MS-DEFCON 4: It’s time to get the May 2019 Windows and Office patches installed

Topic

New Reply

If you’re running Windows 7, Vista, or XP — or Server 2003, 2008 or 2008 R2 — you need to get patched now. No, there aren’t any known BlueKeep explo
[See the full post at: MS-DEFCON 4: It’s time to get the May 2019 Windows and Office patches installed]

5 users thanked author for this post.

geekdom, Lori, walker, Elly, abbodi86

Reply | Quote

Replies

win7: if i read this correct, i need both kb4499175 and pciclearstalecache in same folder and only execute kb44499175, correct?

win7 and 8.1: for ie11 i only need kb4505050, i assume? is kb4498206 replaced by this or do i need to install this one as well?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

i can’t edit my post (edit button missing), so i have to reply:

i went ahead and installed kb4499175 (win7), kb4499165 (win8.1) and kb4505050 (ie11). i skipped kb4498206 so i hope kb4505050 is cumulative so i don’t need the other one.

on windows 7 i had pciclearstalecache in same folder as kb4499175 but i did not encounter any command window popping up. did something go wrong? how can i verify if pciclearstalecache has been installed correctly?

afterwards i installed all checked important updates for office 2010, .net, msrt on both computers and windows defender, flash (win8.1), as usual.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

[Ed]

@honx… the answer to your question is here…….

https://www.askwoody.com/forums/topic/may-2019-patch-tuesday-arrives/#post-1702336

NOTE:
I keep adding the correct post link but for some reason the last part keeps getting omitted. Scroll down to post # 1702336.

• This reply was modified 5 years, 9 months ago by Ed.
• This reply was modified 5 years, 9 months ago by Ed.

1 user thanked author for this post.

honx

Reply | Quote

thx pci.sys version now is what it should be (6.1.7601.24441), but file date is 19.04.2019 04:44, not 04/18/2019 is this divergence time zone related?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

If your time zone is 6 hours different than EST here in the US I’d say yes as mine is time stamped exactly 6 hours earlier at 10:44 PM.

Glad you found the post by the way, I’ve never encountered adding a link to a particular post and having the post info get cut off before. And I tried editing and re-adding the entire link to the post twice thinking I somehow screwed up a simple copy/paste process!

Maybe a new “glitch” that hasn’t been noted yet?

1 user thanked author for this post.

honx

Reply | Quote

[woody]

Hmmm… I’m testing with a link to the preceding post….

https://www.askwoody.com/forums/topic/ms-defcon-4-its-time-to-get-the-may-2019-windows-and-office-patches-installed/#post-1784294

The link seems to work. Not sure what’s getting messed up.

• This reply was modified 5 years, 9 months ago by woody.

Reply | Quote

Honx, it is probably not you. One of my posts was cut off like yours here (the 3rd link): https://www.askwoody.com/forums/topic/computer-stuck-in-sleep-mode/#post-1788336

It may be if you have a space between the title and actual link, it combined them. That is not what I was trying to do.

Reply | Quote

Honx wasn’t having the problem… that was me. I copied the post link directly from the browser’s address bar and pasted it directly into the reply text box. Even if there were a space before the last part… the beginning “www.askwoody” part should have shown instead of the Title of the thread.

FWIW… after the first failure I verified the link I’d posted was legitimate by pasting it into a new Tab in my browser and it opened right where it should have. I tried adding the link to the reply a second time and got the same result… the TITLE of the thread is all that shows in my reply.

Gremlins maybe… but no way am I chalking this one up to senility!

Reply | Quote

You’re able to edit your post for 15 minutes. After that, the Edit button disappears. It’s by design.

Reply | Quote

Minor glitch: If you’re updating a Windows 10 Version 1709 system, the Master Patch List has an incorrect link since friday.

UPDATED [as of June 4, ~03:50 PM UTC-6]: Link fixed (thank you Susan!

Reply | Quote

thx, here is germany, so 6 hours difference should be right.

one last question about ie11 remains: was kb4505050 cumulative? or do i have to install kb4498206 as well?

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

The MS pages for KB4505050 say “Cumulative”

1 user thanked author for this post.

walker

Reply | Quote

KB4505050 is not checked in Windows Update on my system, and is Optional anyway, so I am skipping that one for now.

