Those of us who have to keep Windows 10 operative have strike nonetheless another severe course. This month’s rags haven’t been pretty. In fact, if your admin set a WSUS or SCCM refurbish servers to automatically approve Windows 10 updates, we competence have had to understanding with oceans of blue screens.
Right now, a biggest hazard is not KRACK – Computerworld‘s Gregg Keizer has an overview here and a Krackattacks.com site has a latest details; it hasn’t (yet) started infecting normal Windows users. The large hazard now is from that Wacky Wascal BadRabbit, that started with a feign Flash refurbish on a Russian site and an ancient DDEAUTO margin feat in Word (and Excel and Outlook and OneNote) and is being used to lift Locky and other ransomware.
The DDEAUTO feat isn’t a bug, according to Microsoft, since we have to click by 3 warning dialogs before it’ll bite. (The initial of that is “Enable Editing.” Sound familiar?) See Catalin Cimpanu’s overview in Bleepingcomputer, and a drill-down on a DDE-born Hancitor malware from Brad Duncan on a SANS Internet Storm Center.
The good news is that there are stairs we can take to manually retard any of those intensity nasties:
- Disable KRACK from a Windows side by installing this month’s patches. Be wakeful of a fact that, eventually, you’ll have to refurbish your router(s), too.
- Whack BadRabbit by creation certain we have MS17-010 installed (that’s a EternalBlue buster that also plugs EternalRomance). If you’re trustworthy to a corporate network that competence get infected, spin off entrance to a infpub.dat and cscc.dat files by regulating this technique from Cybereason researcher Amit Serper.
- Disable DDEAUTO by following these steps from Martin Brinkmann during ghacks. Note that this is a rather draconian approach, with consequences for OneNote, Outlook and others described by Will Dormann. If we find that something breaks after you’ve clobbered DDEAUTO – many likely, an comparison request that no longer updates scrupulously – we won’t have many choice yet to spin DDEAUTO behind on. While you’re during it, tattoo inside your eyelids: “Do NOT Enable Editing.”
Microsoft’s privileged adult some of a problems with this month’s patches, yet copiousness of problems persist. Here’s where we’re stuck.
Microsoft continues a pull users to pierce from .NET 4.6 and after to .NET 4.7 or 4.7.1. If we unequivocally wish to stay with .NET 4.5.2, we have to manually implement updates. It looks like .NET 4.7 works – even on Windows 7. Your life will be many easier if we simply join a borg and use a Monthly Rollups to get .NET updated. As usual, don’t check anything that isn’t checked for we by Windows Update.
The Outlook script-disabling patches KB 4011089, KB 4011090 and KB 4011091 – a ones that spin off copy in some circumstances, invalidate retrieval of archived emails in others – are still there. But we’re saying some-more vendors emanate warnings and workarounds. Earlier this week, Veritas published a workaround for a Veritas Enterprise Vault archiving system.
I’m prepared to chuck in a towel and suggest that we implement those Office patches, if they’re offered. If something breaks – we used to be means to click on an Outlook form and it doesn’t imitation any more, or we can’t collect archived messages – a association that done a damaged add-in should have a resolution for you. Or we can uninstall a patch.
Microsoft has a list of other famous problems with Office apps.
Windows 7 and 8.1 patches
The large news this month is with a Monthly Rollup Preview. Remember that we never, ever suggest that we implement Monthly Rollup Previews. Here’s one good reason why.
AskWoody poster abbodi86 has detected a opposing bug in KB 4041686, a 2017-10 Win7 Preview of a Monthly Rollup. If we implement it, an SFC (System File Check) indicate will news and repair an blunder in system32driversen-USusbhub.sys.mui – even yet there is no error. This is precisely a problem @abbodi86 reported to Microsoft after installing a old KB 3125574, that is a “convenience rollup” we call “Win7 SP 2.” The bug was bound in KB 3181988, yet it’s behind again. If we implement KB 4041686, you’ll trigger a fraudulent SFC error, even if we have KB 3125574 installed.
