Woody Leonhard

About the Author Woody Leonhard


Win10 machines with ‘Defer feature updates’ now getting Creators Update

Over the weekend I heard howls from folks who are being pushed onto the latest version of Windows 10 — the Creators Update, version 1703 — when they had specifically told Win10 Anniversary Update — version 1607 — to “Defer feature updates.” If you thought the “Defer feature updates” setting would permanently protect you from pushed version changes, you’re mistaken. Here’s what happened, and what you can do about it.

Those of you experiencing forced updates even on machines attached to a WSUS server, read on…

As I explained back in April, folks with Windows 10 Anniversary Update Pro or Enterprise can click Settings > Update & security > Advanced options, then check the box marked “Defer feature updates” (see screenshot).

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Tiptoe through the bugs and get Windows and Office updated

The fourth Tuesday of the month has come and gone, and it now looks reasonably safe to patch Windows and Office. I was expecting two big releases yesterday — one to fix numerous bugs in Win10 Creators Update, version 1703; the other to plug the bugs introduced by June’s Office security patches — but neither trove appeared. Given Microsoft’s past patterns, it’s unlikely that we’ll see any more serious patches until next month’s Patch Tuesday, on Aug. 8.

There’s also a bit of additional impetus right now. On July 17, security researcher Haifei published a proof of concept for running malware scripts directly in Office apps. I haven’t seen any exploits in the wild as yet, but it would be a good idea to install KB 3213640 (Office 2007), KB 3213624 (Office 2010), KB 3213555 (Office 2013) and/or KB 3213545 (Office 2016) in the short term. (Thx to @LeaningTowardsLinux.) Note that none of these patches, as best as I can tell, correct the Office bugs introduced in June.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Problems with Surface Pro 4/Surface Book firmware update

We have no way of knowing why Microsoft released the driver updates last Friday or what they’re supposed to accomplish. What we do know is that the last set of patches came just 10 days earlier, on July 11, when Microsoft added support for the new Surface Pro Type Cover and Signature Type Cover.

With two dozen major firmware and driver updates pushed onto the Surface Pro 4 since its release in October 2015, and a new Surface Pro 2017 currently on offer, it’s noteworthy that Microsoft is still trying to get the SP4 and SB drivers right.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Where are the fixes to the botched Outlook security patches?

On June 13—five and a half weeks ago—Microsoft released a series of buggy patches for Outlook. We know they’re buggy because Microsoft acknowledged seven bugs (including one primarily caused by bugs in Windows patches) in those four original June 13 security patches. As of this morning, we still don’t have fixes for those seven bugs.

Here are the known buggy original security patches:

  • KB 3191898 – Security update for Outlook 2007, released June 13, 2017
  • KB 3203467 – Security update for Outlook 2010, released June 13
  • KB 3191938 – Security update for Outlook 2013, June 13
  • KB 3191932 – Security update for Outlook 2016, June 13

If you have Automatic Update turned on, you were treated not only to those patches, but to all of these three later, interim fixes for the bugs in the security patches. Don’t get too excited about them. In fact, they didn’t fix the bugs:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

More June security patch bugs: You can patch an IE flaw, CVE-2017-8529, or print inside iFrames—but not both

Strap on your hip waders. This particular “scare” article should have you thinking yet again about the advisability of installing Windows updates as soon as they’re available. As you’ll see, Microsoft itself has flip-flopped on the resolution and those who subscribe to Windows Update have been taken along for the ride.

Buggy June patches to Windows, Internet Explorer and Edge left customers in the horns of a dilemma:

  • You can plug a security hole known as CVE-2017-8529, in which IE or Edge reveal the presence of a specific file on your computer when you simply surf to a compromised web site, OR
  • You can print content on web pages that are inside an HTML construct known as an iFrame, using IE 9, 10 or 11.

Microsoft’s up against a hard bug that makes this an either-or proposition: Until Microsoft figures out how to fix both problems at the same time, either you patch the security hole, or you can print inside iFrames with IE, but not both.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

More June security patch bugs: You can patch an IE flaw, CVE-2017-8529, or print inside iFrames — but not both

Strap on your hip waders. This particular “scare” article should have you thinking yet again about the advisability of installing Windows updates as soon as they’re available. As you’ll see, Microsoft itself has flip-flopped on the resolution and those who subscribe to Windows Update have been taken along for the ride.

Buggy June patches to Windows, Internet Explorer and Edge left customers in the horns of a dilemma:

  • You can plug a security hole known as CVE-2017-8529, in which IE or Edge reveal the presence of a specific file on your computer when you simply surf to a compromised web site, OR
  • You can print content on web pages that are inside an HTML construct known as an iFrame, using IE 9, 10 or 11.

Microsoft’s up against a hard bug that makes this an either-or proposition: Until Microsoft figures out how to fix both problems at the same time, either you patch the security hole, or you can print inside iFrames with IE, but not both.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Driver fix for Surface Pro 2017 hibernation seems to work; now, about that backlight bleed

Read more 0 Comments

With Patch Tuesday imminent, make sure you have Automatic Update turned off

In case you hadn’t noticed, Microsoft has had a tough time with patches this year. From a total lack of patches in February (except for a late IE patch), to yanked and reissued botched patches that followed, to a jumble of problems with Windows and Office patches — including seven admitted bugs in last month’s Office patches — Microsoft has proved itself adept at Jack-in-the-box patching. You don’t have to join the legions of unpaid patch beta testers.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

New Surface Pro 2017 shuts off unexpectedly? Return it while you can

If you have a new Surface Pro 2017 and it keeps dying unexpectedly, the best current advice is to turn it in for a replacement—while you still can. For reasons as yet unknown, and not discussed by Microsoft, newer hardware doesn’t seem to have the same problem. Or, at least, the problem isn’t as marked.

Forums are ablaze with complaints about the new Surface Pro—the one that doesn’t have a model number but is generally known as Surface Pro 2017. Becca05 on the Microsoft Answers forum says:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

New Surface Pro 2017 shuts off unexpectedly? Return it while you can.

If you have a new Surface Pro 2017 and it keeps dying unexpectedly, the best current advice is to turn it in for a replacement — while you still can. For reasons as yet unknown, and not discussed by Microsoft, newer hardware doesn’t seem to have the same problem. Or at least, the problem isn’t as marked.

Forums are ablaze with complaints about the new Surface Pro — the one that doesn’t have a model number but is generally known as Surface Pro 2017. Becca05 on the Microsoft Answers forum says:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

New Surface Pro 2017 shuts off unexpectedly? Return it while you can.

If you have a new Surface Pro 2017 and it keeps dying unexpectedly, the best current advice is to turn it in for a replacement — while you still can. For reasons as yet unknown, and not discussed by Microsoft, newer hardware doesn’t seem to have the same problem. Or at least, the problem isn’t as marked.

Forums are ablaze with complaints about the new Surface Pro — the one that doesn’t have a model number but is generally known as Surface Pro 2017. Becca05 on the Microsoft Answers forum says:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft releases 15 Office patches for July, but some June bugs still stink

On Patch Wednesday of this week, Microsoft said it released 14 non-security Office updates, covering such fascinating topics as improved Dutch translations in Word 2013, Danish translations in Access, and Finnish and Swedish translations in Excel. Typical first Tuesday stuff.

Microsoft neglected to mention that it also shipped a fix for the bugs introduced by last month’s patches to Outlook 2010. Dubbed KB 4011042, the neglected fix appears to be a non-security patch that fixes bugs created by a security patch — a red flag for many advanced patchers.

To read this article in full or to leave a comment, please click here

Read more 0 Comments