Woody Leonhard

About the Author Woody Leonhard


Where we stand with messy September Windows and .NET patches

This month’s Windows and .Net patches hold all sorts of nasty surprises — some acknowledged, some not, some easy to skirt, some waiting to swallow the unwary whole. Here’s a quick overview of what’s going on with this month’s missives.

Most important: If you can’t keep yourself (or your clients) from clicking “Enable Editing” in Word, you must install a broad range of .NET patches (if you’re running Windows 7 or 8.1) or cumulative updates (if you’re running Windows 10), like, NOW.

Windows 10 Creators Update version 1703

Cumulative Update KB 4038788, which brings the build number up to 15063.608, has two acknowledged (but not fixed) bugs:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Tower of Babel Outlook 2007 security patch KB 4011086 yanked, replaced

With one month left until Outlook 2007 hits end of life, Microsoft released a fix yesterday for the September security patch’s polyglot ways. You may recall KB 4011086 as the Outlook 2007 patch that displays Swedish menus in the Hungarian language version, Portuguese in Italian, Swedish in Slovenian, Spanish in Italian, and many more. One hitch: You have to manually uninstall the old patch before you can install the new patch.

For those of you using Outlook 2010 who got hit with the same language switcheroo, I haven’t seen any notice that this month’s KB 4011089 has been fixed or pulled.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Outlook security patches intentionally break custom forms

When Microsoft released its Outlook security patches on Sept. 12, several readers complained that their custom form printing capabilities disappeared. Ends up the bug that broke VBScript printing isn’t a bug at all.

Microsoft announced over the weekend that it intentionally disabled scripts in custom forms, and those with printable custom forms need to make manual Registry changes to bring the feature back.

Those of you who have installed any of this month’s Outlook security patches:

will have to dive into the Registry if you want to enable any custom form scripts, including the VBScript printing capability. It’s complicated, and the method varies, depending on which version of Office you’re using and the bittedness of Windows and Office. Diane Poremsky has detailed instructions on her Slipstick Systems site.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Running a Win10 beta build on a Surface Pro 3? Don’t shut down.

Those of you with a Microsoft Surface Pro 3 who are running Windows Insider beta builds, sit up and take note: Don’t turn off your machine.

Somehow Microsoft managed to release the latest beta build, 16288.1, to both the Fast and the Slow ring. If you install it on your Surface Pro 3 and try to reboot, you’ll see a “Surface” on a black screen, the dot-chasing “working” icon, and exactly nothing else. My SP3 has been bricked since yesterday, and the dots are still chasing each other.

How, you might question, could this have happened? Certainly anybody who installed 16288.1 on an SP3 machine didn’t ever get it to reboot. The build was pushed out to the Fast ring on Sept. 12. It went out on the Slow ring on Sept. 15. And I didn’t see any mention of the bug until Sept. 16. Is it possible that nobody inside or outside Microsoft rebooted a beta-enhanced Microsoft SP3 between Sept. 12 and Sept. 16?

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Running a Win10 beta build on a Surface Pro 3? Don’t shut down.

Those of you with a Microsoft Surface Pro 3 who are running Windows Insider beta builds, sit up and take note: Don’t turn off your machine. Somehow Microsoft managed to release the latest beta build, 16288.1, to both the Fast and the Slow ring. If you install it on your Surface Pro 3 and try to reboot, you’ll see a “Surface” on a black screen, the dot-chasing “working” icon, and exactly nothing else. My SP3 has been bricked since yesterday and the dots are still chasing each other.

How, you might question, could this have happened? Certainly anybody who installed 16288.1 on an SP3 machine didn’t ever get it to reboot. The build was pushed out to the Fast ring on Sept. 12. It went out on the Slow ring on Sept. 15. And I didn’t see any mention of the bug until Sept. 16. Is it possible that nobody inside or outside Microsoft rebooted a beta-enhanced Microsoft SP3 between Sept. 12 and Sept. 16?

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Outlook 2010 Tower of Babel patch KB 4011089 breaks VBScript print

Read more 0 Comments

If you can’t avoid Word’s ‘Enable Editing,’ patch Windows right now

In the normal course of events, it takes a week (or two or three) for the bugs in each month’s Windows and Office security patches to shake out. This month’s patches are no exception. There are lots of reports of problems with IE and Edge, for example, and many more are piling up.

