The June Security Updates have been released for all versions of Windows, Office and various other Microsoft products. As usual, Martin Brinkman has h
[See the full post at: June 2018 Patch Tuesday is upon us]
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
June 2018 Patch Tuesday is upon us
- This topic has 138 replies, 37 voices, and was last updated 6 years, 9 months ago.
AuthorViewing 46 reply threadsAuthor-
Note: Windows 7 SP1 Monthly Quality Rollup Update kb4282826 MAY have issues with the NIC again, for the workaround should you encounter the issue:
https://support.microsoft.com/en-us/help/4284826/windows-7-update-kb4284826
Windows - commercial by definition and now function... -
I really can’t believe this issue is still not fixed… And again the “Third party software” is not named…
1 user thanked author for this post.
-
Microsoft believes they have fixed it.ย They want you on Win10, under their control, so they “fixed” some Win7 machines to not work. I cannot believe it is truely unfixable
Some say you should not see a conspiracy when ineptness will explain the situation, however when this affects home users, month after month, and it is not easily fixable to those who use the PC as an appliance, they may buy a new device.ย So it s a win/win for MS, a user off of Win7 and by the stats, most likely onto Win10, it is one less assimilation for the MS-Borg to go.
However, to refute my comment and advance those who say incompetence – Win10 is no picnic, and updates/upgrades are not so simple and easy that everyone LOVES Windows 10, so maybe it is ineptness.
I do wonder what the new Spectre-type fixes will do for those without the updated microcode.
1 user thanked author for this post.
-
-
-
Looking at this new list of updates and the number of updates for each different OS begs the question, “I thought Windows 10 was the most secure OS ever.”
Red Ruffnsore
-
One cannot help but wonder if there really are more security issues in Windows 10 than 7 and 8.1 or whether MS isn’t bothering to patch all of the security issues in it’s older OS’s as part of their ongoing crusade to get everyone onto Windows 10.
I’ll take my tinfoil hat off again now (it has almost become a permanent part of my attire lately).
1 user thanked author for this post.
-
It might simply be that 7+8 are that much older and have had a lot more time to find the more serious bugs. I’m sure if you clean install the original Windows 7 7600 and check for updates, you’ll get a whole weekend’s worth of bug-fix patches to download.
2 users thanked author for this post.
-
It might simply be that 7+8 are that much older and have had a lot more time to find the more serious bugs.
I’m sure that’s the biggest part of the problem here, but it also illustrates that a piece of software that is undergoing constant change is inherently less secure than one that isn’t.ย Inevitably, new features will mean new bugs, and that’s not just a Microsoft thing.ย It’s software development in general.ย The more code that is being introduced or changed, the more bugs that are entrained into the product, and the more bugs that must be discovered and fixed.ย Some of the bugs are security issues, so any process that introduces more bugs necessarily tends to introduce more security issues.ย Thorough testing can catch many of these bugs, but even thoroughly tested products end up having bugs that make it to production and aren’t discovered for years.
What this means, in the context of Windows 10, is that the fast pace of code change and the lack of adequate testing both indicate a product likely to be riddled with unknown security issues, and we know this even without seeing the bug fix count every month, just by virtue of the big changes that keep happening with Windows.ย The fix count simply serves as confirmation of the principle.
Some security issues that make it into the wild will be be discovered by “good guys” and hopefully fixed, as the large number for this most recent set of fixes was, but some of those issues will be discovered by bad guys first, and they will use them as they wish without any of our knowledge until someone on the “white hat” side finds them and reports them to the developer.ย Even then, these security issues only move from unknown to known by reporting them…it still takes the developer fixing them to complete the cycle, of course.
One peculiarity about Windows as a Service is that instead of new features being the reason for the new versions as it was in the past, it is now the continuous parade of new versions that is the reason for the features.ย MS has decided in advance when the “feature updates” will come, so they have to scramble to come up with new features to be in that feature update every six months.ย They have to have some kind of thing to claim as a wonderful new feature to try to justify the hardship and annoyance the constant updates cause, and to draw attention away from the new monetization efforts, the usurpation of user control, and the large number of bugs that also ship with each new build.
Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)12 users thanked author for this post.
-
Expanding on those points, it also makes me want to point out why many servers do not have a GUI and are CLI-only; without a GUI, there’s a smaller vulnerability footprint and a smaller attack vector. You add a GUI, you add more levels and layers that can be exploited and attacked.
Then there’s Win10, which keeps adding more cruft (and attack vectors) with each new release. Oh, wait, I meant “features”, because surely, people want this cruft.
6 users thanked author for this post.
-
-
-
-
-
The more unnecessary bloat/ cr-apps MS introduce into W10, the more vulnerabilities need plugged?
Both W7 and W8.1 can be made lean without returning, W10 cr-apps removal can be done, only to return on the next upgrade. A frustrating merry-go-round OS ๐
Windows - commercial by definition and now function...5 users thanked author for this post.
In all seriousness, something that’s being functionally changed – vs. something else being maintained at a given level of functionality – can be expected to gather more faults.
Put another way, new software is generally less stable than old, well-tested and patched software. Until such time that the patches start to interfere with one another at least.
If only they were making the new, functionally changed software better in tangible ways, then it all *might* just be worthwhile to deal with…
I know, I know, just wait ’til all the developers make those killer Store Apps that are just around the corner, THEN…
-Noel
-
-
From reading many of MS’s announcements, I don’t think English is their native language either.
Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie
3 users thanked author for this post.
-
-
-
Try this:
Verify that 1803 is hidden in wushowhide.
Go to Services and Stop (not disable) the Windows Update Service .
Shut down (not restart/reboot) the computer.
Restart the computer.
Wait an hour then look again – DO NOT manually search for updates. the 1803 update MAY be gone.1 user thanked author for this post.
-
Oh boy, more Spectre mitigations. This time disabled by default. But it says delete the registry keys (if present) to disable this latest one, and set to 8 (so 1000) to enable. However, disabling the previous Meltdown/Spectre fixes require setting it to 3 (so 11). But if you delete it, it’ll enable the others. Wonder if it’s certain that if it’s set to 3, they’re all disabled. And what happens if you have it set to 11 (so 1011 – enable this, disable the others – not that I’d want to try it). Also, what’s that bit set to 0 in all scenarios? And why does the mask key still need to be set to 3 even just to enable this one, if as I understood itย that told it which bits to read? Shouldn’t that be set to 11 now? Or even 15?
— Cavalary
-
-
Thanks, by I am the sort that REALLY needs plain, simple and concise answers, not referral to documents whose applicability and relevance to my case might be (and who knows even then!) obvious to professional system administrators, no home users on foot, like me.
So, still waiting here for an answer in plain English, concise and to the point. Oh Dear!
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
-
I am Group B, have Win 7 Pro, SP1, x64 with “sandy bridge CPU, and had already asked this question three times, but with no luck — at least as far as getting the direct and pithy answer I said was all I was after:
“Do I need to worry about SMBv1?”
Practically all I had found at Woody’s on June’s patching, up to that point, were postings from people describing their issues running 1000’s of machines with Windows 10. Not exactly what happened to be the case with me, or all of us, the Win 7 (and also 8.1) plain citizens with our poky old home PCs out there. Finally, elsewhere, Ascaris ( #197526 ), as usual, had the splendid grace to answer with a simple and clear statement that, boiled down slightly, meant: “Not a problem for Win 7 or 8.1, at least for now. Maybe never, as MS seems not to care that much anymore about those “heritage” systems.” (He did not write “heritage”, that’s me, but is also the plain truth.)
See? It wasn’t that hard!
And: Good news everyone, fellow home users soldering on with Win 7 and 8.1, ye teeming citizens of Woodyland! As far as SMBv1 goes,ย it’s “Move on, nothing, to see here!”
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
For reference, there have been numerous problems with SMBv1 in recent months:
https://www.askwoody.com/forums/topic-tag/smbv1/
https://www.askwoody.com/forums/topic-tag/smb/
https://www.askwoody.com/forums/topic-tag/smb-vulnerability/
4 users thanked author for this post.
-
-
-
-
-
Nothing on VirusTotal probably a false positive by MSE or you had something already on your system.
Windows - commercial by definition and now function... -
-
Things are in a sad state when one visits a reputable website only to be infected by malware ads. Hence the NEED for an adblocker on a web browser nowadays.
Windows - commercial by definition and now function...
-
Oh, that’s not good. Thanks for the heads up, DrBonzo — and very sorry for getting you and probably several others unnecessarily worried.
So, I might have got that one too, although I have not seen any signs so far, and scans with the Webroot “SecureAnywhere” anti malware application has not picked up anything, yet.
But what others have posted after you on this issue seems somewhat reassuring.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV-
Updates went fine on my Win 7 (x64), Intel CPU, Home Premium and on my Win 10/ 1803.
1 user thanked author for this post.
-
For our WSUS environment with > 2000 clients none of the Internet Explorer 10 or 11 Cumulative Security Updates are showing as needed.ย I believe that this is a metadata / detection error with all of the these updates.
Interestingly the update for Internet Explorer 9 for our handful of Win 2008 (R1) works fine and is showing as needed by all of the clients with that OS.
If Microsoft had this as a batting average, it would be sent down to the minors.
Jim3 users thanked author for this post.
I just noticed that Microsoft has already re-issued the 2018-06 Cumulative Windows 10 updates for all flavours. They first came down the pipe (on my WSUS server) on the overnight scan, but just appeared a second time, 12 hours later, with new revision versions, and the original versions have been deprecated/expired.
Only Windows 10 seems to be affected (4284880, 4284835, 4284819, 4284874).
No matter where you go, there you are.
3 users thanked author for this post.
W7 64-Bit Home Premium.
2018-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4284826)
Installation date: โ13/โ06/โ2018 08:10
Installation status: Successful
Running ยฆ OK !5 users thanked author for this post.
Windows 7: 9 vulnerabilities of which 2 are rated critical and 7 important.
Windows 8.1: 8 vulnerabilities of which 2 are rated critical and 6 important.Seen this so, yesterday and today in a spirit of adventure, I set about installing the June 2018 patches for both our W7 and W8.1.
Both Operating Systems are Askwoody Group A
Checks conducted on a Haswell PC on separate SSD drives (no dual boot).
MSRT is disabled from downloading from WU on both OSes.
Both OSes using Realtek PCIe GBE NIC and OEM drivers only.W7 x64 Pro SP1: Patched to May 2018
Kb4284826 – Security Monthly Quality Rollup
No NIC issue at all.W8.1 x64 Pro: Patched to May 2018
Kb4284815 – Security Monthly Quality RollupAfter a couple of restarts and a hard boot of each, ran Disk Clean to remove patch installation data then checked log files to find no obvious errors thereafter.
