back to article Webpages, Word files, print servers menacing Windows PCs – yup, it's Patch Tuesday

Microsoft will fix critical holes in Internet Explorer, Edge, Office and Windows with this month's Patch Tuesday security bundle. Meanwhile, Adobe has patched dozens of exploitable vulnerabilities in its Flash player. Redmond's July release includes 11 sets of patches, six rated as "critical" and five classified as "important …

  1. Chika

    Inquiring mind want to know...

    And the usual re-issue of nag patches, did we get them this month?

    1. Anonymous Coward
      Anonymous Coward

      Re: Inquiring mind want to know...

      Silly Rabbit. Of course we did. 2952664 and the lovely new 3173040 were there just waiting to be installed.

      1. Jos V

        Re: Inquiring mind want to know...

        Sick and tired of this shite. The 2952664 was in my list, and all the crap I put on "hide" unhid themselves. This is only on my work laptop, where MSW is installed by the company, but I'm really getting tired of these shenanigans by MS.

        If it weren't for my vpn client (and I think I can handle that under my Linux load) and some corporate software, windows would have gotten the neck-shot already.

      2. Anonymous Coward
        Anonymous Coward

        Re: Inquiring mind want to know...

        That's funny - I didn't see either of those. Maybe because I'm running GWX Control Panel?

    2. VinceH

      Re: Inquiring mind want to know...

      Probably, yes because ISTR from news last week or the week before that they've changed again, this time to a full screen nag - though one that allows the scheduled downgrade to be cancelled.

      Unless that one's already out and there's another new one again this time. I've lost track.

    3. Doctor_Wibble
      WTF?

      Worse, mine said 'no updates available'

      Yesterday (or possibly the day before) I saw the (currently normal) '9 optional available' (including the supposedly-dead) and today I open it and it says 'windows is up to date' which is either not possible or something dodgily suspicious has happened.

      And I know there's something in the offing because (and I have no idea why) my VNC viewer has serious slowness issues (move a terminal window, even the wire-frame takes an age to draw before I drop the window in its new position) until any urgent windows patches are installed. Or my video driver is broken and I am seeing through an incorrectly-rendered i.e. non-visible massive red-flashing 'Achtung' message that is in front of everything.

      See also, "I don't like it, it's too quiet"...

      [e2a: or an incorrectly-reported 'timed out when checking']

    4. Snowy Silver badge

      Re: Inquiring mind want to know...

      I found 4 of the 9 optional updates where to do with Windows 10 upgrade

      kb2952664 Compatibility update for upgrading Windows 7

      kb3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1

      kb3123862 Updated capabilities to upgrade Windows 8.1 and Windows 7

      kb3173040 Windows 8.1 and Windows 7 SP1 end of free upgrade offer notification

      1. Doctor_Wibble
        Flame

        Re: Inquiring mind want to know...

        Right, it finally got its act together and told me of important updates, and obviously I only installed the security-related ones because I don't trust the official recommendations any more, e.g.:

        > kb3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1

        This one of course has 'Install this update to resolve issues in Windows' in its description text which even the most charitable person would describe as grossly misleading on the basis that installing a thing to get a whole new OS does not fit within any definition of 'resolve issues' any more than getting a voucher for a new car would be the way to fix the radiator.

  2. PNGuinn
    Mushroom

    Patching Flash

    C'mon - there's only one safe way to patch Flash.

    Nuke it from Spaaaace!

    Shirely the number of peoples who actually NEED it is ....

    1. choleric
      Trollface

      Re: Patching Flash

      No, I'm sure these 52 patches will cover it. There can't be many more problems left with Flash by now?

      1. MrDamage Silver badge

        Re: Patching Flash

        Nope. Think of Flash like a steaming pile of shit (not that difficult to do).

        All they have done is shooed 52 flies away from that steaming pile. Plenty of flies still hanging around waiting their turn.

      2. Captain DaFt

        Re: Patching Flash

        "No, I'm sure these 52 patches will cover it. There can't be many more problems left with Flash by now?"

        It's like treating leprosy by adding more bandages. The disease is within, covering the surface blemishes is futile.

  3. Vince

    I think of that lot, the worst for me are:

    (a) The flaw that somehow magically bypasses the encryption. um... sorry?

    (b) The Print Spooler one - how does that still have such possible privileged access anyhow. The whole Windows Printing system is a mess.

    1. CLD

      Regarding your second question, AFAIK it works in this manner: Printers require drivers to be installed on each system to tell the applications how to print. The drivers have direct access to the kernel of the system. There are group policies which businesses can use to restrict access to only named print servers, but many businesses will just enable any domain related device to be a print server.

