Microsoft just released 27 new security patches

Topic

New Reply

The Update Catalog lists 27 patches that were released on July 16. Right now, we have 151 patches this month. This morning, the number stood at 129. I
[See the full post at: Microsoft just released 27 new security patches]

7 users thanked author for this post.

walker, jburk07, Microfix, abbodi86, ch100, Fred, Elly

Reply | Quote

Replies

Um, Woody, do you mean July 16 instead of 26? Otherwise, I’ve really missed my quarterly young adult library specialists meeting on the 17th…

1 user thanked author for this post.

HiFlyer

Reply | Quote

That’s been fixed

2 users thanked author for this post.

mindwarp, woody

Reply | Quote

Looks like their primary abjective is  “Addressed issue in which some devices may experience stop error 0xD1 when you run network monitoring workloads” which nobody outside of Microsoft had a clue what that actully meant.

1 user thanked author for this post.

HiFlyer

Reply | Quote

0xD1 would generally mean a ‘bad’ kernel mode driver, or *something* interfering with a ‘good’ driver, has been recently introduced/changed.

Reply | Quote

All fixes are for tcpip.sys and related components

4 users thanked author for this post.

Kranium, ch100, Microfix, woody

Reply | Quote

I haven’t been around here for very long but would “This month’s patches … mess. DON’T PATCH.” warrant MS-DEFCON 1?

2 users thanked author for this post.

seamonkey420, JCCWsusser

Reply | Quote

I’m still debating that.

Usually MS-DEFCON 1 is a warning that some particular patch is breaking a whole lot of machines. In this case, we have a whole lot of patches that are breaking a whole lot of machines.

Lemme think about it.

1 user thanked author for this post.

walker

Reply | Quote

I agree with Woody’s decision to move to Defcon 1, due to the plethora of serious problems which have been reported for a slew of the July updates. I had a sinking feeling that June was just too good to be true. Microsoft raised the Windows Update out of the sewer and above the gutter with the June updates. Yet with July, it appears that Windows Update is right back into the sewer. It is what it is.

Reply | Quote

For the 1803 update, KB article says build is 17134.166 but I’ve seen posts elsewhere that say ‘winver’ shows 17134.167 after update!

Reply | Quote

It is 167.
This page has the correct info
https://www.microsoft.com/en-us/itpro/windows-10/release-information

Reply | Quote

Just fired up the pc. It seems that 4338818 (w7 x86) is pulled. I did not get it offered, not even unchecked. Same goes for the .net-update, nowhere to be seen. 2952664 was also offered, but unchecked. So I ended up with MSRT, 4 Office-updates and 3184143, which I had missed last September. Felt safe to install those; no problems.

~ Annemarie

Reply | Quote

They are not completely pulled

they are kind of hidden, one must install 2018-06 Seurity and Preview updates to get them offered/unchecked

we have similar situation to March KB4088875

5 users thanked author for this post.

geekdom, ch100, Microfix, woody, PKCano

Reply | Quote

anonymous wrote:

For the 1803 update, KB article says build is 17134.166 but I’ve seen posts elsewhere that say ‘winver’ shows 17134.167 after update!

indeed it is .167

* _ ... _ *

Reply | Quote

Its bad enough the Exchange Server team is recommending people not to install them, see here:

https://blogs.technet.microsoft.com/exchange/2018/07/16/issue-with-july-updates-for-windows-on-an-exchange-server/

2 users thanked author for this post.

HiFlyer, ch100

Reply | Quote

Yep, it WAS bad enough that MS recommended on Sunday that Exchange admins not install the Tuesday patches.

Pity the poor folks who installed them, not realizing that MS was recommending against installing its own patches.

That all changed on Monday, of course. I wonder if any gung-ho MS folks are recommending that Exchange admins install Monday’s patches? Fool me once, shame on you, etc….

3 users thanked author for this post.