SFC /verifyonly showed ‘no errors’ on both operating system after update ๐
Early indications look good for this month..for W7 and W8.1 (YMMV)
Windows - commercial by definition and now function...7 users thanked author for this post.
well Microfix since your Win7/8.1 machines are using Realtek PCIe GBE NIC hardware, get the newest Realtek PCIe LAN drivers from Realtek’s web site since Realtek has just released new drivers this June (v7.118 for Windows 7 and v8.064 for Windows 8.1).
Using outdated Realtek PCIe GBE drivers is not a good idea and Windows Update may offer newer Realtek PCIe GBE drivers if the drivers that WU find on any supported PC are well outdated. To avoid this, obtain and install the newest drivers directly from Realtek.
1 user thanked author for this post.
-
As long as you avoid any driver offerings from MS and your PC is working well, is there any need to update the drivers? It ain’t broke and I’m not keen to update!
Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie
1 user thanked author for this post.
-
Usually a very good idea to avoid driver updates offered by Windows Update.
Red Ruffnsore
1 user thanked author for this post.
-
-
Probably not. “If it ain’t broke” is always a good approach to take.
Red Ruffnsore
3 users thanked author for this post.
-
-
-
-
Did anyone notice the more and more extreme throttling is implementing while downloading updates? I checked Task Monitor to see why there is a lot of network activity going on for about the last half hour. It’s the dreaded Servicehost: Delivery Optimation with download speeds around 1 to 8 Mbps, mostly in the lower regions. Checked my internet speed and that really is still 250 Mbps. So now we don’t have only slow installs, but also painfully slow downloads. Which makes the whole weekly update process even more tiring. :-((((
1 user thanked author for this post.
-
Just a reminder: Delivery Optimization can serve other people files from your system too. It can be disabled, but it’s on in Windows 10 by default.
-Noel
3 users thanked author for this post.
-
Excuse my ignorance but I didn’t know about this. So, MS wants to save money at their users’ expense. I wonder if at some point in the future a MitM attack would occur. In other words, how secure is this P2P updates delivery method? The more I know about W10, the more I want to never install it.
-
As I understand it the “download from other people” part is still enabled no matter which options you select in the user interface. To download just from microsoft you have to do some regedits.
1 user thanked author for this post.
-
@anonymous as @Noel Carboni has graciously illustrated, you can Turn off Delivery Optimisation. I think Susan Mentioned it as well and I read somewhere, some time back its efficacious to disable it from a Networking Perspective, slow downs High Bandwidth utilisation etc. While I believe it may well save on Size of Downloads, it often does it at the expense of speed as I believe WUD will look around the network and or the “Interweb” for other machines slowing everything down. I hit the problem a bit back when One of the Networks I was working on slowed to a crawl, disabled it on the Win10 Machines and “et Viola” Business as usual, not a spectacular improvement but quite noticeable. Memory serves me it was a Mixed bag inc. Win1607 or 1511? 10mbps or maybe a 100mbps and I was tweaking the NIC duplex settings at the time. But that’s whole other issue in the wacky complicated world of Networking. Another reason to avoid 1803 if you possibly can.
1 user thanked author for this post.
Every time Microsoft sells a new Windows to users it claims better security. Yet I too also see a trend where Windows 10 has as least as much vulnerabilities every month as any other recent Windows. But then again Microsoft claimed Edge was a brand new browser too and we all know that ain’t true either. You can’t just take out some code add a little new and call it brand new.
1 user thanked author for this post.
Guinea Pig No. 20735 – A – 7 reporting for duty, Sir….
Successful install of 6-2018 Group B Secur-only patch KB4284867-x64 , and IE 11 6-2018 patch kb4230450-x64 , this morn. Wed. 6-13. (The 13th, no less!)
For details of my Win7 SP 1 X64 machine w/ Intel Haswell, and otherinfo re my PC, install prep/strategy etc., see Ask Woody older post:
https://www.askwoody.com/forums/topic/patch-lady-kb4103718-known-issues/#post-194577
After each install, logoff, then reboot, then logon & surf: Both times, Tbird gets my ATT/Yahoo email, and Seamonkey brings up DrudgeReport and Ask Woody (cache cleared prior to each try) . For my SOHO setup, use only direct cable, no wireless; on my Realtek PCIe GBE Family Controller, using 2010 and 2013 Realtek drivers.
As of now, I have not enabled any of the registry hacks/ mitigations described in
M$ “help” article for this patch, as to IBPB nor SBB; nor for prior mitigations M$ mentions as to Spectre and Meltdown.Side comment: Members and lurkers, what has been your practice so far as to enabling the mitigations? My hunch is that the busn. network mgrs. may have been doing it, and the SOHO like me, or only-personal users, may not have been; presumably waiting until zero-days pop up. Comments?
As always: Profuse congratulations and praise, to Woody Leonhard for starting this invaluable resource in the first place, and building it! And to Patch Lady Susan Bradley, Noel Carboni, PKCano, Ascaris, Mr. Jim Phelps and all the Senior Posters and other posters, who make this blog Such A Valuable Resource for us humble souls!
Oh, and PS: WHY now? A: Dealing with moderate health issues coming up; move of my residence coming up; translation: Not a lot of time right now to hemmorhage time on M$ and its (fill in your own adjectives) software.
And also as always: Your Mileage May Vary. Best to all!
