Jump to content
  • MS-DEFCON 2: Microsoft and Apple betas near finish line

    Karlston

    • 488 views
    • 5 minutes
     Share


    • 488 views
    • 5 minutes

    By Susan Bradley

    Hold off on updates from both companies until they are fully vetted.

    With so much activity around forthcoming Windows updates, continued caution is recommended. That’s why I’m raising the MS-DEFCON level to 2.

    I realize that the window between today and last week’s Alert has been brief. It’s just a matter of the calendar — more testing time was needed last month, and Patch Tuesday is next week.

    I consider Apple’s updates more impactful. iOS 18 will be out next month with new customization options, AI features, SIRI improvements, and more. Don’t be the first to jump into those updates; give them time to settle and let others take the slings and arrows.

    Microsoft still appears to be on track to release Windows 11 24H2 in September or October. As I’ve said before, I don’t see many compelling changes for consumers. The 24H2 release will have a new Long-Term Servicing Channel edition, allowing businesses to have a version with fewer changes and disruptions.

    The upcoming Windows 11 update will include fixes for the following issues:

    • A memory leak occurs when you interact with archive folders.
    • File Explorer stops responding when you browse within it.
    • When you search from Home for the first time, you might not get any results.
    • The address bar’s drop-down menu might appear when you do not expect it.
    • When you use the Save dialog to save a file to Gallery, an error occurs. Because of this update, the file saves to the Pictures library instead.
    • The search box does not show the correct folder name when you are in Gallery.

    The upcoming Windows 10 release will include a fix for the following problem:

    • When you use the app with a USB device, the app stops responding and does not print. This issue also limits the functions of the user interface.
    Consumers

    I am still seeing individuals having issues installing Office 2019 updates on some (but not all) machines. If you need to manually update Office, do not uninstall and reinstall. Instead, follow this procedure.

    • Open a command prompt with administrator rights.
    • Enter the command “C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe” /update user updatetoversion=
    • Just after the equal sign, enter the version of Office you want to install. For example, if you want to install the August 1 edition, enter the value 17830.20138.
    • Press Enter.

    Office Updating

    Microsoft has refreshed KB5001716 for Windows 11 to get ready for the 24H2 release. The main goal is to ensure that you get the proper notification when a feature release is coming to its end of life. If you are up to date on 23H2 and use tools to defer or hide the updates, you can safely hide this update. If you are a Windows patcher who merely defers, I have no indication that this update is a problem and recommend leaving it installed if it’s already there.

    If you are an Android phone or tablet user, don’t forget to hop over and ensure that updates are installed. This month’s Android security releases include a fix for a zero day. However, there are no details on how the attack may occur. Reports so far imply that this is a targeted attack from a highly motivated attacker, such as some overseas government going after specific targets. CVE-2024-36971 has no clear explanation of how the attackers are getting onto the devices. Although Google Pixel devices will receive the updates quite soon (if they haven’t already), other devices take longer because carriers test and approve the fixes before pushing them to their customers.

    Businesses

    Las Vegas is hot in the summer. That’s the perfect time of year to spend hours in air-conditioned event venues soaking up the latest security information at the annual Black Hat USA 2024 security conference. I won’t be there in person, but I will be availing myself of A/C while I watch remotely to review the research that is released. I sometimes think these events are more hype than substance, but the agendas always look interesting.

    One talk, Windows Downdate, made me chuckle a bit. The idea is that attackers can wiggle into your system, download older binaries, and thus make your box vulnerable to security issues that have been addressed in more recent releases. As a byproduct, the “downdate” damages the Windows update components to prevent newer updates from being installed. The chuckle comes from realizing that Microsoft itself does that quite well on its own. It will be interesting to see the research and the tool released.

    Reminder: The enforcement indicated in KB5025885 regarding Boot Manager revocations for secure boot changes has been kicked down the road. The July 9 security updates ushered in the “deployment phase,” but the enforcement phase will be six months (or more) from now. Microsoft will let us know when the last phase goes into effect, but meanwhile I’m working on an article on how best to handle this in both standalone and business settings.

    Resources

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...