Category Archives: Windows 7

Unpatched Windows 7 vulnerability being used in targeted attacks

A serious vulnerability in Adobe Type Manager Library, a Windows DLL file used by numerous software applications, is being actively exploited, but so far only in a very limited way.

The vulnerability technically could affect all versions of Windows, but security features in current releases of Windows 10 seem to provide sufficient protection.

So far the attacks only seem to be targeting Windows 7 computers. Given that Windows 7 is no longer supported by Microsoft, we might expect that this bug would remain unpatched forever. But Microsoft has shown that it is willing to provide certain post-support Windows 7 security updates to the general public.

In any case, if you run Windows 7, the advice for fending off attacks using this vulnerability are basically the same as always: exercise extreme caution when opening suspicious documents. Even simply previewing an infected document in the Windows Explorer preview pane can allow a Windows 7 computer to be exploited remotely.

So the old advice about disabling preview panes remains valid. Any software that shows a preview of the contents of a file or email is in effect opening that file or email, which can trigger an embedded exploit on vulnerable computers. I strongly recommend disabling all such functionality, so that files and emails are never opened unintentionally, and to see the contents of files and emails, you must explicitly open them.

The related security advisory published by Microsoft also includes some workarounds, but these involve making changes to Windows that are themselves risky.

Given the wording of Microsoft’s bulletin, it seems likely that the NSA discovered this vulnerability and developed the exploit, which they are now using in their investigations. If that’s the case, the NSA may — in the post-EternalBlue/WannaCry world — have decided to inform Microsoft for the good of all.

In other words, for now you’re safe unless you’re the target of an NSA investigation. But it won’t be long until exploits attacking this vulnerability are in the hands of malicious actors.

Problems with Windows 7 shares

Do you still run a Windows 7 computer that has shared folders? If you do, and those shares are set up so that they require user authentication, and the user involved is a member of the Administrators group on the Windows 7 computer, then you may find that those shares stopped working recently.

This problem was triggered by one of the Windows 7 updates from January 2019. Uninstalling that update fixes the problem, but doing that also rolls back some important security updates. So that’s not really a viable option.

Thankfully, Microsoft issued a fix for the problem. I’ve tested this fix and confirmed that it does work. To install it on your affected Windows 7 computer, locate the appropriate update (KB4487345 for 32-bit computers; KB4487345 for 64-bit computers) on this Windows Update Catalog page, click to download it, run the download and respond to the prompts. You’ll probably need to restart the computer.

Born’s Tech and Windows World has additional details.

Strange times for Microsoft

Microsoft’s relentless push to get everyone using Windows 10 is creating problems for the software giant. At least one class action lawsuit is underway in Illinois, where annoyed users claim that Microsoft owes more than $5 million in damages related to Windows 10 upgrades, both wanted and unwanted.

Meanwhile, Windows is no longer the most popular way to access the Internet. As recently as 2012, up to 90% of all Internet access was via Windows, but that number has been dropping steadily in recent years, and it’s now at an all-time low. For the first time ever, another operating system is in first place: the mobile O/S Android. Microsoft has bet heavily on Windows 10 and its universal touch interface, alienating traditional desktop enthusiasts and power users in the process. But if consumers are increasingly choosing Android over Windows 10 for their mobile devices, where does that leave Windows?

Microsoft’s efforts to herd users towards their advertising platform Windows 10 includes discontinuing support for newer processors on older versions of Windows. While it’s clearly Microsoft’s prerogative to decide which hardware they support, there’s no obvious technical reason for this limitation. In light of Microsoft’s historical support for older systems, this is particularly annoying news for anyone expecting to be able to use Windows 7 or 8.1 with new hardware.

The April 12 publication of a set of exploits by hacking group The Shadow Brokers included several that were widely reported as unpatched zero-day Windows vulnerabilities. It turns out that most of those vulnerabilities were already fixed by March’s Patch Tuesday updates. While this is good news for Windows users, it raises questions about when and how Microsoft learned about the Shadow Brokers exploits, why there was no mention of the source in March’s patch release notes, and whether this has anything to do with the rescheduling of February’s Patch Tuesday updates. Update: TechDirt’s analysis.

