No updates are showing up for my Windows 7 computers.

Did anyone received the early notification for this month updates? Normally we received an advance notification about a week before from Microsoft Premier.

From some of the articles running on Forbes there appears to be some scare tactics at play even regarding  7 and some wav sound file crypto  reporting as well as the fact that Windows 7 is getting one last round of updates for Jan 14(today) before it’s all over.

Now for Windows 7 patches in Feb 2020 that’s when it’s really not getting any new security patches(For Consumers at least). I’m beginning to suspect that MS is embarrassed by missing that 1 Billion devices number goal that’s still to this day at around 900 million for 10. So those scare tactics  is why there needs to be DEFCON3 or higher before I’ll even think about it.

That Sky Is Falling theme is definitely in play today at 7’s EOL but that’s still not going to help any 1 Billion devices goal from being met on 10. People are just not limited to only PCs/Laptops for any light computing needs so Phones/Tablets for video/browsing and other light computer needs sees more devices running Android and iOS filling that need.

“resides in Windows 10”

So not W7 huh? Makes me wanting to go over to the 10-side even less than before …

~ Annemarie

The article said Microsoft is sending the patch to specific entities that might be affected. So far not seeing any new Windows patches in WSUS.

No update(s) download notification on my v1903 as of now. M$ should have an incentive i.e. (big fine) to make sure exploits of this level are not passed on to contractors and paying customers of their OS.

Until patch release and until analysis, I treat the prophecies of doom with exactly what they’re due.

Fool me once.

After reading the article, I got the “boy who cried wolf” impression.  Woody, it seems like you’re starting to become pacified to all the threats.  Just because nothing has materialized with recent threats, doesn’t mean something won’t with each new one.  I definitely agree we should wait to see if any bugs are introduced, but don’t start making us believe there’s no urgency until proven that there really is no urgency.

The January patches are now listed in the Microsoft Update Catalog:

https://www.catalog.update.microsoft.com/Search.aspx?q=2020-01

I should really have put a bet on at the local bookmakers, predicting that there would be a doomsday threat on EOL day for Windows 7 – it was totally predictable, whether real or imagined. Yes we have to take such things seriously, but that doesn’t mean we have to panic.

I am using Windows 7 and just received 4 updates: KB4535102 Security and Quality Rollup, KB4534310 Security Monthly Quality Rollup, KB4503548 .NET Framework 4.8 and KB890830 Malicious Software Removal Tool. I only have beginner computer skills so I will watch this site to see what the verdict is on whether I should install, but am wondering if they will be available for installation after today?

Group B Security-only Updates and the IE11 Cumulative Update have been updated for January 2020 on AKB2000003.

There is a new SSU for Win7. KB4536952 32-bit ot 64-bit
The documentation for the SSU DOES NOT mention the ESU or say it is just for the ESU.

Seeker/cannon fodder report:

KB4532938 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 for x64
KB4528760 Cumulative Update for Windows 10 Version 1909 for x64-based Systems
KB890830 Windows Malicious Software Removal Tool x64

Restart required/accomplished.  So far, so good.

woody wrote:

We’re in for a hum-dinger of a Patch Tuesday today, with knowledgeable folks anticipating a big, scary new Windows exploit and a ‘Softie Captain Ameri
[See the full post at: January 2020 Patch Tuesday running commentary, from the skeptic’s corner]

Martin Brinkmann has the full breakdown :

https://www.ghacks.net/2020/01/14/microsoft-windows-security-updates-january-2020-overview-end-of-windows-7-support-edition/

Reminder for Windows 7 users, the full screen notificaton starts tomorrow, from:

https://support.microsoft.com/en-us/help/4534310

January 14, 2020—KB4534310 (Monthly Rollup)

IMPORTANT Starting on January 15, 2020, a full-screen notification will appear that describes the risk of continuing to use Windows 7 Service Pack 1 after it reaches end of support on January 14, 2020. The notification will remain on the screen until you interact with it. This notification will only appear on the following editions of Windows 7 Service Pack 1:

Read your guidance to turn off updates this morning in New Zealand where it’s already Wednesday and realize that I may be too late to protect myself [running Win8.1] –

From Windows Update in Control Panel
” ! Download and install updates (550.9 MB total)
3 important updates are available
4 optional updates are available”
I’m given the option to install updates, but it is clear as mud whether they’ve already been downloaded and need to be installed, or clicking to install will commence the download.