-
-
There has been an issue with the DM system for a little while, in selecting @woody as the recipient, using New Message.
However, if you click on Directory instead, and search for Woody, click on Send Message to the right of his yellow gravatar link towards the bottom of that list ๐
(Don’t use the Admin account at the top of that list, as the other account will reach him quicker.)4 users thanked author for this post.
I installedย 2018-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4284826) yesterday and have not experienced Blue Screen of Death.
On permanent hiatus {with backup and coffee}
offlineโธ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offlineโธ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
onlineโธ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender4 users thanked author for this post.
-
-
it could be a Gibson Inspectre detection issue
InSpectre is still at Release 8, now 2 months’ old. Not sure if/when it is likely to be updated…
-
-
i ended up downloading them/updating, their were only 2 updates for june so i figuredย why not. So far nothing changed, no stop error no blue screen thats a plus. Thanks again for the advice, but i didnt wanna leave it un- updated for 2 weeks and have something with my luck get in my system that id need to worry about later.
1 user thanked author for this post.
After creating system partition backups, I took the plunge for the 4 combinations W7 Home Premium and W8.1 Pro in both 32 bit and 64 bit variants by installing both the security only and Internet Explorer (IE) updates (and the W8.1 Flash for IE updates) i.e. Group B-ish.
The IE updates which historically have given me most problems in various versions of Windows through the years, show me no problems this month.
The W8.1 file explorer problems due to corrupted Registry settings which for me re-emerge every few months did not re-appear this month.
The W8.1 32 bit Sandboxie problem introduced by the April W8.1 32 bit update and fixed/worked around by Sandboxie Beta 5.25.1 remains fixed/worked around after the June updates.
Windows Firewall Notifier (WFN) version 2 Beta 3 continues to function (I had to replace the earlier WFN 1.9.0 following the May (.NET?) updates) and after a few hours use there have been no unrecognised outgoing “svchost.exe” internet accesses this month (unlike after the May (.NET?) updates).
So “so far, so good”!
HTH. Garbo.
BTW: I’m just a home PC user with a small Microsoft footprint i.e. I normally use Panda AV not MSE/Windows Defender, Firefox/Vivaldi not IE, Thunderbird not Outlook, Softmaker Office not MS Office, VLC Media Player not Windows Media Player etc., so my active interaction with these updates may be less than some other people’s ๐
1 user thanked author for this post.
Hello, I donโt know whatโs going on with the cumulative update KB4284880 and the Flash update KB4287903 but they are needed by none of my LTSB 1607 SCCM clients (4) and I get the error โThe update is not applicable to your computerโ when trying to install them manually via the catalog.
OK I figured it out : I missed KB4132216…
1 user thanked author for this post.
-
The support page for KB 4284826 gives a “Known issue” that was introduced in the March Rollup and still has not been fixed by Microsoft. This is due to a lack of support for SIMD/SSE2. If you can turn it on in the BIOS, it may fix the issue you are having.
2 users thanked author for this post.
-
Here is my experience with the June 2018 patches for Windows 8.1 on my hardware system, which I could revert (even through restoral of a backup) as needed…
The offered updates:
Of the above, I hid three that I do not want now or ever:
- Update for Windows 8.1 for x64-based systems (KB2976978)
- Microsoft – HIDClass – 10/27/2015 12:00:00 AM – 9.9.108.0
- Surface – Keyboard – 2/8/2018 12:00:00 AM – 1.0.104.0
The one ending 6978 is the compatibility metrics add-on Microsoft keeps trying to push over and over. The other two showed up out of the blue. I have no human interface device problems whatsoever, and it’s not a Surface (it’s a Dell workstation).
The others went in without a hitch.
After the required reboot, I had to undo the following things that the update process did:
- Re-disabled scheduled task “Microsoft\\Windows\\.NET Framework\\.NET Framework NGEN v4.0.30319 64 Critical”.
- Re-disabled scheduled task “Microsoft\\Windows\\.NET Framework\\.NET Framework NGEN v4.0.30319 Critical”.
- Re-disabled scheduled task “Microsoft\\Windows\\WindowsUpdate\\Scheduled Start”.
- Re-disabled scheduled task “Microsoft\\Windows\\WindowsUpdate\\Scheduled Start With Network”.
- Service BITS (Background Intelligent Transfer Service) had been changed to “AUTO_START (DELAYED)” from my preferred “DEMAND_START” setting.
- Shell Service Object “SkyDrive network states cache SSO” was reinstalled for both 32 and 64 bit Explorer; I prefer it to be disabled (via Autoruns).
- Browser Helper Object “Office Document Cache Handler” was reinstated for both 32 and 64 bit Internet Explorer; I prefer it to be disabled (via Autoruns).
- The MRT (Malicious Software Removal Tool) had once again deleted file “C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll”, which I had to restore from a backup.
- Removed the root namespaces Microsoft seems to think I really, really need under “This PC” in Explorer, but which I really, really, really don’t.
Before the updates, this system was supremely stable and performance was very good. Uptime was 50 days before these updates went in.
After the above restorals of my preferred settings, per the PassMark benchmark, overall system performance measures about 2% slower than nominal. Arguably the most important metric, max I/O throughput, measures only about 1% slower than before at about 1591 MB/Sec. vs. 1609 MB/Sec. I will watch for confirmation of these slowdowns in scheduled I/O intensive scheduled jobs.
Fitness for purpose testing will continue for some days, but initial tests imply that the patched OS is running stably and can support my ongoing engineering and business management work.