HiFlyer, seamonkey420, Cybertooth

Reply | Quote

In case anyone is keeping score, I installed the new update on a Windows 7 machine and it seems to have broken acquiring IP addresses via DHCP on the wireless interface.  Wired works, but wireless won’t now.

5 users thanked author for this post.

jburk07, HiFlyer, columbia2011, Microfix, Elly

Reply | Quote

The recent pattern makes me wonder what they are doing to networking. If I was paranoid …

3 users thanked author for this post.

Kranium, seamonkey420, Microfix

Reply | Quote

KB4345459 “Workaround” for KB4338823 W7 Security Only (Group B) issues:

I just spotted this new addition after going back to Susan’s Master Patch list to recheck info links for impact by this thread topic. Interestingly, I didn’t find this workaround indicated for the Grp A Rollup KB4338818. So, W7 Group B’ers take note on KB4345459

3 users thanked author for this post.

SueW, samak, Elly

Reply | Quote

Also: W8.1 Security Only KB4338824 has a Workaround for its issues, KB4345424

Reply | Quote

There are new issues stated on https://support.microsoft.com/en-us/help/4338818. Page updated July 16th.

After installing this update, some devices running network monitoring workloads may receive the 0xD1 Stop error because of a race condition.
Currently, there is no workaround for this issue.

Microsoft is working on a resolution and estimates a solution will be available mid-July.
Restarting the SQL Service may fail occasionally with the error, “Tcp port is already in use”.
Currently, there is no workaround for this issue.
Microsoft is working on a resolution and estimates a solution will be available mid-July.

When an administrator tries to stop the World Wide Web Publishing Service (W3SVC), the W3SVC remains in a “stopping” state, but cannot fully stop or be restarted.

Currently, there is no workaround for this issue.
Microsoft is working on a resolution and estimates a solution will be available mid-July.

 
There not being any solutions yet (in contrary to https://support.microsoft.com/en-us/help/4338823) could this be why 4338818 is not offered (unless the old install-reviews-first-workaround from Abbodi)?

Reply | Quote

All Windows systems suffered the same issues (give or take)
i wonder why Windows 7 is the only one that got July updates staggered
too much care, or too much lower priority?

that even included the telemetry update KB2952664
it’s like someone decided: we don’t want more headache with Win7 mess, just stop all updates

Reply | Quote

Windows 10 1803 had the same at least yesterday.
The only patch offered on non-patched systems was the June 2018 official update KB4284835.

Reply | Quote

It would cost us users less headaches too, hahaha

~ Annemarie

Reply | Quote

I swear that MS approaches patching/updates using the same methodology as Monty Python does when determining whether someone is a witch.

Group B for WIN7 w/ ESU, plus trying out Linux builds in dual boot.

7 users thanked author for this post.

jburk07, BobbyB, Karlston, lurks about, samak, HiFlyer, Microfix

Reply | Quote

I think at this point, Group W is a solid choice for 7/8.1 users, and those who are afraid of going that far should go Group B, Sec only. I think the risk of Group A now far exceeds the benefits.

They’re barely putting effort towards QA their Win10 patches, but at least with the forced telemetry, they seem to be fixing those at a rapid pace when something breaks. Everything else might as well be considered EOL and unpatchable, for non-techies at least. My how the mighty have fallen…

1 user thanked author for this post.

Microfix

Reply | Quote

I quite agree zero2dash.

Thinking back on the first 5/6 months of 2018, perhaps the next safe time to install patches on W7/ W8.1 will again be in 5/6 months, the time it takes MS to get their heads out of their cloud, and in between perhaps Group W isn’t such a bad option after all (at least NIC’s ,WiFi and networking will work for the next 6 months without an MS [mess])

On another tangent, there seems to be a shifting trend in browsers/ extensions that seem to be taking care of things that MS can’t/ won’t so, once again Group W seems a valid option (especially for Group A)

As of June 2018 patches all our W7/ W8.1 devices are working as intended with no side affects and are secure and stable. I. like so many others, would like to keep it that way.