Reply | Quote

Unless you are dealing with organizations whose url end in gov.uk you do not need KB4505050

1 user thanked author for this post.

walker

Reply | Quote

Does anyone with Windows Xp with paid support have issues with the updates and Internet Explorer 11? IE 11 seems to crashed with the current updates for May 2019 released for Windows Xp. We reached out to MS support but our support period ends in 2 days and 17 hours and no one has replied in a couple days so far. Our IT manager thinks they are just waiting for the time to run out or force us to pay for another 5 years support period to get help with this. I figure I asked here to see if anyone else is having the same issues.

1 user thanked author for this post.

woody

Reply | Quote

But IE 11 doesn’t work on XP…

Reply | Quote

But IE 11 doesn’t work on XP…

It does work with Windows XP Pro with MS extended support. MS released a modified version of IE11 for all extend support users for government and businesses. This is why I am trying to figure out if it is the May 2019 updates or may be earlier updates in April 2019, March 2019, etc that is causing the issues.

1 user thanked author for this post.

woody

Reply | Quote

MS has time updates that disable if you are near the end of payment schedule to force you to update. I heard this from a few people that have Windows Xp Pro support. That might be your only option. Most often once you pay they will help you quickly to resolve the issue. We still have 1 year left for extend support and our Windows XP with IE11 works fine. After that, we will have to renew for another 5 years.

Reply | Quote

That is what we were worried about. It seems will have to pay the $5M for each year to extend for another 5 years.

Reply | Quote

I’m just now catching up. Sorry.

Two questions:

• What, precisely, are the symptoms of the crash?
• Did you get it fixed?

Reply | Quote

Our IT manager thinks they are just waiting for the time to run out or force us to pay for another 5 years support period to get help with this.

Your manager is right. MS is doing this with everyone. I can bet all that I have that once you pay up MS will give you the fix. MS knows that many companies can not move to new OS and XP is their big money maker with extended support. Our business renewed our support for around $100M ($20M for each year).

Reply | Quote

anonymous wrote:

Our business renewed our support for around $100M ($20M for each year)

At that price, if several organisations got together you could poach MS staff and have them maintain Windows for you for about 10 years.

cheers, Paul

Reply | Quote

Or hire a department to fix whatever isn’t compatible and move up to a more modern operating system. Or design new processes around new tools. Or…

-Noel

Reply | Quote

I have Windows 10 1803 Home.  I need to install the cumulative update and the .NET updates, I think.

1. Which 1803 cumulative update should I install?  There are 3 of them from May.
2. Should I install the .NET or the CU first?  I usually install the updates manually.
3. Should I restart after installing each update separately?  Or can I wait to restart until I have installed both updates?

Thanks for the help.

Reply | Quote

KB4497398 Servicing Stack for 1803 – install first, reboot, wait 5 minutes.

You do not have to reboot between these:
KB4499167 2019-05 Cumulative Update
KB4497932 Update for Adobe Flash Player
.NET Update
If you deal with any organization that ends in gov.uk,  you will need KB4505064 (otherwise, you do not need this)

1 user thanked author for this post.

woody

Reply | Quote

Whoa PK

In a post I made under another Topic, you advised that Windows 10 Updater will automatically provide the updates you need, and the Servicing Stacks will come with the Monthly CU, and Windows will take care of the installation order.

Also I inquired why on my 1803 Pro, I did not receive the separate .NET update KB4495616?
No reply from anyone yet. In the Monday’s Newsletter Susan advised OK to install if you received one. Do some receive and others don’t? Should I procure from the MS Catalog?

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

Reply | Quote

Tex265 wrote:

In a post I made under another Topic, you advised that Windows 10 Updater will automatically provide the updates you need, and the Servicing Stacks will come with the Monthly CU, and Windows will take care of the installation order.

If you read the post you will find that the user specifies a MANUAL install,, not a Windows Update install which you are quoting about.

Tex265 wrote:

No reply from anyone yet. In the Monday’s Newsletter Susan advised OK to install if you received one. Do some receive and others don’t? Should I procure from the MS Catalog?