It looks like Microsoft is creation good on a guarantee to gradually put aged rags into a Monthly Rollups. Unfortunately, in this case, it’s reinstating aged bugs, too. Progress. If subsequent month’s Win7 Monthly Rollup rolls out with this bug intact, you’ll know that Microsoft isn’t listening.
Apparently Microsoft has fixed a bug in a Sep Windows 8.1 patch that done it unfit to use a Microsoft Account to record on after a patch was applied.
Microsoft is still restraint updates to Windows 7 and 8.1 on new computers. If we are regulating Windows 7 or 8.1 on a PC that’s a year aged or newer, follow a instructions in AKB 2000006 or @MrBrian’s outline of @radosuaf’s method to make certain we can use Windows Update to get updates applied.
If you’re really endangered about Microsoft’s snooping on we and wish to implement usually confidence patches, comprehend that a remoteness path’s removing some-more difficult. The aged “Group B” – confidence rags usually – isn’t dead, yet it’s no longer within a grasp of standard Windows customers. We’re actively discussing either it’s inestimable stability to post information about a security-only patching path. Microsoft has done that choice extremely some-more inferior than it was a year ago. If we insist on manually installing confidence rags only, follow a instructions in @PKCano’s AKB 2000003.
For many Windows 7 and 8.1 users, we suggest following AKB 2000004: How to request a Win7 and 8.1 Monthly Rollups. If we wish to minimize Microsoft’s snooping yet still implement all of a offering patches, spin off a Customer Experience Improvement Program (Step 1 of AKB 2000007: Turning off a misfortune Windows 7 and 8.1 snooping) before we implement any patches. (Thx, @MrBrian).
Watch out for motorist updates – you’re distant improved off removing them from a manufacturer’s website. After you’ve commissioned a latest Monthly Rollup, if you’re vigilant on minimizing Microsoft’s snooping, run by a stairs in AKB 2000007: Turning off a misfortune Win7 and 8.1 snooping. Realize that we don’t know what information Microsoft collects on Window 7 and 8.1 machines.
Windows 10 patches
If you’re in a delinquent beta contrast proviso of Windows 10 Fall Creators Update, chronicle 1709, you’re already adult to build 16299.19. Nothing we can do about it. There are copiousness of problems with FCU, that we documented progressing this week. Susan Bradley combined several more to a list. Of course, we suggest that we proactively block a ascent to 1709. There’s still some-more than 3 months to go before we’re in Current Branch for Business territory, no matter what Microsoft calls it.
The large build 15063.674 refurbish for Creators Update chronicle 1703 has a few concurred problems:
- The bug that blue-screened PCs trustworthy to refurbish servers that authorised rags to go by unattended has been fixed.
- The “Unexpected blunder from outmost database driver” blunder hasn’t been fixed, yet there’s a workaround that requires we to download a Access Database Engine 2010 and manually change your apps.
There was a large patch for a Anniversary Update, chronicle 1607, on Patch Tuesday, and another outrageous patch a week later. If we implement a latest patch, you’ll be adult to build 14393.1794. That patch also has a concurred bugs with “Unexpected blunder from outmost database driver” and borked UWP apps.
Anyone still on 1511, a Fall Update (later renamed to “November Update”), needs to pierce to 1703 now. The final 1511 confidence patch, build 10586.1176, is now history.
To get Windows 10 patched, go by a stairs in “8 stairs to implement Windows 10 rags like a pro.”
Keeping in mind a determined problems with Office and a .NET funnies documented above, all of a other updates should be okay, including Servicing smoke-stack updates and Office, MSRT or .NET updates (go forward and use a Monthly Rollup if it’s offered).
As is always a case, DON’T CHECK ANYTHING THAT’S UNCHECKED.
Time to get patched. Tell your friends, yet make certain they know what’s happening. And for heaven’s sake, as shortly as you’re patched, spin off involuntary updating! Full instructions are in a referenced guides to patching.
Have a patching problem? Join a bar on a AskWoody Lounge.