Woody Leonhard

About the Author Woody Leonhard


Tower of Babel Outlook 2007 security patch KB 4011086 yanked, replaced

With one month left until Outlook 2007 hits end of life, Microsoft released a fix yesterday for the September security patch’s polyglot ways. You may recall KB 4011086 as the Outlook 2007 patch that displays Swedish menus in the Hungarian language version, Portuguese in Italian, Swedish in Slovenian, Spanish in Italian, and many more. One hitch: You have to manually uninstall the old patch before you can install the new patch.

For those of you using Outlook 2010 who got hit with the same language switcheroo, I haven’t seen any notice that this month’s KB 4011089 has been fixed or pulled.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Outlook security patches intentionally break custom forms

When Microsoft released its Outlook security patches on Sept. 12, several readers complained that their custom form printing capabilities disappeared. Ends up the bug that broke VBScript printing isn’t a bug at all.

Microsoft announced over the weekend that it intentionally disabled scripts in custom forms, and those with printable custom forms need to make manual Registry changes to bring the feature back.

Those of you who have installed any of this month’s Outlook security patches:

will have to dive into the Registry if you want to enable any custom form scripts, including the VBScript printing capability. It’s complicated, and the method varies, depending on which version of Office you’re using and the bittedness of Windows and Office. Diane Poremsky has detailed instructions on her Slipstick Systems site.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Running a Win10 beta build on a Surface Pro 3? Don’t shut down.

Those of you with a Microsoft Surface Pro 3 who are running Windows Insider beta builds, sit up and take note: Don’t turn off your machine.

Somehow Microsoft managed to release the latest beta build, 16288.1, to both the Fast and the Slow ring. If you install it on your Surface Pro 3 and try to reboot, you’ll see a “Surface” on a black screen, the dot-chasing “working” icon, and exactly nothing else. My SP3 has been bricked since yesterday, and the dots are still chasing each other.

How, you might question, could this have happened? Certainly anybody who installed 16288.1 on an SP3 machine didn’t ever get it to reboot. The build was pushed out to the Fast ring on Sept. 12. It went out on the Slow ring on Sept. 15. And I didn’t see any mention of the bug until Sept. 16. Is it possible that nobody inside or outside Microsoft rebooted a beta-enhanced Microsoft SP3 between Sept. 12 and Sept. 16?

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Running a Win10 beta build on a Surface Pro 3? Don’t shut down.

Those of you with a Microsoft Surface Pro 3 who are running Windows Insider beta builds, sit up and take note: Don’t turn off your machine. Somehow Microsoft managed to release the latest beta build, 16288.1, to both the Fast and the Slow ring. If you install it on your Surface Pro 3 and try to reboot, you’ll see a “Surface” on a black screen, the dot-chasing “working” icon, and exactly nothing else. My SP3 has been bricked since yesterday and the dots are still chasing each other.

How, you might question, could this have happened? Certainly anybody who installed 16288.1 on an SP3 machine didn’t ever get it to reboot. The build was pushed out to the Fast ring on Sept. 12. It went out on the Slow ring on Sept. 15. And I didn’t see any mention of the bug until Sept. 16. Is it possible that nobody inside or outside Microsoft rebooted a beta-enhanced Microsoft SP3 between Sept. 12 and Sept. 16?

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Outlook 2010 Tower of Babel patch KB 4011089 breaks VBScript print

If you’ve installed KB 4011089, this month’s Outlook 2010 security patch, and you can no longer print custom forms, you aren’t alone. I’m seeing reports from several sources that installing the patch destroys printing functionality in custom Outlook 2010 forms.

It isn’t clear, at this early stage, if other versions of Outlook are affected, or if other Office programs may have the same kind of problem.

Microsoft hasn’t yet acknowledged the problem. The only workaround appears to be uninstalling the patch.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

If you can’t avoid Word’s ‘Enable Editing,’ patch Windows right now

In the normal course of events, it takes a week (or two or three) for the bugs in each month’s Windows and Office security patches to shake out. This month’s patches are no exception. There are lots of reports of problems with IE and Edge, for example, and many more are piling up.

In the normal course of events, the fresh-off-the-press security patches present more of a threat to most people, in the short term, than do the problems the patches are supposed to fix. You have to patch sooner or later, but by waiting for the screams of pain to die down, you can save yourself some major headaches.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Where we stand with this month’s Windows and Office security patches

September’s retinue of Microsoft patches includes one very important .NET fix that blocks a security hole brought to life when you open an RTF file in Word. So far, it’s only been seen in the wild in a Russian-language RTF document, apparently generated by NEODYMIUM, allegedly used by a nation-state to snoop on a Russian-speaking target.

Several researchers have found ways to leverage the security hole, and it’s only a matter of time before some enterprising folks come up with ways to turn it into a widespread infection vector. Bottom line: If you can’t keep your finger off the “Enable Editing” button in Word, you better get this month’s security patches installed.  

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Time to temporarily turn off Windows Automatic Update

If run Windows — any version — now would be an excellent time to make sure Automatic Update is turned off. Patch Tuesday arrives tomorrow, and there’s no telling what sort of offal will get thrust onto Windows machines automatically.

Of course, I will be watching closely and will warn you if there’s something that has to be installed, like, right now. If this month is like the vast majority of Windows patching months in the past year or two, you have more to lose from botched patches than there is to gain by immediately installing security patches.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Buggy Word 2016 non-security patch KB 4011039 can’t handle merged cells

Last month’s crop of buggy Windows and Office patches may be headed for a re-match. I’m seeing reports of a merged cell bug in last Tuesday’s Sept. 5, 2017, update for Word 2016 (KB4011039).

