Woody Leonhard

About the Author Woody Leonhard


Where we stand with messy September Windows and .NET patches

This month’s Windows and .Net patches hold all sorts of nasty surprises — some acknowledged, some not, some easy to skirt, some waiting to swallow the unwary whole. Here’s a quick overview of what’s going on with this month’s missives.

Most important: If you can’t keep yourself (or your clients) from clicking “Enable Editing” in Word, you must install a broad range of .NET patches (if you’re running Windows 7 or 8.1) or cumulative updates (if you’re running Windows 10), like, NOW.

Windows 10 Creators Update version 1703

Cumulative Update KB 4038788, which brings the build number up to 15063.608, has two acknowledged (but not fixed) bugs:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Tower of Babel Outlook 2007 security patch KB 4011086 yanked, replaced

With one month left until Outlook 2007 hits end of life, Microsoft released a fix yesterday for the September security patch’s polyglot ways. You may recall KB 4011086 as the Outlook 2007 patch that displays Swedish menus in the Hungarian language version, Portuguese in Italian, Swedish in Slovenian, Spanish in Italian, and many more. One hitch: You have to manually uninstall the old patch before you can install the new patch.

For those of you using Outlook 2010 who got hit with the same language switcheroo, I haven’t seen any notice that this month’s KB 4011089 has been fixed or pulled.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Outlook security patches intentionally break custom forms

When Microsoft released its Outlook security patches on Sept. 12, several readers complained that their custom form printing capabilities disappeared. Ends up the bug that broke VBScript printing isn’t a bug at all.

Microsoft announced over the weekend that it intentionally disabled scripts in custom forms, and those with printable custom forms need to make manual Registry changes to bring the feature back.

Those of you who have installed any of this month’s Outlook security patches:

will have to dive into the Registry if you want to enable any custom form scripts, including the VBScript printing capability. It’s complicated, and the method varies, depending on which version of Office you’re using and the bittedness of Windows and Office. Diane Poremsky has detailed instructions on her Slipstick Systems site.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Running a Win10 beta build on a Surface Pro 3? Don’t shut down.

Those of you with a Microsoft Surface Pro 3 who are running Windows Insider beta builds, sit up and take note: Don’t turn off your machine. Somehow Microsoft managed to release the latest beta build, 16288.1, to both the Fast and the Slow ring. If you install it on your Surface Pro 3 and try to reboot, you’ll see a “Surface” on a black screen, the dot-chasing “working” icon, and exactly nothing else. My SP3 has been bricked since yesterday and the dots are still chasing each other.

How, you might question, could this have happened? Certainly anybody who installed 16288.1 on an SP3 machine didn’t ever get it to reboot. The build was pushed out to the Fast ring on Sept. 12. It went out on the Slow ring on Sept. 15. And I didn’t see any mention of the bug until Sept. 16. Is it possible that nobody inside or outside Microsoft rebooted a beta-enhanced Microsoft SP3 between Sept. 12 and Sept. 16?

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Running a Win10 beta build on a Surface Pro 3? Don’t shut down.

Those of you with a Microsoft Surface Pro 3 who are running Windows Insider beta builds, sit up and take note: Don’t turn off your machine.

Somehow Microsoft managed to release the latest beta build, 16288.1, to both the Fast and the Slow ring. If you install it on your Surface Pro 3 and try to reboot, you’ll see a “Surface” on a black screen, the dot-chasing “working” icon, and exactly nothing else. My SP3 has been bricked since yesterday, and the dots are still chasing each other.

How, you might question, could this have happened? Certainly anybody who installed 16288.1 on an SP3 machine didn’t ever get it to reboot. The build was pushed out to the Fast ring on Sept. 12. It went out on the Slow ring on Sept. 15. And I didn’t see any mention of the bug until Sept. 16. Is it possible that nobody inside or outside Microsoft rebooted a beta-enhanced Microsoft SP3 between Sept. 12 and Sept. 16?

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Outlook 2010 Tower of Babel patch KB 4011089 breaks VBScript print

Read more 0 Comments

If you can’t avoid Word’s ‘Enable Editing,’ patch Windows right now

In the normal course of events, it takes a week (or two or three) for the bugs in each month’s Windows and Office security patches to shake out. This month’s patches are no exception. There are lots of reports of problems with IE and Edge, for example, and many more are piling up.

In the normal course of events, the fresh-off-the-press security patches present more of a threat to most people, in the short term, than do the problems the patches are supposed to fix. You have to patch sooner or later, but by waiting for the screams of pain to die down, you can save yourself some major headaches.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Where we stand with this month’s Windows and Office security patches

September’s retinue of Microsoft patches includes one very important .NET fix that blocks a security hole brought to life when you open an RTF file in Word. So far, it’s only been seen in the wild in a Russian-language RTF document, apparently generated by NEODYMIUM, allegedly used by a nation-state to snoop on a Russian-speaking target.

Several researchers have found ways to leverage the security hole, and it’s only a matter of time before some enterprising folks come up with ways to turn it into a widespread infection vector. Bottom line: If you can’t keep your finger off the “Enable Editing” button in Word, you better get this month’s security patches installed.  

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Time to temporarily turn off Windows Automatic Update

If run Windows — any version — now would be an excellent time to make sure Automatic Update is turned off. Patch Tuesday arrives tomorrow, and there’s no telling what sort of offal will get thrust onto Windows machines automatically.

Of course, I will be watching closely and will warn you if there’s something that has to be installed, like, right now. If this month is like the vast majority of Windows patching months in the past year or two, you have more to lose from botched patches than there is to gain by immediately installing security patches.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Buggy Word 2016 non-security patch KB 4011039 can’t handle merged cells

Last month’s crop of buggy Windows and Office patches may be headed for a re-match. I’m seeing reports of a merged cell bug in last Tuesday’s Sept. 5, 2017, update for Word 2016 (KB4011039).

At this point, Microsoft has acknowledged the bug and has pulled the patch. The bug doesn’t appear on the official Fixes or workarounds for recent issues in Word for Windows page. The only solution is to manually uninstall the patch.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Equifax security breach debacle thickens with improbable denials

No doubt you’ve heard about the stolen data at credit reporting agency Equifax. The company’s official disclosure appeared yesterday:

Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. … The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

It’s time to install August Windows and Office patches — carefully

Read more 0 Comments

It’s time to move to Win10 Creators Update – for all the wrong reasons

Read more 0 Comments