      Not too hard (especially with physical access to a PC) to install and share some printers. These could be malicious drivers which, if someone connects to your shared printer, you've got code to interact with the kernel of their system - basically you could take ownership of it.

    2. Anonymous Coward
      Anonymous Coward

      (a) If your encryption key is stored locally, if some vulnerability bypasses the checks to access the key (i.e being able to modify the unencrypted files used to boot...), encryption becomes useless.

      The suggested workaround is to enable TPM and PIN access. This way the key is protected by data which doesn't reside locally and need to be entered from outside. Just many people find inconvenient to type a PIN or password every time they boot.

  4. Richard Plinston

    July Flash Player update.

    > July Flash Player update. Windows, OS X, Linux, and ChromeOS users should check to make sure they don't have any version of the software.

    FTFY

  5. Carl D

    Wait until the weekend to install

    Most people I know wait until the weekend to install updates after Patch Tuesday to make sure there aren't any problems seeing as there have been many issues with the quality of MS's code lately.

    And, be sure to make a backup image before installing any updates.

    But, I'm betting that most of these 'security issues' are never seen 'in the wild' anyway - they never get further than the offices of these security researchers who I'm sure are on a nice little earner spending all day, every day looking for security flaws. Perhaps someone needs to shut THEM down?

    And, honestly - you'd think after 30 years of Windows there wouldn't be many more security issues left to find. Perhaps if MS started concentrating on security instead of useless 'bells and whistles' that no-one wants (Windows 10, I'm looking at you) we wouldn't have so many patches to install year after year.

    1. Mark 85

      Re: Wait until the weekend to install

      Perhaps if MS started concentrating on security instead of useless 'bells and whistles' that no-one wants (Windows 10, I'm looking at you) we wouldn't have so many patches to install year after year.

      Possibly. But it's possible that they just toss bodies at the Win OS and the old saying about "too many cooks spoiling the broth" applies. Especially if there's not much being done to check the code or test it.

      Having read what I just wrote, I wonder about all those thousands of employees... mostly sales, PR, admin types? Not enough coders or testers? I realize there's probably still zillions of lines in legacy code in Windows, but crikey... this shit seems to get worse every month. I would hope that at some point, a complete code review would occur and all the old, useless, vulnerable stuff would be stripped out. Expensive? Yes. Doable? Maybe not so much in reality.

      Yes, Linux is on standby for 3 of the 4 machines here at home, with one already happily running it.

    2. a_yank_lurker

      Re: Wait until the weekend to install

      @Carl D - Featuritis is a common problem with non-consumable products. It is mostly marketing gimmicks to separate one from their money. Most products including software and computers are mature products with reasonably saturated markets. OSes and applications have had all the major features users need for years if not for over a decade. Marketing believes the only thing to do is add mostly useless features and to make major cosmetic changes to the product and hype it as "new and improved".

      It is very difficult to know if some issue is being used (or if someone is planning to use it) without some identified malware. The fact that no one knows of specific exploit does prove it is not being used; a very common logic flaw.

    3. Carl D

      Re: Wait until the weekend to install

      Well, at least this is the last time we have to worry about Windows 10 nagware in the monthly updates.

      Isn't it, MS? Isn't it?

      Oh, sorry. I see you're too busy 'battening down the hatches' preparing for more lawsuits after the one where you paid $10,000 to the lady in California.

      http://windowsreport.com/microsoft-ny-ag-windows-10-forced-upgrade-lawsuit/

      And, about time too.

    4. Aodhhan

      Re: Wait until the weekend to install

      Spoken like someone who hasn't coded anything beyond, "Hello World", and doesn't understand anything about exploiting applications, outside using Metasploit.

  6. Anonymous Coward
    Anonymous Coward

    I just updated my XP box and without warning it rebooted.

    1. Pliny the Whiner

      "I just updated my XP box and without warning it rebooted."

      And that made you cry?

      You must be a very patient fellow, given that free support for Windows XP ended a bit over two years ago. Were you worried that the final updates would be bit dodgy?

      1. Anonymous Coward
        Anonymous Coward

        POSReady 2009 updates till 2019:-) no spyware, malware or viruses

      2. Roland6 Silver badge

        You must be a very patient fellow, given that free support for Windows XP ended a bit over two years ago.

        MS are still providing updates for Office 2007 on XP (Extended support ends on October 10, 2017)....

