All of the out-of-band patches were re-issued in the past few hours

Topic

New Reply

Every. Single. One. I just woke up to discover that all 50 2019-10 patches in the Microsoft Update Catalog have been re-issued. They used to be dated
[See the full post at: All of the out-of-band patches were re-issued in the past few hours]

7 users thanked author for this post.

abbodi86, SueW, AJNorth, lurks about, jburk07, Microfix, Pepsiboy

Reply | Quote

Replies

[Pepsiboy]

woody wrote:

Every. Single. One. I just woke up to discover that all 50 2019-10 patches in the Microsoft Update Catalog have been re-issued. They used to be dated
[See the full post at: All of the out-of-band patches were re-issued in the past few hours]

Woody,

OK, I guess I’m a day late and a dollar short. All of the Windows Updates listed in Windows Update this morning on my Win7 x64 SP1 machine have changed. Should I still install the Sept updates or hold off?? One update is missing, too. KB4416003 has gone AWOL.

Dave

• This reply was modified 5 years, 5 months ago by Pepsiboy. Reason: added "this morning"

Reply | Quote

We are on DEFCON-1 – that’s pretty explanatory.

WAIT!

5 users thanked author for this post.

Fred, WildBill, Microfix, woody, Pepsiboy

Reply | Quote

When KB4524157 came in October 3rd it was checked so I hid it. This morning I restored it and it came in unchecked so I hid it again.

Windows 11 Pro
Version 23H2
OS build 22631.4890

Reply | Quote

PKCano wrote:

We are on DEFCON-1 – that’s pretty explanatory.

WAIT!

PK,

Thanks, I figured it would be that. I’ll keep watch here for the OK to install the Sept updates.

Dave

Reply | Quote

What are you folks seeing in Windows Update for Win7? Is it a checked KB 4524157?

Reply | Quote

Unchecked

Windows 11 Pro
Version 23H2
OS build 22631.4890

Reply | Quote

I checked for updates using Windows Update at 5:38 Pacific time. Service stack update KB4515566 was the only update reported.

Windows 7 Home Premium 64-bit.

Reply | Quote

FYI for what its worth. Around 2pm EST Oct 3rd I was working to install the 2019-09 series when the 2019-10 showed up.

Following a review of PKCano comments on threads I completed the 2019-09 KB4516655, KB4474419 and KB4516065 installation in sequence successfully while 2019-10 was hidden. After reboot no errors apparent. sfc  /verifyonly shows no violations. No issues printing. My standard usage was trouble free.

Check for updates produces nothing, while 2010-10 KB 4524157 still hidden.

Just for you here, I restored hidden files, and after WU did its check there are no presented important updates, and of course I no longer have hidden files now.

Win 7 Home Premium SP1 64bit Acer E1-572; core i7 1.8Ghz Tboost 3.0Ghz;HP J4680.

ASUS GL702VS 24GB RAM Intel Core i7 64 bit Win 10 Home 22H2 OS Build 19045.3693
Windows Feature Experience Pack 1000.19053.1000.0
Not Win 11 eligible.

Reply | Quote

Update

Reboot now, on return from the gym, to see if that changes anything. Still no Important Updates presented.

FYI I have not used Explorer as my browser for about 4 years. So unless there was a rare need to use it, I would not know if it was buggy.

ASUS GL702VS 24GB RAM Intel Core i7 64 bit Win 10 Home 22H2 OS Build 19045.3693
Windows Feature Experience Pack 1000.19053.1000.0
Not Win 11 eligible.

Reply | Quote

It’s not coming up at all for me. Only thing I have showing is the “important” update for .Net 4.8.

Reply | Quote

KB4524157 that appeared a few days ago has disappeared and the original Sept 10 updates reappeared (KB4514602, Kb4516065, and KB4474419).  Windows7 Pro x64.  Have not installed any updates yet for September.

Reply | Quote

? says: when i checked for updates yesterday 10-4 on win7 pro at 10:24 a.m. KB4521457 Oct. SMQR (202.4MB) was offered as Important (checked).

Reply | Quote

[jburk07]

On one of our two Windows 7 x64 laptops, KB4524157 had disappeared from Windows Update when I logged in this morning.

On the other laptop, the out-of-band rollup was still there, checked, when I first logged in, but Trusted Installer was running so I just let it sit for a few minutes. When I opened Windows Update again, it had disappeared.

I had already installed the September updates, except for the SSU, on Thursday.

