• Patch Lady – we have an “out of band” release

    Posted on September 23, 2019 at 14:03 CDT by Comment in the Forums

    https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/

    We get them so rarely these days it probably needs a bit of explanation:

    For those of you that use Windows update, you will get a security patch pushed out to your machine and it will demand a reboot.

    Susan update:  The KBs state that these will not be pushed out via Windows update, but instead come down only if you go to the catalog.  Thus totally BREAKING the definition of “out of band update”.  Geeze Microsoft.

    For those on Windows 10 it will be a cumulative update:

    4522016 for 1903

    4522015 for 1809

    4522014 for 1803

    4522012 for 1709

    4522011 for 1703

    4522009 for RTM of Windows 10

    4522010 for Windows Server 2016

    4522015 for Windows Server 2019

    4522007 for Windows 8.1, Windows 7, Server 2012, Server 2012 R2 it’s a patch JUST for Internet explorer – so both A and B patchers can install it.

    For those of you with WSUS updating rules or quality update deferrals, this will respect those settings.

    Bottom line, there’s a security issue for which Microsoft sees active targeted attacks to their customers and thus they’ve determined it should be pushed out now rather than waiting for the second week of next month to fix it. 

    Bottom line, there’s a security issue for which Microsoft has apparently deemed it an “out of band” but not enough of an “out of band” to be pushed out to automatically update.  Confused?  I am.  Should you install it?  Obviously not given how they are handling this update.

    Updated note:  Per Nick from the patchmanagement.org list, Microsoft has told Enterprise customers that this will be on Windows update and WSUS on Tuesday, September 24 Redmond time (aka the D week release).  So unless you have deferrals in place you will be getting it tomorrow on your Windows 10 machines.  I’ve always been informed that attackers can call a specific program so even though you aren’t using IE, that doesn’t mean it’s not embedded into the software.

     

    Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.