You are talking about two different things here.
If you install from Windows Update, you should install whatever .NET (and other patches)  you are offered b/c it will be what you need.
Susan’s Master Patch List is for a business environment, where IT knows what to do and when to do it. If you have to ask, you are not in that group and should not be using the Update Catalog.

1 user thanked author for this post.

walker

Reply | Quote

I am planning to install these 1803 Home version updates tomorrow.  But a different question came to mind as I reviewed your answer (which I greatly appreciate) and the update catalog.

Which specific .NET update do I need to install?  I used Registry Editor to check which .NET version I am running.  RegEd shows a DWORD value of 461808, which corresponds to .NET version 4.7.2.

KB4495616 is the only .NET update that comes up as an 1803 update in the catalog, but it specifically says it is for .NET version 4.8.  KB4495590 includes .NET version 4.7.2 but says it is for Windows 10 1809, not 1803.

I don’t want to install the wrong update and break something on my machine.  And I don’t recall if either of these updates were pushed my way while I was blocking everything.  Unless I can get absolute certainty as to which update I need, I doubt I’ll be installing either one.

Thanks for your help.

Reply | Quote

If you install the .NET update through Windows Update, you do not have to worry about which update to install. Windows Update will determine which one(s) you need and install them accordingly. So, if you have hidden any, unhide it/them and let WU decide what to install.

1 user thanked author for this post.

walker

Reply | Quote

There are none hidden in wushowhide.  Only the cumulative update was hidden, which I intend to install this weekend.

As for the .NET updates, I don’t have any idea which one (if any) I need because there are none in wushowhide.

Does this mean I don’t need to install a .NET update at all?

Reply | Quote

If Windows Update is otherwise functioning normally and you are not offered it, you don’t need it.

1 user thanked author for this post.

walker

Reply | Quote

I will install the cumulative update this weekend and skip the .NET patches for now.  Presumably, Microsoft will try to push the appropriate .NET patch to me at some point in the future if I need one.

Thanks again for your advice.

Reply | Quote

“I strongly advise against installing Win10 1903 at this point. It ain’t baked.” Sorry Woody, but I already installed it. That being said, I recently finished upgrading all my computers from Windows 7 and 8.1 to 10. And since 1903 was the latest version, I figured why not. I haven’t had any issues aside from one game not working, but I got it working after reinstalling it and DirectX 9.

On an interesting note, I was able to use the Windows 10 Media Creation Tool and upgrade, and the activations carried over. I’m not sure if that was supposed to work, but it did. Despite the free Windows 10 upgrade ending years ago.

Reply | Quote

[fl]

Sorry for re-posting, but I wasn’t signed in the first time. That anonymous post just previous was me.

I’ve been having problems accessing pkcano’s page with all the links for Group B updaters. When I go to the page all the type is greyed out and the links are non-functional. I’ve tried using Firefox on both the MacOS and under Win7, disabling all tracking blockers and allowing all scripts. Same deal with Safari on the Mac, which has no add-ons or other security/privacy protection.

The fact that I get the same thing under both the MacOS and Win7 suggest that it’s a problem with the page…?

Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater

• This reply was modified 5 years, 9 months ago by fl.

Reply | Quote

It’s a format problem. The print is pale gray, BUT THE LINKS STILL WORK.
You just have to SQUINT.

Reply | Quote

[fl]

Well don’t I feel silly.

I coulda sworn…

Thanks for all you do to maintain that page.

Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater

• This reply was modified 5 years, 9 months ago by fl.

1 user thanked author for this post.

PKCano

Reply | Quote

Hi PKC, We hope you get the page corrected sometime. For those having a hard time seeing the text, like me, hold your left mouse button down and drag over it as if you are going to copy it. You can then see the text. This also works on white on white some people do to hide things.

One can also reset the font display in their browser, but that is a hassle.

Reply | Quote

I have Windows 7 and am in Group B.  Three of the May 2019 updates that PKCano has listed in AKB2000003 are repeats of what we already installed when Woody gave the DEFCON 3 clearance back on May 15, 2019,  namely KB4499175, pciclearstatecache,  and KB4498206.   Do we need to install those three updates again if we already installed them back in May?

Reply | Quote

The DEFCON-4 rating is for installing MAY patches. We usually hold off installing the monthly updates until Woody raises the DEFCON number to at least 3. So this was the go-ahead for those patches.

