Category Archives: Windows

Microsoft, Patches and updates, Things that are bad, Windows 10

Microsoft releases fix for Windows 10 Internet connectivity issues

Leave a comment

Details are sketchy, but apparently a recent Windows 10 update caused major problems for some users. Affected users were suddenly unable to access the Internet. December’s Patch Tuesday (earlier this week) included an update that addresses this problem.

This issue once again raises the question of whether Microsoft can be trusted not to push flawed Windows updates, especially now that updates are essentially mandatory and unavoidable.

Update 2016Dec16: Many of the Knowledge Base pages on the Microsoft support site now include this message at the top: “If you are experiencing issues connecting to the internet we recommend you restart your PC by going to Start, clicking the Power button, then choosing Restart (not Shut down).” No further explanation is provided.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for December 2016

Leave a comment

For 2016’s final set of updates, Microsoft has issued twelve bulletins, with associated patches, affecting the usual software, namely Windows, Internet Explorer, Edge, Office, and the .NET Framework. Forty-seven vulnerabilities in all are addressed by these updates.

Adobe issued updates for several of its products today, but the only one likely to be of interest to most people is, of course, Flash. And I mean ‘interest’ in the sense of “I am very interested in not having my computer infected with malware because I visited a malicious web site while running an out-of-date version of Flash.” The new version of Flash on all platforms is 24.0.0.186. It addresses seventeen vulnerabilities in the still-ubiquitous player. As usual, Flash in Internet Explorer and Chrome will be updated automatically.

Microsoft, Security, Tools, Windows

Microsoft to abandon EMET slightly later than planned

Leave a comment

Starting in 2009, Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) provided Windows users with an additional layer of security. It was designed to block specific, known types of vulnerabilities. EMET proved particularly useful for people running older versions of Windows, especially XP.

I’ve been recommending EMET since it was first available, and it’s still a useful addition to any Windows system, but I’ve also been running into an increasing number of EMET-related problems, and finally stopped using it on my main Windows 8.1 computer recently.

Microsoft originally intended to stop supporting the Enhanced Mitigation Experience Toolkit (EMET) in January 2017, but based on customer feedback, EMET’s demise will now take place on July 31, 2018.

In the recent EMET end-of-life announcement, Microsoft admits to EMET’s failings, and points out that much of the protection provided by EMET is now built into Windows 10. Of course, that doesn’t help those of us who are avoiding Windows 10 because of privacy and control issues.

Update 2016Nov22: According to CERT (a division of the Software Engineering Institute at Carnegie Mellon University), Microsoft’s claims for Windows 10 are not entirely accurate. While it’s fair to say that Windows 10 includes the system-wide protections provided by EMET, it does not provide per-application settings. In other words, Windows 10 security can be improved by also running EMET. This makes the retirement of EMET by Microsoft seem rather premature.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for November 2016

Leave a comment

It’s Patch Tuesday, albeit a slightly more interesting one than usual. Patches we have, from both Microsoft and Adobe. More about that later.

Microsoft wants to simplify the way security update information is presented to the public. To that end, they’ve created a new ‘starting page’ of sorts, called the Security Updates Guide. The idea is that anyone should be able to find the information they need by starting here. Most of the links on the new page actually go to existing TechNet pages. It’s definitely worth checking out.

Among the updates from Microsoft this month is a fix for the Windows vulnerability recently reported by Google. You may recall that Microsoft was rather annoyed with Google for making the vulnerability public according to their own rules (sooner than Microsoft wanted). Microsoft did credit Neel Mehta and Billy Leonard of Google’s Threat Analysis Group for their assistance.

There are fourteen bulletins from Microsoft this month. The associated updates address seventy-five vulnerabilities in Windows, Edge, Office, and Internet Explorer.

Adobe’s monthly contribution to the festivities is a new version of Flash, 23.0.0.207. A release announcement provides an overview of the changes, while the associated security bulletin provides some background about the nine vulnerabilities addressed.

Microsoft, Windows 10

Microsoft discovers what the rest of the world already knew

1 Comment

When Microsoft releases a new version of Windows 10, it’s delivered in the form of a bandwidth-annihilating all-inclusive package. Windows 10 basically downloads a new copy of itself. Most Windows 10 users also don’t have much control over whether and when these massive updates occur.

