MS-DEFCON 2: Batten down the hatches, there’s a kernel patch headed your way

Topic

New Reply

Tom Warren at the Verge reports Microsoft would be patching the “Meltdown” kernel memory vulnerability for Win10 at 5 PM ET on Wednesday, Jan. 3. It’s
[See the full post at: MS-DEFCON 2: Batten down the hatches, there’s a kernel patch headed your way]

3 users thanked author for this post.

Dave, MrBrian, wdburt1

Reply | Quote

Replies

Hey Woody – did you mean JAN 3rd instead of DEC 3rd on this post ?
Thanks, Ken

1 user thanked author for this post.

woody

Reply | Quote

Got it. Thanks

1 user thanked author for this post.

woody

Reply | Quote

Dunno if this is part, all or none of it. But my WSUS servers received IE updates. KB4056568. The link is not yet active.

https://support.microsoft.com/en-us/help/4056568

Jim

Reply | Quote

What of other Windows versions?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Supposedly Win7/8.1 are coming. Haven’t heard if there will be emergency relief for XP and Vista.

1 user thanked author for this post.

FakeNinja

Reply | Quote

WSUS just keeps having them roll in. There’s even more. Notice the last one for ARM architecture.

Critical and Security Updates
2018-01 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4056892)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Cumulative Update for Windows Server 2016 (1709) for x64-based Systems (KB4056892)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Update for Windows Server 2016 (1709) for x64-based Systems (KB4058702)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-01 Update for Windows 10 Version 1709 for x86-based Systems (KB4058702)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-01 Update for Windows 10 Version 1709 for ARM64-based Systems (KB4058702)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-01 Update for Windows 10 Version 1709 for x64-based Systems (KB4058702)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

2018-01 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4056892)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Cumulative Update for Windows 10 Version 1709 for ARM64-based Systems (KB4056892)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

Regards,

Jim

2 users thanked author for this post.

AlphaCharlie, MrBrian

Reply | Quote

Now WSUS has synchronized the following in addition to the IE patch:

Critical and Security Updates
2018-01 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4056890)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4056890)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4056890)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Security Only Quality Update for Windows 7 for x64-based Systems (KB4056897)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4056897)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Security Only Quality Update for Windows 7 for x86-based Systems (KB4056897)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4056891)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Cumulative Update for Windows 10 Version 1703 for x86-based Systems (KB4056891)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4056898)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4056898)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

2018-01 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4056898)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.

Regards,

Jim

5 users thanked author for this post.

Steve, walker, HiFlyer, radosuaf, MrBrian

Reply | Quote

Updates for Windows 10 (all 5 versions), Windows 7, and Windows 8.1 have been released today. All of the articles for these updates have this note: “Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV have updated the ALLOW REGKEY.” It therefore seems that if your antivirus program isn’t reasonably up-to-date (and also compatible with the relevant update), or if you don’t use antivirus, then you will not receive these updates via Windows Update.

Reply | Quote

MrBrian wrote:

Updates for Windows 10 (all 5 versions), Windows 7, and Windows 8.1 have been released today. All of the articles for these updates have this note: “Due to an issue with some versions of Anti-Virus software, this fix is only being made applicable to the machines where the Anti virus ISV have updated the ALLOW REGKEY.” It therefore seems that if your antivirus program isn’t reasonably up-to-date (and also compatible with the relevant update), or if you don’t use antivirus, then you will not receive these updates automatically.

So how are we supposed to know if our antivirus programs are compatible?

Reply | Quote

“So how are we supposed to know if our antivirus programs are compatible?”

If the update isn’t available via Windows Update, then perhaps your antivirus is incompatible with the update.

2 users thanked author for this post.

walker, woody

Reply | Quote

Note: “then you will not receive these updates automatically” in my previous post was changed to “then you will not receive these updates via Windows Update”.

