Category Archives: Windows

Windows 11 workarounds

Windows 11 hasn’t even been released yet, and people are already looking for ways to work around some of the changes Microsoft has decided we really need.

First up, it’s the venerable Start menu, which for some reason Microsoft has decided to move from its traditional place at the bottom left of the display, to the bottom center. Perhaps because that’s the way macOS does it?

I have no problem with Microsoft making changes like these, as long as there’s a way to revert those changes. In this case, there’s no obvious way to do that, but helpful folks have found a workaround.

Next, it’s the incredibly annoying prompts, taskbar icons, alerts, and other associated distractions generated by Microsoft Teams. That software isn’t included with Windows 11, but Microsoft has packed the new O/S with what amounts to advertising for Teams. Again, helpful folks have figured out how to get rid of this crap.

Meanwhile, Mozilla has discovered how to get past the hurdles Microsoft erected to prevent Firefox from making itself the default web browser automatically. You’ve no doubt seen what is normally required to change the default browser on Windows 10 (which now affects Windows 11 as well): you’re forced to make the change manually.

Forcing the user to intervene in changing the default browser (and other applications) was added to Windows as a security measure, because otherwise malicious software could more easily take over affected applications. But Microsoft’s applications don’t seem to be affected by this restriction, making the whole thing seem more like Microsoft giving itself an unfair advantage.

Patch Tuesday for September 2021

Summer is winding down, young folks are risking their health going back to school, and anti-vaccination cretins are revealing to the world how incredibly stupid they are by protesting at hospitals.

The good news is that you can easily distract yourself from the bad news for a few minutes by doing something straightforward and comfortable. I’m referring, of course, to installing Microsoft updates on your Windows computers.

If you’re looking for detailed information about the updates being made available by Microsoft today, the best place to start is the official source: the Security Update Guide (SUG). I’m not saying you’ll find it easy to navigate (you likely won’t). But it is the official source.

For those of you not inclined to risk a migraine by looking at the SUG, I’ve done my usual analysis of this month’s offerings, based on data downloaded from the SUG and viewed in a spreadsheet application (any one will do).

This month’s patches address a total of ninety-three security vulnerabilities, in Office, Edge, SharePoint, Visual Studio, Visual Studio Code, Windows Server, Windows 10, Windows 7, and Windows 8.1.

The Windows 7 patches are not available to regular folks, and can only be obtained (legally) by paying Microsoft a large amount of money. Windows 7 users are encouraged to upgrade to, well, I guess Windows 10, which is currently somewhat less terrible than it was when it was released.

Windows 8.1 users — the few of us who remain — have the luxury of deciding whether and when to install updates via Windows Update.

Windows 10 users can only delay updates, and then only if you’re running the Pro (not Home) version.

Patch Tuesday for August 2021

It’s another Patch Tuesday, which these days matters less and less, given that software makers are increasingly forcing updates onto us.

There are still plenty of people running Windows 7 and Windows 8.x: almost 20%, with Windows 10 taking the rest, at close to 80%. That’s according to Statcounter.

Sadly for Windows 7 users, official patches for that O/S are few and far between, with Microsoft only releasing Windows 7 updates to the general public when the vulnerability being addressed is particularly nasty.

That leaves Windows 8.1, for which we continue to receive updates, and for which the process has not changed much since the O/S was introduced in 2013.

The updates

This month, Microsoft is making available updates that address a total of eighty-seven security vulnerabilities in .NET, Office, Edge, SharePoint, Visual Studio, and Windows. That count is based on my interpretation of the official Security Update Guide, and it may differ from totals provided by others, because counting these things is not as simple as it sounds.

If you’re running Windows 10, hold onto your britches as Microsoft installs the new updates remotely on your computer, and hopefully doesn’t break anything this time.

Windows 8.1 users can either enable automatic updates, or head to the Control Panel and fire up Windows Update.