Earlier this week, Microsoft publicly admitted that this arrangement is perhaps not ideal, and announced upcoming changes that will make the Windows 10 upgrade system less awful. Users will be given slightly more choice for scheduling upgrades, and the updates will only include what’s actually changed in the O/S, making them significantly smaller.

What’s really weird is the way that Microsoft is portraying these changes, as if they’ve discovered something new. Sorry, Microsoft. The rest of the world already knew that limiting update packages to what’s actually changed is a good idea.

Microsoft, Windows 10

Recent stats show Windows 7 growth exceeds Windows 10’s

Leave a comment

Microsoft’s big Windows 10 giveaway is over, and with it, interest in the new operating system. The latest numbers from netmarketshare.com show that growth in the number of Windows 10 devices has slowed to a crawl. Windows 7 growth in the last month or so is actually higher than for Windows 10.

To see the numbers on netmarketshare.com, select Operating Systems > Desktop Share by Version from the drop-down lists under Market Share Reports.

Thanks to Microsoft’s rules, it’s no longer possible to buy a new PC with any version of Windows other than 10. But Windows 7 and 8.1 are still available, so if you don’t mind installing Windows from scratch, you still have options.

Windows 7 will continue to receive support – and security updates – from Microsoft until January 14, 2020. Windows 8 will be supported until January 10, 2023. See the official Windows lifecycle fact sheet for details.

Adobe, Flash, Google, Microsoft, Patches and updates, Security, Windows

Windows zero-day vulnerability won’t be fixed until November 8

1 Comment

Google’s Threat Analysis Group recently discovered critical flaws in Flash and Windows that could allow an attacker to bypass Windows security mechanisms. Attacks based on these flaws have already been observed in the wild.

The flaw in Flash was fixed immediately by Oracle; hence the out-of-cycle Flash update on October 26. But Microsoft decided to delay the corresponding Windows fix until next Patch Tuesday (November 8), and is now rather annoyed with Google for reporting the vulnerability publicly. Google was following its own rules for vulnerability disclosure, but such rules differ widely between organizations. In any case, Microsoft would have been happier if Google had waited a bit longer before spilling the beans.

Adobe, Chrome, Edge, Flash, Internet Explorer, Patches and updates, Security, Windows

Flash 23.0.0.205

1 Comment

Normally Adobe releases Flash updates on Patch Tuesday, but when there’s a critical security vulnerability they will release an ‘out of cycle’ fix. That’s what happened with Flash 23.0.0.205, which was released on October 26 to address a single vulnerability: CVE-2016-7855 (details pending).

Anyone who uses Flash in a web browser should update Flash as soon as possible. If you’re not sure whether you’re running the latest Flash, go to the About Flash page on the Adobe web site.

As always, Internet Explorer and Edge will get updates to their embedded Flash via Windows Update (bulletin MS16-128), and Chrome will update itself automatically. Still, it’s a good idea to make sure by visiting the About Flash page.

Microsoft, Patches and updates, Security, Silverlight, Windows

Silverlight 5.1.50901.0

Leave a comment

These days, new Silverlight versions are typically released by Microsoft in connection with monthly Patch Tuesdays. That’s what happened with the latest version, 5.1.50901.0, which should have been installed with the other updates on Windows systems on October 11.

The new version fixes a single vulnerability, as documented in the associated security bulletin (MS16-120) and Knowledge Base article (KB3192884).

You can verify that you’re running the latest version of Silverlight by visiting the Get Microsoft Silverlight page.

Adobe, Flash, Patches and updates, Security, Windows

Adobe software updates: October 2016

Leave a comment

Adobe announced new versions of Flash and Reader/Acrobat yesterday.

Flash 23.0.0.185 fixes twelve vulnerabilities in previous versions. The new version also adds some new features, but these are likely only of interest to developers. If you still have Flash enabled in any web browser, you should either update it immediately, or disable Flash in the browser. As usual, Chrome will update itself with the latest version, and Internet Explorer and Edge on Windows will get the new Flash version via Windows Update.

New versions of Reader/Acrobat (XI, DC Classic and DC Continuous) address a whopping seventy-one vulnerabilities in previous versions. If you use a web browser with an Adobe Reader add-on, you should either update it as soon as possible or disable that add-on.