(Note to self: time for an off-line system image on all our MS OS devices again) the last time was in Dec 2017.

I’m just glad not to be on W10, as choices and options are dwindling towards a cloudy dumb terminal.

Windows - commercial by definition and now function...

1 user thanked author for this post.

Bill C.

Reply | Quote

After reading all of the posts re: what an unholy mess MS has made of July patches, I don’t think it’s the clouds MS has their collective head stuck in.

Reply | Quote

To answer the most obvious question, no, it doesn’t appear as if anyone tests these things before they’re shoved out the Windows Update chute.

Of course not.

Bugs and errors are both cost-free and risc-free for Microsoft.

So why waste the time?

Reply | Quote

It would be nice if somebody from the press could ask Bill Gates about the startling lack of quality control in the company’s products, month after month.  While we all know Windows has always been perceived (fairly or unfairly) as havings its fair share or quirks and bugs, I think most would be hard pressed to find a similar streak of just utterly horrendous QC in update releases under Gates or even, dare I say it, Ballmer.

Reply | Quote

Bill Gates retired years ago.  Do not think he is even on the board anymore.  Ballmer took over from Gates and he retired from MS around 08/2014.

All this update garbage is the direct result of Satya Nadella doings.  While the man is “supposed” to be very intelligent you would never know it by the obvious incompetence he displays almost daily.

Reply | Quote

Gates is still on the board and still up to date on the goings on.

Reply | Quote

Woody covered this a few months back.
https://www.askwoody.com/2018/scottgu-we-need-you-please-unscrew-windows/

Windows desktop is not where their priorities are anymore; I’d even argue that Windows server and Exchange are not either. I see more ads on TV for Microsoft AI than Surfaces and Win10 nowadays. That’s where they’re going. They will push the ad $ towards Office365, Azure, and the AI. They don’t care anymore about Windows, and it shows. It’s a dang shame, but it definitely shows.

As ViperJohn said though, it’s all Nadella’s fault. He fired the internal QA team, so they really don’t have any paid beta testers anymore. Windows Insider is supposed to provide that, but here we are, month after month, and patches still make it past the WI ‘Rings’ and out to GenPop, and cause issues and crashes.

This is just the way things are now, unfortunately. You either pick up speed and figure things out (made easier with the AW community, obviously), you drown, or you convert. Unfortunately there’s no real corporate backing behind a Linux flavor to get people to switch, but man, I’d love to see someone like IBM, HP, or Dell start working with Canonical (Ubuntu), Debian, or Fedora (Red Hat) and actually try to push and convert people. Linux as a homegrown product will probably never succeed; it needs ad money and industry help.

5 users thanked author for this post.

cesmart4125, SueW, Cybertooth, Bill C., BobbyB

Reply | Quote

The continuing mess with Windows patching and the comparative ease of patching on Macs, Chromebooks, and Linux make serious consideration of switching a reasonable idea. Linux does not have a strong public awareness but it is well know by the technically inclined. Most people just want a working box and they well ask their technically inclined friends and family members for advice. Depending on the financial situation, etc. the recommendation could be a Mac, Chromebook, or install a Linux distro. And if I recommend a Linux distro I install for them so they do not need to worry about the various issues that can occur.

The danger to MS is the fact that users will have a reason to switch to something else. Also, the users do have resources that MS ignores or angers at their peril. Woody recommends Chromebooks as good option for many on a Windows oriented site. That sums up MS dilemma; either fix Windows and the patching process or there will more open discussion of alternatives on what are nominally Windows oriented sites.

Reply | Quote

A year or so ago a former colleague bought his son a cheap laptop for school (Win10), it failed due to bad workmanship so he bought a better one. It had lots of bells and whistles, but it too went south, (or at least some data and school work did) when Windows failed to upgrade propeerly. He was complaining about spending for two machines and I said if he had bought a MacBook he would have been out the same money, but have a working machine.