Reply | Quote

What an absolute [*] this is gonna turn out to be. I’m not going anywhere near this update until I read extensively what sort of an impact it’ll have on older systems. How is this vulnerability even exploited in the first place? Nobody knows yet. I assumed I would have dodged the bullet like I did with the management engine exploit but it’s looking increasingly unlikely.

-T

Reply | Quote

All of this month’s Patch Tuesday updates might have been or will be released today or very soon. Cumulative security update for Internet Explorer: January 3, 2018 has been released. Six security updates for Windows Server 2008 have been released. Release Notes – January 2018 Security Updates has been posted.

3 users thanked author for this post.

walker, woody, abbodi86

Reply | Quote

What a way to start 2018 patching 🙂

3 users thanked author for this post.

JDeC, SueW, MrBrian

Reply | Quote

Microsoft may not have originally intended to release the updates today, I infer from this article.

Reply | Quote

Yes, it seems they rushed the schedule for obvious reason
all Win 10 updates are literally built 2018/01/02

Win 7/8.1 monthly rollup seems not ready yet 😀

Reply | Quote

The security-only updates for Windows 7 and 8.1 are supposed to be available via Windows Update, so perhaps there will be no monthly Windows rollups for this month.

Reply | Quote

No they are not reaching WU, that’s why they got released today

WU will only get the Monthly Rollup

1 user thanked author for this post.

MrBrian

Reply | Quote

“No they are not reaching WU, that’s why they got released today

WU will only get the Monthly Rollup”

If that’s true, then Microsoft’s documentation for the Windows 7 and 8.1 security-only updates is incorrect.

Reply | Quote

Since the article Woody linked to states that the Win 7 and 8.1 updates will be available on Patch Tuesday, and various other Win 7 and 8.1 security-only updates are also incorrectly documented as being available on Windows Update, I think that the Win 7 and 8.1 monthly rollups indeed won’t be available until Patch Tuesday, and the Win 7 and 8.1 security-only updates that were released today indeed won’t be available via Windows Update.

Reply | Quote

Looks like the Win7 and 8.1 Security Only patches are in the Catalog, but the Monthly Rollups haven’t been released. As of this moment, anyway.

2 users thanked author for this post.

HiFlyer, geekdom

Reply | Quote

Yes, you read that correctly. The 18-month end of life for both 1507 and 1511 has been blown away again

1507 CU is for Enterprise 2015 LTSB (eol 2025)
1511 CU is for Enterprise/Education (eol 2018-04)

nothing blown 🙂

2 users thanked author for this post.

woody, MrBrian

Reply | Quote

Yeah, my 1511 home doesn’t ‘qualify’ for the fix – yet?

Reply | Quote

I messed that up in all the excitement….

Got. To. Get. Some. Sleep.

Reply | Quote

No worries 🙂

yes, what happened was too much in short period, too many reports 😀

Reply | Quote

I can say that Comodo isn’t compatible yet, they mean to release a fix next week apparently: https://forums.comodo.com/news-announcements-feedback-cis/does-cfw-interfere-with-the-meltdown-patch-t121297.0.html But I sure didn’t want to switch to v10! Darn it! Now what?

Also, the whole thing is a worse mess than it appeared even, summary at https://twitter.com/nicoleperlroth/status/948684376249962496 with the NYT article linked there too. So Meltdown affects all Intel CPUs since ’95 bar pre-2013 Itanium and Atom, and the software fix results in a significant performance drop, if you can install it at all due to the security software thing, while Spectre is harder to exploit but affects EVERYTHING and is a hardware issue with no foreseeable fix bar basically a complete redesign of CPU architecture and replacement of all CPUs in existence, so hackers will have a field day for a decade to come, as researchers say there.

4 users thanked author for this post.

SueW, woody, AlphaCharlie, MrBrian

Reply | Quote

Slow Down and Breath folks – Intel Speaks on the subject.

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

Intel Responds to Security Research Findings

Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.

Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.

Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.