Linux Mint Cinnamon 21.1
Group A:
Win 10 Pro x64 v22H2 Ivy Bridge, dual boot with Linux
Win l0 Pro x64 v22H2 Haswell, dual boot with Linux
Win7 Pro x64 SP1 Haswell, 0patch Pro, dual boot with Linux,offline
Win7 Home Premium x64 SP1 Ivy Bridge, 0patch Pro,offline

• This reply was modified 5 years, 5 months ago by jburk07.

Reply | Quote

Win7 Group B. I just unhid KB4524157 and let Windows Update do its checking. KB4524157 is still available yet now it is not checked. I hid it again since I have already installed the September security only update KB4516033.

2 users thanked author for this post.

AJNorth, woody

Reply | Quote

Exactly the same experience.  (Win 7 Pro x64, Group ‘B’.)

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

For me, it didn’t break the Start Menu but like the previous update, the Action Center was broken. This means I can’t dismiss notifications and I can’t reconnect to Bluetooth headphones using Windows Key+K since that part uses the same overlay that the Action Center uses.

1 user thanked author for this post.

woody

Reply | Quote

yeah, I noticed the catalog changes earlier this morning (Win 8.1 OS image now restored)

If debian is good enough for NASA...

2 users thanked author for this post.

woody, WildBill

Reply | Quote

Today on My desktop And laptop with 1903 this update offer The option To install It or Not, yesterday in My wife laptop  (1903 also) It was installed without The option To install It or not

Reply | Quote

Same thing here. Updated desktop yesterday and the KB4524147 was NOT an optional update, this morning on laptop, got the usual Windows Defender update and it listed KB4524147 as an optional update. Holding off on updating the laptop, but didn’t have any Start Menu problems on the desktop after the update yesterday.

Reply | Quote

Win7 out-of-band patch, KB 4524157 still appearing in my Windows Update, though unchecked.

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

[epaff]

Today at 6:10 am, KB4524157 (from Oct 3rd) showed up in Windows Update, though unchecked.

Windows 7 Pro SP1 64bit

Wait or install?

• This reply was modified 5 years, 5 months ago by epaff.

Reply | Quote

We are on DEFCON-1 which means WAIT.

1 user thanked author for this post.

woody

Reply | Quote

[epaff]

epaff wrote:

Today at 6:10 am, KB4524157 (from Oct 3rd) showed up in Windows Update, though unchecked.

Windows 7 Pro SP1 64bit

Wait or install?

• This reply was modified 5 years, 5 months ago by epaff.

Ditto for me….KB4524157 is available via Windows Update Oct. 3 for Win 7, but is unchecked.  I suppose I’ll hide it, but definitely won’t install it if it remains unchecked.

iPhone 13, 2019 iMac(SSD)

Reply | Quote

Seeker (cannon fodder) report:

Version 1903 (OS Build 18362.388) fully updated with everything Windows Update has to offer, last checked a couple of minutes ago.

No bugs or issues.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

3 users thanked author for this post.

joep517, woody, Barry

Reply | Quote

I somehow mistakenly got the idea that this should be installed.  My Windows 7 HP 64 bit system so far has shown no ill effects.  Not sure what might be broken if anything.  Should I just leave it alone for now or do a system restore or uninstall the patch?

Thanks

1 user thanked author for this post.

rontpxz81

Reply | Quote

There is no need to uninstall or do a System Restore if you are not having any problems.
You can just sit tight for now.

4 users thanked author for this post.

rick41, Myst, joep517, woody

Reply | Quote

Just as another data point:  Win 7 64-bit Group A.  I recklessly went ahead and installed KB4524157 (pre-checked, BTW) on all 3 pc’s on October 3.  No issues.

1 user thanked author for this post.

rontpxz81

Reply | Quote

Nothing has disappeared from Windows Update on my Win8.1 machine. It probably changed on 10/02/19 (maybe the 3rd), but here’s what my Monthly Rollup shows: “2019-10 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4524156)”.  In the Catalog, it’s dated 10/04/19. Also, early this week or late last week, this was removed from Windows Update (fortunately, it was Optional): “2019-09 Preview of Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4516041)”. It’s still in the Catalog.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

Nothing new in WSUS.  No expired updates, no new updates related to the out of band.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

WildBill, woody

Reply | Quote

Strange. Any indication why they were re-issued (or at least re-dated)?

Reply | Quote

While testing our airgapped lab for the new patches (which is a long process for import/export and downloading and filecopying), awaiting MS PFE response to Email inquiry, I too discovered this Email… UGH, but MS responded

The Sept 23 release mitigated the vulnerability, these second release and third release (Oct 2/3) are bug fixes that were introduced and will be mitigated even more by the Oct 8 release.