You do not need to install them twice.

2 users thanked author for this post.

L95, walker

Reply | Quote

Thanks for your response.  I realize that you usually hold off installing the monthly updates until Woody raises the DEFCON number to at least 3.   But for people who have Windows 7 or XP, Woody raised it to at least 3 on two occasions,  once on May 15th and then again on June 4th ,  and so that’s why I asked.   Thanks again for your response.

Reply | Quote

Woody, you are a very entertaining writer:

“All of the complaints I hear are from those ‘seekers’ who went to the download site and installed 1903 with malice and forethought. A triumph of hope over experience.”

I literally went through multiple LOL cycles on reading that.

Of course, my reaction might have been different had I wandered into that trap myself!

The second sentence is often applied to subsequent marriages. That’s why for me, it was one and done, I didn’t wander into that trap either. How I managed to muster the requisite sense at 30 I haven’t a clue. But 40 years later, I know it was exactly the right strategy.

2 users thanked author for this post.

Noel Carboni, HiFlyer

Reply | Quote

NorthwestRick, Hear! Hear! A nice comment. I too feel Woody has some very artistic and knowledgeable writhing phrases. I feel many need to know history or old movies(??) to understand some of his lines. I love them.

Woody, if you have not done it, I am waiting to hear about a bad patch month and people will experiance ….. “the gnashing of teeth”.

Thank you and your MVPs for being here.

Reply | Quote

For Win 7 x64 is KB4054530 (.NET 4.7.2) safe to install? I leave it checked every month ever since it came out in 07/2018.  Some months ago a friend installed it on a laptop and she lost all internet connectivity so I uninstalled it for her.  I haven’t installed it on any of my Win 7 machines. Is there any need to upgrade to 4.7.2?  I have 4.6.1.

Reply | Quote

I have not installed .NET 4.7.2 on any of my Win7 machines either. Unless you are using a program that requires .NET 4.7.2, there is no need to install it.

3 users thanked author for this post.

walker, fernlady, redknight

Reply | Quote

Redknight, From what I have read, the newer .Nets have more telemetry. Like PKC said unless you need 4.7.2 don’t get it. For that matter do you need 4.6.1? You may, because of MS Office. .NET 3.5.1 comes with Windows 7, so for me I only update 3.5.1 and use the Security Only version when it is available for that patch month.

If you get the .NET updates through WU or better still the Security Only -for each of your installed versions- you are more secure.

I suggest people research if the .NETs they have over 3.5.1 for Windows 7, are actually needed. Like some programs on your computer, you may not even need them if you do not have a program that requires it. If not, then uninstall them. You will close a point of entry to your computer.

For those interested in .NETs, Arron Stebner has a verification or cleanup tool. You can use it to see which version you have.

Arron does keep it updated. The cleanup tool is a last ditch uninstall if all else fails.

https://blogs.msdn.microsoft.com/astebner/2013/11/06/net-framework-setup-verification-tool-and-cleanup-tool-now-support-net-framework-4-5-1/

Reply | Quote

I have Windows 10 1709 with quality updates deferral set to 15 days and I still have not received the may cumulative update. Do you know why? I don’t want to click Check for updates…

Reply | Quote

To even begin to answer that question, we would have to have the hardware specs of your computer, what your other settings are (assuming Pro version since you have deferrals),  and information about the other software you are running, especially the AntiVirus

Reply | Quote

Yes Pro edition. My antivirus is just Defender. It looks like 1709 pro is end-of-service. And I have set feature updates to 365 days. I’m going to set it to 180 days now…

Reply | Quote

Group B, Windows 7 and 8.1 x64.

I have since patched ALL my systems running Windows 7 and Windows 8.1 to May 2019 patch level all the way from December 2018 level.

For my Windows 7 systems I installed the security-only patches in the order listed in this post : https://www.askwoody.com/forums/topic/ms-defcon-3-get-windows-xp-win7-and-associated-servers-patched/#post-1633208

I also installed KB4505050 instead of KB4498206.

No problems so far. Unless another urgent security problem appears, I probably will not patch my systems again for a few months, having decided some time ago that it is only necessary to patch once every 4-6 months.

Hope for the best. Prepare for the worst.

Reply | Quote

[PerthMike]

Discovered a rather odd update on our WSUS server for this month.