I did turn off automatic updates. So, am I safe? Or have I been drafted to be a lab rat?

Thanks,
A7

Thank you from Anonymous to PKCano and Cybertooth. I am sincerely appreciative.

“HTTPS connections” are impacted according to NSA advisory: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

According to MS, the big, scary vulnerability only affects Windows 10 and Server, not W7 / 8

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

Yay, Windows 10 , most secure Windows ever 😉

Was brave, just installed the December 2019 KB4530734 no problems so far, and there is a sigh a relief.

Please advise whether I should End, Disable or Delete the EOSNotify and EOSNotify2.

I have found them in the task scheduler, and just want an easy fix, thanks much!

My Windows 8.1 x64 HOME on VAIO laptop got updated and works without issues.

Windows 10 x64 HOME deferred until later for the time being – possibly until coming weekend.

I’ve updated a number of non-critical/test or still disposable pre-production systems so far. 1809 & 1909 Win 10, LTSC 2019, Server 2016, and Server 2019. I have a few of my techs running it on their office PCs too because I like making them guinea pigs. No issues have come to light yet.

I plan to sit in a holding pattern like this waiting for issues to surface unless word comes out about active exploits.

There is nothing in gHacks about this vulnerability, at this time. (3:13 PM, EST) Only two garden variety CVEs, one about a remote desktop attack and one about an exploit that makes IE11 vulnerable to a phishing attack, where the user is bamboozled, as usual, to click something that should not be clicked.

However, the story so far, as I can ascertain it, is thus: at NSA they found this vulnerability and then alerted MS about it. Ms, on receiving the notice from the super-spooks, took quick action, and here we are.

As evidence for this story, there is this document, directly from Spook Central:

https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

Notice that, in the first two paragraphs it says that this CVE affects (only?) Windows 10 and Server 216/219:

“NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows cryptographic functionality. The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable ode while appearing as legitimately trusted entities. Examples where validation of trust may be impacted include:

HTTPS connections

Signed files and emails

Signed executable code launched as user-mode processes

The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors.
NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable.”

As to scaremongering and the Boy That Cried Wolf (too many times):

The boy cried “Wolf” around his village, a place and a time when wolves were a real problem, because they used to come in big packs and kill and eat its inhabitants. So crying “wolf” was serious business that got the boy a lot of attention. He liked that, and so he  kept crying “wolf” with no real wolves in sight. After he did it three times, people decided to ignore him and stop wasting time following the alarms from a proven purveyor of fake alarms.

Until, one day, the wolves really came, they killed and ate everybody in the village, except for the boy and his family. Because Dad had kept, “just in case the boy was not lying, for a change”, his trusty MP-15 well greased, cleaned and loaded, set for “burst” firing (those were the days!) and always close at hand.

Moral of this story: Don’t worry about sudden, alarming news of fierce bugs out there to get people (even if the news come from people close to you, or usually trusted — not the same thing, obviously) but keep the patches handy. Don’t rush to install them, though, but wait — as usual — for indications that they are themselves bug-free, then install them.

And this being my last Patch Tuesday ever (as Win 7 is my last and only Windows for evermore), all I can say is: Wow! What a way to go!

Another 1909 WU without issues (Jan CU, MSRT, Net Frmwk 4.8, Svc Stack). Images were ready. 18363.592

warrenrumak wrote:

This vulnerability exists in Windows 7, too.  It probably has been there since Windows 2000.