WAIT.

• James

1 user thanked author for this post.

woody

Reply | Quote

I really need to get you an account. Can you shoot me mail? CustomerSupport@AskWoody.com

Anonymity guaranteed, if you want it.

Reply | Quote

Two thumbs up for getting James on the forum.

Reply | Quote

PKCano wrote:

We are on DEFCON-1 – that’s pretty explanatory.

WAIT!

As I understand : last week’s DEFCON-3 was for Septemner‘s patch Tuesday (not for weeks C & D).
The new DEFCON-1 is for October‘s out-of-band updates and has nothing to do with Septenber’s updates.

Am I right ?

Edit: Please see post #1975252

1 user thanked author for this post.

OscarCP

Reply | Quote

Woody’s Blogpost says:

We’re still at MS-DEFCON 1, folks. There’s absolutely no good reason to install ANY September patches.

1 user thanked author for this post.

WildBill

Reply | Quote

On my main Windows 7 x64 machine, I installed this morning the .net framework patch KB4514602 (no apparent issues) and left KB4524157 which had replaced the original rollup KB4516065 in accordance with the DefCon 1 rating.

Having switched off as I was out for some hours I’ve just switched back on and am now being instead offered the original KB4516065 along with the previously-disappeared KB4474419, both dated 10th September and checked. I am leaving well alone, but if all is still well with the machine tomorrow then I will install KB451602 on my other machine along with the three Office 2010 updates that are checked but not the one that is unchecked (assuming those are still the same when I switch that machine on) – unless I am advised to the contrary!

Reply | Quote

Did you read the last line of the BlogPost you are replying to?

Reply | Quote

The bit about not installing any September updates? Yes, it was written after I installed this morning’s .net framework update (UK time) of course, and I did ask for clarification on the original updates versus the out of band ones yesterday but got no response – which is perfectly fine, you guys are rushed off your feet – so I went with the only one that had been cleared previously and, as stated, will only consider anything tomorrow in the light of the status at that time.

 

Reply | Quote

[Alex5723]

PKCano wrote:

There’s absolutely no good reason to install ANY September patches.

Which September patches ? Patch Tuesday ? September 23 ? 24 ? 30 ?

I think woody meant ANY October..

• This reply was modified 5 years, 5 months ago by Alex5723.

Reply | Quote

@ Alex5723

Alex57 wrote:

Which September patches ? Patch Tuesday ? September 23 ? 24 ? 30 ?

I think woody meant ANY October..

Just wondering, what part of Woody’s statement did you not understand?

@ Woody:

We’re still at MS-DEFCON 1, folks. There’s absolutely no good reason to install ANY September patches.

If you think Woody has made an error in his statement, email him with your suggested correction. Don’t muddy the waters here with conjecture.

2 users thanked author for this post.

woody, PKCano

Reply | Quote

[PKCano]

Alex, No. That’s not correct.

We’re at msdefcon 1. Don’t install anything.

The patches identified as 2019-10 in the update catalog are the fourth monthly updates for September.

I’m doing this from my phone, so apologies.

But you should NOT install any updates at this point. If you’ve already installed older patches, no need to fret. But if you just change your default browser app so it isn’t IE, you’re in good shape.

• This reply was modified 5 years, 5 months ago by PKCano.
• This reply was modified 5 years, 5 months ago by woody.

2 users thanked author for this post.

Microfix, PKCano

Reply | Quote

Woody, My understanding is that not having IE11 as the default browser is only half the story, because elements of IE11 (dlls, executables of various kinds, libraries?) are also used by the operating system, so only not using an unpatched IE11 as a browser is not really a great idea if those shared elements remain unpatched along with it. This does not mean we have to install these latest, problematic patches of IE11 right away, but I find it interesting that, at least in this case, it is enough not to use it as a browser. I am really interested in understanding better the IE11 – OS linkage and how it works in this case, as might be others, because this is not a new issue but a permanent one, at least for those of us running Windows 7.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

rontpxz81, rick41

Reply | Quote

You bring up a really good point. Several days ago I went into Control Panel >> Default Programs and then to “Associate a file type or protocol with a program” on my Windows 7 computers. I then chose to associate .MHT and .MHTML files with Editpad Lite which is an alternative to Notepad. I figured that doing so would mitigate the IE vulnerability for malicious .MHT and .MHTML files.