Viper

Reply | Quote

Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software

Reply | Quote

MrBrian wrote:

Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software

Ya gotta love MicroBrain.  They gave ya everything except what to set the

“cadca5fe-87d3-4b96-b7fb-a231484277cc” REG_DWORD  value too (0 or 1)

Reply | Quote

0

This is documented in the articles for today’s updates, such as https://support.microsoft.com/en-us/help/4056897.

Reply | Quote

MrBrian wrote:

0 This is documented in the articles for today’s updates, such as https://support.microsoft.com/en-us/help/4056897.

Yeah I saw that but with a Key Name of “QualityCompat” then logically setting it to “0” would mean it is incompatible.  It may be that just having the registry entry present is the ticket and the actual value is moot.  Something to be aware of.

Reply | Quote

It might be true that any data for the value cadca5fe-87d3-4b96-b7fb-a231484277cc would work.

Reply | Quote

ViperJohn wrote:

Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Not surprised they said this, because I can see an even bigger lawsuit from this than over the Apple battery fiasco.

This is Corporate Cover-your-butt 101.

No matter where you go, there you are.

Reply | Quote

My WSUS just lit up like a delayed Xmas tree. So many patches, including a Windows 7 Security Only Quality update (4056897).

https://support.microsoft.com/en-hk/help/4056897/windows-7-update-kb4056897

 

No matter where you go, there you are.

Reply | Quote

MrBrian wrote:

It might be true that any data for the value cadca5fe-87d3-4b96-b7fb-a231484277cc would work.

Indeed. The page at: https://support.microsoft.com/en-hk/help/4056897/windows-7-update-kb4056897

points out that the item only needs to be present, no value needed.

No matter where you go, there you are.

1 user thanked author for this post.

woody

Reply | Quote

Why isn’t this on the front page?

Reply | Quote

We are aware of an issue where some are not seeing all the posts on the home page, but it is there! No idea of when to expect it will be fixed, sorry.

Check out the links in the right hand panel under Recent Blog Posts which gives direct links to all topics that are on the home page. However, for admin purposes, please click on Comment on the AskWoody Lounge before posting a reply (this preserves the topic’s search tags).

2 users thanked author for this post.

HiFlyer, woody

Reply | Quote

There’s some way overzealous caching going on here, the problem described can be hacked around by clearing your browser cache and/or CTRL+F5.

Reply | Quote

If caching is a problem on a clean OS build with a newly downloaded browser going to the site for the first time, I struck it yesterday!
Cynically, I suspect that wasn’t a caching issue (which may mean a longer fix time-frame)… 😉

Reply | Quote

“In the immediate term, it looks like most systems will shortly have patches for Meltdown. At least for Linux and Windows, these patches allow end-users to opt out if they would prefer. The most vulnerable users are probably cloud service providers; Meltdown and Spectre can both in principle be used to further attacks against hypervisors, making it easier for malicious user to break out of their virtual machines.

For typical desktop users, the risk is arguably less significant. While both Meltdown and Spectre can have value in expanding the scope of an existing flaw, neither one is sufficient on its own to, for example, break out of a Web browser.

Longer term, we’d expect a future Intel architecture to offer some kind of a fix, either by avoiding speculation around this kind of problematic memory access, or making the memory access permission checks faster so that this time interval between reading kernel memory, and checking that the process has permission to read kernel memory, is eliminated.” (Peter Bright, Arstechnica).

I think Woody is right, wait a while before doing anything.

2 users thanked author for this post.

HiFlyer

Reply | Quote

Just installed KB 4056897 on my Win 7 Pro SP1 x64 and not noticing any slowdown in performance (till now).

BUT it gives a problem with Sandboxie’s automatic start-up: (I have to translate this into English) “This programm is being blocked due to compatibility problems. [SbieCtrl.exe]. Sandboxie is incompatible with this version of Windows. …jada jada jada.”
Nor am I able to start Sandboxie from \Sandboxie\Start.exe.

I’ll try to reinstall it.

Reply | Quote

“Just installed KB 4056897 on my Win 7 Pro SP1 x64 and not noticing any slowdown in performance (till now).