KB4498206 – 2019-05 Cumulative Update for Internet Explorer 11 for Windows 2012 for x64-based computers

This struck me as odd as I knew that Windows Server 2012 (non R2) never received an Internet Explorer 11 version.

I was quite shocked upon Googling 2012 and IE11, I found an article from Microsoft that very quietly announced that as of April 2019, Microsoft WAS indeed putting out a new Internet Explorer 11 edition to work on Windows 2012. At the same time, they quietly mentioned that support for the IE10 version would end sometime this year.

https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Bringing-Internet-Explorer-11-to-Windows-Server-2012-and-Windows/ba-p/325297

If this has been mentioned before, sorry, but I think this actually is worth highlighting.

We are stuck with Windows 2012 Datacenter, because our version of VMware ESXI came with that specific version licence at the time.

The worry is that there is probably a very small installation base, so getting timely reports of bad/buggy updates will be difficult.

This might warrant a self-contained post, as I could not even find any reports in tech media about this (other than a single article from January on Ghacks, but that was three months before the browser was actually released).

No matter where you go, there you are.

• This reply was modified 5 years, 9 months ago by PerthMike.

1 user thanked author for this post.

woody

Reply | Quote

W10 Pro 64 1809.  Questions related to the May 2019 WU updates:

1. Pause Updates: I have this “on” currently. When I flip the switch to “off”, WU will start checking-downloading whatever is available, however, as I have Quality Updates deferred for 30 days, I, presumably, won’t get KB4494441 (for another 30 days).

If so, should I download and install KB4494441 (or KB4497934) manually? I don’t want to change deferral to “0” as I don’t know what happens with the WU settings afterwards (like greying out deferral change possibilities).

2. WU Settings UI after updates: any hints what to expect? Are there major changes coming already with KB4494441, to the UI and/or to the GP settings?

3. O&O ShutUp10: I use this program aggressively, with most items switched to “green” (disabled). Under the WU section, the 2 items “Automatic Windows Updates” are not disabled.

But, is the aggressive use of ShutUp10 influencing the pending updates, like “strafing” me for “bad” behavior?

Thanks.

Reply | Quote

PKCano wrote:

KB4497398 Servicing Stack for 1803 – install first, reboot, wait 5 minutes.

You do not have to reboot between these:
KB4499167 2019-05 Cumulative Update
KB4497932 Update for Adobe Flash Player
.NET Update
If you deal with any organization that ends in gov.uk,  you will need KB4505064 (otherwise, you do not need this)

Why do you need to reboot and wait 5 minutes after getting the servicing stack update before installing the cumulative update for that month?

Reply | Quote

The installation of the Servicing Stack needs to complete. Open Task Manager and watch TrustedInstaller and TIWorker.

Reply | Quote

[dwelge]

I have a lot of older Cumulative Updates from the past showing up in my WSUS console with a May stamp date.  Should I run them all? For example kb4103722, this shows up in an older post from Sept.

• This reply was modified 5 years, 9 months ago by dwelge.
• This reply was modified 5 years, 9 months ago by PKCano.
• This reply was modified 5 years, 9 months ago by PKCano.

Reply | Quote

I wanted to share an unusual experience I had with my Windows 7sp1 PC (64 bit) and OneDrive.  For weeks it stayed stuck on signing in.  When I tried to right-click the cloud notification icon it would just grey out.  I checked the status of the icon and it said “OneDrive is Closing”.  I tried resetting OneDrive, uninstalling it and reinstalling it. I did the Windows 7 troubleshooter for internet connection problems.  I ran and SFC scan and did a CheckDisk.  Nothing came up as an error.

When I did reinstall, the app worked fine for the duration I was on the computer.  Yet when I signed back on the next day, it was still stuck at signing in.

I uninstalled April and May updates.  Tried to reinstall OneDrive again – still no good.  I checked the Microsoft support site to see if anyone else had these problems and I found I was not alone.  Even with the same time frame of onset of problems.  So I tried to reinstall the May updates and  then reinstalled OneDrive again, and it started working again.  Just wanted to share.

Reply | Quote

Article today, saw the tweet yesterday.

The RDP exploit NDA’s are going to drop soon.

