The fourth Tuesday of a month has come and gone, and it now looks pretty protected to patch Windows and Office. we was awaiting dual large releases yesterday—one to repair countless bugs in Win10 Creators Update, chronicle 1703; a other to retard a bugs introduced by June’s Office confidence patches—but conjunction trove appeared. Given Microsoft’s past patterns, it’s doubtful that we’ll see any some-more critical rags until subsequent month’s Patch Tuesday, on Aug. 8.
There’s also a bit of additional procedure right now. On Jul 17, confidence researcher Haifei published a explanation of concept for regulating malware scripts directly in Office apps. we haven’t seen any exploits in a furious as yet, though it would be a good thought to implement KB 3213640 (Office 2007), KB 3213624 (Office 2010), KB 3213555 (Office 2013) and/or KB 3213545 (Office 2016) in a brief term. (Thx to @LeaningTowardsLinux.) Note that nothing of these patches, as best as we can tell, scold a Office bugs introduced in June.
July was a quite cryptic month for Windows and Office patches. At this moment, we see a following superb problems — nothing of that are overwhelming, though all of that competence infer to be a pain to you, depending on your settlement and expectations:
- The Jun bugs introduced by inadequate Office confidence rags still aren’t fixed. Those of we regulating Outlook to open attachments or run tradition macros competence confront problems. The easiest solution, of course, is to equivocate Outlook. I’ve seen no acknowledgment that regulating Jul rags will impact a Jun patches, that have seemed and left in an indeterminate pattern.
- The Jul rags reset Internet Explorer so it can imitation inside iFrames, though in so doing they reintroduce a CVE-2017-8529 confidence vulnerability. That’s a large understanding if your association relies on IE to imitation customized pages, though a easiest resolution is to usually equivocate IE. If we use Chrome or Firefox and couldn’t caring reduction about IE’s problems, we competence wish to wade by a considerable disaster documented here and equivocate installing rags that repair IE though leave we exposed.
- KB 4025331 for Server 2012 and KB 4025336 for Server 2012 R2 break customer connections in WSUS and SCCM. Both need a primer registry pivotal change to capacitate a repair for CVE-2017-8563.
On a brighter side, a Surface Pro 4/Surface Book firmware/driver refurbish difficulties we talked about dual days ago didn’t spin into vital problems. Microsoft has supposing a documentation, during last, and it looks like a motorist refurbish is good to go.
As always, we strongly suggest that we equivocate installing a Preview Rollups on offer, such as KB 4025335. That’s easy—you have to check a right box to implement a Preview, and we shouldn’t be checking any boxes!
Here are my recommendations:
Windows 7 and 8.1
If you’re really endangered about Microsoft’s snooping on you, and usually wish to implement confidence patches, comprehend that a path’s removing some-more difficult. The aged “Group B”—security rags only—isn’t dead, though it’s no longer within a grasp of standard Windows customers. If we insist on installing confidence rags only, follow a instructions in @PKCano’s AKB 2000003.
Microsoft is still restraint updates to Win 7 and 8.1 on new computers. If we are regulating Windows 7 or 8.1 on a PC that’s a year old, or newer, follow a instructions in AKB 2000004 or @MrBrian’s outline of @radosuaf’s method to make certain we can use Windows Update to get updates applied.
If we wish to minimize Microsoft’s snooping though still implement all of a offering patches, spin off a Customer Experience Improvement Program (Step 1 of AKB 2000007: Turning off a misfortune Windows 7 and 8.1 snooping) before we implement any patches. (Thx @MrBrian).
For many Windows 7 and 8.1 users, we suggest following AKB 2000004: How to request a Win7 and 8.1 Monthly Rollups. Watch out for motorist updates — you’re distant improved off removing them from a manufacturer’s website.
After you’ve commissioned a latest Monthly Rollup, if you’re vigilant on minimizing Microsoft’s snooping, run by a stairs in AKB 2000007: Turning off a misfortune Win7 and 8.1 snooping. Realize that we don’t know what information Microsoft collects on Win7 and 8.1 machines.
It’s still too early to burst to Win10 Creators Update, chronicle 1703. Wait for it to be designated “Current Branch for Business” or, regulating a new bafflegab, “Semi-annual Channel (Broad)” ready. You can retard a ascent with a few elementary steps, minute in this Computerworld post. If you’re presented with an choice to examination your remoteness settings (screenshot), click “Remind me later” and forget about it.
To get Win10 patched, run a stairs in AKB 2000005: How to refurbish Windows 10 — safely. You competence wish to use wushowhide to censor any motorist updates. All of a other updates should be OK, including Servicing smoke-stack updates, Office, MSRT or .Net updates (go forward and use a Monthly Rollup if it’s offered).
As is always a case, DON’T CHECK ANYTHING THAT’S UNCHECKED.
Time to get patched. Tell your friends, though make certain they know what’s happening. And for heaven’s sake, as shortly as you’re patched, spin off involuntary updating! If we can follow these instructions, we don’t have to offer as Microsoft patch cannon fodder.
I usually altered a MS-DEFCON turn on a AskWoody Lounge. Join us.