BUT it gives a problem with Sandboxie’s automatic start-up: (I have to translate this into English) “This programm is being blocked due to compatibility problems. [SbieCtrl.exe]. Sandboxie is incompatible with this version of Windows. …jada jada jada.”
Nor am I able to start Sandboxie from \Sandboxie\Start.exe.

I’ll try to reinstall it.”
————————-

Decided to uninstall KB 4056897 instead. Took two restarts to get rid of it. (Restore Point did not remove it.)
Sandboxie runs as intended again.

I’ll try to be more patient. :-\

1 user thanked author for this post.

woody

Reply | Quote

Sandboxie has a new beta available that addresses the problem with the patch.

1 user thanked author for this post.

Elly

Reply | Quote

@Anonymous regarding Sandboxie:

Sandboxie has released a beta that solves this problem KB4056897 /KB4056894 – WIN 7 SECURITY UPDATE – Unable to use Sandboxie[Fixed in beta 5.23.3]

Reply | Quote

UPDATE: 1/4/2018

Group B Security-Only and IE11 Cumulative patches for Win7/8.1, issued 1/3/2018, have been added to AKB2000003.

11 users thanked author for this post.

Steve, Elly, JDeC, SueW, MikeFromMarkham, HiFlyer, David F, Pepsiboy, woody, wdburt1, The Surfing Pensioner

Reply | Quote

In addition to installing the January security update, a processor microcode update is required. This should be available through your OEM.

No idea what they mean by this??? If this was fixable via microcode updates, there’d be no OS patches required.

Edit : HTML to text conversion.

Reply | Quote

In this case, both will be needed. However, your OEM may or may not issue a patch/firmware update.

Reply | Quote

This article links to various Vendors that released a firmware update
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

4 users thanked author for this post.

SueW, HiFlyer, MrBrian, woody

Reply | Quote

Those are not updates for Metldown & Co., but rather for the Intel ME SNAFU.

2 users thanked author for this post.

SueW, satrow

Reply | Quote

I cannot see any such requirement for microcode updates with Linux kernel patches.

And yes, “your OEM may not issue a BIOS update” is what makes these OS patches essentially useless for vast majority of Windows users (unless MS finally provides a way to update the CPU microcode on boot for everyone, exactly as it can be done on Linux/BSD etc.) I cannot see an average Joe to massively start using unsupported third-party hacks to accomplish the task, such as https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#summary)

Reply | Quote

Since I don’t have a death wish for my computer, I will wait until the Monthly Rollup is issued.

• Windows 7 Professional
• Service Pack 1
• 64-bit Operating System

 

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

I guess we have two issues the Meltdown and the Spectre . I think the Spectre one is more problematic to fixing then Meltdown? Fingers crossed I guess.

Reply | Quote

There are three vulnerabilities involved: two for Spectre and one for Meltdown – see https://spectreattack.com/.

1 user thanked author for this post.

SueW

Reply | Quote

Interesting article from Bleeping Computer, it looks like Firefox already has a form of protection and I would imagine if you’re using something like NoScript to block javascript you should be reasonably okay for the moment (touch wood)

https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/

 

2 users thanked author for this post.

JDeC, woody

Reply | Quote

Mozilla is working on a Firefox fix in 57.0.4  https://support.mozilla.org/en-US/forums/contributors/712728?last=73228&page=2#post-73228

1 user thanked author for this post.

HiFlyer

Reply | Quote

A funny thing happened to one of my locked down windows 7 boxes today, it crashed during a power outage, when it rebooted it started a major update. Interesting because updates are turned off, always have been. I went in and checked, still are, and it does not have any record of the updates it ran. I assume this has something to do with Meltdown, hopefully, but forcing updates still seems a bit off. If its not Meltdown what the heck was it?

1 user thanked author for this post.

HiFlyer

Reply | Quote

Driver updates don’t always show up in Win Update history. Could it have been a driver update by OEM/hardware mfg? Many have system checkers.
Could it have been an update for some non-Windows software?