It only takes ONE vulnerable machine on your network to infect everything else behind your firewall.  By piggybacking payloads that can target newer OS’s, access to the first machine remotely could trigger a multipronged attack on your servers, other workstations — even if they are patch for this specific vulnerability.  (Of course – the same is also true for that one employee that clicks the link in a phishing email . . . .)

More analysis at ArsTechnica: https://arstechnica.com/information-technology/2019/06/new-bluekeep-exploit-shows-the-wormable-danger-is-very-very-real/

Please get patched!

~ Group "Weekend" ~

Reply | Quote

[Latka]

External HDMI monitor port broken by KB4494441 Cumulative Update 2019-05

Per Woody’s MS-DEFCON 4, installed updates for Windows Home x64 vers. 1809.  After restart, system was at build 17763.503, but the external HDMI monitor stopped working.

After uninstalling and hiding KB4494441, system was at build 17763.437 and the HDMI monitor works just fine again.

(System:  Lenovo Ideapad Flex 6-14IKB 2-in-1 laptop (EM81) with Dell P2418D external monitor)

• This reply was modified 5 years, 9 months ago by Latka.

1 user thanked author for this post.

columbia2011

Reply | Quote

In spite of concerns voiced in #1792579 I went ahead and un-paused my W10 1809 and, to my surprise, WU installed all pending updates, KB4494441 included.  After a forced reboot I did a 2nd reboot .. per the Patch Lady’s recommendations.  It all looked good, except:

The win-version was stuck on April.  After a check updates, KB4494441 popped up once more and a 2nd install-reboot was forced.  Thereafter the the correct version 17763.503 showed.  As far as I can determine, this is not an uncommon thing.  What gives?

Possibly unrelated, but, I noticed under “View configured update policies” that I have opted for the Windows Insider Program .. even though I know I have not.  What gives?

Reply | Quote

CBA wrote:

After a check updates, KB4494441 popped up once more and a 2nd install-reboot was forced.  Thereafter the the correct version 17763.503 showed

I have installed KB4494441 only once with no reboot and got version 17763.503.

Reply | Quote

[CBA]

After a brief online search I found that a 2nd install of KB4494441 is not uncommon.  I’m not sure why or what triggers it.

If I hadn’t checked winver I wouldn’t have noticed.  If this means KB4494441 didn’t install the 1st time (view updates showed installed) or just that the version wasn’t updated .. dunno.  Maybe someone in the know .. knows!

• This reply was modified 5 years, 9 months ago by CBA.

Reply | Quote

Perhaps the first reboot installs the Servicing Stack (there was a new one for 1809 which has to be installed exclusively) and the second install/reboot actually installs the CU. I’m just guessing MS hasn’t got updates to act right sometimes.

Reply | Quote

I did a 2nd reboot after the update and before I noticed the incorrect winver.  I did one more reboot and the winver was still wrong.  Thereafter I checked for updates and KB4494441 was installed a 2nd time.  Apparently not the only one experiencing this.  But, why, dunno!

https://www.zdnet.com/article/windows-10-1809-may-14-update-so-good-its-installing-twice/

Reply | Quote

Maybe this explains it.  Maybe…

Reply | Quote

CBA wrote:

Maybe this explains it.  Maybe…

Do you have 2 entries in update history for 441 ?

Reply | Quote

I have (2) at the end of the line under update history for the 441 entry.  That’s it.

Reply | Quote

CBA wrote:

have (2) at the end of the line under update history for the 441 entry.  That’s it.

I have only 1 entry for 441

Reply | Quote

I came across alternative ways to check update history using PowerShell.  Probably known to most, but, here they are regardless:

# 1: Get Update History:

wmic qfe list

# 2: Show Hotfix History:

get-wmiobject -class win32_quickfixengineering

https://www.faqforge.com/windows/windows-10/how-to-check-windows-10-update-history-using-powershell/

Reply | Quote

I’m being offered KB4494452 for my machine running Windows 10 1709. This is one of the patches listed at the bottom of the Master Patch List under “MDS”; I’m not sure whether it’s being recommended that we install this now or wait.

Also, for 1803 and 1809, this section says “KB Microcode not yet available”; should we be actively on the lookout for the release of similar patches for machines running 1803 and 1809?