Microsoft ‘clarifies’ upcoming Windows Update changes

Yesterday, in a blog post aimed at people who support Windows in organizations, Microsoft responded to some of the questions that arose in the wake of their announcement of upcoming changes to the way Windows 7 and 8.x are updated.

If you plan to risk a migraine and read Microsoft’s blog post, keep in mind that the intended audience is Enterprise users, not us lowly consumers (aka Windows 7/8 Home/Pro users). Parts of the post need to be interpreted differently for non-enterprise users. For instance, references to WSUS and ConfigMgr only apply to Enterprise users.

The changes will take effect on October 11, next week’s Patch Tuesday. The bottom line is that updates will no longer be delivered separately, but in large update packages. Each month, three of these packages will be produced:

  • security-only quality update – a single update containing this month’s security updates; not available through Windows Update!
  • security monthly quality rollup – a single update containing this month’s security updates, as well as non-security updates from the previous month, and the contents of all previous rollups.
  • preview of the monthly quality rollup – perhaps weirdest of all, this update will contain next month’s non-security updates. In other words, this month’s non-security updates, which are otherwise not available in the regular monthly rollup. Microsoft seems to be saying “For those of you who want this month’s non-security updates but would prefer not to wait until next month to get them, here’s a preview of those updates.” Even weirder, this update will become available the week after the regular Patch Tuesday. The preview rollups will also include fixes from all previous monthly rollups, and older updates will be gradually added as well.
This graphic makes all this much easier to understand, right?
This graphic makes all this much easier to understand, right?


Why will the monthly rollups contain non-security updates from the previous month? For example, according to Microsoft, the first (October 2016) rollup will include non-security updates from September. But why delay October’s non-security fixes for another month? This makes no sense.

What happens if an update causes problems? In the past, you could just uninstall the problematic update. That won’t be an option with this new system. Microsoft’s response to this question makes it clear that this is your fault: “Every Windows update is extensively tested with our OEMs [customers] and ISVs [customers], and by customers – all before these updates are released to the general population. Your organization may also be interested in validating updates before they are publicly released, by participating in the Security Update Validation Program (SUVP).” In other words, our updates are thoroughly tested by you, and if you’re not testing them, you should be.

Why is Microsoft doing this?

According to Microsoft, these changes will “simplify your updating of Windows 7 SP1, Windows 8.1, … while also improving scanning and installation times and providing flexibility depending on how you typically manage Windows updates today.

There may actually be some good reasons for bundling updates. But Microsoft is being so vague that it’s hard to believe they aren’t trying to foist something unwanted on us. Maybe the new system will make Windows Update faster and more reliable. Maybe it will simplify updates, an appealing notion for many users. Maybe it will make us all safer. It’s difficult to predict.

But there’s no question that these changes will make it difficult to avoid unwanted updates, and therein lies the problem. We already know for sure that Microsoft desperately wants us to either upgrade to Windows 10, or install updates that make Windows 7 and 8 more like Windows 10. Clearly these changes are beneficial to Microsoft, and we have a pretty good idea why (it’s advertising infrastructure). And, despite Microsoft’s assurances, we can be fairly certain that these changes don’t actually benefit the user, unless the user enjoys targeted advertising.

Given Microsoft’s recent actions, and suspicions concerning their actual motivation, these new updates are going to be examined closely. Are all the ‘security’ updates actually necessary? Are they even related to security? Microsoft can slap a ‘security’ label on anything they want and force it down our throats.

What can we do about this?

If you use Windows 7 or 8.x Home or Professional, there’s not much you can do. As I explained in an earlier post, you can trust that Microsoft will act in your best interest and let them install what they want on your computer (yikes), you can stop using Windows Update completely (also yikes), or you can switch to Linux.

It’s also still possible that – with enough pressure from users – Microsoft could make these changes more palatable. The Electronic Freedom Foundation says (and I totally agree) that “Microsoft should come clean with its user community. The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations.” I would add that Microsoft should describe in detail exactly what each update really does, and how it affects the collection and transmission of user activity and other information.