In the normal course of events, the fresh-off-the-press security patches present more of a threat to most people, in the short term, than do the problems the patches are supposed to fix. You have to patch sooner or later, but by waiting for the screams of pain to die down, you can save yourself some major headaches.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Where we stand with this month’s Windows and Office security patches

September’s retinue of Microsoft patches includes one very important .NET fix that blocks a security hole brought to life when you open an RTF file in Word. So far, it’s only been seen in the wild in a Russian-language RTF document, apparently generated by NEODYMIUM, allegedly used by a nation-state to snoop on a Russian-speaking target.

Several researchers have found ways to leverage the security hole, and it’s only a matter of time before some enterprising folks come up with ways to turn it into a widespread infection vector. Bottom line: If you can’t keep your finger off the “Enable Editing” button in Word, you better get this month’s security patches installed.  

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Time to temporarily turn off Windows Automatic Update

If run Windows — any version — now would be an excellent time to make sure Automatic Update is turned off. Patch Tuesday arrives tomorrow, and there’s no telling what sort of offal will get thrust onto Windows machines automatically.

Of course, I will be watching closely and will warn you if there’s something that has to be installed, like, right now. If this month is like the vast majority of Windows patching months in the past year or two, you have more to lose from botched patches than there is to gain by immediately installing security patches.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Buggy Word 2016 non-security patch KB 4011039 can’t handle merged cells

Last month’s crop of buggy Windows and Office patches may be headed for a re-match. I’m seeing reports of a merged cell bug in last Tuesday’s Sept. 5, 2017, update for Word 2016 (KB4011039).

At this point, Microsoft has acknowledged the bug and has pulled the patch. The bug doesn’t appear on the official Fixes or workarounds for recent issues in Word for Windows page. The only solution is to manually uninstall the patch.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Equifax security breach debacle thickens with improbable denials

No doubt you’ve heard about the stolen data at credit reporting agency Equifax. The company’s official disclosure appeared yesterday:

Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. … The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

It’s time to install August Windows and Office patches — carefully

Read more 0 Comments

It’s time to move to Win10 Creators Update – for all the wrong reasons

Read more 0 Comments

Don’t use Windows 10 to move data on your Android phone

When you attach your phone to a PC with a USB cable, you expect File Explorer to work the way it’s intended to work — copy, move, drag, drop and the like. As long as your PC is running Windows 7 or 8.1, that’s exactly what happens. But if you’re running Windows 10, watch out. You may end up deleting files.

Jörg Wirtgen on German-language site heise.de has a description of the problem. Here’s a translation, courtesy of DeepL:

Be careful with Android devices connected to a PC running Windows 10 via USB: harmless cleanup operations can cause photos and other files to be irretrievably lost. Almost all Android devices except the newer ones from Samsung are affected.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Don’t use Windows 10 to move data on your Android phone

When you attach your phone to a PC with a USB cable, you expect File Explorer to work the way it’s intended to work — copy, move, drag, drop and the like. As long as your PC is running Windows 7 or 8.1, that’s exactly what happens. But if you’re running Windows 10, watch out. You may end up deleting files.

Jörg Wirtgen on German-language site heise.de has a description of the problem. Here’s a translation, courtesy of DeepL:

Be careful with Android devices connected to a PC running Windows 10 via USB: harmless cleanup operations can cause photos and other files to be irretrievably lost. Almost all Android devices except the newer ones from Samsung are affected.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Six days late, Microsoft reveals the meaning of mystery patch KB 4033637

Last Friday, Microsoft pushed a patch down the Automatic Update chute. Like so many patches before it, KB 4033637 was completely undocumented. Those running Win10 1607 who hadn’t taken steps to block forced patches found they had a newly revised program running on their systems — and nobody had any idea what the patch actually did.

Informed conjecture said it was an update to the Compatibility Appraiser, to help Microsoft upgrade machines to newer versions of Windows. Other guesses were all over the map. On Reddit, a poster relates how he called Microsoft and was told that it’s a hush-hush security patch for Flash. Microsoft’s own Answers Forum is littered with posts blaming KB 4033637 for system freezes, second screen problems, installation hangs and more.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft patch alert: Outstanding problems with recent updates

August has seen a flurry of buggy patches:

Win10 1607 – KB 4033637, which arrived last Friday via Auto Update, was documented early Thursday morning. It’s an update to the Compatibility Appraiser, to make it easier for Microsoft to upgrade your version of Windows.