(I never did install the microcode patches from last year, as the sense around here was that the risk was illusory and the patches problematic. Not sure to what degree this is a continuation of that same story or something new.)

---
Home machines: Windows 10 Pro (21H2), Windows 7 Home (Group B)
Work machines: Windows 10 Enterprise (21H2)

Reply | Quote

According to my notes, KB4494452 is an Intel microcode patch. I would not recommend installing it. There is no exploit in the wild at this time to necessitate it.

2 users thanked author for this post.

walker, KevinTMC

Reply | Quote

A week ago, I installed the usual Group B updates for May without problems, and I just found here, reading the previous entries, about KB4494452, a patch that I hadn’t heard of before — or been offered already through Windows Update for consideration.  So I looked in the MDS section of the Master Patch List, and all it says there, for Windows 7, is: “Registry AMD / Intel + BIOS”. No mention to the KB in that entry.

Does that mean something like: “check this Registry record, and if it does not show the update has been installed, ask your manufacturer for it?” That would be my best guess, right now.

By the way, I do not want to install this update in the BIOS at this time. But I would like to understand this better.

Windows 7 Pro, SP1, x64, Group  B + M&L

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

@PKCano: This is not relevant to the post you made, however I could not locate anything that would address my question.

I installed the May updates when they were available, and had no problems with them. I have now checked for “updates”, and there is nothing showing any June updates.  There are only two items, and they are the Windows Malicious Software Removal Tool which I don’t use, and the other one is the Windows Defender update, showing Definition 1.295.207.0 showing a date of June 6, 2019 (which I don’t use either).

Is there any reason that I am not seeing any June updates at all?  These were the only two in the Important List, both checked.  Nothing in the Optionals  (only 2 items) checked.

This is the first time I have ever seen no “new” updates for the current month.  If anyone would know a possible reason it could only be you as you are so knowledgeable, and possess an outstanding wealth of expertise.  Thank you once again for all of your help.  I am Win 7, Home Premium, Group A, and no sophisticated programs.  I am baffled by this situation.  Once again Thank You, very, very much.

 

Reply | Quote

@walker
Today is June 7th.

Patch Tuesday is the second Tuesday of the month. June patches aren’t released until June 11th – that’s next Tuesday. And we don’t install them right when they are released either. So, be patient. You haven’t seen them because they aren’t here yet!

Reply | Quote

@PKCano:   Please accept my apology for the question about “June Updates”.   I am very embarrassed that I overlooked the “Patch Tuesday”, and bothered you with another question.  Thank you for setting me straight on that…..  As always, I sincerely appreciate the time you take to help so many members, and the fact that your expertise is admired, and amazing.

Thank you so very, very much!

Reply | Quote

I was just offered KB4465065 (Intel MicroCode) through WU.  Should I install it on my new Intel Core i7-8700 (W10-64 1809 build .503) computer?

Reply | Quote

I have not been installing any of the Intel microcode patches on any of my computers. There is no exploit in the wild as yet to justify the installation.

Reply | Quote

Okay, thanks!  Not sure you agree, but, according to Tenforums, this update concerns a code already installed as a .dll file in System32 (mcupdate_GenuineIntel.dll).

The WU update would just update this file.  It may well not be that simple, however, I have that file with a file date of 09/18/2018.

Reply | Quote

Oh really. I installed the May security only u0date for Windows. That took just fine with no issues. Then today I downloaded and installed the May cumulative update for IE11. After installing that, I was immediately presented with corrupted Recycle Bin errors, even though there was nothing in my Recycle Bin for all hard drives.

 

Reply | Quote

Woody: If you’re running Windows 7, Vista, or XP — or Server 2003, 2008 or 2008 R2 — you need to get patched now. No, there aren’t any known BlueKeep explo

FYI: Just in case you need a quick & dirty solution to check, if systems are vulnerable, I’ve created a small ‘how to’ that explains how to search the control panel for updates, how to use a small patch program I wrote and how to do a network scan. Maybe it is helpful for some people.

How To: BlueKeep-Check for Windows

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

1 user thanked author for this post.