After doing the above, I decided to see what would happen if I tried to view a non-malicious .MHT file in the windows explorer preview pane. The .MHT file is stored on my computer. Guess what? The above file association with Editpad Lite doesn’t matter. It appears that windows explorer’s preview pane readily uses IE DLLs to open and display the contents of any .MHT and .MHTML files, regardless of the fact that I associated these file types with Edipad Lite.

3 users thanked author for this post.

jburk07, AJNorth, rick41

Reply | Quote

The specific description given by Microsoft indicates that the infection vector goes through IE – whether it’s directly or indirectly (by, e.g., clicking a link that opens IE).

See the penultimate paragraph:

Customers are encouraged to use Microsoft Edge or other modern web browsers where possible. For tasks that require Internet Explorer, customers should limit its use to these tasks and set a different application as the default browser.

That doesn’t say, specifically, that using a different browser will prevent the infection. But it sure hints broadly in that direction.

4 users thanked author for this post.

jburk07, AJNorth, Microfix, rick41

Reply | Quote

The above post is mine. Sorry, I forgot to sign in.

FYI
Reporting in regarding KB4524157 (Out of band update)

Yesterday morning when MS-defcon was a 3, I went ahead and
installed the Sept. Updates.
I was able to show them by hiding the out of band update.
I installed:
KB4516065 (rollup)
KB4514602 (.net),
KB4474419 (sha-2) (this was installed 1st)

I hid Kb4516655 (serv stack)
I hid KB4524157 (out of band update)

I have not experienced any issues.
I actually checked my HP inkjet printer and it worked fine.
I print via USB port on my tower.

After reading the above posts in this thread today,
I went and did a “search for updates”.
Results were 2 optional.
KB4516048 2019-o9 Preview of monthly rollup
KB4516551 2019-09 Preview .net rollup

I then unhid KB4524157 and did another “search for updates”.

KB4524157 is no longer offered either important or optional.
It is gone.
the 2 Optional mentioned above remain.

Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
Windows 7 Home Premium 64 bit SP 1 GROUP A
Processor: Intel i3-3240 (ivy bridge 3rd generation)
chipset Intel (R) 7 series/C216
chipset family SATA AHCI Controller -1 E02
NIC Realtek PCLE GBE Family Controller
MSE antivirus (has new name now)
Chrome browser
DSL via ethernet (landline)

2 users thanked author for this post.

jburk07, Pierre77

Reply | Quote

I hid Kb4516655 (serv stack)

Right now KB4490628 is good enough. But when we clear DEFCON-1, you should go ahead and install Kb4516655. You may need it eventually.

3 users thanked author for this post.

jburk07, OscarCP, dgreen

Reply | Quote

I also lost KB4524157 overnight on all 3 PCs running W7 Home Premium What a mess!

1 user thanked author for this post.

jburk07

Reply | Quote

https://answers.microsoft.com/message/38a53e53-ed74-4001-bde5-45bb7c6fbfea?threadId=8ac2f5fb-7e9b-4de5-b137-0737d1f4cc04

(b) when there are potential quality issues found in the first day or two of release (so we can slow the deployment while we gather data to assess the scope of an issue)

1 user thanked author for this post.

jburk07

Reply | Quote

@ GoneToPlaid

GoneToPlaid wrote:

After doing the above, I decided to see what would happen if I tried to view a non-malicious .MHT file in the windows explorer preview pane. The .MHT file is stored on my computer. Guess what? The above file association with Editpad Lite doesn’t matter. It appears that windows explorer’s preview pane readily uses IE DLLs to open and display the contents of any .MHT and .MHTML files, regardless of the fact that I associated these file types with Edipad Lite.

Well, I had to test that out for myself. I have had several occasions when I have clicked on a file type, and it has pulled itself up in Internet Explorer (IE). And I know I have switched my default browser to FireFox. So, your results bothered me.

I’m thinking you must have somehow mucked up the file association process. I even downloaded the *EditPad Lite* program to test things out. My file association for a *.mhtml* file was currently *Notepad* (Note: in the file association settings found at *Control PanelAll Control Panel ItemsDefault ProgramsSet Associations*, Windows default setting for a *.mhtml* file was IE–*Notepad* was the secondary option). When I clicked on a *.mhtml* file, it opened with *Notepad*.

I then switched the association to the *EditPad Lite* program–I had to browse to find that program–it was not a current listing in the associated program list. Again clicking on the *.mhtml* file type now opened in *EditPad Lite*.