1 user thanked author for this post.

HiFlyer

Reply | Quote

Firefox 57.0.4 is released: https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/?utm_campaign=whatsnew&utm_medium=firefox-browser&utm_source=firefox-browser

It includes security fixes to address the Meltdown and Spectre timing attacks.

~Annemarie

 

Reply | Quote

So three questions I have regarding the upcoming browser patches:

-Once we have OS-level and BIOS level patches installed, do we still need the browser patches to be secured?
-What about other browsers, say, Safari for iPhones if specially crafted Javascript can be used, and do iPhones use affected ARM processors?
-If we need to keep special browser patches what about other connected applications like Skype or SQL?

Reply | Quote

A tweet that I think is probably accurate (at least the second sentence): “I doubt Meltdown is exploitable from javascript so not really applicable to personal computer users. The side-channels used by spectre are exploitable by javascript, but the countermeasures probably have to be in the browser rather than the kernel.”

1 user thanked author for this post.

woody

Reply | Quote

Very interesting. So if you use say NoScript and/or uBlock Origin in Firefox and related browsers and, in Windows, use Sandboxie , you could be quite ok if so. Waterfox is getting an update asap and Pale Moon has addon First Party Isolate. (Chrome has been updated allready).

Be very careful everyone of going for a kernel update. (And if that went well?????, you need a firmware update also?!?)… Wait. Seriously, wait…..

Reply | Quote

“Pale Moon isn’t vulnerable”

Reply | Quote

After installing the windows6.1-kb4056897-x64_2af35062f69ce80c4cd6eef030eda31ca5c109ed.msu standalone patch on a couple win7 pro x64 PCs I found that there is a problem creating new folders on the desktop. to duplicate right click on the desktop choose New / Folder then type a name and hit enter. On my PCs I get a file not found error.

Can anyone reproduce this?

Reply | Quote

I had no problem creating new folders on the desktop.
Win7 Ultimate x64

Reply | Quote

Win 7/8 Monthly Rollups are released, Win 8.1 not yet

2018-01 Security Monthly Quality Rollup for Windows 7 (KB4056894)
2018-01 Security Monthly Quality Rollup for Windows Embedded 8 Standard (KB4056896)

1 user thanked author for this post.

woody

Reply | Quote

January 4, 2018 KB4056894 (Monthly Rollup)

This update just showed for Windows 7, SP1, 64-bit.

Install or ignore?

 

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

WAIT. We’re on DEFCON-2

4 users thanked author for this post.

SueW, woody, JDeC, geekdom

Reply | Quote

Well… I installed the patch on my only machine (I know, but I have far fewer things that can break and I am cynical at the moment). So far, the patch went smooth and I haven’t noticed any issues. Not even a slowdown (although, I have installed 8GB of RAM on my laptop in dual-channel mode, so any loss was mitigated or lessened). I’m keeping an eye out for any issues.

Something of interest: HP has released a BIOS update a month a few days after the Intel ME fiasco (F.40 on my machine) which is supposed to improve the firmware’s security, but when I ran Microsoft’s utility, there isn’t any protection in the hardware yet for the CPU vulnerabilities. My best guess was to fortify the ME chip or fixed some security issues that the BIOS had.

Reply | Quote

Security Only Update for Windows 8.1 (KB4056898) got v2 in MS catalog

maybe that’s why the Monthly Rollup is delayed

4 users thanked author for this post.

woody, satrow, PKCano, MrBrian

Reply | Quote

The KB article for the Monthly Rollup is posted – but there’s nothing in the Update Catalog.

Reply | Quote

!!! WARNING !!!

Giant kaboom with KB4056894 and AMD CPUs: https://answers.microsoft.com/en-us/windows/forum/windows_7-update/stop-0x000000c4-after-installing-kb4056894-2018-01/f09a8be3-5313-40bb-9cef-727fcdd4cd56?auth=1

1 user thanked author for this post.

SueW

Reply | Quote