 

Win10 1507 and 1511 – KB 4033631 remains undocumented and was similarly pushed thru Auto Update (on Friday?). It’s also likely an update to the Compatibility Appraiser.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft releases KB 4039396, its fourth Win10 1607 update this month

If you’ve ever wondered why I recommend folks hold off on Windows monthly updates, permit me to introduce the latest hiccup in a whooping-cough-sized patching process.

Yesterday, Microsoft released KB 4039396, an out-of-band patch for Windows 10 Anniversary Update, version 1607. The patch brings version 1607 up to build 14393.1670. It isn’t being pushed out through Automatic Update, for reasons that should become clear. Instead, it’s available only if you know about it and install it manually, kind of a new take on the old hotfixes.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Undocumented patch KB 4033637 pushed onto Windows 10 1607 machines

Continuing another banner month of screwed-up patches, many people running Windows 10 Anniversary Update, version 1607, report that an undocumented patch “Update for Windows 10 Version 1607 for x64-based Systems (KB4033637)” just rolled out the Automatic Update chute.

kb 4033637Woody Leonhard/IDG

Although KB 4033637 has a long history — try googling it — there doesn’t appear to be any official documentation. Blogger Günter Born traces its history to this entry from larryCG on the Microsoft Answers forum, dated July 24:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft yanks buggy patch of a buggy patch, KB 4039884

There’s no official confirmation, and no explanation of course, but overnight Microsoft pulled a patch that was supposed to fix the main problems in this month’s Windows 7 security updates. I talked about the repair hotfix yesterday in “Microsoft repairs buggy Win7 security patch with buggy hotfix KB 4039884.” Today, the repair hotfix isn’t available any more.

All we know for sure is that, sometime last night, the Microsoft Update Catalog entry for KB 4039884 disappeared. As of early Tuesday morning, Eastern time, the KB article is still available, and it hasn’t been modified — it still points to the Update Catalog.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

The definitive guide to privacy settings in Windows 10 Creators Update

Privacy Matters
1 khanom original

Image by Khanom/Woody Leonhard

Privacy means different things to different people; there’s no one-size-fits approach. Some people want to lock their machines down so they leak exactly nothing. Others figure they don’t have anything to hide, and happily share various and sundry bits of information with their Internet Service Providers, operating system manufacturers and the NSA.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft repairs buggy Win7 security patch with buggy hotfix KB 4039884

Two weeks ago, I talked about a bug in Windows 7’s August Monthly patch rollup KB 4034664 that left many people who have two monitors reeling. After installing the security patch, the first monitor would work properly, but the second monitor could have all sorts of rendering problems.

Günter Born had a full writeup about the problem, and Christian Schwarz not only nailed the problem, but he wrote a “proof of concept” program demonstrating what was happening and when.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft repairs buggy Win7 security patch with buggy hotfix KB 4039884

Two weeks ago, I talked about a bug in Windows 7’s August Monthly patch rollup KB 4034664 that left many people who have two monitors reeling. After installing the security patch, the first monitor would work properly, but the second monitor could have all sorts of rendering problems.

Günter Born had a full writeup about the problem, and Christian Schwarz not only nailed the problem, but he wrote a “proof of concept” program demonstrating what was happening and when.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Word, Outlook merged-cell problem arises after install of patch KB 3213656

If you have tables in a Word doc or Outlook message and you suddenly can’t see or click on specific cells, chances are good that 1) the tables have merged cells, 2) you’re using Word 2016 or Outlook 2016, and 3) you installed this month’s KB 3213656. The buggy patch was pushed out the Automatic Update chute on Aug. 8.

Microsoft hasn’t yet acknowledged the problem, but there are several credible, detailed reports about the bug. The only solution is to uninstall KB 3213656.

Poster RAJasonCampbell on the Microsoft Answers forum describes the bug thusly:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Word, Outlook merged-cell problem arises after install of patch KB 3213656

If you have tables in a Word doc or Outlook message and you suddenly can’t see or click on specific cells, chances are good that 1) the tables have merged cells, 2) you’re using Word 2016 or Outlook 2016, and 3) you installed this month’s KB 3213656. The buggy patch was pushed out the Automatic Update chute on Aug. 8.

Microsoft hasn’t yet acknowledged the problem, but there are several credible, detailed reports about the bug. The only solution is to uninstall KB 3213656.

Poster RAJasonCampbell on the Microsoft Answers forum describes the bug thusly:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft releases fix for botched Office 2016 patch, KB 4011093

Late last night, Microsoft released a new Office 2016 patch, KB 4011093. According to the KB article, it fixes a bug in the Aug. 1 Office 2016 non-security patch KB 4011051, which left hyperlinks in Excel 2016 non-functional.

