Las actualizaciones de noviembre tenían algunas sorpresas guardadas.
First, for those still running Office 2010, last month was supposed to be the support deadline. No more security updates. No, nothing. Zippo. And yet we've received weekly updates to Excel (KB4486743), Office (KB4486737, KB4486738, KB4484534, KB4484455), and Word (KB4486740), all fixes for remote code execution. (I remember when Office 2007 had its swan song, we also got updates after its end-of-life notice.) I guess those updates were probably still in testing and not complete yet. hence the late release. So if you're still running Office 2010, you get an extra month of updates. I don't expect another game next month. But then again, I didn't expect this month either. The next surprise is another set of microcode updates from Intel. These include KB4589198 for Windows 10 Long Term Service Branch 1507, KB4589210 for Windows 10 Long Term Service Branch 1607, KB4589206 for Windows 10 1803, KB4589208 for Windows 10 1809, KB4589211 for Windows 10 1903 and 1909, and KB 4589212 for Windows 10 2004 and 20H2. These are security updates for Intel processors with security vulnerabilities. Specifically, they target Avoton, Sandy Bridge E, EN, EP, EP4S, Sandy Bridge E, EP, Valley View / Baytrail processors. (If you have an affected computer, you will be offered the solution.)
![CPU-Z]()
CPU-Z If you're like me and have no idea what processor your hardware is using, Intel offers several ways to find the information. Or in Windows 10, click Start, then Settings, then About, and in the device specifications window, you can see the processor ID, but not the brand name. I usually go to the Intel site and look up the name of the processor and compare it to what works on my computer. You can also download CPU-Z to determine the exact codename of your CPU. This app gives the most specific information about the brand of Intel chip you're using, but a word of warning: the site makes it extremely difficult to figure out what to click to download the program without installing something you don't want. For the curious, my Lenovo laptop has a Haswell processor.
Should you install?
But the question that everyone always asks me is… Do I have to install these firmware updates? I am not convinced. In the past, I have uninstalled some of these fixes from machines after seeing them slow down after the update. In this case, attackers would have to "monitor power consumption and infer instructions executed by a processor, allowing them to steal sensitive data from memory." Sounds like "nation-state" attackers looking for key industry or government secrets. The most sensitive information on my computer these days is my weekly Instacart order and Amazon purchases. Unless your computer has nuclear codes or is an ATM, I would ignore these updates, especially if they affect performance. I recommend BIOS updates, especially on Windows 10 machines.
Patchers for individuals, individuals and small businesses
My general advice to consumer, home or small business users is to skip patching and wait until everything is clear. For now, just install updates on a spare machine, and then make sure basic activities like printing work as expected. There are several fixes to fix remote code execution in the print queue (CVE-2002-17042), as well as an elevation of privilege for the print queue (CVE-2020-17001). This fixes a previous spooler bug that was first fixed in May (CVE-2020-1048) and then again in August (CVE-2020-1337). If you're having issues with Windows 10 June fixes and printing, you're likely wary of fixes that affect printing. Personally, I didn't see any issues in my tests, but I'll keep an eye out for specific issues and report bugs later this month. The other big bug fixed in this release is a zero-day that affected not only Windows, but also Chrome and Microsoft's new Edge browser. Chrome and Edge were fixed earlier; the base OS now has a fix for a separate elevation of privilege bug (CVE-2020-17087). (A targeted attack using a remote code vulnerability in Google Chrome using the Windows kernel cryptography driver to elevate privileges was observed in late October.)
Be on the lookout for mistakes
It is too early to install updates at this time; I see too many preliminary reports of weird issues on the Reddit site, the Answers forum, and of course on Askwoody.com. Fortunately, nothing major is hot right now and I hope it stays that way. We are not getting any new .NET security updates this month, but we are getting regular versions of Windows and Office.
Outlook loses its memory
We are still tracking an issue where Outlook and other apps cannot remember passwords after installing Windows 10 version 2004/20H2. Microsoft has officially documented the issue and traced it to an HP Customer Engagement Utility task. They investigate the problem and promise a solution. In the meantime, they recommend this workaround:
- Right-click the Windows 10 Start button and select Windows PowerShell (Administrator).
- Copy and paste the following command into Windows PowerShell and press Enter.
- Get-ScheduledTask | foreach {Si (((Export-ScheduledTask -TaskName € _. TaskName -TaskPath € _. TaskPath)). GetElementsByTagName ("LogonType"). '# Texto' -eq "S4U") {€ _. Nombre de la tarea}}
If you see any tasks in the PowerShell results list, write them down. Then go to Windows Task Scheduler and disable all the tasks that you found in the above command. Follow these steps:
- In the Windows 10 search box, type Task Scheduler and then open Task Scheduler app.
- Look for the task in the (HP Customer Support) window or another task in the Windows PowerShell output.
- Right-click on the task and choose Disable.
- After disabling the task, restart Windows.
If this process makes you cringe, there is another way to temporarily solve this problem: uninstall 2004 or 20H2. If you're in the 10-day install window for the feature version of Windows 10 2004, you can go back to 1909 by clicking Start, then Settings, then Update & Security, then the Recovery tab. In the Recovery section, click "Go back to a previous version of Windows 10" and click start. Windows will ask you a few questions and take you back to 1909.
Company patches
For those who monitor corporate patches and regularly review security patch release information, Microsoft has changed the way it prepares and publishes security update documentation. Descriptions included in patch release bulletins have been replaced with summaries and abbreviations to simplify communication. According to ZDnet's Catalin Cimpanu, the same information is there, just in fewer words. Former Microsoft Security Response Center release manager Dustin Childs disagrees. Childs, who is now a blogger for the Zero Day Initiative, points out in his Patch Tuesday that getting the right information about a bug helps explain the risk of an attack and how to protect yourself. “As a network defender, I have defenses to mitigate risk beyond just applying security patches. Should I use these other technologies when deploying patches? Until I have some idea of the answers to these questions, I can't accurately assess the risk to my network from this or that bug with outstanding questions. Hopefully Microsoft decides to add the description in future releases. " I fully agree. Other admins are also upset by the changes. Please take a look at the new format of the Security Update Guide and provide feedback on their form or email them. It has always been my philosophy that installing updates is not without risk When the time comes when the risk of being attacked outweighs the risk of installing updates and dealing with side effects, now is the optimal time to install and reboot Help users better understand the The risks and how attacks occur means we are better informed and better prepared to prevent them. I also wish Microsoft would add more detail to its security release information. Blindly installing updates without better understanding what they protect us from is never wise. Security issues patch?As always, contact us at AskWoody.com.
<p>Copyright © 2020 IDG Communications, Inc.</p>
CPU-Z If you're like me and have no idea what processor your hardware is using, Intel offers several ways to find the information. Or in Windows 10, click Start, then Settings, then About, and in the device specifications window, you can see the processor ID, but not the brand name. I usually go to the Intel site and look up the name of the processor and compare it to what works on my computer. You can also download CPU-Z to determine the exact codename of your CPU. This app gives the most specific information about the brand of Intel chip you're using, but a word of warning: the site makes it extremely difficult to figure out what to click to download the program without installing something you don't want. For the curious, my Lenovo laptop has a Haswell processor.