 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

Thus far, Win 7 is not on the list.

>>edited for clarity<<

The same updates were pushed to my Dell Latitude E5420.  That is to say more specifically, when I logged in and went to All settings > Update & Security the announcement that there are updates available for download was at the top of the page, followed by the list of available downloads, and below that the prominent “Download” button.  I had to click the button to initiate the download and update process.  No issues with my laptop.

>>end of edit<<

The same updates are being restarted/installed on my NAS as I type this.

All is well.  I haven’t updated the B side of my laptop yet, but I’ll get around to that one soon enough.  Four out of five installations updated with no issues.

Windows so popular and no doubt full of old code that dates back to Windows NT. Microsoft will always be chasing these security holes. Not much difference between a Mac OS, or Linux they too have old code just waiting to be found. Except that those operating systems do not have nearly the numbers of potential exposed users as Windows does.

Write-up by the SANS Internet Storm Center about Patch Tuesday, especially CVE-2020-0601:
Microsoft Patch Tuesday for January 2020

Their summary chart shows that Microsoft only rates CVE-2020-0601 as Important, not Critical.

While the blog post don’t mention it clearly, but .NET 4.8 got refreshed packages for all Windows versions, in addition to the Security Rollup

https://devblogs.microsoft.com/dotnet/net-framework-january-security-and-quality-rollup/

Here’s an article by Ars Technica where they recommend patching right away:
Patch Windows 10 and Server now because certificate validation is broken

One paragraph from the article:

Microsoft has rated the update as “important” rather than critical. But in a blog post, Mechele Gruhn, the Principal Security Program Manager for Microsoft Security Response Center, explained that this was because “we have not seen it used in active attacks.”

Personally I’m not going to rush into patching. At the very least I want see credible reports of proof-of-concept exploits before expediting patching.

I know Java is bad news now but Just in Case… I noticed your Oracle link also went to the VMWare page. On http://www.oracle.com, I searched “Any updates for Java?”. The last SE Critical Patch Update Advisory was October 2012. SE 13 (JDK 13) was released October 2019. Guess we’re cool…

Here’s what I received today:

WINDOWS 7
KB4535102 2020-01 Security Quality Rollup for .NET
KB4534310 2020-01 Security Monthly Quality Rollup
KB4503548 Microsoft NET Framework for Windows 7 for x 64
KB890830 Windows Malicious Software Removal Tool x 64 January 2020

HID THEM ALL FOR NOW…..THEN…DRUM ROLL….

Received :
KB4536952 2020-01 Servicing Stack Update for Windows 7 for x 64 based systems

HID THAT AS WELL…..
Waiting for Defcon Safe…..

QUESTION: I did not install the December 2109 .NET Security and Quality Rollup, it stated Recommended. Will that be an issue and would you install it before any of the January updates?

Thanks….Wonder Woman Cape in Place…. 🙂

Hey Y’all,

Here’s what I got today on my Test machine (Seeker)!

I’ll keep Y’all posted if any problems arise. 😎

An article from Brian Krebs about Patch Tuesday:
Patch Tuesday, January 2020 Edition

He doesn’t make an explicit recommendation about how quickly to apply patches, but he does say (in reference to CVE-2020-0601):

Both Green and White said it likely will be a matter of hours or days before security researchers and/or bad guys work out ways to exploit this bug, given the stakes involved. Indeed, already this evening KrebsOnSecurity has seen indications that people are teasing out such methods, which will likely be posted publicly online soon.

… which is kind of an implied recommendation to patch fairly quickly.

Installed KB4528760, KB4532938, and KB4528759 successfully today.
All working well so far.

I ran out of login sound in windows 7 after installing the latest updates.