At this point, Microsoft has acknowledged the bug and has pulled the patch. The bug doesn’t appear on the official Fixes or workarounds for recent issues in Word for Windows page. The only solution is to manually uninstall the patch.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Equifax security breach debacle thickens with improbable denials

No doubt you’ve heard about the stolen data at credit reporting agency Equifax. The company’s official disclosure appeared yesterday:

Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. … The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

It’s time to install August Windows and Office patches — carefully

Read more 0 Comments

It’s time to move to Win10 Creators Update – for all the wrong reasons

Read more 0 Comments

Don’t use Windows 10 to move data on your Android phone

When you attach your phone to a PC with a USB cable, you expect File Explorer to work the way it’s intended to work — copy, move, drag, drop and the like. As long as your PC is running Windows 7 or 8.1, that’s exactly what happens. But if you’re running Windows 10, watch out. You may end up deleting files.

Jörg Wirtgen on German-language site heise.de has a description of the problem. Here’s a translation, courtesy of DeepL:

Be careful with Android devices connected to a PC running Windows 10 via USB: harmless cleanup operations can cause photos and other files to be irretrievably lost. Almost all Android devices except the newer ones from Samsung are affected.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Don’t use Windows 10 to move data on your Android phone

When you attach your phone to a PC with a USB cable, you expect File Explorer to work the way it’s intended to work — copy, move, drag, drop and the like. As long as your PC is running Windows 7 or 8.1, that’s exactly what happens. But if you’re running Windows 10, watch out. You may end up deleting files.

Jörg Wirtgen on German-language site heise.de has a description of the problem. Here’s a translation, courtesy of DeepL:

Be careful with Android devices connected to a PC running Windows 10 via USB: harmless cleanup operations can cause photos and other files to be irretrievably lost. Almost all Android devices except the newer ones from Samsung are affected.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Six days late, Microsoft reveals the meaning of mystery patch KB 4033637

Last Friday, Microsoft pushed a patch down the Automatic Update chute. Like so many patches before it, KB 4033637 was completely undocumented. Those running Win10 1607 who hadn’t taken steps to block forced patches found they had a newly revised program running on their systems — and nobody had any idea what the patch actually did.

Informed conjecture said it was an update to the Compatibility Appraiser, to help Microsoft upgrade machines to newer versions of Windows. Other guesses were all over the map. On Reddit, a poster relates how he called Microsoft and was told that it’s a hush-hush security patch for Flash. Microsoft’s own Answers Forum is littered with posts blaming KB 4033637 for system freezes, second screen problems, installation hangs and more.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft patch alert: Outstanding problems with recent updates

August has seen a flurry of buggy patches:

Win10 1607 – KB 4033637, which arrived last Friday via Auto Update, was documented early Thursday morning. It’s an update to the Compatibility Appraiser, to make it easier for Microsoft to upgrade your version of Windows.

 

Win10 1507 and 1511 – KB 4033631 remains undocumented and was similarly pushed thru Auto Update (on Friday?). It’s also likely an update to the Compatibility Appraiser.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft releases KB 4039396, its fourth Win10 1607 update this month

If you’ve ever wondered why I recommend that folks hold off on Windows monthly updates, permit me to introduce the latest hiccup in a whooping-cough-sized patching process. Yesterday, Microsoft released KB 4039396, an out-of-band patch for Windows 10 Anniversary Update, version 1607. The patch brings version 1607 up to build 14393.1670. It isn’t being pushed out through Automatic Update, for reasons that should become clear. Instead, it’s only available if you know about it and install it manually, kind of a new take on the old hotfixes.

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Undocumented patch KB 4033637 pushed onto Windows 10 1607 machines

Continuing another banner month of screwed-up patches, many people running Windows 10 Anniversary Update, version 1607, report that an undocumented patch “Update for Windows 10 Version 1607 for x64-based Systems (KB4033637)” just rolled out the Automatic Update chute.

kb 4033637Woody Leonhard/IDG

Although KB 4033637 has a long history — try googling it — there doesn’t appear to be any official documentation. Blogger Günter Born traces its history to this entry from larryCG on the Microsoft Answers forum, dated July 24:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Undocumented patch KB 4033637 pushed onto Win10 1607 machines

Continuing another banner month of screwed-up patches, many people running Windows 10 Anniversary Update, version 1607, report that an undocumented patch “Update for Windows 10 Version 1607 for x64-based Systems (KB4033637)” just rolled out the Automatic Update chute.

kb 4033637Woody Leonhard/IDG

Although KB 4033637 has a long history — try googling it — there doesn’t appear to be any official documentation. Blogger Günter Born traces its history to this entry from larryCG on the Microsoft Answers forum, dated July 24:

To read this article in full or to leave a comment, please click here

Read more 0 Comments

Microsoft yanks buggy patch of a buggy patch, KB 4039884

There’s no official confirmation, and no explanation of course, but overnight Microsoft pulled a patch that was supposed to fix the main problems in this month’s Windows 7 security updates. I talked about the repair hotfix yesterday in “Microsoft repairs buggy Win7 security patch with buggy hotfix KB 4039884.” Today, the repair hotfix isn’t available anymore.

All we know for sure is that sometime last night, the Microsoft Update Catalog entry for KB 4039884 disappeared. As of early Tuesday morning, Eastern time, the KB article is still available, and it hasn’t been modified — it still points to the Update Catalog.

To read this article in full or to leave a comment, please click here

Read more 0 Comments