Windows refurbish bugs
The Windows patch Release Notes indicate to 4 famous bugs:
The cumulative refurbish for Windows 10 Creators Update, chronicle 1703 — that sports dozens of fixes — has a integrate of problems: Systems with support enabled for USB Type-C Connector System Software Interface (UCSI) might knowledge a blue shade or stop responding with a black shade when a complement shutdown is initiated, and it might change Czech and Arabic languages to English for Microsoft Edge and other applications.
The cumulative refurbish for Windows 10 Anniversary Update, chronicle 1607, has a handful of problems: Downloading updates regulating demonstrate designation files might fail, after installing a delta refurbish package; a KB numbers seem twice underneath Installed Updates; and package users might see an blunder dialog that indicates that an focus difference has occurred when shutting some applications.
The cumulative refurbish for a strange chronicle of Windows 10, customarily called 1507, has a identical problem: Package users might see an blunder dialog that indicates an focus difference has occurred when shutting some applications. Apparently this repair is usually for a LTSC version.
The Monthly Rollup for Windows 7 also has an concurred bug: an blunder dialog that indicates that an focus difference has occurred when shutting some applications.
Windows confidence issues
Martin Brinkmann has his common exhaustive list on ghacks:
Windows 7: 20 vulnerabilities of that 5 are rated critical, 15 important
Windows 8.1: 23 vulnerabilities of that 6 are rated critical, 17 important
Windows 10 chronicle 1607: 29 vulnerabilities, 6 critical, 23 important
Windows 10 chronicle 1703: 29 vulnerabilities of that 6 are rated critical, 23 important
There are some worrisome exposures that we’ll be following closely:
CVE-2017-11779 — a vital problem with DNS security, yet it’s usually a problem if your DNS server has been overtaken. Nick Freeman during Bishop Fox notes:
if an assailant controls your DNS server (e.g., by a man-in-the-middle conflict or a antagonistic coffee-shop hotspot) — they can benefit entrance to your system. This doesn’t usually impact web browsers — your mechanism creates DNS queries in a credentials all a time, and any query can be responded to in sequence to trigger this issue.
Sounds grisly, yet Microsoft says a smirch hasn’t been exploited and rates it as “Exploitation reduction likely.” If somebody can steal your DNS server, you’re in a universe of harm anyway.
CVE-2017-11826 — a known, and exploited, zero-day conflict in Word, detected by Qihoo 360. It’s another conflict that relies on disguising an RTF record as a Word DOC or DOCX, afterwards regulating a good services of Word (or a Viewer) to pounce on your machine. The Microsoft security advisory says it’s been bound this month in all versions of Word, a Word Viewer and a Office Compatibility Pack.
Finally, Security Advisory ADV170012 — Vulnerability in TPM could concede Security Feature Bypass contains this small gotcha:
WARNING: Do NOT request a TPM firmware refurbish before to requesting a Windows handling complement slackening update. Doing so will describe your complement incompetent to establish if your complement is affected. You will need this information to control full remedation.
ZDI goes on to explain:
The patch supposing by Microsoft is usually a proxy measure, though, and here’s where it gets truly complicated. The TPM manufacturers need to furnish a firmware refurbish to totally solve this, as a bug itself is benefaction in a TPM firmware — not in Windows itself. This patch is one of several designed to offer a workaround by generating software-based keys whenever possible. Even after a vendor’s firmware refurbish is applied, you’ll need to re-generate new keys to reinstate a before generated diseased ones.
This is only a stop-gap magnitude and still requires primer intervention. When a tangible firmware updates hurl out from TPM vendors, a routine will need to occur all over again — solely this time, new TPM firmware needs to be commissioned on each influenced device.
Sounds like it’s going to be a downy month.
As Computerworld‘s Gregg Keizer notes, currently outlines a final refurbish for a Windows 10 Fall Update (later called a Nov Update), chronicle 1511. Those of we on a Long Term Servicing Channel (formerly a Long Term Servicing Branch) need not fear — 1511 will be upheld forever, or during slightest until Oct. 14, 2025. But those of we who don’t have LTSC and a claim Volume License with Software Assurance improved pierce over 1511. Pro tip: If you’re on 1511, pierce to 1703 before Oct. 17, after that it’ll be most harder to equivocate 1709.
Note that Microsoft has, in a past, expelled truly vicious confidence rags for versions of Windows that are over finish of life — that is an engaging philosophical observation.
Today also memorializes a passing of Office 2007. No, we don’t need to run out and buy Office 2016 or lease Office 365. But we do need to be wakeful that Office 2007 is going to thrive confidence holes — and we won’t be removing any patches, unless Redmond relents and total that regulating a aged branches of a Office ecosystem is value a time and effort.
Hit a cryptic patch? Holler on a AskWoody Lounge.