back to article Don't just grab your CPU bug updates – there's a nasty hole in Office, too

In case you've been hiding under a rock for the entirety of this new year (and we don't blame you if you have) there are a handful of major security flaws that have been dominating the news, and feature prominently in this month's Patch Tuesday update load. First, let's look at the latest developments in the Meltdown/Spectre …

  1. Anonymous Coward
    Anonymous Coward

    The cesspool that is windows

    Its laughable that so many businesses run it everywhere without question, when in many cases there are far more secure cloud based offerings.

    1. Solviva

      Re: The cesspool that is windows

      A cloud OS?

    2. RyokuMas Silver badge
      Facepalm

      Re: The cesspool that is windows

      The "cesspool" as you call it has been around for around 30 years, give or take, and a lot of businesses have invested a lot of time and money in developing systems based on it. Moreover, the staff of said businesses, especially the older ones who tend to be in positions of management, are used to Windows - "the devil you know" and all that.

      Now, if you have a magic wand that you can wave that can make an entire board of directors suddenly decide "Hey! Let's dump years worth of time, money and training and re-develop everything we use to run on something other than Windows because it's more secure" - please, do let me know. I can think of more than a couple of places where I would use it...

      But in the real world, we have to accept that Windows - for all it's flaws - is very much a part of what we are likely to face in the working environment. Cope.

      1. sabroni Silver badge
        Thumb Up

        Re: Cope.

        But repeatedly posting the same anti MS moans over and over and over again is SO MUCH FUN!!!!

        1. RyokuMas Silver badge
          Paris Hilton

          Re: Cope.

          My favourite has to be when these people start whining about Microsoft's lack of innovation... pot, kettle.

    3. DJV Silver badge
      Thumb Down

      Re: The cesspool that is windows

      "Its laughable that so many businesses run it everywhere without question, when in many cases there are far more secure cloud based offerings."

      I was with you until you mentioned "cloud"...

  2. redpawn Silver badge

    Is this Movie

    a re-run or an homage to past updates to Word. I expect younger users will be patching Word for their entire lives. Switched to StarOffice -> OpenOffice -> LibreOffice a fair while back. Yes it displays Word documents as badly as MS Word but nothing is perfect.

    1. VinceH

      Re: Is this Movie

      Amusingly, I received a Word doc by email a couple of weeks before Christmas, which I needed to forward to someone else. He printed it using Word and the result ended up back with me. It printed incorrectly, so I want back to the original email I'd received and printed it from there, using Libre Office.

      It was wasn't quite right, but the result was much closer to how it should have looked than the version that spewed forth from Word.

      (Most likely, the source used a different version of Word than the person I forwarded it to - but still!)

      1. Richard Plinston

        Re: Is this Movie

        > (Most likely, the source used a different version of Word than the person I forwarded it to - but still!)

        The main cause of differences is that there are different fonts. Even within implementations of a particular font there may be tiny differences that accumulate to push a word, for example, onto the next line which then completely changes the layout.

        If you want a document to look the same on different devices then use PDF.

  3. elDog

    Whew. There's only one Adobe user left out there!

    For a while it seemed like they were vacuuming up all the crud software and slapping their brand on it.

    "Oh, you're they guys that invented the PDF and Acrobat. You must be good programmers!"

    Not that this model doesn't apply to every empire-building software-as-a-revenue-source (SARS) but Adobe with its incredibly record-breaking string of vulnerabilities in Flash and Reader really won the prize.

    So hats off to that user who has withstood the passage of time. Perhaps s/he was buried 12 years ago but has one of those licenses...

  4. John Gamble

    Meanwhile...

    "Meanwhile, Microsoft has pulled down KB4056892, the Spectre bug fix that was found to be causing some AMD machines to crash on startup."

    Ah good, I can turn on my desktop machine again. No idea if it would have been affected, but I wasn't going to take the chance. My laptop (A6-based -- yes, it's an old machine, but a good machine) survived the updates, although I'm annoyed about the changes to the look of the GUI.

    1. James12345

      Re: Meanwhile...

      Just turned on the update again and it is now downloading KB405692 - I'll let you know if it kills my PC again, or if MS have modified the fix. It certainly hasn't been pulled.

      1. James12345
        Unhappy

        Re: Meanwhile...

        It hasn't been pulled and hasn't been modified, so it still kills older AMD based systems.

        1. John Gamble

          Re: Meanwhile...

          Oops, read your response after I installed the update. Fortunately, I survived.

          (Athlon II X4 635 Processor running a 64 bit Windows 7 system, for what it's worth.)

          1. James12345

            Re: Meanwhile...

            My Athlon X2 5400B based Acer was killed again. Fortunately, it is an easy fix - turn off, turn on, turn off, turn on and wait for windows to do its repair thing. The only tricky bit is getting wushowhide running before the update is installed again - you just need to keep an eye on it and log in as soon as the repair is finished.

  5. sabroni Silver badge
    Happy

    don't forget to patch your Android devices

    You guys!!!!!

    1. alain williams Silver badge

      Re: don't forget to patch your Android devices

      That is if your 'phone manufacturer bothers to support it once the next model has come out.

      Samsung - I am looking at you.

      1. David Hicklin

        Re: don't forget to patch your Android devices

        I finally managed to patch my T-Mobile Sony xperia SP phone after 3 years of no OS updates.....

        ,,,,,Switched to the dark side and got an iPhone. In 3 weeks I have got twice as many updates as the old Sony!

        1. sabroni Silver badge

          Re: I finally managed to patch my T-Mobile Sony xperia SP phone after 3 years

          The only good thing I have to say about Sony phones is that they make it easy to unlock the bootloader. They may not provide updates but if the device is popular enough you may find a third party Android build for it....

    2. Carl D

      Re: don't forget to patch your Android devices

      Thanks, I'll keep an eye out for patches for my Samsung Galaxy Tab 3 10.1 inch tablet bought in late 2013 or early 2014.

      Hasn't had any updates available for it since late 2014 (KitKat 4.4.2) but I'm sure Samsung will make an exception due to the (alleged) severity of these CPU security issues. Yeah... right.

      Lucky I only use it for web browsing occasionally these days (at least on the sites where I don't get the "couldn't establish a secure connection" message due to the outdated included browser).

      Tried Firefox a few times but it always liked to crash with monotonous regularity.

      And, I like to do a factory reset every month or two to try and stay safe.

  6. Charlie Clark Silver badge

    MacOS update?

    Any news on when this is due? Only had a Safari update so far this month.

  7. Miss_X2m1

    What if you don't have Office installed?

    If you don't have Office installed, do you still need to install the HUNDREDS of patches that have accumulated over the ages?

    1. Warm Braw Silver badge

      Re: What if you don't have Office installed?

      Do you still need to install the HUNDREDS of patches that have accumulated over the ages?

      Time to play your "nobody knows" card...

      1. Miss_X2m1

        Re: What if you don't have Office installed?

        Eeeeeeeeeeeeek!

  8. jim parker

    Has anyone installed the .NET important security update KB4055002 and is using SQL Server Management Studio?

    I find the update means I can no longer use tsql, first I get a font error so I change that and can then enter a select statement but get 'Object reference not set to an instance' error message which I can't get round.

    Uninstalled the update and SQL works again.

    So I'm secure and can't work or insecure and can!

    1. Anonymous Coward
      Anonymous Coward

      Had the same problem with an old version of PC-Doctor. It crashed saying it couldn't find an installed font until KB4055002 was uninstalled.

    2. Anonymous Coward
      Anonymous Coward

      Yes, patch KB4055002 is broken, at least on some systems. See https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/

  9. PNGuinn
    Trollface

    Can I be the first to croak ...?

    "Don't just grab your CPU bug updates – there's a nasty hole in Office, too"

    .... we don't call it Orifice for nothing, Y'know.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021