Windows 8.1. Update required for future Windows 8.1, Server 2012 R2 security patches

Today is the last batch of security updates for Windows XP, so if you need them then go get MS14-018 and MS14-019. You are also reminded that MS14-017 and MS14-020 are the final updates for Office 2003. People staying on XP will be “six times more likely to get attacked than Windows 7 users.” Experts warn that attackers are circling like hungry sharks about to embark on an XP feeding frenzy. Others warn that staying on XP after its retirement will be hell for the user, but heaven for hackers.

Ladies and gentlemen, get ready for restarts. For April 2014 Patch Tuesday, Microsoft released four security bulletins, providing fixes for flaws in Microsoft Windows, Internet Explorer, and Microsoft Office; only two are rated Critical due to Remote Code Execution (RCE) vulnerabilities.

MS14-017 fixes the rich-text format (RTF) files flaw in Microsoft Word, previously described in Security Advisory 2953095. If you applied the Fix It to disable opening RTF files with Word, then you need to disable it after patching or else RTF files will not render correctly. MS14-018 closes six RCE holes in Internet Explorer.

Below is Microsoft’s recommended deployment priority list, but let’s jump to the “important” Update for Windows 8.1, Windows Server 2012 R2, Windows RT 8.1.

Update not important, but required for all Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 systems

Unless you want to join the XP crowd, and get no more Windows updates, then all Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 must install the Windows 8.1 Update. Microsoft notes it as “important” to know that “all future security and nonsecurity updates” require this Update to be installed. It’s ironic to therefore call the patch “important” as failure to deploy it will leave systems vulnerable and unable to deploy the next “critical” security patch that comes along. (All instances where Update is capitalized refers to the Windows 8.1 Update.)

Before you can grab this all-important Update, you must have KB2919442 installed; it came out in March so if your system patches are current then you are good to go. If you still run basic Windows 8, then you don’t need the 8.1 Update. If Windows 8 users do want the Update, then it’s a two-step upgrade.

If you were looking forward to this Update so you could have a Start menu again, then prepare to be bummed out. Microsoft’s Premier Field Engineering blog states that the Update “does NOT include the Start menu that you may have seen/heard about at the recent Build conference. That is some exciting near-future stuff, which demonstrates our on-going commitment to deliver on customer feedback.”

It seems that if Microsoft really cared about customer feedback, the company would have dropped its Windows 8 “make them eat Metro” mindset and reinstated the Start menu almost immediately.

Since this Update is supposed to make Windows a bit better for keyboard and mouse users, expect the Update “to change your system’s behavior.” Basically that means your machine will boot directly to desktop by default. It’s hard to imagine that anyone would want to continue booting directly to the hideous Start screen, but you can tweak the settings and make that possible if you so choose.  

After the Update, the Start screen will have a new UI with power and search buttons. Another change is the ability to right-click Tiles with your mouse to see style menu options. Since traditional PC users will boot to desktop by default, you might have hoped to bypass Tiles like Store. Too bad, as the Windows 8.1 Update automatically pins Store to your desktop Taskbar by default. You do have a choice about pinning or not pinning specific Store apps.

In the words of the Field Engineers, “But wait – there’s more! Not only can you pin Store Apps to the Taskbar; now, running Store Apps can show up on your Taskbar, just like a traditional Desktop App would.” That’s supposed to be “cool,” but what seems cool to me is that you can choose for those Modern Apps not to take up that “precious real estate on your Taskbar.” If you like that idea, then right click on the Taskbar, select Properties, and uncheck the box beside “Show Windows Store app on the taskbar.” Warning, if you don’t leave that box checked then you won’t see the “minimize” option, just an “X” to close apps.

After the update, if you are not using a tablet, the new default behaviors include:

• Boots to Desktop.
• Closing App takes user to the previously used App.
• After closing all Apps the user ends in the Desktop.
• Pictures, Music and Video files open with Desktop applications.

If you multitask like a fiend and enjoy a crazy-busy Taskbar, the engineers suggested dragging to make the Taskbar twice its normal height so you can see all the Modern and traditional apps at once. There are other tweaks such as viewing Apps and changes to the OS UI after the update, but since so few people have Windows 8.1, I’ll only add one more thing for now.

System admins and corporate IT folks may want to check out the IT Pro Perspective for the Windows 8.1 Update as well as “Enterprise Mode” for Internet Explorer 11.

Like this? Here’s more posts:

• Twice as many desktops still running Windows XP than Windows 8, 8.1 combined
• IP address does not identify a person, judge tells copyright troll in BitTorrent case
• Forget physical access: Remote USB attacks can blue screen Windows servers
• Is Obama’s proposal to end NSA bulk collection of phone records really a privacy win?
• Social engineer tag teams to capture the flags at Def Con 22 contest
• Google wants to black out court details about data-mining e-mails
• Fake police warning leads to murder-suicide: Deaths due to ransomware?
• Your privacy is ‘very important,’ Microsoft says after reading users’ emails and IMs
• How to change Windows 8.1 to local account with no Microsoft email account required
• Biased software vulnerability stats praising Microsoft were 101% misleading
• North Korean leader plays Homefront on Xbox to practice taking over US
• Researchers: Phone metadata surveillance reveals VERY personal info about callers

Follow me on Twitter @PrivacyFanatic