Edit: It’s been stable for 24 hours now, and facilitated quite heavy work for me all day yesterday and this morning. However, I noticed that a nightly software build job that took 47 minutes consistently before the update now takes 51 minutes. This performance hit is not insignificant, even with Spectre and Meltdown mitigations disabled.
-Noel
The support page for KB 4284826 gives a โKnown issueโ that was introduced in the March Rollup and still has not been fixed by Microsoft. This is due to a lack of support for SIMD/SSE2. If you can turn it on in the BIOS, it may fix the issue you are having.
MS doesn’t seem to be in too much of a hurry to fix this, do they?
Second (or third?) month in a row now where I’m not game enough to patch Windows 7 on my 32bit 2006 vintage HP laptop.
Maybe that’s part of the ongoing plan by MS to kill off Windows 7… get rid of the remaining 32bit versions by making them unpatchable then move on to the 64bit version? Well, I’ll give them one more month to fix this. If they don’t then out comes the Windows 7 SSD and in goes the Linux Mint one – for good this time.
1 user thanked author for this post.
-
is it safe to assume
NO! With MS it is not safe to assume. But by the time we go to DEFCON-3. we should have reports whether there are still NIC problems or not.
I am guess that whenever I get to installing WU updates that I will only see the current month listed.
The Rollups are cumulative, so each month contains all the prior Rollups plus the current month’s fixes. You should not see more than the current month’s Rollup.
1 user thanked author for this post.
-
FYI the Win 7 Rollup and Security Only updates for June have been updated on the MS support site on June 15.
There are NO issues now reported for the Security Only (i.e., no NIC problem and no stop error/SIMD/SSE2).
There is no stop error/SIMD/SSE2 error listed for the Rollup, but the NIC issue IS still listed.
It appears that some earlier months were also updated on June 15, so you might want to check these out if you haven’t yet patched through May.
@PKCano @Kirsty @ViperJohn @RetiredGeek @SusanBradley
All, I’ve updated one of my Win7 64Bit systems with the original release Jun 2018 Security Only (KB4284867) & IE11 Cumulative (KB4230450) updates on Jun 12th and all seemed well until today.
I finally experimented with Microsoft’s newly updated Speculation Control Validation PowerShell Script version 1.0.8 to see how my previously hacked i7-990x BIOS CPU Microcode update fares with Spectre Variant 4.
Microsoft Speculation Control Validation PowerShell Script version:
1.0.8 (Current version)
Added support for querying Speculative Store Bypass Disable (SSBD) settinghttps://gallery.technet.microsoft.com/scriptcenter/Speculation-Control-e36f0050
However, since updating the Win7 (Ultimate – x64) system with the Jun 2018 Security Only (KB4284867) & IE11 Cumulative (KB4230450) updates, the PowerShell scrip fails during the “Import-Module” command. This now also occurs with the previous 1.0.7 script version which just last week ran successfully. Same results when running either PowerShell 64 Bit or 32 Bit on the 64 Bit system.
Original as downloaded from Microsoft, PowerShell Script failure indication:
Essentially during script import, PowerShell complains about:
“… module cannot be imported because its manifest contains one or more members that are not valid … Remove the members that are not valid (‘RootModule’), then try to import the module again.”
When running both versions of the script on the same Win7 (Ultimate – x64) system without the Jun 2018 Security Only update, both script versions import and run as expected.
It would seem that the Jun 2018 Security Only update includes an undocumented change to Win7’s PowerShell in which it no longer recognizes the ‘RootModule’ member nomenclature.
I’ve found that by changing the ‘RootModule’ member nomenclature to ‘ModuleToProcess’ nomenclature, all is well again and both script versions run successfully on the system updated with the Jun 2018 Security Only (KB4284867) update.
Script modification edits shown below:
After script version 1.0.7 modification, results are:
After script version 1.0.8 modification, results are:
Not sure if this new PowerShell characteristic / feature also applies to the Jun 2018 Win7 Roll-up, Win8.1 Security Only / Roll-up or Win10 or 32Bit versions of Win7 but it sure looks like another bug put into the Win7 security update cycle for us Win10 “obstructionists”.
Now, just how many of us Win7 users are out there using PowerShell scripts and just how many of our scripts use the ‘RootModule’ member nomenclature that now fail? Luckily, I’ve only got a few.
Lastly, the latest updated CPUID 206C2 version “0x1E” CPU Microcode does not contain the required SSBD CPU Microcode update for Spectre Variant 4 so it looks like I’m waiting for either HP or Dell to release an updated BIOS for their XEON x5600 series systems.
Win7 Group B (Ultimate & Pro) [x64 & x86]
MSOffice Pro Plus 2010 SP2 (x86 Perpetual)
MSOffice Pro Plus 2013 SP1 (x64 Perpetual)
RDRguyEDIT—————-
Running GRC’s Inspectre version #8 works the same for me on Win7 Ultimate SP1 64Bit pre & post Jun 2018 Security Only update (KB4284867) so maybe there’s a new Win10 problem as noted above by @ViperJohn in post #197747.However, I do expect Steve to update his marvelous tool to add Spectre Variant 3a & 4 protection detection capability once he gets a chance to do so.
Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS2 users thanked author for this post.
I keep testing how these “new” monthly updates behave on a test win8.1 embedded pro behave… and up to now seems that really 8.1 has not been butchered, weirdly.
