Category Archives: Windows

Problems with recent updates from Microsoft

Microsoft has removed the download links for several Windows updates that were released on August 12 for Patch Tuesday. Users have been reporting BSOD (Blue Screen Of Death) errors after installing the updates. Not all Windows computers received these updates, and not all computers where the updates were installed are affected negatively.

The updates in question are all related to the MS14-045 bulletin, which refers to a set of security updates for the Windows kernel. Microsoft is advising users to avoid installing the related updates and to uninstall them if already installed. The KB2982791 update notes have been amended to include information about the problem and how to remove the affected updates.

The affected updates are:

  • KB2982791 MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014
  • KB2970228 Update to support the new currency symbol for the Russian ruble in Windows
  • KB2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
  • KB2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012

You can discover whether any of these updates exist on your Windows 7 or 8 computer by opening the Programs and Features item in the Control Panel, and clicking View installed updates. Enter a KB number in the search box at the top right to search for it.

August Patch Tuesday for Microsoft software

Time once again to crank up Windows Update and patch your Windows computers. As expected, this month’s batch includes nine bulletins with associated updates for SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer. Two Critical updates affect Windows and Internet Explorer.

Related information from Microsoft:

Advance notification: Microsoft updates for August

Another month, another pile of patches from Microsoft. This month the updates will become available starting about 10am PST on August 12. According to the official advance notification, there will be nine security bulletins, with associated updates for Windows, Internet Explorer, .NET, SharePoint, OneNote and SQL Server. Two are rated critical.

Microsoft continues to back away from the ‘new’ Windows UI

Evidently Microsoft really does listen to users, even if it sometimes takes them a while to react. Aside from making the new/Metro user interface optional in Windows 9 and bringing back the Start menu, they have decided to remove the weird ‘Charms’ bar that appears on the right side of the screen Windows 8.x.

A useful feature that may appear in Windows 9 is virtual desktops. These allow users to set up multiple desktops, each with different desktop icons and application windows. You will be able to easily switch between the desktops, greatly simplifying life for anyone who wears different hats throughout their work day. In fact, however, this is not a new feature at all. Microsoft has offered a few virtual desktop solutions over the years, typically as extra downloads, including the one I’ve used most recently, Desktops.

The Verge has more.

EMET 5 released by Microsoft

Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is free software that improves the overall security of Windows computers. EMET isn’t a replacement for anti-malware software; rather, it provides additional protections that complement anti-malware software.

There’s little downside to using EMET, so we recommend installing it on all Windows computers. By default, it provides specific protections for Microsoft software, including Office and Internet Explorer.

Version 5 adds new mitigations and features.

Microsoft XML code vulnerable on many computers

A recent report from Secunia (PDF) highlights the unfortunate hole into which some versions of the Microsoft XML parser library have fallen.

Numerous versions of this library are available for Windows, and any or all of them can be installed at the same time on Windows PCs. Some versions are no longer supported by Microsoft, and updates for those older versions won’t appear in Windows Update.

Because of this, many Windows PCs contain versions of this library that have security vulnerabilities.

Microsoft’s documentation on the XML library is confusing and incomplete. For what it’s worth, here are a couple of links to said documentation:

We recommend installing and running Secunia’s PSI, which scans for out of date software, including Microsoft’s XML libraries. PSI also helpfully provides links to download any missing updates.

Update 2014Jul30: A reader pointed out that getting MSXML4 up to date is not a simple task. Here’s what you need to know:

  • The most up to date MSXML4 is a patched version of MSXML4 SP3, specifically 4.30.2117.0.
  • Windows Update won’t offer newer updates for MSXML4 if the version on your computer is SP2. This is the basic problem pointed out by Secunia.
  • To get the most recent MSXML4 on your computer, you have to manually download and install MSXML4 SP3, then run Windows Update, which should show this update: Security Update for Microsoft XML Core Services 4.0 Service Pack 3 (KB2758694). Once you install that update, you should be running MSXML4 SP3 version 4.30.2117.0.
  • Even after you’re running the most recent version of MSXML4, Secunia PSI will tell you it needs to be updated. That’s because Secunia has decided to report MSXML4 as ‘end-of-life’ (which it is) and direct users to MSXML6 instead. There are two problems with this: first, installing MSXML6 will not remove any earlier versions, including MSXML4; second, Microsoft recommends leaving MSXML4 in place as long as it’s up to date. The upshot is that unless you manually remove all remnants of MSXML4, PSI will keep telling you to install MSXML6, even if it’s already installed.

Further reading:

Early look at Windows 9’s Start menu

It looks like Microsoft really won’t be bringing the Start menu back to Windows 8, and will instead try to win users back with the next version of Windows. One wonders whether Microsoft should just skip every other Windows release, given their track record.

The Verge has leaked screenshots of Windows 9’s Start menu, and it appears to be an amalgamation of features from Windows 8 and Windows 7, with the right half of the menu showing pinned ‘Metro’ style apps.

Microsoft issues emergency update of Certificate Trust List

A set of fraudulent security certificates was identified by security researchers at Google on July 8. The certificates were issued by an authority in India, and trusted by the Microsoft Root Store. That means the bogus certificates potentially impact anyone using certain Windows applications, and especially Internet Explorer.

Microsoft was quick to react, issuing an update of their Certificate Trust List on July 10. Anyone using Internet Explorer should install the update as soon as possible.

Flash 14.0.0.145 fixes more security vulnerabilities

These days ‘Patch Tuesday’ means Adobe updates as well as Microsoft updates. This month was no different: Adobe released a new version of Flash that addresses at least three vulnerabilities, including the JSONP callback API problem that made several popular sites potentially vulnerable.

The Flash runtime announcement for the new version outlines a few new features, most of which are likely only of interest to developers. The associated security bulletin gets into the details of the included security fixes.

As usual, Google Chrome will update itself, but this time via its internal ‘component updater’ rather than with a new version of the browser. Warning: the component updater sometimes takes a few days to do its work; unfortunately, there doesn’t seem to be any way to force the update.

Updates for the Flash component in Internet Explorer running on Windows 8.x will be made available through Windows Update.