Updates 10/11/16 - "Microsoft+Adobe Tuesday"

Adobe Flash has been updated to  23.0.0.185

In today's scheduled release, we've updated Flash Player with important bug fixes and security updates.

These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  

Adobe has released security updates for Adobe Acrobat and Reader, for Windows.  

These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. 

Adobe Reader XI, sequential update (starting from any Windows 11.x version) to 11.0.18

https://www.adobe.com/support/downloads/detail.jsp?ftpID=6101

=========================

Remark:   For people using Reader DC (Document Cloud), or other Reader versions for Windows, you can locate your appropriate update here:  https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

For people using Acrobat  for Windows, you can locate your appropriate update here:  http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

============

Documentation has been released as https://helpx.adobe.com/security/products/acrobat/apsb16-33.html

and https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.18.html

The Adobe Reader/Acrobat updates insist on reactivating several associated StartUp programs (registry entries) and Service that you might have previously disabled.

I've found the most effective way to stop them is to use CCleaner, select Tools / Startup , and then click-on and DISABLE each of the Adobe entries (if present):

Acrotray (Adobe Assistant)

ARM

SpeedLauncher

[ Not sure why, but CCleaner is doing a better job on these Adobe "pests" than WinPatrol.... ]

The Adobe Acrobat Update Service can be disabled via WinPatrol.

WARNING:  The link for this separate download of the MSRT is now pre-checking a box to also download "MSN default homepage & Bing default search engine".    Be sure to uncheck this, unless you really want it!

Malicious Software Removal Tool (MSRT, MRT) for October, version 5.41

http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx 

Reminder:   Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].

Having located and documented all the INDIVIDUAL security updates in this thread (see above), when I go to Windows Update, it found only FOUR (4) updates:

1 - Security Monthly Quality Rollup for Windows 7x64 (119.4 Meg)

2 - Security and Quality Rollup for .Net Framework

3 - Security Update for Microsoft Word

4 - Security Update for Microsoft Silverlight

(I had already downloaded and run the MSRT separately)

====================================

I'll say this, the SEARCH for updates was faster than it's been in ages... (at least, on the first machine I tested)... so at least that's an improvement.   EDIT:   But it's been dragging on subsequent systems :-(

====================================

(Only) The Security Monthly Rollup for Windows required a reboot... which I've done... so far, so good.

From https://technet.microsoft.com/library/security/ms16-oct

The following 5 updates are rated CRITICAL:

MS16-118 Cumulative Security Update for Internet Explorer (3192887)

MS16-119 Cumulative Security Update for Microsoft Edge (3192890)

MS16-120 Security Update for Microsoft Graphics Component (3192884)

MS16-122  Security Update for Microsoft Video Control (3195360)

MS16-127 Security Update for Adobe Flash Player (3194343)

====================================================== 

The following 4 updates are rated IMPORTANT:

MS16-121 Security Update for Microsoft Office (3194063)

MS16-123 Security Update for Windows Kernel-Mode Drivers (3192892)

MS16-124 Security Update for Windows Registry (3193227) https://technet.microsoft.com/en-us/library/security/ms16-124.aspx 

MS16-125 Security Update for Diagnostics Hub (3193229) https://technet.microsoft.com/en-us/library/security/MS16-125 

===========================================

The following update is rated MODERATE:

MS16-126 Security Update for Microsoft Internet Messaging API (3196067)

This month's MSRT adds detection/removal of:

Win32/Ghokswa - This threat installs a modified version of Chrome and/or Firefox browsers, replacing any existing copy of these that were already installed on the system.

These modified copies have different search and home page settings that the user may be unable to change, and update components that may download additional unwanted software.

 ---------------------------------------------------------

Win32/SupTab - This browser modifier installs add-ons or extensions to your Internet browser without your permission. It also and modifies your search settings.

Usually, this threat bypasses the normal prompts or dialogs that ask for your consent to install browser extensions, toolbars, or add-ons into the Internet Explorer and Google Chrome web browsers.

 ---------------------------------------------------------

Win32/Sasquor - This browser modifier can change your web browser settings without adequate consent.   

This threat is a family that modifies browser search and home page settings, and may download and install additional malware such as Trojan:Win32/Xadupi and Trojan:Win32/Suweezy.

 --------------------------------------------------------

For additional information, see https://blogs.technet.microsoft.com/mmpc/2016/10/11/msrt-october-2016-release-adding-more-unwanted-software-detections/

The Adobe Reader/Acrobat updates insist on reactivating several associated StartUp programs

Be sure to look in the Task Scheduler >Task Scheduler Library too because Reader updates always set a task to look automatically for updates, regardless of how you set that option in Reader itself. Disable the task, assuming you don't want to look for Reader updates automatically.