Just checked and saw:

2020-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 and Server 2008 R2 for x64 (KB4535102)

2020-01 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4534310)

Windows Malicious Software Removal Tool x64 – January 2020 (KB890830)

<hr />

All labelled “Important”, installed none. Sitting in foxhole for now. Relieved to see that only Win 10 is affected by The Big Whambo.

—

(Sidenote: “Sometimes being a version back from the latest OS is a good thing,” we said in Ye Olde Days of Windows….remembering ME, 2000, Vista, 8.0,…DOS was fairly well behaved by the last version… 6.22?…(chuckle)_oh, the fond memories of debugging ’til 4 AM sessions…)

Thanks to all the Lighthouses on here who keep us off the rocks!

—

Australian govt is recommending patching all three issues right away, jumping on the hype wagon.

https://www.cyber.gov.au/threats/advisory-2020-002-critical-vulnerabilities-microsoft-windows-announced-patch-urgently

bbearren wrote:

In the event that I should one day become botched by a patch, I’m six minutes away from being un-botched.

How many of the 2 billion Windows users would you guess are ‘six minutes away from being un-botched’ ? I would say ~20%
How many will pay hundred$$ in order to fix their botched Windows PCs after an Windows Update ?
I would say ~80%

So, here we are, the last regular Patch Tuesday for Windows 7.

I’m not gonna lie – this is enjoyably interesting.  :]

I just noticed a oddity from yesterdays Updates. Yesterday afternoon i downloaded and installed KB4528760 the CU for 1909. It seemed to and showed that it installed just fine and there were no problems.

This morning i hit checked for updates and it offered KB7528760 again. While it was downloading i checked the version # and it was 18363.535 after the CU was installed the second time the version was 18363.592.

I am not sure if the CU actually failed or it was something else. Just thought i would throw this out there.

. . . not forgetting the EOL of Windows Server 2008.
I’ve been updating a Vista-32 machine with WS2008 x86 updates, since the end of Vista.
15.01.2020. Probably, the last day to trawl through the Security Update Summary, .Net Framework, Sevice Stack etc. Manually loading the updates.
JOB DONE !

CraigS26 wrote:

Another 1909 WU without issues (Jan CU, MSRT, Net Frmwk 4.8, Svc Stack). Images were ready. 18363.592

woody wrote:

Are you encountering the File Explorer Search bug?

No, although with an SSD/HDD combo an SSD article led me to Turn OFF Search Indexing, IF THAT matters / Cortana Never Active …. Just did a test search & all remains well.

According to this, the vulnerability under discussion, that is centered on the crypt32.dll, has been around for quite a while in Windows. At least from the early 2000s, it would seem:

https://docs.microsoft.com/en-us/windows/win32/seccrypto/crypt32-dll-versions

This has some interesting implications that each one of us can figure out by thinking about it.

Updates that came in this morning:

Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4535102)

2020-01 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4534310)

Windows Malicious Software Removal Tool x64 – January 2020 (KB890830)
All Checked and hidden

Servicing stack update for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4536952)
Unchecked and hidden

Checked for updates again
Microsoft .NET Framework 4.8 for Windows 7 forx64 (KB4503548)
Unchecked and hidden

All,

Let us know if “squashing” (disabling) the EOS notify task for 12 noon today worked!
Disabled mine yesterday and no active task for the EOS noted.

Wonder Woman Cape in Hand….. 🙂

Decided to take the risk and install the updates on my 1903 Pro system. No issues so far.

More from the SANS Internet Storm Center:

CVE-2020-0601 Followup

One quote:

Which operating systems are affected?

Only Windows 10 and Windows Server 2016 and 2019 are affected. Windows 7 is not affected. There was some confusion about this because Windows 7 is no longer officially supported after this patch release. But the January 14th patch Tuesday did cover Windows 7. The affected library, crypt32.dll (CryptoAPI), is present in older versions of Windows, including Windows 7. But not all versions of this library are affected. Out of support versions of Windows 10, like Windows 10 1709, are likely vulnerable, and you should upgrade to Windows 10 1809, the current “long term support” version.