Windows 7 and XP users are basically out of luck. If you are using those systems, I strongly recommend that you don’t also use them for email or web browsing.

Patch Tuesday for July 2021

It could be argued that Microsoft has done us all a favour in making Windows 10’s updates unavoidable. Certainly, as long as nothing goes wrong, it’s less work than futzing around with Windows Update on every computer. And forced updates mean that Windows computers used by less tech-savvy folks stay up to date with security fixes, which makes everyone safer.

It’s also true that increasingly, software and firmware updates for all our devices happen whether we want them or not. By default, mobile devices update themselves. Other electronic equipment, like smart televisions, digital video recorders, amplifiers, and even some network equipment are now doing the same.

But I just can’t shake the feeling of discomfort I get when I think about my computer being messed with at the whim of some Microsoft flunky. Perhaps some day I’ll be more comfortable with it. In the meantime, as long as Microsoft continues to screw up updates, sometimes breaking thousands of computers worldwide, I’ll continue to feel this way.

This month’s Microsoft updates

According to my analysis of the data available from Microsoft’s Security Update Guide, we’ve got updates for Edge, Office, Exchange Server, SharePoint, Visual Studio Code, Windows (7, 8.1, and 10), and Windows Server, addressing a whopping one hundred and thirty-three vulnerabilities in all.

As usual, Windows 10 updates will be installed automatically over the next few days, although you may — depending on your version of Windows 10 — be able to delay them for about a month. You can check for available updates and install them right away by heading to Start > Settings > Update & Security > Windows Update.

Windows 8.1 users also have the option of using automatic updates, but if that’s disabled, you’ll need to go to Start > PC Settings > Update & Recovery > Windows Update.

There seem to be one or two updates that are freely available for all Windows 7 computers, so it’s worth checking Windows Update. When Microsoft releases free updates for Windows 7, you know they’re important. Go to Start > Control Panel > Windows Update to check.

Adobe Updates

Adobe joins the fun again this month, with an updated version of the free and still ubiquitous Adobe Acrobat Reader. Version 2021.005.20058 of Reader includes fixes for thirteen security bugs.

Reader normally updates itself, but you can make sure, by navigating its menu to Help > Check for updates...

Firefox 90

Perhaps coincidentally, there’s also a new version of Firefox today. Firefox 90 addresses nine security vulnerabilities in earlier versions.

By default, Firefox will update itself, but you can encourage it by clicking its ‘hamburger’ menu at the top right, and navigating to Help > About Firefox.

Microsoft issues special fix for Windows print spooler vulnerability

On Tuesday, Microsoft once again broke with its normal update cycle, publishing a series of updates to address a bad security flaw in the Windows print spooler service.

The print spooler exists in all versions of Windows, including Windows 7, and the vulnerability is serious enough that Microsoft issued an update for that O/S, which is technically no longer supported.

The print spooler vulnerability, which is often referred to as PrintNightmare, is documented in CVE-2021-34527.

Although technically the vulnerability could be exploited on any Windows computer, an attacker would need direct or remote access to that computer, and be able to log in as a regular user. Although that scenario is somewhat unlikely for most home users, the risk increases for computers with Remote Desktop enabled, public or shared computers, and computers on business and educational networks that connect to domain controllers.

Because Microsoft now bundles updates together, it can be difficult to identify which downloads apply to any particular update. In almost all cases, the best approach is to check Windows Update.

On Windows 10, navigate to Settings > Update & Security > Windows Update. Check for updates. If you see the update KB5004945 pending, install it. If you don’t see that update, click the link to ‘View update history’ and make sure KB5004945 has been installed.

The process is the same for older versions of Windows, except that Windows Update is accessed via the Windows Control Panel. The update number will also vary, depending on the Windows version. On Windows 8.1, it’s KB5004954.

Update: Windows print spooler problems persist.

Patch Tuesday for June 2021

According to my count, which is based on the official Security Update Guide, Microsoft’s patch pile for June addresses forty-nine security vulnerabilities.

