Windows XP, which of course is no longer getting security updates and is increasingly risky to use. Upgrading to Windows 10 resolved a long-standing display issue on that computer, and I’ve had no new problems, aside from a few glitches and Explorer crashes that seem to have been resolved in later builds. I expect the computer to update automatically to the release version of Windows 10 at some point soon after July 29, but I’m ready to switch back to XP if Microsoft’s answers to the above questions prove unsatisfactory.

Microsoft issues special update for critical Windows vulnerability

An update for a vulnerability in the Microsoft Font Driver – present in all supported versions of Windows – was released yesterday by Microsoft. Normally, updates like this are released as part of the monthly Patch Tuesday process, but Microsoft evidently decided that this vulnerability was serious enough to warrant this ‘out of band’ update.

Windows systems with Automatic Updates enabled will receive this update automatically. All other systems should be updated via Windows Update as soon as possible.

Java 8 Update 51 fixes 25 vulnerabilities

Yesterday, Oracle released a huge set of updates for all its products, in the July installment of their quarterly Critical Patch Update.

Included in the updates is a new version of Java, version 8 update 51. The new Java includes fixes for at least 25 security vulnerabilities. Anyone who uses a web browser with Java enabled should install the new version as soon as possible. According to Oracle, exploits for at least one of the Java vulnerabilities have been seen in the wild.

Patch Tuesday for July 2015

This month there are fourteen bulletins from Microsoft, with associated updates affecting Windows, Internet Explorer, Office and SQL Server. Four of the updates are flagged as Critical. The updates address at least fifty-nine vulnerabilities.

From Adobe, there are updates for Flash (see previous post), Reader/Acrobat (version 2015.008.20082) and Shockwave (version 12.1.9.159).

So, although installing updates on computers is probably not anyone’s idea of summer fun, let’s all try to keep our sense of humour as we once again work through the monthly update grind. Enjoy!

Update 2015Jul16: This month’s Microsoft updates address three vulnerabilities (two in Internet Explorer) exposed in the recent Hacker Team leak.

Flash 18.0.0.209 fixes latest vulnerabilities

Earlier today, Adobe released yet another version of Flash to address the most recent vulnerabilities revealed in the Hacker Team leak (CVE-2015-5122 and CVE-2015-5123).

According to the release notes for version 18.0.0.209: “These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly.

If you still need to use a web browser with Flash enabled, you should install the new Flash version immediately. As usual, Internet Explorer 10/11 in Windows 8.x will receive the Flash update via Windows Update. A new version of Google Chrome (43.0.2357.134) includes the most recent Flash version.

Ars Technica has more about the latest updates and efforts to minimize Flash-related vulnerabilities by Mozilla and Google.

Flash update fixes Hacking Team vulnerability

As much as I would like to see Flash disappear completely, I have to commend Adobe’s quick response to the recent discovery of a critical Flash exploit.

Flash 18.0.0.203 was released earlier today. The new version fixes the vulnerability associated with the Hacking Team leak (CVE-2015-5119), but it also addresses thirty-five other security vulnerabilities in Flash.

As usual, Google Chrome will update itself with the new Flash code, and Internet Explorer 10 and 11 on Windows 8.x will get the Flash changes via Windows Update.

Recommendation: if you use a web browser with Flash enabled, install the new Flash as soon as possible. Keep in mind that the standard Flash installer also installs McAfee security software by default: look for a checkbox for this option in the installer and disable it.

Ars Technica has additional details.