But I got this weird situation upon the reboot of vmware and logging into the 8.1 vm :
A command prompt like window named dwm.exe with the following inside :SYMSRV: dwmcore.pdb from http://msdl.microsoft.com/download/symbols: 4009984 by
tes – copied
DBGHELP: dwmcore – private symbols
C:\Windows\Tweaks\AeroGlass\symbols\dwmcore.pdb\1AB1FFC6AB984DD0849810D6
CCFD7FC22\dwmcore.pdb
DBGHELP: .\uDWM.pdb – file not found
DBGHELP: .\dll\uDWM.pdb – file not found
DBGHELP: .\symbols\dll\uDWM.pdb – file not found
DBGHELP: udwm – public symbols
C:\Windows\Tweaks\AeroGlass\symbols\uDWM.pdb\153457D628204D88A67A6F9D60D
D064E2\uDWM.pdb1 user thanked author for this post.
BIG HEADS UP FOLKS
The June 2018 Cumulative KB4284874 for Win10 v1703 from the Windowsย Update Catalog contains and installs the dreaded Windows 10 Update Assistant V2.
It installs in the ?:\Windows\UpdateAssistantV2 folder which should be deleted before the horror show in the folder can execute.
If memory serves the sole purpose this delightful piece of MS designed MalWare is to undo and /or reset every single User set or altered Service / PC Setting / Group Policy impediment to a forced version upgrade.
-
Monthly Rollup patches contain three parts: security, non-security, and IE 11cumulative. They are released on the second Tues (Patch Tues). Rollups are CHECKED Important updates.
The following week, the Preview for the next month is released. It contains that month’s Rollup PLUS the non-security updates for the next month. It is an UNCHECKED Optional update. It is there for Admins and IT Dept’s to test before updating next month. It is not intended to be installed by the consumer, hence UNCHECKED Optional.
-
-
The Preview patches are always UNCHECKED optional patches.
The Preview patches (with revisions if necessary) are incorporated into the following month’s Rollup. MS adds the security patches and IE11 updates to them and they are the CHECKED important Rollups.
1 user thanked author for this post.
-
-
We do not recommend installing anything with “Preview” in the title. They are for testing. That goes for .Net also.
We do not recommend installing anything that is UNCHECKED by default.
1 user thanked author for this post.
-
-
-
Okay Big Problem for Gamers with Windows 7 June 2018 Updates …. both Rollup and Sec-Only.
If you use an “Xbox Wireless Adapter for Windows” to connect your Xbox One or Xbox 360 Controller to your computer installing either KB4284826 (Rollup) or KB4284867 (Sec-Only) (and I DID try both updates) breaks the Wireless Adapter and your Xbox Controllers will no longer function at all.ย You get an red exclamation point show on the Xbox Icon in “Control Panel / Devices and Printers” every time you turn the controller on and your Controller will no longer be listed at all.
WindowsReport has a write up about the issue here:
https://windowsreport.com/kb4284826-bugs/
Note that both Windows 7 and Windows 8.1 use the exact same drivers for the Wireless Adapter so it may get broken in Windows 8 as well.ย I tried removing and reinstalling the drivers from Windows Update (which gets them from the update catalog) and it did not correct the problem.ย I do not know if uninstalling the updates will return normal operation as I just rolled back using a pre-update disk image to get my adapter functioning again.
2 users thanked author for this post.
Sorry if this is off-topic, but during the weekend I received an update through Windows Update for Windows Defender.ย It reset Windows Defender, and I received updates for some old updates like Silverlight and C++ Redistributable.ย It reset the last check for updates to never, and on further checking I found that it had changed my settings for Windows Update to “Automatically download and install updates” from “Check for updates but let me choose to download and install them”.ย Needless to say, I soon reversed these settings.
Windows 8.1 Group B and sometimes W.
1 user thanked author for this post.
Hello everyone,
The following is both directly related to Microsoft’s June 2018 updates, and is also a rant which contains potentially useful information for all.
I use Win7-64 on all of my computers. I am on Super Group B (SGB), which is my own moniker and sub-category of Group B. SGB is about avoiding all telemetry updates, is also about avoiding all other non-telemetry updates which cause serious issues, and is also about sometimes installing one or more specific updates in reverse order in order to get around Microsoft’s intentionally or non-intentionally created update issues.
An example of one of Microsoft’s intentionally created update issues:
Install the June 2017 update first, before installing the May 2017 and April 2017 updates (in this order), in order to prevent Windows Update from being blocked on some older CPUs. This was Microsoft’s way of saying “thanks — your CPU is not supported” to users who installed Windows 7 on newer generation hardware with newer AMD CPUs. Microsoft unintentionally also said “thanks — your CPU is not supported” to owners of Intel CPUs.
That there was some mighty fine and obviously non-vetted programming by Microsoft. And Microsoft still wonders why consumers, such as all of us, distrust Microsoft. I remember when I used to trust Microsoft. Those days are long gone. Trust. It is a magic word in the business world. HP learned this lesson the hard way. Microsoft needs to learn this lesson the hard way, if Microsoft is to survive in anything other than the Cloud.
I installed the June 2017 update, and found that my 4th gen Haswell CPUs were blocked from receiving future updates. Windows Update was hosed. I uninstalled the June 2017 update. Windows Update was still hosed. I then performed a System Restore. After the successful System Restore, Windows Update was still hosed. I was forced to perform a C drive restore from a Macrium backup image of my C drive.