There are approximately thirty-two updates, affecting .NET, Office, Windows (7, 8.1, and 10), SharePoint, and Visual Studio.

Only people paying through the nose for them will get the Windows 7 updates; the rest of us are out of luck. Windows 8.1 updates can be installed via the Windows Update control panel. Windows 10 systems will receive the updates when Microsoft feels like rebooting your computer, usally at the most inopportune time.

Patch Tuesday for May 2021

Still waiting for the vaccine? Trying to avoid going outside? Well, luckily for you, there are plenty of indoor tasks you can work on, like Netflix binge-watching, exercise, and installing software updates on your Windows computers.

For May 2021, Microsoft is handing us yet another pile of updates, addressing eighty-eight vulnerabilities (by my count) in .NET, Internet Explorer, Office, Edge, Exchange Server, SharePoint, Visual Studio, Skype, and Windows. My analysis is based on data exported from Microsoft’s Security Update Guide.

As usual, Windows 10 users can delay updates but not indefinitely. Windows 8.1 users who don’t have automatic updates enabled need to go to Windows Update to get the updates. Windows 7 users are mostly out of luck, but should check Windows Update anyway, because Microsoft sometimes makes critical update available for all users, not just business and educational users with deep pockets. If you’re still using Windows XP, there are no more updates, and I hope you know what you’re doing.

EdgeDeflector prevents Windows 10 from using Edge

The battle for web browser dominance on the Windows desktop continues, although Google is currently winning. “Google recommends using Chrome” messages seem to appear on every Google-managed web page even if you’re already using Chrome. But while annoying, those messages are arguably reasonable compared with some of Microsoft’s recent tactics.

Microsoft likes to reset certain settings back to their defaults when Windows updates are installed. They’ve been doing this for years, reverting user browser preference to Internet Explorer at every opportunity.

As a result, power users and software developers have been engaged in a tug of war with Microsoft over the default web browser in Windows. In recent years, Microsoft has made it impossible for the default browser to be changed by software, forcing browser makers to instead provide instructions to users on how to make that change. Microsoft can of course claim that this change was made to improve security, and given the prevalance of browser hijackers in past years, it’s difficult to disagree.

With Edge in Windows 10, Microsoft has taken this battle to new extremes. Even if you have another browser selected as the default, some sites and services will always be opened in Edge. To see this in action, click on the taskbar search box. A large panel will open, showing news and weather links. Anything you click here will open in Edge, not in your default browser.

That’s because internally, Windows is using a special protocol called URL:microsoft-edge, which forces the use of Edge for opening web pages that Microsoft has designated as special in some way, despite being ordinary web pages in every sense.

This is of course exactly the sort of behaviour that got Microsoft in trouble in the 1990s: using their dominance in the desktop O/S market to push their own web browser. But these days everyone’s attention seems to be on Google and Facebook, and Microsoft’s browser pushback is being largely ignored.

EdgeDeflector to the rescue

Daniel Aleksandersen’s EdgeDeflector is a small tool that overrides the URL:microsoft-edge protocol’s normal behaviour, forcing it to actually use the web browser you’ve chosen as the default. EdgeDeflector was recently updated to make it more palatable to anti-malware software, which previously flagged the tool as suspicious because of its behaviour.

You’ll have to change this Windows 10 setting manually to make EdgeDeflector work.

Once you install EdgeDeflector, you need to complete its setup with some manual steps. I can confirm that the end result is exactly as advertised: even when clicking news links from the Windows 10 search panel, those links will open in your default browser, not in Edge.

Of course, Microsoft will probably take steps to defeat this useful tool, with the most obvious step being to revert the changes EdgeDeflector has made when Windows 10 is next updated. And so there are no winners in this stupid, never-ending battle.

Patch Tuesday for April 2021

While installing software updates may not be the most fun you can have, at least you can do it indoors and remotely, safe from the pandemic still raging outside.