The video referenced in the article can be viewed on YouTube:
SPECIAL WEBCAST: What you need to know about the Crypt32.dll / CryptoAPI Flaw

I’m holding off on the Windows 10 machine as I just got it stabilized. The user profile was corrupt and had to be rebuilt. Let’s give it a few days.

Windows 7 machine needs to be connected for a look-see on updates.

Ken Sims wrote:

More from the SANS Internet Storm Center:

CVE-2020-0601 Followup

One quote:

Which operating systems are affected?

Only Windows 10 and Windows Server 2016 and 2019 are affected. Windows 7 is not affected. There was some confusion about this because Windows 7 is no longer officially supported after this patch release. But the January 14th patch Tuesday did cover Windows 7. The affected library, crypt32.dll (CryptoAPI), is present in older versions of Windows, including Windows 7. But not all versions of this library are affected. Out of support versions of Windows 10, like Windows 10 1709, are likely vulnerable, and you should upgrade to Windows 10 1809, the current “long term support” version.

The video referenced in the article can be viewed on YouTube:
SPECIAL WEBCAST: What you need to know about the Crypt32.dll / CryptoAPI Flaw

SANS has updated CVE-2020-0601 Followup including the statement: UPDATE: An Exploit has been made public!

I’m not going to apply updates yet, but I’m definitely going to continue monitoring information from SANS and others.

A new article from Ars Technica:
Critical Windows 10 vulnerability used to Rickroll the NSA and Github

First two paragraphs:

Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, a security researcher has demonstrated how attackers can exploit it to cryptographically impersonate any website or server on the Internet.

Researcher Saleem Rashid on Wednesday tweeted images of the video “Never Gonna Give You Up,” by 1980s heartthrob Rick Astley, playing on Github.com and NSA.gov. The digital sleight of hand is known as Rickrolling and is often used as a humorous and benign way to demonstrate serious security flaws. In this case, Rashid’s exploit causes both the Edge and Chrome browsers to spoof the HTTPS verified websites of Github and the National Security Agency. Brave and other Chrome derivatives, as well as Internet Explorer, are also likely to fall to the same trick. (There’s no indication Firefox is affected.)

Windows 7 January patches: KB4535102  .NET
KB4534310  Win 7

I had not installed them Tuesday (I only installed MRT).  This morning I powered down to install a new SSD disk on which I will install Win 10.  But Windows Update had these two checked, so they auto-installed prior to the power down.  Then I rebooted in safe mode to check to see if the SSD was OK, and Windows did its normal “chkdsk c:” and other things (because it took more than 12 minutes).  But in safe mode Windows does not tell me what it is doing, as it displays the driver names that it has loaded before safe mode starts.  Then I rebooted into regular mode.  I checked the EventVwr, and it showed that the two patches had been installed, and a reboot was required.  Then I saw that the two patches had failed with code 80070643.  Widows update now shows me only KB4536952 2020-01 Servicing Stack Update Win 7.  I have no idea what that 80070643 error code means.  I looked at one thread (via Google), and it was obvious that all the “those knowledgeable” who were responding had no idea what the error code signified.  Would I get that error code if my reboot after the patch installation was not a reboot into full Windows 7?  Many years ago I would patch Win 7, then reboot into XP to patch, and then reboot into Win 7; back then the Win 7 patches would not complete installation because I had rebooted into XP.

I know that I will not see the two failed patches again (if indeed they did not install) until I install the SSU update.  Is the SSU update safe, or is it too soon to know if the SSU patch is OK to install?

Here is what I received for Windows 7 2020-01 on 1/14/2020

Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4535102) – are there issues with this Rollup? This is labeled as Recommended and not Important.

2020-01 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4534310)

Windows Malicious Software Removal Tool x64 – January 2020 (KB890830)
All Hidden

Microsoft .NET Framework 4.8 for Windows 7 forx64 (KB4503548)
Hidden and do not plan to install on Windows 7.