And if you expand the list under Task Scheduler Library and then expand the Intel folder, you may find an "Intel Telemetry 2" task is also scheduled which is described as the "Uploader for the Intel Product Improvement Program". Sounds like another bit of spyware big tech monsters are using to collect data from our PCs when we're not looking. You may want to disable this one too, at your own risk, of course...

There are literally dozens of scheduled tasks in the Microsoft folder in Task Scheduler. I don't know what many/most of them do, so I can't advise whether they should be disabled, but a lot of them are running on a regular basis on my Win 7 32-bit PC.

Here's are examples of just two that ran today behind the scenes:

1. The Windows Scheduled Maintenance Task performs periodic maintenance of the computer system by fixing problems automatically or reporting them through the Action Center.
2. Microsoft Reliability Analysis task to process system reliability data.

Big Bro is watching and this will probably get worse now that MS is using monthly rollups instead of offering individual updates that each user can accept or reject... :emotion-40:

Be sure to look in the Task Scheduler >Task Scheduler Library too ...

Thanks for that tip. On my Win 7 x64, I found about 3 dozen Windows scheduled tasks in the Library, most of which were automatic, recently run and scheduled to run again. MS is certainly a busy bee ...

I have listed some of these scheduled tasks that are optional, and that phone home to the MotherShip (MS):

AitAgent: Aggregates and uploads Application Telemetry information if opted-in to the Microsoft Customer Experience Improvement Program.
Proxy: This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program.
SystemTask: Certificate Services Client automatically manages digital identities such as Certificates, Keys and Credentials for the users and the machine, enabling enrollment, roaming and other services.
Consolidator: If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft.
KernelCeipTask: The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft.  If the user has not consented to participate in Windows CEIP, this task does nothing.
UsbCeip: The USB CEIP (Customer Experience Improvement Program) task collects Universal Serial Bus related statistics and information about your machine and sends it to the Windows Device Connectivity engineering group at Microsoft.  The information received is used to help improve the reliability, stability, and overall functionality of USB in Windows.
Microsoft-Windows-DiskDiagnosticDataCollector: The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program.
ValidationTask: Microsoft Update KB971033
ValidationTaskDeadline: Microsoft Update KB971033

The last 2 Validation tasks/KB971033 refer to the optional update for Windows Activation Technologies (WAT) from MS, described here:
support.microsoft.com/.../971033
They are basically the Windows 7 equivalent of Windows Genuine Advantage (WGA), and I would normally never have installed them voluntarily, but they were installed shortly after I purchased this PC in 2011, no doubt as part of a massive update for a new PC. They run every 90 days, lest I pirate some MS program in the interim. My attempt to uninstall KB971033 via Control Panel was successful, and those Validation tasks disappeared from my Task Schedule library (WAT folder). Not surprisingly, when I next visited WU, KB971033 was again offered, as an "Important Update". (I hid it, with extreme prejudice).

Similarly, I was able to disable all those CEIP tasks, effectively opting out of the CEIP, using the following:

1 In the Windows 7 or Windows 8 operating system, start the control panel and click Action Center > Change Action Center settings.
2 Click Customer Experience Improvement Program settings.
3 Select No, I don't want to participate in the program and click Save changes.
4 Start the control panel and click Administrative Tools > Task Scheduler.
5 In the Task Scheduler (Local) pane of the Task Scheduler dialog box, expand the Task Scheduler Library > Microsoft > Windows nodes and open the Application Experience folder.
6 Disable the AITAgent and ProgramDataUpdater tasks.
7 In the Task Scheduler Library > Microsoft > Windows node, open the Customer Experience Improvement Program folder.
8 Disable the Consolidator, KernelCEIPTask, and USBCEIP tasks.

I finally got around to installing the two October Rollup Updates (125 MB, and a 15 minute process including restart). I looked through the Task Scheduler Library; all the CEIP tasks remain disabled, and the WAT folder remained empty.

Disclaimer: Although the above instructions worked for me, YMMV. I'm not particularly advocating any of them. In fairness, I must say these tasks caused me no problems over the years, and I doubt they slowed my system any. KB971033 never did flag my system as pirated (scant solace to the many owners of genuine MS software that were flagged falsely as pirated, I'm sure).

Thanks for that tip.

You're welcome...

Pretty amazing how much stuff runs in the background. Obviously some is required for proper Windows function, but a lot of it is probably junk, bordering on spyware.

Some of those tasks probably explain slow performance on this 32-bit Win 7 system at certain times of the day. I use a little CPU/internet activity widget that some times pegs with activity even when the PC is idle (eg, PC is on but I'm not using it). So something is hogging the CPU.

Almost makes me want to go back to paper and (invisible) ink...