September 2017
September’s retinue of Microsoft patches includes one very important .NET fix that blocks a security hole brought to life when you open an RTF file in Word. So far, it's only been seen in the wild in a Russian-language RTF document, apparently generated by NEODYMIUM, allegedly used by a nation-state to snoop on a Russian-speaking target.
Several researchers have found ways to leverage the security hole, and it's only a matter of time before some enterprising folks come up with ways to turn it into a widespread infection vector. Bottom line: If you can't keep your finger off the "Enable Editing" button in Word, you better get this month's security patches installed.
- The Win10 Creators Update cumulative update, KB 4038788, brings Win10 1703 up to build 15063.608. It contains 25 security patches as well as dozens of plain old bug fixes. I’m seeing a number of complaints about Edge misbehaving after the update: behind-the-scenes crashes showing in Event Viewer and Reliability Monitor, and occasional stops with an application error event id of 1000. So far, there aren’t enough reports to confirm that there’s a bona fide problem with Edge, but it’s a concern.
- The bug in Word and Outlook that I described earlier this week, Buggy Word 2016 non-security patch KB 4011039 can’t handle merged cells, is still around. That’s the same bug I wrote about a couple of weeks ago in Word, Outlook merged-cell problem arises after install of patch KB 3213656. Microsoft has (finally!) confirmed both of the bugs. The only solution offered:
- "You can uninstall both KBs and your tables will return to normal," Microsoft said. "We anticipate releasing the fix for this issue in the next monthly update, tentatively scheduled for October 3, 2017."
- Excel 2016’s security patch KB 4011050 can put spurious black borders around rows or cells. If you’re getting unexpected black borders, download and manually install KB 4011165. As best I can tell, that bug isn’t listed on the official Fixes or workarounds for recent issues in Excel for Windows site.
- Multiple language problems with the Outlook 2007 security patch KB 4011086. Reports of Hungarian switched to Swedish, Italian to Portuguese, Slovenian to Swedish, Italian to Spanish, Dutch to Swedish, and who-knows-what-else. The solution, offered by TechNet poster Sitz-AIR: 1) uninstall KB4011086. If you have two of them listed, uninstall both of them.
- 2) hide them
- 3) restart Windows
- 4) Outlook 2007 UI original correct language was restored.
A general reminder: If you have trouble installing Windows 10 updates, make sure you go through the list at Windows 10 install issues -- and what to do about them.
For up-to-the-second notices, see the Patch Alert update on AskWoody