Windows update automatically checked again and the following appeared:

Servicing stack update for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4536952)
Hidden

This leads me to the question of last month. The SSU appeared AFTER all the updates were HIDDEN, therefore, when the all clear is given, will the updates install first or the SSU?

NOTE: KB 45330905 .NET Security and Quality Rollup for December 2019 was not installed as yet as some have reported issues with the .NET rollup. When I do  install, it will be before the other January Patches. Has anyone had issues with the .NET Security Rollups? Also, if I skip this December rollup will I be OK with just the final January Rollup? This is labeled as Recommended and not Important.

Thanks….

New article from the SANS Internet Storm Center:
Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability

Of special interest, you can go to https://curveballtest.com/ to test if your browser is vulnerable to CVE-2020-0601.

On my unpatched system, Firefox (my default browser) is not vulnerable and Microsoft Edge is vulnerable.

For what it’s worth – This is installed network wide without any apparent issues.

All Win10 PCs, varied mix of 1803 (ok, just one of them), 1809, 1903, 1909, LTSC 2016, LTSC 2019. Office 2016 ISO, Office 2019, Office 365.

Server 2016 & 2019 running domain controllers, file/print servers, SQL, Exchange 2016, SCCM CB, DPM 2019, IIS sites, RD Web, Terminal Server.

I am running Windows 10 version 1903. Thru my neglect, Version 1909 was downloaded, but I have paused any more downloading or installing until February. Is there a method to download the new patches without installing the already downloaded Windows version 1909?

Thank you for your assistance.

Windows Defender No Longer Updates Unless Windows Update Service Enabled

I thought that I would post this to the forum as I discovered this today. Normally my first activity on my machine (a Windows 8.1 64-bit system) is to update the Windows Defender virus definitions each morning. This has worked flawlessly for years with the Windows Update service disabled. By design Microsoft designed Windows Defender to be independent of Windows Update allowing defender files to be downloaded regardless of the state of the windows update service. On patch Tuesday(1/14/20) I launched windows update and installed the patch Security Intelligence Update for Windows Defender Antivirus (kb2267602) Version 1.307.2344.0 along with the Windows Malicious Software Removal Tool x64 – January 2020 (KB890830) the 2 most benign patches of the 4 important patches listed for Jan.

A day later I went to run Windows Defender, pressed the update button and no updates were found. Another day went by and the same thing happened. This morning I decided to investigate. I enabled the windows update service then opened Windows Defender and pressed update files. The data files downloaded and installed successfully. It would seem that this update broke the independence of the Windows Defender Service making it now dependent on windows update to run. Is this a nudge on Microsoft’s part to keep the Windows Update service perpetually enabled so they can force anything (including a covert win 10 upgrade) upon us holdouts? Admittedly this issue is minor; one can just enable and disable windows update before launching windows defender, but that is an extra 30 seconds I would rather not take. Any ideas on how to re-establish Windows Defenders’ independence?

Ken Sims wrote:

New article from the SANS Internet Storm Center:
Summing up CVE-2020-0601, or the Let?s Decrypt vulnerability

Of special interest, you can go to https://curveballtest.com/ to test if your browser is vulnerable to CVE-2020-0601.

On my unpatched system, Firefox (my default browser) is not vulnerable and Microsoft Edge is vulnerable.

I am using Firefox 72.0.1

(https://curveballtest.com/    tells me in big letters I am vulnerable.  In smaller letters it says Firefox is NOT vulnerable. So…yea or nay, yin or yang? Any ideas?

Thank you.

DriftyDonN

Win10 ver 1903 build 18362.535, paused updates til 17Feb

Can anybody explain what this search bug in 1909 is and how common it is?