        But then this month's set didn't cause my box to reboot, but then I have the system set to notify me when updates are available, so I don't get unexpected reboots...

    2. Spotswood

      Sounds unrelated. I would think in your case that would have just been your malware updating itself and requiring a reboot.

  7. Carl D

    And, we're back...

    ... to the eternal wait for Windows 7 updates.

    Last week I did a check and it took less than a minute (there weren't any updates available because I was up to date).

    Today, I've been waiting nearly half an hour and I'm still looking at "Checking for updates...".

    I'm in Perth, Western Australia - so surely the MS Australian servers (if there are any) can't be overloaded?

    It seems all of these so called fixes for Windows 7 slow update checks that have appeared over the past few months either don't work or they only work for that particular month - then you're supposed to install another seemingly non related update to speed up the wait time.

    Seems a bit suspicious to me - maybe all these 'fixes' are really a Windows 10 'timebomb' that will explode before the end of the month and people who have installed them will wake up one morning and find W10 on their machines after they turned off W7 the night before. Oh, wait... that's already been happening, hasn't it?

    Thank goodness my 10 year old HP laptop is now permanently on Linux Mint. Last time I tried checking for W7 updates it was still checking after 5 hours. My main PC (which is STILL checking for updates) is a W7/Linux Mint dual boot. Soon to be a Mint only machine the way things are going with Windows these days.

    Oh, I don't plan to install any of these updates (if they ever appear) until the weekend. I just want to check them out.

  8. s. pam
    Mushroom

    Well there goes a couple fucking hours

    Of my time cleaning up Adobe & Microsoft shitty software again.

  9. Anonymous Coward
    Anonymous Coward

    Worrying

    I'm extremely worried by the behaviour of Windows Update this morning. I sat down and logged in at 0725, was notified of the availability of updates at 0728, and had rebooted after completing the process by 0805. They came straight down, installed, and the whole business was over in less than 45 minutes. Whereas, for at least the previous year, it has often taken all day (literally) even to check for updates, then another 24-36 hours to get them downloaded, interspersed with many gibberish error messages and several compulsory (and sometimes automatic) reboots.

    What has gone right? And should we be afraid?

    1. Anonymous Coward
      Anonymous Coward

      Re: Worrying

      Where do you live? In Italy my machines at home, which gets updates directly from MS, usually takes a few minutes (usually less than ten, OK, SSDs disk help) to check and update, and that's over an old 7 Mb/s ADSL. The WSUS server at the Office sync flawlessly at night.

      Never saw an automatic reboot which cannot be delayed when a user is logged, especially before all updates have been downloaded and installed - but check your Windows Update policies. If WU is configured to automatically update, and no user is logged, it will reboot automatically (that's how you updated unattended systems). Error codes have a meaning but MS made them cryptic, it may take time to understand what they really mean.

      Sometimes Windows may reboot automatically when it processes some specific updates after the first reboot, but it happens before the logon screen.

      You would need to understand where the issue really is, the network traffic, or the system itself (if not both). Because it was your previous situation to be "wrong".

      1. Anonymous Coward
        Anonymous Coward

        Re: Worrying

        I live in southern England. I have a fairly powerful PC with plenty of RAM and a fast SSD, and my ISP usually provides reliable and consistent download speeds of 35-37 Mbps. The unbelievably slow download speeds are certainly due to Microsoft's servers, or intermediate cache servers, or - most likely - the algorithms that allocate resources. Perhaps someone who is sticking with Windows 7 and lives outside the USA is, let's say, "less favoured".

        That said, soon after my previous post I turned on a couple of other PCs in the same house, and several hours later they are both still "checking for updates". One really has to hope that none of those ominous-looking "security" updates are really urgent, when a computer has to be left connected to the Internet for hours just in order to find out what updates (if any) are available.

  10. Bronek Kozicki
    Megaphone

    There are 3 things certain in life

    Death, taxes and Flash vulnerabilities

  11. MrKrotos

    Windows 7 Updates

    Has anyone else noticed recently that Windows 7 machines are slowing down?

    I have a few Win7 machines at home for audio applications, in the last month or so I have noticed that all of these machines have started to slow down a bit compared to say 2 months ago.

    After login machines take a bit longer than before to show desktop, applications launch a bit slower and the overall performance of the machine has dropped.

    Just me?

    1. Chika
      Linux

      Re: Windows 7 Updates

      No, not just you. It has been generally reported in a number of places that update checks and downloads have been getting worse. I suspect that the infrastructure being used by Microsoft is being downgraded as yet another strand of their effort to piss users off enough to get them to shift to W10 despite the requirement to maintain a reasonable quality of service throughout the lifetime of the operating system.

