MS-DEFCON 3: Get patched but, man, there are a lot of outstanding bugs

Topic

New Reply

Unfixed problems with patches in Win7, Win 8.1, .NET and Office, among others. It’s a jungle out there. Post coming in Computerworld.
[See the full post at: MS-DEFCON 3: Get patched but, man, there are a lot of outstanding bugs]

4 users thanked author for this post.

Morty, JDeC, Seff, AJNorth

Reply | Quote

Replies

Data points to perhaps help people feel more confident:

No problems observed here with Group A style installation and running on the September patches with my Win 7 and 8.1 test and hardware systems:

Win 8.1 has run for me 24/7 without a glitch on my main workstation (which sees a lot of action) for 12 full days now.

Win 7 has run for me 24/7 without a glitch on my small business server (not a lot of interactive action but transfers a lot of files) for 3 full days now.

One reminder:

When you first start Internet Explorer, quickly heed the small warning it puts up at the bottom of the IE window that says tabs are now going to be shown on a separate row, and be prepared to press the “Revert” button. The message won’t stay on the screen long. If you miss the message, presuming IE starts, you can change the setting this way, by right-clicking on a tab and unchecking “Show tabs on a separate row”:

-Noel

6 users thanked author for this post.

Charlie, HiFlyer, woody, Seff, AJNorth, Rock

Reply | Quote

I like tabs on a separate row, and had IE set that way on all my machines.
After installation of KB4038777 (Monthly Rollup) or KB4036586 (IE11 Cumulative Update), on one Win7 installation on a laptop with very high resolution, IE would not start, at all, as long as tabs were on a separate row. If I set them for the same row as the address bar, everything was OK.

I found the problem was in the icon font size and it required registry edit to fix it.
My results are reported here and in the following replies.

2 users thanked author for this post.

SueW, Noel Carboni

Reply | Quote

Perhaps it’s time we introduced a MS-DEFCON 2.5 :)!

Thanks Woody, I look forward to reading the full article.

Thanks also Noel for the data points.

3 users thanked author for this post.

AJNorth, AJNorth, Noel Carboni

Reply | Quote

I installed the following updates on my Dell Windows 7 x64 home computer today:

2017-09 Security Monthly Quality Rollup – KB4038777
2017-09 Security and Quality Rollup for the .NET Framework – KB4041083

I was four for four:
1.) I re-enabled libraries prior to installing the KB4038777 patch, and this was sufficient to prevent the folder rename bug that occurred after this rollup was installed on my work machine.  After testing, I disabled libraries again.
2.) I checked and my C:\Windows\System32\oem folder was not touched.
3.) I launched IE.  Immediately a message appeared at the bottom about tabs being placed on a new row.  I clicked the Revert button faster than you can say “Ask Woody”.  IE then appeared normal.
4.) I launched Paint.NET and encountered no issues.

P.S. AskWoody.com is really slow today.

Reply | Quote

@alpha128 could you explain in more detail what you mean by the following:

“1.) I re-enabled libraries prior to installing the KB4038777 patch, and this was sufficient to prevent the folder rename bug that occurred after this rollup was installed on my work machine.  After testing, I disabled libraries again.
2.) I checked and my C:\Windows\System32\oem folder was not touched.”

I have Libraries on my DELL, such as Documents, Music, Photos, etc.

Is this something that one enables or disables??  I’ve never touched that aspect of the machine.  If I already have libraries, do I not need to worry about this OEM folder issue on my DELL?

FYI, For safety’s sake, I’ve made a backup of the OEM folder from system32, and copied the backup to another computer, so that I could copy it back if need be.

Reply | Quote

No issues on Grp A Rollup KB4038777, NET KB4041083, (3) Office ’10, Excel ’10, Publisher ’10, Pwr Pt ’10.

The “Avoid ’10 Outlook” (not in my ’10 Hm-Student Ofc but shows in WU) was UN-CHK’d by itself.

Another  small “Thank You Woody” via PayPal just now.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

2 users thanked author for this post.

Charlie, PKCano

Reply | Quote

Seems to me installing the correct .net security only update is easier this month since they haven’t split them into their respective versions, you only have to find the one that corresponds to your OS. As explained in the workaround here – https://support.microsoft.com/en-us/help/4043601/rendering-issues-after-the-september-12-2017-net-security-and-quality – or am i again misreading the obtuse nature of microsoft these days?

-T

Reply | Quote

Warning for those who use .NET Framework Security Only updates

2 users thanked author for this post.

AJNorth, SueW

Reply | Quote

A bit off topic here, but regarding the Spring 2017 Creators Update (Version 1703) — It appears once again, upgrading my WIMBoot tablet (ASUS Transformer Book) munged the Windows Store in the User Account. This time I got it back under control by deleting the Store itself with CCleaner, then using DISM and a PowerShell Script (plus several restarts) to get the Store reinstalled, just into the User Account. The Admin Account only had to refresh its Apps and reinstall a few of them. So once again, upgrading this device is treacherous. But at least it’s not “banned” yet, even though it runs on an Atom Processor.

-- rc primak

Reply | Quote

I’m [more than] happy to report that I updated earlier today via Group B instructions:

Installed:

– 2017-09 Security Only Quality Update for Windows 7 for x64-based Systems (KB4038779)
– Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB4036586)

Checked for Updates:

Important: 10; 9 checked [Outlook 2010 (KB4011089) was unchecked]

Optional: 1 unchecked [2017-09 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4038803)] – remained unchecked

Installed:

– Security Update for Microsoft Excel 2010 (KB4011061)
– Security Updates for Microsoft Office 2010 (KB3213626, KB3213631, KB4011055)
– Security Update for Microsoft PowerPoint 2010 (KB3128027)
– Security Update for Microsoft Publisher 2010 (KB3141537)
– 2017-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 for x64-based Systems (KB4041083)
– Windows Malicious Software Removal Tool x64 – September 2017 (KB890830)

Phew

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

3 users thanked author for this post.