They are now an iMac and MacBook family.

It all depends on what a users trigger point to switch is.

Reply | Quote

Part of the problem on the corporate/government end may be that depending on the industry/department/field and what software is being used, switching away from Windows might be problematic. My library system’s current head of IT and his assistant were at my branch recently, and I asked if he had an updated timeframe for rolling out updated Win 10 images to staff PCs, due to MS’s annoying attempts to force updates (the images currently on them and updating setup were set up under his predecessor, who didn’t set up WSUS and just attempted to lock them down – which doesn’t work anymore, but MS can’t update the PCs as they just reset anyway). He joked about going to Linux among other OSes, and then had to say that we couldn’t do that sadly due to the software we use for all library tasks, which isn’t available on Linux. Considering that software vendor also hosts our catalog, and our PC hardware can’t be replaced yet, we’re stuck with Windows for now (a Mac version is available, but how good it is is unknown).

1 user thanked author for this post.

HiFlyer

Reply | Quote

mindwarp:

Have a look at https://opensourcesoftwaredirectory.com/Nonprofit/Library-software, and Wikipedia Portal: Library and Information science as a good starting point. If he/she is serious,(and has the authority to do it), some run on linux, some are full-fledged information systems, you might find it interesting. You might be stuck with current vendor for a while though…chance to do some research.

MVP Edit: Broken link, now removed.

Reply | Quote

Where is the viral internet campaign taking MS to task for the abysmal job they are doing with updates? If the “concerned internet public” can bring companies such as Starbucks and their ilk to heel in mere days, surely they can bring MS at least to its knees…

Reply | Quote

Yikes! I just updated my office 2016 and 1709 machine only to find we are as ms-defcon 1. I haven’t had any issues yet but I hope I didn’t jump too soon.

Reply | Quote

Exchange Server 2010 on Windows 2008 R2 faced mail flow issues after installing July 2018 Windows Updates, I had to remove the updates!
I’ll be waiting for a fix for it; it’s a shame these updates are not tested even on widespread configurations out there !

Reply | Quote

I have hidden KB4338825 via wushowhide.   If I check for updates on wushowhide, KB4345420 does not show up.  Does this make sense?  Win10 1709

Reply | Quote

The Servicing Stack is automatically downloaded and installed first when you get the CU from Windows Update. Consequently, it may not show up as a separate individual update,

Reply | Quote

KB4345420 is not the servicing stack, it is the “fix” for July cumulative update for win10 1709. KB4339420 is the servicing stack.

Reply | Quote

My mistake, sorry. the fix 4345420 is available for Catalog download only, not through WU.

Reply | Quote

thanks

Reply | Quote

People should never be forced to choose between a vulnerable computer or a computer that’s been messed up by half-baked patches. Right now, Microsoft is forcing people to make that choice. They should never be. This is unacceptable. Anyone wants to risk a lawsuit against Microsoft for this abomination?

1 user thanked author for this post.

WildBill

Reply | Quote

Read the Microsoft license that is part and parcel of your operating system. Realize that the license was built by very competent Microsoft attorneys whose sole purpose is to protect Microsoft’s interests. Devote your energies instead to:

• Keeping your current system running without errors and viruses
• Finding and learning an alternative operating system

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

4 users thanked author for this post.

jburk07, SueW, GoneToPlaid, Kranium

Reply | Quote

I agree. I might recommend two additional bullet points.

— Keep all other installed software up to date.

— Keep drivers, in particular network and video drivers, up to date. Video drivers have come rather important of late to keep updated, as they may include mitigations against Meltdown which will prevent your graphics CPU from being used to conduct a Meltdown attack.

 

Reply | Quote

here’s a question for abbodi86: there’s an anonymous comment on this ghacks.net page:
https://www.ghacks.net/2018/07/17/microsoft-fixes-july-2018-updates-for-windows-7-windows-8-1-and-server/

person asked whether if the KB4345459 update supersedes the KB4338823 update for Win7.

feel free to comment about this here or there, abbodi86.

Reply | Quote

I don’t speak for @abbodi86, but he Microsoft pages for KB 4345459 say this:

Update replacement information

This update does not replace a previously released update.

Reply | Quote

The KB4345459 update does not supersede the KB4338823 update for Win7. Yet it appears that the update replacement info was updated? Here is what is listed for Win7 x64 systems:

2018-07 Update for Windows 7 for x64-based Systems (KB4345459)
Last Modified: 7/16/2018
Size: 37.7 MB

This update replaces the following updates:

2017-11 Update for Windows 7 for x64-based Systems (KB4055038)
Update for Windows 7 for x64-based Systems (KB3138901)
Update for Windows 7 for x64-based Systems (KB3156417)
Update for Windows 7 for x64-based Systems (KB3187022)

It is slightly different for Server 2008 R2…

2018-07 Update for Windows Server 2008 R2 for x64-based Systems (KB4345459)
Last Modified: 7/16/2018
Size: 37.7 MB

This update replaces the following updates:

2017-11 Update for Windows Server 2008 R2 for x64-based Systems (KB4055038)
Update for Windows Server 2008 R2 x64 Edition (KB2744129)
Update for Windows Server 2008 R2 x64 Edition (KB3138901)
Update for Windows Server 2008 R2 x64 Edition (KB3156417)
Update for Windows Server 2008 R2 x64 Edition (KB3187022)

 

Reply | Quote

The MS page doesn’t say that now. See link above.

Reply | Quote

I always check the Microsoft Update Catalog page for any given update. This is where I got my information from.

Reply | Quote

Yes, KB4345459 is the new Security-Only update for Win 7

likewise KB4345424 for Win 8.1

Reply | Quote

I’m not so sure about this. It appears to me that KB4345459 is a patch to fix patch KB4338823. But …..

KB4345459 last updated 07/16/2018
KB4338823 last updated 07/17/2018

But …

File sizes are different, supercedence is different. Metadata changes?

But …

KB4338823 hasn’t been pulled. MS documentation doesn’t agree with it’s own documentation.

This mess is getting totally confusing. I wish MS would get its’ head out of its’ **** and explain what’s going on.

Anybody had the time to diff file information on the two patches?

Edit: Please see askwoody-lounge-rules regarding colorful language.

Reply | Quote

Win 7 SP1 64 Group A

until 2 days ago I had one priority update which was removed.  Today I received 2 new patches instead.  KB4340556 Security & quality rollup

KB4338818 Security monthly quality rollup

1 user thanked author for this post.

Microfix

Reply | Quote

Thanks, I also received those patches earlier today for our W7 SP1 x64 and hid them

Advise not to install as we are at MS-DEFCON 1 on AskWoody.

Windows - commercial by definition and now function...

Reply | Quote

I too had an MS security bulletin announcing rerelease of 4338818 and it popped up on WU on my two W7  64 bit SP1 machines. I am steering very well clear.

Chris
Win 10 Pro x64 Group A

Reply | Quote

Of course the sizes will be different a little bit, KB4345459 contain new components/files
it’s Microsoft general rule: non-security updates do not supersede security updates on metadata level

the issue is not broad or affect all machines, it’s minimum
therefore, no need to pull security updates

here’s a blog from Mircosoft employee (in japanese) saying the same:
https://translate.google.com/translate?hl=en&sl=ja&u=https://blogs.technet.microsoft.com/jpntsblog/2018/07/19/stoperror_after_julyupdate/

– For Windows 7 SP1 / Windows Server 2008 R2 SP1
To apply security-only update (Security-only update), apply ” KB4345459 “. KB4345459 Is A fix for this problem is added to the contents of KB 4338823 (Security-only update) .