      But that's only a suspicion, mind.

      Mind you, if that's really what they are doing then it could also be another reason why so much is being made here and elsewhere of users ditching Windows altogether and loading Linux instead. I did an update on my main openSUSE 13.1 system today as well - 22 patches including kernel mods, downloaded and installed with a complete system reboot (the system didn't insist on it but I like to restart it anyway if the kernel is being frobbed at all). Took about ten minutes from the first "su" command to getting the desktop back (yes, I do it the old fashioned way from CLI rather than use Apper).

      Started my W7 update just before that...

      "Checking for updates"

      1. Anonymous Coward
        Anonymous Coward

        Re: Windows 7 Updates

        " I suspect that the infrastructure being used by Microsoft is being downgraded as yet another strand of their effort to piss users off enough to get them to shift to W10..."

        Not going to happen in my case. Whenever Windows 7 ceases to be viable, I am going over to Linux permanently.

        1. Chika

          Re: Windows 7 Updates

          "...yet another strand of their effort to piss users off enough to get them to shift to W10..."

          Not going to happen in my case. Whenever Windows 7 ceases to be viable, I am going over to Linux permanently.

          Fair enough. As Windows XP users have been finding, a system that has gone out of support doesn't just stop working there and then. Of course they do need to be a bit more careful since software support gets increasingly hard to find as devs stop deliberately developing for it. No doubt Vista will end up the same way soon and W7 bites the biggie in 2020 but again this doesn't mean that they will stop working that same day.

          To down side, of course, is where the system may have a security bug which will of a matter of course go unpatched. One thing that so many fail to consider, however, is how likely a security flaw is to be exploited - if a Word document could be exploited but the user uses LibreOffice, for example, does the exploit actually happen? It's all down to the likelihood of a bug being exploited, not just that the bug is there and if the likelihood of the exploit is too much, then it's time to shift.

          As for me, I have my own set of W7 machines and all of them are likely to stay with W7, probably until they go EOL. What happens after that depends on what happens next with Microsoft.

  12. Chika

    "Checking for updates"

    1. Chika

      Still checking...

      1. Compression Artifact
        FAIL

        "Still checking..."

        On my Windows 7 machine, the previous three monthly updates spent 1/2 hour, 3 hours and 5 hours in the "checking for updates" mode apparently doing nothing, before getting on with it. The wait time seems to be going up exponentially rather than just linearly.

        1. Chika

          I can believe that.

          Still checking...

    2. Fatman
      FAIL

      RE: "Checking for updates"

      This morning, I fired up my Linux box, and in less than 30 seconds, I had reloaded the repository files.

      Synaptic told me that i had only 3 packages that needed updating, two of them involve libpurple, and then of course, the obligatory flash-plugin-installer.

      I was done within 3 minutes.

      Yes, there are times where updating the repository files indicates that a shitload of updates are available, and that I may have to download shitloads of package files; but that pales in comparison to Windows.

      When I bought this PC, it was factory infected with the Windows malware. Recognizing my desire to make EOLing the machine reasonably painless, I purchased another hard drive and installed Linux on it. The Windows malware infected disk sits in the case, power and data cables disconnected. The only time I fire that hard drive up is every 6 months or so, to perform a Windows Update. Considering how long it takes Windows Update to check for updates, download them, and install them, I often find that I must find some other way to occupy my time.

      Once, I drove to a theater, saw a movie, and returned, and Windows Update was still running.

      Jesus Fucking Christ, I was gone for more than 3 hours, and Windows Update was still fucking around, "Checking For Updates". It made me wonder if one of those 'updates' doesn't increment a delay loop value in order to cause the appearance of """slowness"""; and impart on the unfortunate Windows (l)user that they """need""" a new PC. After all, PC manufacturers are Microsoft's """Partners""".

      Windows Update is a big FAIL in my book!!!

  13. Chika
    FAIL

    It's time for Microsoft to Fix the Windows 7 Update Slowdown

    Actually, here's an interesting Infoworld article about this problem from April. Seems that some sloppy housekeeping at Microsoft may be to blame here.

    It's time for Microsoft to Fix the Windows 7 Update Slowdown

    Three months ago, eh? Microsoft must really love its users!