It also fixes two additional bugs:

  • For the 32-bit version of Outlook 2016, Office Store redirects you to the web store instead of opening the in-client store.
  • Editing languages and Help languages may be changed unexpectedly. For example, a display language may be missing from the editing languages list even if you have not removed it.

There’s no need to install this patch of a patch, unless you’re having problems with hyperlinks in Excel 2016 spreadsheets. KB 4011093 will not go out via Windows Update. Check the KB article for manual download and installation instructions.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft releases fix for botched Office 2016 patch, KB 4011093

Late last night, Microsoft released a new Office 2016 patch, KB 4011093. According to the KB article, it fixes a bug in the Aug. 1 Office 2016 non-security patch KB 4011051, which left hyperlinks in Excel 2016 non-functional.

It also fixes two additional bugs:

  • For the 32-bit version of Outlook 2016, Office Store redirects you to the web store instead of opening the in-client store.
  • Editing languages and Help languages may be changed unexpectedly. For example, a display language may be missing from the editing languages list even if you have not removed it.

There’s no need to install this patch of a patch, unless you’re having problems with hyperlinks in Excel 2016 spreadsheets. KB 4011093 will not go out via Windows Update. Check the KB article for manual download and installation instructions.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft Germany agrees to stop forcing Windows upgrade downloads

After 18 months of delays, Microsoft has responded to a cease-and-desist complaint filed by Munich’s Baden-Würtenberg consumer rights center (Verbraucherschutz) by vowing to never again forcibly download upgrade files onto customers’ computers, prior to obtaining their consent. Microsoft had lost in Munich courts twice and submitted this stipulation prior to the third, presumably final, round.

According to my own translation of the government’s press release, Microsoft has agreed it will no longer download Windows upgrade files before explicitly receiving permission.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft exec leaves Commerce Dept.’s Digital Economy Board

Friday saw a mass exodus of members of the Commerce Department’s Digital Economy Board of Advisors. Created by then-Commerce Secretary Penny Pritzker just over a year ago, to “provide recommendations on ways to advance economic growth and opportunity in the digital age,” the board appears to be on the brink of collapse.

Nancy Scola at Politico reports:

Those no longer participating as of today (Friday, Aug. 18) include co-chairs Zoë Baird, president and CEO of the Markle Foundation; Mitchell Baker, executive chairwoman of the tech organization Mozilla; David L. Cohen, senior vice president and chief diversity officer at Comcast; Brad Smith, Microsoft president and chief legal officer; Handy CEO Oisin Hanrahan; Karen Bartleson, president of the Institute of Electrical and Electronics Engineers; Marta Tellado, president and CEO of Consumer Reports; James Manyika, director of the McKinsey Global Institute; Sonia Katyal, chancellor’s professor of law at the University of California at Berkeley School of Law; and Corey Thomas, president and CEO of cybersecurity firm Rapid7.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Looking at a 1TB Surface Pro 2017? Make sure you know what you’re getting

If you buy a top-of-the-line, 1TB computer, you might expect to get 1TB of storage. Yes? But if you shell out $2,700 for a 1TB Surface Pro 2017 (or a princely $2,960 if you want a keyboard and pen), you actually get two 512GB SSD drives. And therein lies a problem. Two of them, actually.

Microsoft’s ordering site offers a 1TB option for the Surface Pro 2017 with an i7 processor, but it doesn’t warn you that the “1TB” storage ships, in fact, as two separate 512GB SSDs, configured to appear as if they were one single 1TB SSD. In the normal course of events, that might be an inconsequential oversight, but several customers are finding it highly problematic.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Where’s the KB 4034661 jumbo bug fix for Win10 Anniversary Update?

Wednesday night, Microsoft claims, it issued KB 4034661 for Windows 10 Anniversary Update, bringing version 1607 up to build 14393.1613. It was supposed to go out the Automatic Update chute. But as of early Thursday morning, U.S. time, nobody’s seen it. There may be a good reason why. Or maybe not. Such are the vagaries of patching Windows.

It’s a laundry-list patch, rolling out on a Wednesday (or Thursday, or …), nine days after the regular Patch Tuesday patch, KB 4034658 wiped out the Update History on many Win10 Anniversary Update machines. The KB 4034661 article lists dozens of small bug fixes (that’s “quality improvements” in Microsoft Speak).

To read this article in full or to leave a comment, please click here

Read more 0 Comments