This month’s security patches have a lot of problems and it’s hard to decide where to start. Let’s start with a problem we’ve already learned and then go to an area that has not yet been fully defined. It is worth mentioning that Microsoft is now acknowledging many of the past vulnerabilities.

This month’s relatively easy part of the reason, I believe, in Windows 7 and earlier versions of Windows 10 (including Fall creators Update, version 1703, has become more or less fully baked, and keep my selection version). In addition to some mundane security patches, the December Win10 1607 update fixes the “Cdpusersvc_xxxx has stopped working” bug introduced in a security patch two months ago, and the rest is largely routine.


Of course, the exception is the Windows Fall Security Update version 1709. If you succumb to pressure (or forced upgrades) and install the latest version of WIN10, you will be Remonsnic by your trust for a series of unfortunate patch events. If you want to install this month’s update on WIN10 1709, be sure to read the Computerworld issues and solutions. Or, it’s best to forget about it by next month.

The only major problem I see in office 12 is to block the word {ddeauto} field, a mysterious topic I mentioned yesterday. If you have a Word document that needs to be updated every time you open it, you will only notice the difficulty. So, if you install this month’s office patch and then open a Word document and no longer respond correctly (by extracting the data from an Excel spreadsheet and putting the data in a document), you need to manually work around the registry and turn the DDE right again. As a long-time advocate of powerful documents, I am sorry to see the “Automatic” feature. At the same time, I can understand why their days are countless. I hate to admit it, but Microsoft has made the right choice to cut off “automatic” updates.


If you are using facial recognition (also known as Windows Hello) on Windows 10 to log on to your computer, be aware that earlier versions of the Microsoft operating system may be easily fooled by simple photos that users print. Even those who run the latest fall creator updates may become victims here. However, it is critical that, if facial recognition is set up in previous releases, it may even affect the Windows 10 machine, which is about to be fully updated, running the version 1703 or 1709 version of Fall creators update. In other words, to avoid it, you need to set Windows Hello again, even on the latest version of a computer that uses the Microsoft desktop operating system. All of this sounds like a very worrying loophole in the Microsoft facial recognition login program, assuming the security companies make money here. However, it seems that if you log on to a Windows PC using facial recognition, it may be a prudent idea to set it again. Alternatively, if you are running an earlier version of Windows 10, you will need to update to the new fall creators update and then reset Windows Hello.

There is a warning around a password manager that has recently been bundled with some versions of Microsoft’s flagship operating system. Keeper Password Manager was preinstalled on his computer because of the new installation of Windows 10. This vulnerability was resolved in version 11.4, removing the vulnerable “add to existing” feature. Patch-supported operating systems include Windows 10,windows vista,windows 8,windows 8.1 and Windows 7.


Many users have rated the upgrade of Windows 10 to 1703 to 1709 as a forced upgrade from Win 7 and 8.1 to 10-“Get Windows X” campaign. Although the surface is different, the end result is the same. Many people who use Windows Fall Update (version 1703) are forced to upgrade to Fall creators update (version 1709) this month, even on systems that do not need to be upgraded. Known issues in this update:

Windows Pro devices on the current business Branch (CBB) will be upgraded unexpectedly. Microsoft is researching the solution and will provide updates in the upcoming release.


Those who were forced to upgrade from 1703 to 1709 are now in a state of trap; If one allows the WIN10 to update itself automatically and 1709 installer decides to take over, then one will stay at 1709. The user has 10 days to roll back to the old version, and those days are gone.

The Microsoft Security Technology Center emphasizes how vulnerabilities work and a remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user “if the current user is logged on with administrative user rights, the attacker can control the affected system.” Attackers can install programs; View, change, or delete data; Or create a new account with full user rights.

Related Windows News: