Now it’s Office’s turn to have a load of patches pulled

Two patches pulled altogether; another is known to cause crashes but should be used anyway.

Now it’s Office’s turn to have a load of patches pulled

Enlarge (credit: Benjamin)

After endless difficulties with the Windows 10 October 2018 update—finally re-released this month with the data-loss bug fixed—it seems that now it's the Office team's turn to release some updates that need to be un-released.

On November's Patch Tuesday two weeks ago, Microsoft released a bunch of updates for Office to update its Japanese calendars. In December 2017, Emperor Akihito announced that he would abdicate and that his son Naruhito would take his role as emperor. Each emperor has a corresponding era name, and calendars must be updated to reflect that new name. The Office patches offer updates to handle this event.

Two of these updates, KB2863821 and KB4461522, both for Office 2010, are apparently very broken, causing application crashes. The company has suspended delivery of the patches, but the problem is so severe that Microsoft is recommending that anyone who has installed the updates already should uninstall them pronto (see instructions for KB2863821 here and for KB4461522 here).

Read 2 remaining paragraphs | Comments

Windows 10 support extended again: September releases now get 30 months

And Microsoft is offering enterprises dedicated app compatibility support.

Article intro image

Enlarge / Licensing is not really the easiest topic to illustrate. (credit: Peter Bright)

In its continued efforts to encourage corporate customers to make the switch to Windows 10, Microsoft is shaking up its support and life cycle plans again. Support for some Windows 10 releases is being extended, and the company is offering new services to help detect and address compatibility issues should they arise.

The new policy builds on and extends the commitments made in February this year. Microsoft has settled on two annual feature updates (the "Semi-Annual Channel," SAC) to Windows 10, one finalized in March (and delivered in April) and the other finalized in September (and delivered in October). Initially, the company promised 18 months of support for each feature update, a policy that would allow customers to defer deployment of feature updates or even skip some updates entirely. Going forward, the September releases are going to see even longer support periods; for Windows 10 Enterprise and Windows 10 Education, each September release will receive 30 months of servicing. In principle, an organization that stuck to the September releases could go two years between feature updates.

Customers of Windows 10 Home, Pro, and Pro for Workstations will continue to receive only 18 months of updates for both March and September releases.

Read 9 remaining paragraphs | Comments

AMD systems gain Spectre protection with latest Windows fixes

Enlarge / An AMD Ryzen. (credit: Fritzchens Fritz)
The latest Windows 10 fixes, released as part of yesterday’s Patch Tuesday, enable protection against the Spectre variant 2 attacks on systems with AMD processors.
Earlier this year, attacks that ex…

Enlarge / An AMD Ryzen. (credit: Fritzchens Fritz)

The latest Windows 10 fixes, released as part of yesterday's Patch Tuesday, enable protection against the Spectre variant 2 attacks on systems with AMD processors.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies. AMD chips are immune to Meltdown but have some vulnerability to the two Spectre variants. Spectre variant 1 requires application-level fixes; variant 2 requires operating system-level alterations.

Both Intel and AMD have released microcode updates to alter their processor behavior to give operating systems the control necessary to protect against Spectre variant 2. Microsoft has been shipping the Intel microcode, along with the operating system changes necessary to use the microcode's new features, for several weeks now; with yesterday's patch, similar protections are now enabled on AMD machines.

Read 2 remaining paragraphs | Comments

Patch Tuesday drops the mandatory antivirus requirement after all

(credit: amalthya / Flickr)
In the immediate aftermath of the Spectre and Meltdown attacks, Microsoft created an unusual stipulation for Windows patches: systems would only receive the fixes if they had antivirus software installed and if that antiv…

(credit: amalthya / Flickr)

In the immediate aftermath of the Spectre and Meltdown attacks, Microsoft created an unusual stipulation for Windows patches: systems would only receive the fixes if they had antivirus software installed and if that antivirus software created a special entry in the registry to indicate that it's compatible with the Windows fixes.

This was due to the particularly invasive nature of the Meltdown fix: Microsoft found that certain antivirus products manipulated Windows' kernel memory in unsupported ways that would crash systems with the Meltdown fix applied. The registry entry was a way for antivirus software to positively affirm that it was compatible with the Meltdown fix; if that entry was absent, Windows assumed that incompatible antivirus software was installed and hence did not apply the security fix.

This put systems without any antivirus software at all in a strange position: they too lack the registry entries, so they'd be passed over for fixes, even though they don't, in fact, have any incompatible antivirus software.

Read 5 remaining paragraphs | Comments