As usual, the main source of update information from Microsoft is the Security Update Guide (SUG). The SUG is a huge database, and it’s easy to get overwhelmed by the amount of information there. I begin my analysis by downloading this month’s information as a spreadsheet, which when loaded into Excel is much easier to handle.

Estimates of the number of vulnerabilities addressed by this month’s updates vary: by my count, it’s one hundred and eighteen. Other people show the total as ‘over 110’ and 114. Microsoft seems to have embraced a ‘keep them guessing’ strategy, perhaps so that we’ll eventually give up and stop counting, and learn to simply accept what we get without trying to get a handle on it. In psychology, that’s known as learned helplessness, which sounds about right.

This month’s updates include fixes for still-supported versions of Windows, Office, Edge, SharePoint, Visual Studio, and VS Code.

Also this month there are fixes for the rather horrible Microsoft Exchange vulnerabilities that have led to even worse compromises of business, government, and education systems worldwide in recent weeks. That’s great news, but unless you work in one of those environments, you are likely not affected.

Windows 10 users are once again faced with limited options: a) give in to Microsoft and allow updates to be installed on their schedule, risking bad updates; or b) delay updates as long as possible, risking being exposed to security vulnerabilities.

Windows 8.1 users still have an actual choice, since automatic updates can be disabled entirely. In which case you’ll need to run Windows Update manually to get the latest updates.

Windows 7 still occasionally gets updates. Microsoft creates them for enterprise clients, who pay a premium for that service. Non-paying folks don’t usually have access to those updates, although sometimes Microsoft makes individual updates available to all if they are particularly dangerous. Note that Windows 7 still works just fine: you can minimize the security risk of running it by being extremely careful when using email, browsing the web, clicking links, and downloading software.

Windows XP is still being used, but it’s long past receiving any updates, and it’s increasingly unable to run new software. It’s perfectly safe to use if it’s not connected to the Internet, or if it’s only used for specific, limited tasks.

Patch Tuesday for March 2021

It’s another Patch Tuesday, usually referred to by Microsoft as ‘Update Tuesday’. Terminology aside, what it means is a big pile of updates that will be foisted upon most Windows users over the next few days.

Those of us sticking with Windows 8.1 can still review the available updates and install them at our leisure, which can be very satisfying when an update that we defer turns out to cause problems. But Microsoft seems to reserve its major screwups to Windows 10 updates these days (incuding this month’s printing crashes, and the fix for those crashes).

If you’re running Windows 10, you can defer updates for as long as a month… unless you’re running any of the Home versions, in which case the updates are as inevitable as taxes.

This month’s updates address several extremely serious security vulnerabilities in Exchange, Microsoft’s email server software, which ordinary folks are very unlikely to be running.

But the parade also includes updates for the usual offenders: Internet Explorer, Microsoft Edge (both the Chromium-based and original versions), Office (Excel, PowerPoint, SharePoint, Visio), Visual Studio, Visual Studio Code, and of course Windows. One hundred and thirty-one vulnerabilities* are addressed in all.

Microsoft’s Security Update Guide is currently the official source for this information. The SUG has undergone some improvements lately, and it’s gradually getting easier to navigate, which is a relief.

If you’re still running Windows 7, today’s festivities are largely meaningless, though Microsoft does occasionally toss a bone in your direction, in the form of a Windows 7 update normally reserved for those deep of pocket. Microsoft will presumably continue to do this when a flaw is serious enough that witholding the fix would create a public relations problem for the company.

The release notes for today’s updates provide additional details, though they are still sadly somewhat incomplete.

* The vulnerability count varies depending on who’s looking. According to the SANS Internet Storm Center, “This month we got patches for 122 vulnerabilities. Of these, 14 are critical, 5 are being exploited and 2 were previously disclosed.” Brian Krebs says “from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. Ten of these earned Microsoft’s “critical” rating”. Clearly Microsoft’s Security Update Guide still needs work.