So again, my solution was to install the June 2017 update first, before installing the May 2017 and April 2017 updates (in this order), in order to prevent Windows Update from being blocked on some older non-AMD CPUs.
Examples of Microsoft’s non-intentionally created issues:
— The 2018 Total Meltdown vulnerability which Microsoft unintentionally created, when Microsoft tried to implement OS software protection in Windows for Meltdown.
— The persistent networking settings in the registry, which can kill network connections after installing various 2018 updates.
With regards to the persistent network settings in the register, I found none on my computers since all of my Win7 computers are home built. So then I decided to take a giant leap by installing the 2018 updates, some of which have the above noted issues and other issues. I installed the 2018 updates in a reverse order:
1. I installed the June 2018 security only update.
2. I then installed the earlier 2018 security only updates, starting with the January update, and then progressing through the May 2018 security only update. I chose to do this, in this order, in my hope to get around issues with all previous 2018 security only updates which had issues. The idea here, just as with the aforementioned 2017 updates which killed Windows Update for my Intel I5 CPU, was to see if I could get around the monthly update issues by first installing the June 2018 update first, and then installing the previous 2018 updates.
The upshot presently is that I am Super Group B updated through June 2018, and without any noticed issues. Now that I have my Win7-64 computers at this state which includes protection from Meltdown, the following are my present observations:
1. I/O performance for Microsoft’s implementation for Meltdown have significantly improved. In particular, the I/O performance is both significantly faster and is significantly more linear in terms of estimated backup time when performing backups of my computer’s OS hard drive.
2. Somewhere along the releases of Windows Updates, starting from around mid 2017 through June 2018, Microsoft introduced and then finally corrected a bug in ntdll.dll. This bug caused some old Win32 programs to crash on exit, with a message that the program performed some sort of “pure function call”. This, finally and after at least a half year, also has been fixed. It is amazing that this issue was not resolved for approximately a half year. Well, perhaps this really is not too amazing since Nadella, upon becoming Microsoft’s CEO, fired Microsoft’s update quality assurance team, and then chose to leave the quality for all Windows Updates to the individual programmer for each specific update. This absolutely is one of the most stupidly “brilliant” decisions of all time. This is what Type A mental personalities do. And, inevitably and way down the long and winding road, they NEVER see that their decision, in hindsight, was a mistake. It is what it is.
I hope that something which I said, above is useful. If not, then I apologize.
My best regards to all,
–GTP
-
Thanks for the info GTP.
I want to make sure I understand something you said in “An Example of One of Microsoft’s Intentionally Created Update Issues”. Was it the June 2017 or the June 2018 update that hosed Windows Update and also blocked further updates to your 4th gen Haswell?
Maybe it’s sort of coincidence that you’re talking about the April, May, and June updates from both 2017 and 2018, but I wanted to make sure I was clear on what you said. I remember something about blocked updates from 2017 and am hoping there’s not a repeat in store for 2018!
Thanks.
1 user thanked author for this post.
-
Hello DrBonzo,
It was the April 2017 and May 2017 updates which blocked AMD Carrizo DDR4 CPUs, and which unintentionally blocked some Intel CPUs such as my fourth generation Haswell I5 CPUs. My solution was to install the June 2017 update first, since this update resolved the unintentional blocking of some Intel CPUs. I then installed the April 2017 and then the May 2017 updates.
Separately, I believe that the issues of some older programs crashing in ntdll.dll when these older programs were being closed, started with either the September 2017 or October 2017 updates. I don’t know which, since I installed both of them at the same time, after holding off on installing them for a few months. Eventually I updated all of my Win7 computers with all security updates through December 2017, yet I was still having the issues of some older programs crashing on exit.
Earlier this year, I had installed the January 2018 and February 2018 updates which prevent Meltdown. After a security researcher discovered Microsoft’s Total Meltdown bug in these two 2018 updates, I uninstalled them. Until several days ago, all of my Win7 computers were updated through December 2017, yet I was still experiencing the issues of older programs and ntdll.dll. I was still experiencing this issue when I also had the January 2018 and February 2018 updates installed.
I backed up my primary Win7 computer’s OS partition this last Saturday. I then decided to bite the bullet and try the 2018 updates through June 2018. I started by installing the June 2018 update. I immediately noticed that the ntdll.dll issues with older programs was resolved. So then I installed the January 2018 through the May 2018 updates, praying that the already installed June 2018 update would have supersedence in terms of specific files which the older 2018 updates would try to update. The supersedence of the June 2018 update appears to have been properly done. Then I downloaded and ran the proof of concept program for Total Meltdown. The POC program crashed as soon as it tried to enumerate and access any memory other than the memory which was assigned to it by the kernel. This crash was reassuring to see, since it confirmed that installing the earlier 2018 updates did not somehow reintroduce the Total Meltdown bug.
The other reason why I installed the June 2018 update first, and then the earlier 2018 updates was to avoid several very serious issues in the earlier 2018 updates. These issues apparently were finally resolved in the June 2018 update. The amazing thing is that it took Microsoft approximately nine months to resolve the issues in ntdll.dll. I guess this is what happens if it is the same programmer who is staring at his own code and who fails to see his own coding mistakes. I sure do miss Microsoft’s fired Update Quality Assurance Team.
Best regards,
–GTP
-
-
It is only for those who encountered issues with the previous 2018 updates. Since your computer is updated through May, you can go ahead and install the June 2018 update without first uninstalling and then reinstalling the previous 2018 updates.