Related news

Woody Leonhard reports that Microsoft recently reactivated one of the Windows 7/8 updates associated with the ‘Get Windows 10’ nightmare. In response to the predictable uproar, Microsoft simply repeated their claims that this update is nothing to worry about, while saying nothing about what the update actually does.

Windows 10 upgrade nagging removed from Windows 7 & 8.x

Now that Microsoft’s offer of free Windows 10 upgrades for Windows 7 and 8.x users is over, it makes sense that we should stop seeing those annoying reminders everywhere. Sure enough, an update for Windows 7 and 8.x became available last Patch Tuesday (September 13) that removes the ‘Get Windows 10’ feature. The update is identified as KB3184143, and has the (surprisingly meaningful) title “Remove software related to the Windows 10 free upgrade offer”.

If you’ve been using the third-party software GWX Control Panel to keep those annoying Windows 10 upgrade messages away, and you’ve installed KB3184143 on your Windows 7/8.x system, you might be tempted to remove GWX Control Panel. Unfortunately, there’s no reason to assume that Microsoft won’t re-enable the ‘Get Windows 10’ feature again in the future. I plan to leave it running on my Windows 7 and 8.x computers.

Of course, knowing Microsoft, if they decide to start pushing Windows 10 on us again, they’ll probably develop something completely new, in which case GWX Control Panel probably won’t help.

Ars Technica has more.

In related news, at least one consumer group is calling for Microsoft to offer compensation to users and organizations that were harmed by unwanted Windows 10 upgrades.

Microsoft: “Upgrade to Windows 10 or we’ll make Windows 7 and 8.1 just as bad.”

Microsoft just announced the next move in their fight to push their advertising platform into our faces, and it’s very bad.

Let’s review, shall we? Microsoft really wants you to use Windows 10. Their official explanation for this includes vague language about reliability, security, productivity, and a consistent interface across platforms. Their claims may be true, but they hide the real reason, which is that Microsoft saw how much money Google makes from advertising, realized that they had a captive audience in Windows users, and added advertising infrastructure to Windows 10 to capitalize on that. The privacy-annihiliating features are easily explained: the more Microsoft knows about its users, the higher the value of the advertising platform, since ads can be better targeted.

A short history of Microsoft’s sneakiest Windows 10 moves

Move #1: Offer free Windows 10 upgrades for Windows 7 and 8.1 users. Who doesn’t like free stuff? Many people jumped at this opportunity, assuming that newer is better.

Move #2: Dismayed by the poor reception of Windows 10, and upset by all the recommendations to avoid it, Microsoft creates updates for Windows 7 and 8.1 that continually pester users into upgrading, in some cases actually upgrading against their wishes or by tricking them. Angry users fight back by identifying and avoiding the problematic updates.

Move #3: Still not happy with people hanging on to Windows 7 and 8.1, Microsoft creates updates that add Windows 10 features to Windows 7 and 8.1, including instrumentation related to advertising. Again, users fight back by identifying and avoiding these updates.

Move #4: Microsoft announces that business and education customers can avoid all of the privacy-compromising and advertising-related features of Windows 10 through the use of Group Policy. This is good news for bus/edu customers, but then again, those customers pay a high premium for Enterprise versions of Windows already. At least now Windows 10 is a viable option for those customers.

Move #5: Microsoft realizes that the Group Policy tweaks provided for bus/edu customers can also be applied to Pro versions of Windows, Microsoft disables those settings in the Pro version. Windows 10 Home users never had access to those settings. Angry users are running out of options.

Move #6: Which brings us to today. Since the only way to avoid privacy and advertising issues (borrowed from Windows 10) in Windows 7/8.1 will be to stop using Windows Update entirely, angry users are now looking at alternative operating systems.

We know business and education customers won’t be affected by this latest change. The rest of us will have to suffer – or switch.

