MS-DEFCON 2: Initial reports on the August 2018 Patch Tuesday crop are hopeful

Topic

New Reply

But it’s still too early to patch. Of course. As long as you don’t use Internet Explorer or Edge, and stay away from Flash — admonitions you’ve heard
[See the full post at: MS-DEFCON 2: Initial reports on the August 2018 Patch Tuesday crop are hopeful]

12 users thanked author for this post.

Nibbled To Death By Ducks, SkipH, lurks about, SueW, Karlston, Myst, geekdom, Microfix, abbodi86, fk5353, Elly

Reply | Quote

Replies

Ms-Defcon 2?!?

*silently passes out*

1 user thanked author for this post.

BobbyB

Reply | Quote

Win7, 64bit, Home, Group A, WU through June 2018.

Woody and fellow lounge folks (and maybe I should start a new topic but I’ll start here) – Speaking of not using Flash as you say above … I recently got a pop up from Norton saying Adobe Flash Player wanted to install while on Netflix. And please note, I use the latest version of Chrome and my plug-in for Adobe Flash is to ask before using. In my Programs tab under Control Panel, Adobe Flash is installed as of 8.14.2018, twice. One was Adobe Flash Player 30 Active X, the other was Adobe Flash Player 30 NPAPI. When I went to my Norton history immediately after the pop-up last night on Netflix, the info was that Adobe Flash Player had installed. I had not given it permission yet it automatically put itself there from the Netflix site. From what I’m reading on the Flash Player where specific sites are concerned, like YouTube and Netflix, it says these sites now use HTML5 in place of Adobe Flash Player, for the most part anyway. Obviously, it seems Netflix is still using Flash Player. Should I go to my Control Panel/Programs list and uninstall the Adobe Flash Player versions mentioned above that were installed last night, or just leave them? Thanks

MacOS iPadOS and sometimes SOS

Reply | Quote

Chrome has its own managed and maintained version of Flash called Pepper Flash. Google updates it through Chrome’s updates.

You can remove the versions of Flash in Add/Remove.
Flash ActiveX is used by IE, Flash NPAPI is used by Firefox (and NPAPI I believe is now disabled by default in Firefox anyway). Again you mention using Chrome, so yes, remove both of these as they are not used by Chrome.

They’re likely not going to open you up to attack as you’re not using the browsers that actually use these plugins, but I’d remove them for sanity’s sake anyway.

The only prompts Chrome should give you related to Flash would be to allow it to run; any prompts to update Flash (from within Chrome) can be safely disregarded. I’m not sure if Netflix uses HTML5 or Flash, but either way, I know Chrome wouldn’t be prompting you to update Flash in order to view Netflix. Some sites do maliciously tell you that you need to update Flash (in Chrome), but these install malware. Netflix is not one of them, but just FYI.

1 user thanked author for this post.

Myst

Reply | Quote

@zero2dash – Thanks! As I figured, and done.

MacOS iPadOS and sometimes SOS

1 user thanked author for this post.

zero2dash

Reply | Quote

Maybe this could be impractical for people who use YouTube? I might be wrong about this, but it is my understanding that receiving YouTube videos requires Adobe’s Flash, no HTML5.

I did not know that Netflix still allowed Flash connections.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

YouTube defaults to HTML5 where available. https://www.theverge.com/2015/1/27/7926001/youtube-drops-flash-for-html5-video-default

Adobe Flash going away is long overdue, as is Adobe Acrobat. (It’s a shame more people don’t use Sumatra PDF)

3 users thanked author for this post.

Jan K., OscarCP, Myst

Reply | Quote

I did go to YouTube and saw they use HTML5 as a default or whenever possible as a rule. Netflix the same I thought but for some reason Flash “flashed” in front of my face to install and I ignored it but it installed anyway, I might have clicked in a blank space on the Norton pop up screen asking for permission but it installed. I have some settings to review. Chrome is the determining factor and that’s why I like Chrome. I don’t use IE or any other. Both Adobe Flash versions are now gone. I don’t feel a threat because of the dominant force in protecting my Win7 from the dang Adobe Flash. Thanks to all for the input.

MacOS iPadOS and sometimes SOS

1 user thanked author for this post.

OscarCP

Reply | Quote

zero2dash: I’ve used Sumatra since Reader went Cloud. But haven’t received any updates for a while. What about getting Sumatra updates? Any useful advice on that, most appreciated.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I check the Sumatra PDF official site (https://www.sumatrapdfreader.org/free-pdf-reader.html) every once in awhile to see if there’s an update. As far as I know, it’s a single dev, so he doesn’t update it too frequently (though it doesn’t need it really, since it has no security issues like other PDF readers). According to Wikipedia the last release, 3.1.2, was released 2 years ago. If yours is that version, you’re fine. Consider it one less piece of software you have to babysit and update like Windows. 😀

2 users thanked author for this post.