    1. Anonymous Coward
      Anonymous Coward

      Re: It's time for Microsoft to Fix the Windows 7 Update Slowdown

      One of those cases where it's really, really hard to decide whether Hanlon's Razor applies. On the other hand, as Pig Hogger pointed out on Slashdot years ago, "Any sufficiently advanced incompetence is indistinguishable from malice".

    2. Carl D

      Re: It's time for Microsoft to Fix the Windows 7 Update Slowdown

      Well, after an hour of waiting I gave up with Windows Update the other day.

      Now, I'm trying again (Windows 7 Professional). Half an hour of "Checking for updates..." and still nothing.

      I'm absolutely certain MS is deliberately screwing with Windows 7 users. As I said in an earlier post - a week ago it took less than a minute or two to check for updates and to tell me I was up to date.

      Now, since Patch Tuesday, the 'eternal wait' has returned. I haven't changed anything at my end since last week so logically, the 'problem' must be at MS's end. Doesn't matter what time of the day or night you try to get updates, the 'problem' is always the same.

      Someone at another forum suggested MS has put some sort of random delay loop into Windows Update for W7 which could possibly explain why some people get the list of updates fairly quickly and others have to wait hours.

      Let's see what happens next month when the W10 'free' upgrade offer is finished (Thank God!). If W7 updates return to normal (or as normal as one could expect from MS) then we'll know for sure they've been messing with us since W10 came out last year.

      Three quarters of an hour now and still "Checking for updates...". If nothing happens after an hour or so I'll be giving up and using the latest Simplix package to update when it is released soon (assuming they can get the updates from MS, of course).

      1. Chika
        FAIL

        Re: It's time for Microsoft to Fix the Windows 7 Update Slowdown

        An hour? I actually went to bed in the end! I eventually went back to the system in question many hours later to finally shut it down having installed 8 patches (and hidden the usual nag patches).

        I have another machine to do but I suspect that it'll be quicker to download the standalone patches and install them than wait around for Windows Update!

        1. Carl D

          Re: It's time for Microsoft to Fix the Windows 7 Update Slowdown

          Finally got the updates to show after almost an hour and a half.

          Then, it took less than 2 minutes to download and install the 4 security updates I chose to install. I don't get offered updates for Internet Explorer since it hasn't been updated from IE8 which comes with Windows 7 SP1 and I've 'removed' it with Programs and Features in Control Panel (yep, I know that doesn't actually remove it but as far as Windows Update is concerned IE doesn't exist anymore).

          The amount of time one has to spend sodding around with Windows Update for W7 these days is ridiculous.

          Of course, I had to hide 2952664 for about the 20th time *sigh*. I've noticed that one and it's 'partner in crime' 3035583 and a few other W10 nags don't seem to have any trouble showing up in Windows Update at random times of the month - not just Patch Tuesday.

  14. paularlen

    Yes,and this batch rendered my Windows 10 machine almost unusable.Of the apps,Mail,Chrome,'Weather',even 'Cortana',useless. Purple horizontal lines,like tv interference moved up and down my screen! I uninstalled the July updates,and back to normal.Interesting,the MS-074 'fix'was for a sort of "backdoor'created by Microsoft itself in meta-code files.

  15. Mark 85

    After waiting more hours than I care to think about today (3 to 6 hours depending on the machine).. all the PC's with Win7 got the patches (but not the Win10 downgrade). Now it seems that IE11 is dead dog slow in opening a new tab from a link or just a new tab. I suspect it's the IE11 update since Firefox and Chrome are working fine. Maybe a ploy to make everyone want to go the Edge?

    My dual boot Mint/Win7 survived this round... but Win7 is acting decidedly a bit tired.. err.. sluggish. I'll be happy when I get one more program to run in Mint and I can kiss Win7 bye-bye on my machine. The wife's desktop and laptop are next for Mint as soon as she finishes the project she's working on in a few months. My travel laptop is going full Mint next week.

    As Willy Nelson said: "It's been fun but it ain't been real fun". (Looking at MS very angrily.)

  16. MrKrotos

    Not just slow update "scanning"

    Just wanted to add to my 1st post, I was talking more about the actual Windows 7 machine overall performance not the long "Scanning for updates" which is a well known issue.

    I have a few W7 machines at home that I keep a very close eye on as they are for audio applications (DJ'n, sequencing, audio transcoding and audio processing). These machines were installed by me manually and I am very fussy about the installs (correct up-to-date drivers, fine tuned asio etc).

    These machines are now starting to show application performance degradation, and all the machines are unique (different makes, models and software from each other).

    Not 100% sure this is down to 1 update or patch as they seem to have gotten slower over the last month or so, not so much over night.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like