I then switched the file association to IE, and it now tried to open in IE, but I have that file type blocked because I have scripting blocked–so it could not successfully *open*, but it tried to.

Switched it back to *EditPad Lite*, and clicking the *.mhtml* file type, and it again opened in *EditPad Lite*.

So, I’m pretty sure something did not go as planned when you were changing the file associations. I noted that each time I attempted to change the file association, the program highlighted what it feels is the *default* program–in this case IE. If you clicked *OK* without changing the highlighted selection to the program you wanted, the file type would be associated with IE. You have to manually change the highlighted item, and then click *OK*.

You should check to see which program your files are associated with to see if it shows as *EditPad Lite* or something else.

Reply | Quote

@NightOwl

GoneToPlaid is not talking about the file association, but about explorer’s preview pane. Of course explorer’s preview pane does not change when you change the file association. GoneToPlaid did some debugging and found that IE dlls were used in the preview pane.

I doubt this is exploitable in any case, as explorer probably does not run scripts in the preview pane. But what you are talking about appears unrelated to what you are responding to.

Reply | Quote

@ anonymous in reply 1975613

anonymous wrote:

GoneToPlaid is not talking about the file association, but about explorer’s preview pane. Of course explorer’s preview pane does not change when you change the file association. GoneToPlaid did some debugging and found that IE dlls were used in the preview pane.

Thanks for the feedback. I have to admit that I do not use Windows File Explorer very much–I use a third party file manager mostly. So, I have never used the *Preview Pane* feature until now.

However, my experience with the Preview Pane does not match @ GoneToPlaid’s described experience, and probably not yours either.

If I have a test *.mhtml* file set in *file associations* to *EditPad Lite*, and if I use Windows Explorer with the *Preview Pane* open telling me to select a file to *preview*, this is what I get:

The file was sent to *EditPad Lite* (EditPad Lite immediately opens and the file content is shown) before the *Preview Pane* has a chance to access the file, and apparently Windows Explorer is prevented from accessing the file:

If on the other hand, I change the *file association* from *EditPad Lite* to *Internet Explorer* (IE), and now open *File Explorer*, and click on the file–the file is immediately sent to *IE* which attempts to access and run the script that that file type apparently is supposed to have, but is prevented from successfully opening the file:

And, now Windows Explorer’s Preview Pane is *blank*:

So, my experience is that if a *file type* has a program defined as the *associated program* for that *file type*, then that program gets the file sent to it before Window Explorer and its Preview Pane gets a chance to do something with the file. (I could not immediately find a way to disable the file association setting for the *file type*. I can add programs, and change the setting to another program, but I can not *dis-associate* the program so it does not have an *association*. I’ll have to work on that later. I’m leaving later this morning for the next 4 days–so it will have to wait.)

So, there must be some other *magic* that is needed to get a file to show up in the *Preview Pane* than what I know of so far. And the *associated file* program has a major effect on how Windows Explorer and the Preview Pane reacts.

Reply | Quote

So, there must be some other *magic* that is needed to get a file to show up in the *Preview Pane* than what I know of so far.

The file was sent to *EditPad Lite* (EditPad Lite immediately opens and the file content is shown) before the *Preview Pane* has a chance to access the file, and apparently Windows Explorer is prevented from accessing the file:

No magic needed, you simply have to select the file without opening it.

Reply | Quote

anonymous wrote:

as explorer probably does not run scripts in the preview pane

That’s the big question, isn’t it?

Because it certainly used to be exploitable for cross-site scripting from mhtml at some point… hm, what year was that again? 2011?

Doesn’t seem to run a simple regular JavaScript test case though, which may have been the default after one of those problems. But once you’d add iframes and whatnot…

Reply | Quote

Win 7 64

Hello !!

Yesterday I installed KB4516065,KB4514602,KB4474419 and 4524157.

Now I have KB4516655 but when I tried to install it, it didn’t worked.

I know that we are now in defcon 1 so I will not try to install it again but do you know why it didn’t worked ?

Reply | Quote

On October 2, on one of my three Win 7 64-bit pc’s KB4516655 failed for me, too (worked OK on the other two).   I tried again about an hour later, after a couple reboots, and it installed OK.

Reply | Quote

Ok so I have been holding off on the out-of-bank release KB4524148 (Win10 v1809). This morning it downloaded and installed automatically on my laptop!  I am very unhappy about this!  So MS pushed this update onto my laptop. So far as I can tell everything is working ok.  My printer is working.   I have Chrome set as my default browser. Never had IE installed on my laptop and don’t use it.

Reply | Quote