Assuming Microsoft doesn’t back way from this decision, I imagine my future computing setup to consist primarily of my existing Linux server, and one or two Linux machines for everyday use, development, blogging, media, etc. I’ll keep a single Windows XP machine for running older games and nothing else. In this scenario, I won’t run newer games if they don’t have a console version. Aside: if I’m not the only person doing this, we might see a distinct decline in PC gaming.

Dear Microsoft: I only kind of disliked you before. Now…

Computerworld has more. Thanks for the tip, Pat.

Microsoft now less sneaky about Windows 10 upgrades

Now that their free Windows 10 upgrade offer is almost over, Microsoft thought this would be a good time to reduce some of the more devious tricks they’ve employed to fool users into upgrading from Windows 7 and 8.1 to Windows 10.

One incredibly annoying behaviour of at least one of the previous upgrade dialogs was that closing the dialog by clicking the ‘X’ button at the top right corner was actually interpreted by Microsoft as approval to proceed with the upgrade.

But it’s too little, too late for some users, many of whom encountered serious problems after their computers were upgraded to Windows 10 without their approval.

Techdirt has an amusing look at this issue.

Update 2016Jul04: Apparently Microsoft is making one final big push to get people to upgrade. The Verge reports on new, screen-filling upgrade prompts that are starting to appear on Windows 7 and 8.1 computers.

Relief for Windows 7 update headaches

As if in response to my recent post about the joys of updating new Windows 7 installs, Microsoft has just announced a solution. It’s effectively Service Pack 2 for Windows 7, but Microsoft is calling it the Windows 7 SP1 convenience rollup.

The new package will install all post-SP1 updates up to April 2016. After you install Windows 7 with Service Pack 1, you need only install the April 2015 servicing stack update for Windows 7 (KB3020369), a prerequisite for the rollup, then install the rollup, then install any updates published after April 2016.

I haven’t yet tried the new rollup, but it’s difficult to imagine how it could fail to be an improvement.

Microsoft also plans to provide monthly non-security update rollups for Windows 7 and 8.1.

Wrangling updates on a new Windows 7 install

I recently installed Windows 7 on a computer that was previously running Windows XP, and encountered a few issues. The biggest problem was Windows Update, which has trouble with new Windows 7 installs because of the huge number of post-Service Pack 1 updates. If you’re looking for a solution to that problem, you may want to skip to the Windows Update discussion, or jump directly to the fix that worked for me.

Install Now!

Booting from a Windows 7 install disc, the first thing I saw was a lone button in the center of the screen: Install Now. I found this disconcerting, because I was expecting to be able to choose a drive and partition on which to install Windows 7.

Not wanting the installer to choose the wrong partition, I powered down and disconnected all non-essential hard drives. Rebooting from the Windows 7 disc again, I clicked the Install Now button and was eventually allowed to choose the install destination. With a mixture of annoyance and relief, I carried on…

You should upgrade! (not)

I was planning a clean install, since as far as I was aware, it isn’t possible to upgrade from XP to 7.

Proceeding with the install, I assumed there would be no upgrade option. But the installer found the old Windows XP installation (which made sense), and suggested that I should perform an upgrade instead (which was unexpected).

So I followed the instructions: I rebooted the computer, this time from the old boot hard drive, which started Windows XP. Then I inserted the Windows 7 disc, and was told that upgrading from Windows XP to 7 was not possible. Thanks a lot for wasting my time, Microsoft.

Disconnect external drives

Proceeding with a clean install, past the message encouraging me to perform an upgrade install, past a warning about the old Windows directory being renamed windows.old, I was next informed that the installer was “unable to create a new system partition or locate an existing system partition.” There was no way to get past this message.

Turning to Google, I discovered that this message can occur when an external drive is connected to the computer. Remember when I said I disconnected all the other drives? Well, I forgot the external. I unplugged it, rebooted from the Windows 7 disc, and this time, the error did not appear.

Checking for updates…

Once the installer started actually installing, it didn’t take long to finish. At this point I allowed myself to see the light at the end of the tunnel. But that light was a train, and that train was called Windows Update.