Here is an update on my Windows 7 system.  This morning I wanted to install the SSU patch, as someone above reported that it was safe to install.  Windows Update no longer had the SSU update displayed, but it did have the Win 7 and .NET patches that had failed earlier in the week.  It also had MSE pattern 1.307.2452.0, which had been installed at 12:30 yesterday.  I have seen frequently that Windows Update wants me to install an MSE pattern update that already been installed.  I have no idea if the second patch is an update to the first patch.  I assume not, as if a bad MSE pattern patch were to be released, it would be fixed in the next pattern update,

I guess that I will not be able to install the SSU update until I have installed the two January patches.

One other item – MRT.  What does this patch do besides replacing \windows\system32\mrt.exe and running it?  When I run Windows Update, I get the message “creating a restore point”, and sometimes this message is frequently not changed when the actual patch installs.  So I never know exactly when the patch is being installed.  The MRT patch took about 1.5 hours from the time I selected it to the time it finished.  I did not time this, as I was doing other things while the patch was being installed.  I did look at the Task Manager a few times while the “restore point” message was being displayed, and mrt.exe had not yet started.  So, I believe that the unneccessary restore point creation took over an hour.

Win10 1803 Pro 64 bit.  Standalone installed January 2020 monthly update KB4534293 from Update Catalog download, update installed cleanly to build 1246, and system stable for 3 days.

Just a follow-up question, pardon my caution with Windows 7 x 64 SP1.

Can’t recall if the .NET Security and Quality Rollup for December 2019 KB4533095 was checked, however, I have installed these Rollups in the past, so I presume it WAS checked and presume it should be installed.  Right now I have it hidden.

Didn’t know if this one had caused a problem with anyone as I have read that it took a long time to install??

We’re on the final countdown for the patches and have done well with them so far.

If no problems reported,  will install over the weekend.

Thanks! 🙂

Ken Sims wrote:

I’m running essentially the same thing:

Windows 10 Pro, version 1903, build 18362.535, updates paused until Feb 15th, using Firefox (64-bit) version 72.0.1.

I get a green bar across the middle of the screen that says “You Are Not Vulnerable”.

It is only with Microsoft Edge that I get a red square in the middle of the screen that says “You Are Vulnerable”.

The only thing I can think of is if your configurations relating to certificate security have been changed. I believe there is a configuration to use the OS root store instead of the one in Firefox.

Looking in about:config, I see a configuration called security.enterprise_roots.enabled which is set to false. That if is set to true in your configuration, that could be the cause of the problem.

Or there could be some other certificate security setting causing the problem.

This test page is for edge, IE, Chrome only…..SPECIFICALLY NOT FOR FIREFOX>

BTW< how do I change the value back again in firefox about:config? It seems to be locked.

(redfaced)

Drifty

Ken Sims wrote:

In about:config, double-click a line to change the value.

If it’s a true/false value, double-clicking the line will toggle it.

If it’s some other kind of value, double-clicking the line will open up the value so that it can be changed.

If a line is bolded, the value has been changed. If not, it is the default. Changing a value back to the default will remove the bolding.

• This reply was modified 5 years, 1 month ago by Ken Sims.

security.<wbr />enterprise_roots.<wbr />enabled

This line has a padlock at the beginning(before “security…”) and the line is greyed out. The other lines are not. The value is set at “true” now…it was false.

Thanks for helping!

D

BTW, no response to double clicking, no real choice with right click(normal drop down menu)

Ken Sims wrote:

I’m sorry, but I’ve never seen that and have no idea what would cause it. The only way that I can think of to fix it is to find the profile directory with the configurations, find the correct file, and manually edit it with a text editor.

I’m pretty sure Bitdefender has now gotten control over that particular setting. I have a newer acer w/ same win ver, FF, BD and that line is also padlocked on the newer machine. Curious it wasn’t when I checked earlier on the older machine….but BD had updated after I changed the setting. So now it’s “true”…..

Thanks

DriftyDonN