Elly, OscarCP

Reply | Quote

you can see what’s going on in the Sumatra PDF Reader forums

there’s an issue when using SumatraPDF Reader on Windows 10 v1803 crashes Default apps feature. installing the KB4284848 or higher update fixes that problem.

2 users thanked author for this post.

columbia2011, OscarCP

Reply | Quote

In Firefox you can disable Flash until you need it for some sites.

2 users thanked author for this post.

OscarCP, Myst

Reply | Quote

Thanks for the advisory Woody.

Reply | Quote

Ok, DEFCON 2 now, but … what about July patches? Is KB4345459 safe? Does KB4338823 need to be applied first and KB4345459 right after without rebooting? Thanks.

Reply | Quote

When the MS-DEFCON rating reaches 3 or above, instructions will be given on how to apply the July AND August patches.

If debian is good enough for NASA...

5 users thanked author for this post.

woody, SueW, Laptop Boy, columbia2011, Myst

Reply | Quote

Well, two out of 3 systems here went down the drain today after updating. Total mess of crashed processes etc in the logs. One I brought back to life with restoring an older image, the other is undergoing the same treatment. So enough of those adventures.

Reply | Quote

anonymous wrote:

Well, two out of 3 systems here went down the drain today after updating.

What is your operating system and bit size for the failed updates and which updates?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

3 users thanked author for this post.

woody, OscarCP, SueW

Reply | Quote

I just came across this article, not patching related:
https://support.microsoft.com/en-us/help/4457739/blocking-remote-callers-from-starting-or-stopping-services-when-they-a

searching few info doesn’t lead anywhere but the KB url, so i presume it’s very new
it took them almost one year to document this RDS change

1 user thanked author for this post.

RTEsysadmin

Reply | Quote

I installed the latest checked updates (KB4343900 and KB4345590) on a previously up-to-date test machine running Windows 7 Professional SP1 and connected to an Active Directory test lab. Upon restart, when trying to log on as a standard user (Domain User), I received an error on a full screen blue Windows 7 background (not the BSOD) saying “Windows could not connect to the System Event Notification Service” and containing an “OK” button. Upon clicking OK, the screen went black and all that was displayed was the mouse pointer. The only option was to restart the computer. Logging in as an administrator worked, however. I checked the event log, and among the errors was a failure of the Group Policy client to start. Looking back in my notes (to 2012), I found a solution:

netsh winsock reset

That fixed the problem, and now the GP client starts, and standard users can log in.

I did not uninstall the updates and check to make sure that the problem went away, so I can’t prove that the problem is related to them, and I apologize for that. However, the only thing that had changed on that machine since it had a clean event log was the installation of those updates.

Group K(ill me now)

4 users thanked author for this post.

Nibbled To Death By Ducks, columbia2011, BobbyB

Reply | Quote

After making system partition backups I’ve successfully installed the August 2018 security only and IE (and W8.1 Flash) updates from the Catalogue for W7 Home Premium and W8.1 Pro in both my 32 bit and 64 bit PCs. (I dual-boot with W7 as my preferred default.) I then successfully installed the .NET rollups for all 4 combinations using Windows Update.

After some sanity checking all 4 look OK. The W8.1 folder/file explorer problems which re-occur for me every few updates and which I wrote about a few days ago following the July update (see https://www.askwoody.com/forums/topic/we-continue-at-ms-defcon-1-dont-install-any-of-the-july-patches/#post-210448 ) did not re-occur with the August W8.1 updates on either PC. (I’ve updated earlier than usual while this explorer stuff is still fresh in my mind!)

My usual caveat: I’m just a home PC user using non-Microsoft software for everything apart from Windows itself.

HTH. Garbo.

 

4 users thanked author for this post.

SueW, RTEsysadmin, columbia2011, Microfix

Reply | Quote

As per DEFCON 2, am avoiding:

1) The August 2018-08 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4345590), as well as

2. The 2018-08 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4343900)

I did download and install the monthly Malicious etc., but it took  the system 15 minutes to create a restore point and install it.

This, I think, is a record for something so small in file size. Something’s in the wind, and I’m battening down the hatches and diving to a safe depth until Susan or Woody gives the word.

(shudder)

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

columbia2011

Reply | Quote