In the good old days, Microsoft produced service packs for Windows. These were essentially giant collections of all previous updates, and were a big time saver for IT folks. Install Windows, download and run the most recent service pack, then install a few newer updates, and you’re done. Microsoft even provided Windows media with current service packs pre-installed, to save even more time.

Windows 7 Service Pack 1 was the last service pack ever, as Microsoft declined to produce SP2. It’s been a while since SP1, and Windows 7 is still supported, so the pile of post-SP1 patches is getting big. Well over 200, anyway. And this is a problem.

Aside: some people claim that the best way to install updates on a new Windows 7 install is to leave Automatic Updates enabled and walk away from the computer. This isn’t a viable option if you’re billing by the hour or have other clients waiting. Also, the idea of leaving everything in the hands of Microsoft makes me uneasy.

On my first attempt to run Windows Update, it displayed this error code: 8007000E. Microsoft provides a ‘help with this error’ link, which I clicked. This popped up a help dialog with a list of Windows Update error codes, but 8007000E was not listed. Not very helpful.

I tried running the Windows Update Troubleshooter, which claimed to find problems and fix them. After rebooting, I tried again to run Windows Update.

At this point, Windows Update said it was checking for updates, and it stayed like that for about an hour before I finally gave up and rebooted. Which brings up an interesting question: how long are we supposed to wait for Windows Update to check for updates? There’s no way for a user to determine whether Windows Update is actually doing something, or just frozen/hung. The progress indicator keeps whizzing by regardless. Yes, there are a lot of updates. But there’s no way it should take hours just to determine which updates are available.

After rebooting, I activated Windows 7, on the off chance that this would help. Running Windows Update again, I was presented with another, different error code: 80244019. And once again, the code wasn’t listed in the ‘help with this error code’ dialog.

Turning again to Google, I found a Microsoft knowledge base article about error code 80244019. This suggested that the computer had a virus. Really? A clean install onto a computer that’s behind a router isn’t going to magically become infected with a virus. However, I installed anti-malware software and ran a scan, which of course found nothing of interest.

Eventually, I decided to look for help elsewhere on the web. In other words, anywhere but Microsoft. And found it, on superuser, an extremely useful site where you can ask questions and get answers from other users. Full disclaimer: I’m an active contributor to the site.

Superuser to the rescue

The superuser question that provided the solution is titled “Windows 7 SP1 Windows Update stuck checking for updates“, and there are several answers.

The answer with the highest number of votes recommends installing Microsoft update KB3102810. I installed that update, rebooted, and tried Windows Update again. Almost immediately, it found 161 updates. Success? Only partly. After about an hour of thrashing, Windows Update reported that 93 updates had installed successfully, while 68 update failed to install. It also mentioned two more error codes, 8024200D and 8007000E. Yeesh.

After rebooting, I tried to install the magical KB3102810 update again, but was informed that it was already installed.

Referring again to that helpful superuser question, I decided to try the recommendations in the second highest ranking answer, which I have modified slightly:

  1. Make sure automatic updates are completely disabled: Control Panel > Windows Update > Change settings > Important updates > Never check for updates.
  2. Download the KB3138612 update, saving it somewhere you’ll remember.
  3. Download the Windows 7 System Update Readiness Tool (SUR), saving it somewhere you’ll remember.
  4. Restart the computer.
  5. Install the `KB3138612` update, running it from where you downloaded it earlier.
  6. If you’re prompted to restart, do so.
  7. Install the SUR Tool, running it from where you downloaded it earlier. This is a large set of updates and can take a while to install.
  8. If you’re prompted to restart, do so.
  9. Run Windows Update and check for updates. It may take a few minutes to finish checking.
  10. Install any remaining updates.

Following this procedure resolved all remaining problems. At the final Windows Update check, there were sixty-two important updates and sixty-three optional updates. All 62 of the important updates installed successfully.


Microsoft’s help for Windows Update problems like these is useless:

  • error codes are not listed in the popup help for those codes;
  • the many Knowledge Base articles on this subject are not helpful; and
  • various troubleshooters and FixIts are rarely effective (note that the third answer on that superuser question suggested running one of these, and although it was the accepted answer, it got far fewer votes).