windows

Good things come to those who wait. If you resisted the drill sergeant scream of “GET THOSE PATCHES INSTALLED AS SOON AS THEY’RE OUT, MAGGOT!” you’re about to reap your just reward.

As is so often the case, the Patch Tuesday screams are something you should consider, but they’re hardly the final word. At this point, there’s a credible threat forming for Win7 and Server 2008 R2 machines — Total Meltdown is definitely coming — but the sky hasn’t fallen. There are no known Meltdown or Spectre exploits in the wild, and all of the hell unleashed by this month’s series of patches and re-patches and pre-appended re-re-patches primarily served as demonic theater to those of us who chose to wait.

To read this article in full, please click here

People think I’m joking when I refer to bug fixing as Microsoft’s next billion-dollar business. I’m not. This month woefully demonstrated why patching Windows has become much bigger – and more critical – than developing new versions. Microsoft’s hell-bent move to bring out new versions of Windows twice a year “as a service” makes things worse, but quality control problems dog patches to every version of Windows. Except, arguably, Windows 8.1.

In April, we’ve seen a return to two massive cumulative updates per month for all supported versions of Windows 10. The second cumulative update, with luck, fixes the bugs in the first cumulative update. Windows 7 turned into a fiery pit when it was discovered in late March that every patch to Win7 (and Server 2008R2) pushed out this year enables the Total Meltdown bug. Fortunately, by April 23, we finally saw some stability return to the process.

To read this article in full, please click here

Remember the Total Meltdown security hole? Microsoft spread the vulnerability in every 64-bit Win7 and Server 2008 R2 patch released this year, prior to March 29. Specifically, if you installed any of these patches:

• KB 4056894 Win7/Server 2008 R2 January Monthly Rollup
• KB 4056897 Win7/Server 2008 R2 January Security-only patch
• KB 4073578 Hotfix for “Unbootable state for AMD devices in Windows 7 SP1 and Windows Server 2008 R2 SP1” bug installed in the January Monthly Rollup and Security-only patches
• KB 4057400 Win7/Server 2008 R2 Preview of the February Monthly Rollup
• KB 4074598 Win7/Server 2008 R2 February Monthly Rollup
• KB 4074587 Win7/Server 2008 R2 February Security-only patch
• KB 4075211 Win7/Server 2008 R2 Preview of the March Monthly Rollup
• KB 4091290 Hotfix for “smart card based operations fail with error with SCARD_E_NO_SERVICE” bug installed in the February Monthly Rollup
• KB 4088875 Win7/Server 2008 R2 March Monthly Rollup
• KB 4088878 Win7/Server 2008 R2 March Security-only patch
• KB 4088881 Win7/Server 2008 R2 Preview of April Monthly Rollup

… your machine was left in an exposed state. Microsoft made changes to your PC that makes it easy for a running to program to look at, or modify, any data on your computer.

To read this article in full, please click here

Late last night — on a Monday, mind you — Microsoft released its second big cumulative update for Win10 version 1709. This completes the triumvirate of second cumulative updates, since last week, on the third Tuesday of the month, Microsoft released second cumulative updates for Win10 1703 and 1607. 

There’s a pattern emerging. Microsoft is now showering Win10 customers with two (sometimes more) cumulative updates a month, and they’re big. The first cumulative update contains security patches and a big hodgepodge of additional bug fixes. The first one is (usually) released on the second Tuesday of the month. The second cumulative update arrives, uh, whenever, and it contains massive amounts of bug fixes in addition to those in the first — including, if we’re lucky, fixes for the bugs introduced by the month’s first cumulative update.

To read this article in full, please click here

Reports of tech support scams jumped by 24% last year, Microsoft said, with loses by the bilked averaging between $200 and $400 each.

“Scammers continue to capitalize on the proven effectiveness of social engineering to perpetrate tech support scams,” Erik Wahlstrom, Windows Defender research project manager, wrote in a post last week to a Microsoft blog. “These scams are designed to trick users into believing their devices are compromised or broken. They do this to scare or coerce victims into purchasing unnecessary support services.”

To read this article in full, please click here

Yesterday, I talked about the weird bug that makes April’s Win7 Monthly Rollup, KB 4093118, re-install itself over and over, even when Windows Update says that it’s been installed successfully. Windows sleuth abbodi86 has discovered the source of the problem, and it should give you patching pause.

To understand how we got into this mess, you need to understand the bugs that Microsoft introduced in the March Win7 patches and their kludgey patches. Installing either the March Monthly Rollup (KB 4088875) or the March Security-only patch (KB 4088878) may knock your machine off the network. As Microsoft says:

To read this article in full, please click here

Last week, Microsoft quietly re-released its buggy April Win7 Monthly Rollup patch, KB 4093118. You may recall the patch as a reaction to the Carnak the Magnificent situation we had with the original version of KB 4093118.

With the re-release earlier this week of the original Carnak patch, KB 4099950, it’s not clear to me what the recommended installation sequence might be. But this much I know for sure. People all over the internet are complaining that this new version of KB 4093118 installs itself over and over again.

To read this article in full, please click here