Microsoft clarifies (?) its CVE-2019-1367 release method

Topic

New Reply

From the Windows Message Center: Update: Starting September 24, 2019, mitigation for this vulnerability is included as part of the 9C optional update,
[See the full post at: Microsoft clarifies (?) its CVE-2019-1367 release method]

2 users thanked author for this post.

abbodi86, geekdom

Reply | Quote

Replies

I understood it, without a problem.

1 user thanked author for this post.

woody

Reply | Quote

I still haven’t seen it Sync to my SCCM/WSUS console.  Anyone else have it yet?

Reply | Quote

[EP]

is Patch Lady Susan aware of this recent announcement?
I guess win10 v1903 users have to wait til 9/26 to find out

• This reply was modified 5 years, 5 months ago by EP.

Reply | Quote

Yup.  What a zoo, what a mess.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

[EP]

It was a confusing mess indeed, Susan.

First Microsoft releases the out-of-band security updates on Monday September 23.
The following day Tuesday September 24, Microsoft releases a newer set of updates, replacing most of those out-of-band updates for most Windows versions.

The timing of the release of those updates are just ridiculous. they could have released those out-of-band updates on the weekend instead of a Monday.

where’s that “not so transparent” Pinnochio meter when we need it?

• This reply was modified 5 years, 5 months ago by EP.
• This reply was modified 5 years, 5 months ago by EP.

Reply | Quote

No one has a screen wide enough for Pinocchio’s nose in this situation. 🙂

Red Ruffnsore

Reply | Quote

Might on this monitor..

If debian is good enough for NASA...

Reply | Quote

EP wrote:

First Microsoft releases the out-of-band security updates on Monday September 23.
The following day Tuesday September 24, Microsoft releases a newer set of updates, replacing most of those out-of-band updates for most Windows versions.

Tuesday’s updates did not replace Monday’s, which are still available.

Reply | Quote

Am I correct in understanding that there are no separate patches to treat ONLY this vulnerability, and that I must drop a roll-up pile – containing known problems and potentially unknown ones on my 3000 users to address this?

Reply | Quote

Yes, there are separate patches – released on Monday, not Tuesday, mind you – but they have to be manually downloaded and installed.

Considering there are no known in-the-wild exploits, there’s absolutely no reason (IMHO) to subject your machine to them.

Reply | Quote

Susan, generally I enjoy open-style zoos – no bars or cages.  MS updates etc – bah!

Reply | Quote

It’s Thursday Sept. 26 – Susan can you check if any of the out-of-band updates for CVE-2019-1367 have actually been released thru WSUS? MS has not updated their support articles on those updates to reflect that they’ll be distributed thru WSUS.

Reply | Quote

I don’t see anything in the Catalog yet or on the Win10 history page.

Reply | Quote

I just now did a manual sync of WSUS and nothing yet. My guess is sometime later this afternoon which is when we normally see patches released.

Red Ruffnsore

1 user thanked author for this post.

woody

Reply | Quote

I was expecting to see the third Sept cumulative update for 1903. So far, nothing.

Reply | Quote

the 3rd CU for 1903 just came out around 2PM pacific time (KB4517211), along with a new SSU (KB4520390).

unlike KB4522016 which will remain available from MS Update Catalog only, KB4517211 is available thru Windows Update, MS Update Catalog & WSUS – I think Patch Lady Susan will be disappointed that MS decided to make the newer KB4517211 update available thru WU & WSUS rather than the out-of-band update like KB4522016. seems like MS broke their promise to release the out-of-band security updates thru WSUS

Reply | Quote