-
-
-
-
I also noticed this. Updates have not been set since June 11. I decided that this is a glitch. Completed the downloading of signatures manually.
https://www.microsoft.com/en-us/wdsi/definitions1 user thanked author for this post.
-
Columbia2011 gave the help you needed and I am not contradicting that.
But I wanted to highlight a point that may confuse others along the way. The anonymous you quote to introduce your question specified a Windows8.1 operating system. Grond, you describe Windows 7.
Microsoft gave two different products the same name, Defender.
Grond, in Windows 7 the item named Defender is not sufficient protection by itself. If you have no other antivirus, I recommend installing Microsoft Security Essentials for Windows 7. It also has a name often confused with yet another unrelated item.
Installing MSE will disable the thing you call Defender and work in its place. MSE will provide you the same definitions from the same source used by the full sized Defender used in Windows 8 and 10.
This does not read clearly when you haven’t already known what Microsoft did years ago. So do not take my word for it. Look up the information and decide for yourself what level of protection satisfies your needs.New Win10 updates for v1607, v1703 and v1709. see this new blog from Born’s Tech & Windows world site:
https://borncity.com/win/2018/06/22/windows-10-v1607-v1709-updates-vom-21-juni-2018/1 user thanked author for this post.
-
1 user thanked author for this post.
This being the only time I’m going to have to do any PC maintenance for a week, read Patch Lady’s, Woody’s, the MVP’s and everyone’s input before diving into the deep end of the pool and patching, even tho Defcon 2.
Reporting in on installation of KB428426 Rollup:
No NIC issues, Broadcomm/Dell NIC.
Total time to download, install, and reboot, about 13 minutes.
Disk Cleanup afterwards took about 7 minutes.
Noticed that the machine was using about 20% more mem than it usually does in the fully booted and mostly quiescent state, so did a reboot, and the usage went back to normal.
Time for complete reboot, about 3 minutes, which seems a little longer than normal. Probably more “CPU Mitigation Meddling” responsible. Steve Gibson’s tool showed the system was still vulnerable to Spectre. (But not Meltdown.)
All in all, a good run so far, and “we shall see what we shall see.”
====================
P.S. I really don’t know which is worse at this point in time….Windows or Android; SmartA**phone broke this week, had to get a new one, start to learn the new OS version’s peculiarities/outrages/design flaws/snooping systems/embedded bloatware-spyware toggles, configure the new device, hassle with a new carrier, etc, etc…I really do think I’m going walkabout in the bush with just a radio, and I may not come back. “Hey, Mick, wait up…” :p
Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty3 users thanked author for this post.
Viewing 46 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Nvidia just fixed an AMD Linux bug
by 14 hours, 3 minutes ago
-
50 years and counting
by 16 hours, 23 minutes ago
-
Fix Bluetooth Device Failed to Delete in Windows Settings
by 1 hour, 39 minutes ago
-
Licensing and pricing updates for on-premises server products coming July 2025
by 1 day, 1 hour ago
-
Edge : Deprecating window.external.getHostEnvironmentValue()
by 1 day, 1 hour ago
-
Rethinking Extension Data Consent: Clarity, Consistency, and Control
by 1 day, 1 hour ago
-
OneNote and MS Word 365
by 1 day, 3 hours ago
-
Ultimate Mac Buyers Guide 2025: Which Mac is Right For You?
by 1 day, 3 hours ago
-
Intel Unison support ends on Windows 11 in June
by 1 day, 3 hours ago
-
April 2025 — still issues with AMD + 24H2
by 1 day, 3 hours ago
-
Windows 11 Insider Preview build 26200.5518 released to DEV
by 1 day, 15 hours ago
-
Windows 11 Insider Preview build 26120.3671 (24H2) released to BETA
by 1 day, 15 hours ago
-
Forcing(or trying to) save Local Documents to OneDrive
by 2 days ago
-
Hotpatch for Windows client now available (Enterprise)
by 1 day, 12 hours ago
-
MS-DEFCON 2: Seven months and counting
by 12 hours, 59 minutes ago
-
My 3 monitors go black & then the Taskbar is moved to center monitor
by 2 days, 9 hours ago
-
Apple backports fixes
by 1 day, 15 hours ago
-
Win 11 24H2 will not install
by 13 hours, 12 minutes ago
-
Advice to convert MBR to GPT and install Windows 11 Pro on unsupported PC
by 8 hours, 54 minutes ago
-
Photos from iPhone to Win 10 duplicating/reformatting to .mov
by 21 hours, 41 minutes ago
-
Thunderbird in trouble. Here comes Thundermail
by 2 days, 11 hours ago
-
Get back ” Open With” in context menus
by 2 days, 23 hours ago
-
Many AMD Ryzen 9800X3D on ASRock have died
by 1 day, 15 hours ago
-
simple general stupid question
by 2 days, 21 hours ago
-
April 2025 Office non-Security updates
by 3 days, 14 hours ago
-
Microsoft wants to hear from you
by 1 day, 5 hours ago
-
Windows 11 Insider Preview Build 22635.5160 (23H2) released to BETA
by 3 days, 18 hours ago
-
Europe Seeks Alternatives to U.S. Cloud Providers
by 3 days, 23 hours ago
-
Test post
by 4 days, 2 hours ago
-
Used Systems to delete Temp files Gone WRONG what does this mean?
by 4 days, 3 hours ago
Remembering Woody
