windows

Last night, Microsoft released a new Surface Camera driver called “Surface – System – 7/31/2007 12:00:00 AM – 1.0.75.1” which is intended to fix the Windows Hello problem introduced by the completely undocumented driver “Surface – System – 7/21/2017 12:00:00 AM – 1.0.65.1.” Many of you complained that, after installing the buggy driver, your Surface Pro 4 no longer supported Windows Hello.

As best as I can tell, this 1.0.75.1 driver update fixes the problem. But there’s more to the story.

The original, buggy driver was dated July 21, the files were dated July 26, and the driver was sent down the Automatic Update chute on July 29 without warning or description.

To read this article in full or to leave a comment, please click here

A week ago, I lamented the lack of a fix for the bad June Office security patches. On June 13, those of you with Automatic Update turned on were treated to seven different, documented bugs that persisted until today.

I expected to see these patches on Tuesday, in normal cadence. For reasons that are only known to Microsoft, they waited until today, Thursday, to release the files.

To read this article in full or to leave a comment, please click here

The fourth Tuesday of the month has come and gone, and it now looks reasonably safe to patch Windows and Office. I was expecting two big releases yesterday — one to fix numerous bugs in Win10 Creators Update, version 1703; the other to plug the bugs introduced by June’s Office security patches — but neither trove appeared. Given Microsoft’s past patterns, it’s unlikely that we’ll see any more serious patches until next month’s Patch Tuesday, on Aug. 8.

There’s also a bit of additional impetus right now. On July 17, security researcher Haifei published a proof of concept for running malware scripts directly in Office apps. I haven’t seen any exploits in the wild as yet, but it would be a good idea to install KB 3213640 (Office 2007), KB 3213624 (Office 2010), KB 3213555 (Office 2013) and/or KB 3213545 (Office 2016) in the short term. (Thx to @LeaningTowardsLinux.) Note that none of these patches, as best as I can tell, correct the Office bugs introduced in June.

To read this article in full or to leave a comment, please click here

On June 13—five and a half weeks ago—Microsoft released a series of buggy patches for Outlook. We know they’re buggy because Microsoft acknowledged seven bugs (including one primarily caused by bugs in Windows patches) in those four original June 13 security patches. As of this morning, we still don’t have fixes for those seven bugs.

Here are the known buggy original security patches:

• KB 3191898 – Security update for Outlook 2007, released June 13, 2017
• KB 3203467 – Security update for Outlook 2010, released June 13
• KB 3191938 – Security update for Outlook 2013, June 13
• KB 3191932 – Security update for Outlook 2016, June 13

If you have Automatic Update turned on, you were treated not only to those patches, but to all of these three later, interim fixes for the bugs in the security patches. Don’t get too excited about them. In fact, they didn’t fix the bugs:

To read this article in full or to leave a comment, please click here

Strap on your hip waders. This particular “scare” article should have you thinking yet again about the advisability of installing Windows updates as soon as they’re available. As you’ll see, Microsoft itself has flip-flopped on the resolution and those who subscribe to Windows Update have been taken along for the ride.

Buggy June patches to Windows, Internet Explorer and Edge left customers in the horns of a dilemma:

• You can plug a security hole known as CVE-2017-8529, in which IE or Edge reveal the presence of a specific file on your computer when you simply surf to a compromised web site, OR
• You can print content on web pages that are inside an HTML construct known as an iFrame, using IE 9, 10 or 11.

Microsoft’s up against a hard bug that makes this an either-or proposition: Until Microsoft figures out how to fix both problems at the same time, either you patch the security hole, or you can print inside iFrames with IE, but not both.

To read this article in full or to leave a comment, please click here

Strap on your hip waders. This particular “scare” article should have you thinking yet again about the advisability of installing Windows updates as soon as they’re available. As you’ll see, Microsoft itself has flip-flopped on the resolution and those who subscribe to Windows Update have been taken along for the ride.

Buggy June patches to Windows, Internet Explorer and Edge left customers in the horns of a dilemma:

• You can plug a security hole known as CVE-2017-8529, in which IE or Edge reveal the presence of a specific file on your computer when you simply surf to a compromised web site, OR
• You can print content on web pages that are inside an HTML construct known as an iFrame, using IE 9, 10 or 11.

Microsoft’s up against a hard bug that makes this an either-or proposition: Until Microsoft figures out how to fix both problems at the same time, either you patch the security hole, or you can print inside iFrames with IE, but not both.

To read this article in full or to leave a comment, please click here

I just received word from Gunter Born that Microsoft has pulled three of its Outlook patches:

• KB 4011042 – July 5, 2017, update for Outlook 2010
• KB 3191849 – June 27, 2017, update for Outlook 2013
• KB 3213654 – June 30, 2017, update for Outlook 2016

As I mentioned last week, Microsoft still hasn’t fixed any of the Office 2007 bugs it introduced in the June security patches.

To read this article in full or to leave a comment, please click here