HiFlyer, Charlie, JDeC

Reply | Quote

Congrats, @SueW!

Updating Windows has become very much like an airplane landing: any one you walk away from was a good one.

3 users thanked author for this post.

rc primak, HiFlyer, SueW

Reply | Quote

Thanks, AJ!  And your analogy is a good one!

A huge “Thank you!” goes to Woody, PKCano, MrBrian, and others who have provided guidance and reassurance along the way.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

2 users thanked author for this post.

JDeC, AJNorth

Reply | Quote

Ten four on the phew!  I just got done doing the exact same on my Win 7 & Office 2010.  Everything seems to have gone well and now reading your post makes me feel better too.  Also want to say thanks to all of those who make it possible to stay in group B.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

1 user thanked author for this post.

SueW

Reply | Quote

Hello AskWoody,

I have 4013214 Upgrade and Privacy Experience (UPX), 4023057 Update to Windows 10 Versions 1507, 1511, and 1607 for update reliability & 4033637 ? Undocumented = Hidden.

W10 Home 1607 (14393.1737)

Your thoughts ?
Thanks

Reply | Quote

The patch KB4033637 still doesn’t appear in the Catalog, and a lot of what I’ve read is about problems it causes. I’d keep that hidden for now. Woody’s ComputerWorld article on the patch.

 

3 users thanked author for this post.

HiFlyer, walker, bjm

Reply | Quote

PKCano wrote:

The patch KB4033637 still doesn’t appear in the Catalog, and a lot of what I’ve read is about problems it causes. I’d keep that hidden for now. Woody’s ComputerWorld article on the patch.

Okay.  Keep 4033637 Hidden.

What about 4013214 Upgrade and Privacy Experience (UPX) & 4023057 Update to Windows 10 Versions 1507, 1511, and 1607 for update reliability = Hidden.

Aren’t 4013214 & 4023057 just about bringing me to Creators.    I do not recall no reservations recommendation for 1703.   I also do not recall no reservations recommendation for staying with 1607.

Comment

Reply | Quote

I believe both of those have to do with the upgrade to 1703. I think you install them then eventually you’ll be offered Creators.

1 user thanked author for this post.

bjm

Reply | Quote

Regarding the issues that may arise after installing the September 12, 2017 .NET Security and Quality Rollup:

1. Microsoft says that the company is working on the problem.

2. The workaround (uninstalling the .NET Security and Quality Rollup, identifying installed versions of .NET, and installing the .NET Security-Only update) is, well, cumbersome.

In view of the above, is it reasonable to wait for Microsoft to solve the problem before installing either the .NET Security and Quality Rollup update or the .NET Security-Only update?  How serious is the vulnerability that is being addressed?

 

Reply | Quote

The September 2017 .NET Framework updates address CVE-2017-8759, which is being exploited in the wild. I would not wait too long to apply the updates. Perhaps the upcoming Patch Tuesday (October 10) will bring a fix to this issue.

1 user thanked author for this post.

280park

Reply | Quote

After installing the September updates, I checked to see if I left out anything. All I saw was this:

Update for Windows 7 for x64-based Systems (KB3021917)

But it was unchecked, so I didn’t install it.

Reply | Quote

@ Morty, KB3021917 was a Windows 10-related update from 2015.  If it appears again, I would make sure it’s still unchecked, and then hide it.  The last time I ‘hid’ it was in August 2015, and it has yet to reappear.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

Reply | Quote

Thanks, SueW.

What happens if I just leave bad enough alone and don’t hide it?

Morty

Reply | Quote

For Windows 7 and 8.1, one of the consequences of not hiding Important updates that you don’t want to install seems to be that you won’t see applicable updates that must be installed by themselves (such as servicing stack update KB3177467) until there are zero Important updates.

1 user thanked author for this post.

SueW

Reply | Quote

Thanks. That’s over my expertise level, but it sounds like I’d better find it and hide it.

Thanks again to both of you. (And, of course, Da Boss.)

Morty

1 user thanked author for this post.

SueW

Reply | Quote

You’re welcome :).

Here is a poster who was initially confused by this Windows Update behavior: After Oct update, optional tab gone and KB3177467 showing.

Reply | Quote

PKCano wrote:

I believe both of those have to do with the upgrade to 1703. I think you install them then eventually you’ll be offered Creators.

Thanks.   That’s my impression too.  I like Paint and File History.  Creators, as far as I know, offers me little other than ubiquitous M$ bloat.

Sorry, for late response.  I’m not receiving email notify for follow-up replies.
Regards w Respect

Reply | Quote

Re Reply #135734
Help please. I am confused. I’m a group B with Win 7 Pro 64-bit. This past weekend I installed the KB4038793 & KB4036586 64-bit patches and all the offered MS Office 2007 updates.

I did NOT install the Security and Quality Rollup for .NET update KB4041083. The above reply seemed to indicate the CVE20178795 issue was no longer an issue and okay to install, until I read the last sentence (“Perhaps the upcoming Patch Tuesday (October 10) will bring a fix to this issue.”) 4.5.2 is the only .NET framework I have. Is it best to continue to wait for Oct 10th patch/update? Or, install the current .NET update, KB4041083?

Reply | Quote

The September .NET Framework updates fix CVE-2017-8759, a vulnerability that is being exploited in the wild. Some of the September .NET Framework updates have issues though, so that’s why I suggested the option of waiting until the October 10 .NET Framework updates (if any) to see if they fix the issues in the September .NET Framework updates. Personally, I installed the September .NET Framework monthly rollup a few weeks ago.

Reply | Quote