To apply Monthly Rollup, apply ” KB 4338818 (Monthly Rollup) + KB 434559 ” or ” KB 4338821 (Preview of Monthly Rollup) “.

also, updated Microsoft Security Guidance for CPU vulnerabilities, list all 4 updates of this month: Security Rollup, Security-Only update, Preview Rollup, Standalone update (KB4345459)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180016

see the last revision
meaning, all of them include security fixes for this month, but the last two include extra fixes for the tcpip.sys BSOD issue

6 users thanked author for this post.

SueW, ch100, jelson, OscarCP, Elly, woody

Reply | Quote

hi

how can i update from 1703 to 1709 and avoid the most recent 1703 update ?

Reply | Quote

@anonymous you can find the links and info here: https://www.askwoody.com/forums/topic/how-and-where-to-find-isos-for-old-versions-of-windows-10/#post-192456
Run the .iso file from the desktop or do an “in place upgrade” via USB stick made with Rufus after backing up your important stuff, just in case.
Slightly confused here the running order for Win10 Vers is 1703, 1709, 1803 do you mean avoiding the Cumm update for 1703 or skipping ahead to 1803? I should however caution you that if, as I think, you want to avoid 1803 you will need to upgrade to 1709 with any Network “Off” and disable WUD or at least make sure the 1803 upgrade can be blocked as soon as you reconnect the net. As its out there and the first batch of updates for Win10 1709 will arrive with the 1803 upgrade so you need to be vigilant.

1 user thanked author for this post.

columbia2011

Reply | Quote

Microsoft released an updated .NET patch yesterday.  Not sure if it is metadata only.

 

Phil

Reply | Quote

I think it’s metadata only, but don’t have confirmation.

Reply | Quote

No, .NET 4.x rollup update file is changed
https://support.microsoft.com/en-us/help/4345232/0x80092004-error-and-updates-kb4340557-and-kb4340558-don-t-install-aft

2 users thanked author for this post.

columbia2011, woody

Reply | Quote

AKB2000003 has been updated 7/20/2018.

KB 4345459 (Win7) and KB 4345424 (Win8.1) have been added for Group B Security-only.

3 users thanked author for this post.

lanceboil, Microfix, Elly

Reply | Quote

re: kb4345459

FWIW,….

Starting w/ the July updates [sec+qual rollup win7x64], I started having an application hang I had never had before.  It was a internet-intense app and the hang definitely involved this torrent app’s user interface and the Desktop Windows Manager [dwm.exe]. process-monitor and events in the log clearly pointed that way. Turning off Aero and Desktop Composition was now required.  Since I had recently installed a new video card I assumed it must be related to that new driver [although things had been fine for 2 weeks prior to patch-tuesday].  I tried older video drivers, asked many questions on the video maker’s pages, etc.  No joy.

Then I read about kb4345459 and what it called “device stoppages”, and thought “what the heck”, my problems did start with that d*** 16jul18 w7 rollup.  After install, Autoruns told me the only file that had been updated by kb4345459 was tcpip.sys.  Well, that has nothing to do with video, it won’t make any difference I thought.

But it did!  The problem has gone away, I can turn Aero and Desktop Composition back on and it just works again, just like it did before patch Tuesday.  I wish I had listened to my conscience, “If it ain’t broken don’t fix it!”.

So, if you don’t want to uninstall the rollup and wait, give kb4345459 a try, maybe it’ll fix something for you too!

-=PSH=-

Reply | Quote

I’m at a loss on installing kb 4338818.  How do I find kb 4338821 and or KB 434559?

Thanks.

Reply | Quote

If you are in Group A and have installed the 2018-07 Monthly Rollup KB 4338818, you will find the 2018-07 Preview Rollup KB 4338821 in the optional updates.

If you are in Group A and have not installed KB 4338818, you can install only the Preview KB 4338821 becasue it is cumulative and contains KB 4338818.

However, in either of those cases, you should WAIT for Woody to raise the DEFCON number to 3 or above.

2 users thanked author for this post.

columbia2011, walker

Reply | Quote