SueW

Reply | Quote

? says:

thank you, gborn for the excellent article. i looked at my HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer>fDenyTSConnections key(s) and it is set to 1 (deny). actually on some machines (Win7 Pro) registry search it is in CurrentControlSet 1 and CurrentControlSet 2 (on the whoops “recovered” machine). the RDP in Services is set to run manually and according to Steve Gibson port 3389 is closed off

fDenyTSConnections from:

https://www.interfacett.com/blogs/methods-to-enable-and-disable-remote-desktop-locally/

happy computing!

Reply | Quote

? says:

i know. i know, i’ll go play outside (after i batten down these hatches)

https://docs.microsoft.com/en-us/windows/desktop/termserv/disabling-terminal-services-features

clipboard? printer? when does a helpful “feature,” become an adversary?

Reply | Quote

anonymous wrote:

when does a helpful “feature,” become an adversary?

When the bad guys are looking for a convenient method to exfiltrate your data…

Reply | Quote

I wanted to ask about Office Updates on Windows 8.1 with CTR. I haven’t installed any Office updates in 2019. Either by the time the Defcon rating is ok to install monthly updates, or I “catch” the official ok and do my system image (my fault!); quite often the new non-security Office updates for the next month are already out. As the new updates aren’t approved yet; and I can’t pick and choose Office updates with CTR, as I do on my Windows 7 pc… I don’t update Office at all. Are Office updates ever so critical that I can’t wait on them? Is there a way to update Office without using CTR? Thanks.

Windows 8.1|64-bit|Home Ed|Office Home and Student 2013 (standalone)|Current Office version is 15.0.5041.1001.

Reply | Quote

Office C2R updates are up to Microsoft.
However, there is a Semi-Annual Channel for them that will reduce the frequency so you are not hit with updates monthly (or more frequently). Susan Bradley has talked about it on AskWoody, but you may also find the information somewhere in the program’s settings, or here on the Microsoft website.

1 user thanked author for this post.

Lori

Reply | Quote

Thanks! I have Home and Student 2013 (non-subscription), not Office 365. When I bought it, it didn’t use CTR; but back then, I let things auto-update and CTR installed. Now, I keep updates disabled. The MS Catalog has individual security updates, but says they’re for MSI products only. (I don’t care about “improvements”.)

My apologies! I’d read the semi-annual channel update info, but forgot it as it didn’t directly apply to me. But I see your point. If others only update semi-annually; unless I see something urgent here, I’m ok updating my product a few times a year too.

Reply | Quote

CBA wrote:

I was just offered KB4465065

I was just offered KB4465065 for 1809 Pro today as well (its 02.2019 patch). Installed with no problems so far.

Spectre Variant 3a (CVE-2018-3640: “Rogue System Register Read (RSRE)”)
Spectre Variant 4 (CVE-2018-3639: “Speculative Store Bypass (SSB)”)
L1TF (CVE-2018-3620, CVE-2018-3646: “L1 Terminal Fault”)

Reply | Quote

I did hide it for now.  But, according to Tenforums, this is an update of a code already installed, so running the WU update would just update the mcupdate_GenuineIntel.dll file in System32.

I’m mostly worried about a CPU slowdown .. as widely reported.  But, that may be fake news.

Reply | Quote

CBA wrote:

mcupdate_GenuineIntel.dll

I also had previous versions of mcupdate_GenuineIntel.dll but files doesn’t have the same file sizes.

Reply | Quote

I still have the 1,544 KB file dated 9/15/2018 in System32 as I haven’t updated.  But, frankly, I’m not 100% sure this is indeed related to the KB4465065.

All PKC said above was that he hasn’t installed any Intel microcode patches on his computers.  I have to look into this before I unhide this KB.

Reply | Quote

My mcupdate_GenuineIntel.dll dated 9/15/2018 in System32 as well.

Reply | Quote

CBA wrote:

I’m not 100% sure this is indeed related to the KB4465065

It should be. KB4465065 was the only update installed today, June 12, on my 1809 pro.

What I don’t understand is what has triggered this 2.2019 update after 4 months ( Intel i7-8570H) .

Reply | Quote

[PKCano]

KB4465065 is an Intel microcode patch. It has been updated and reissued multiple times with the same KB number. What you have is not the Feb version of the patch, but the 6/11 version. Please see the Microsoft Update Catalog for information.

• This reply was modified 5 years, 9 months ago by PKCano.

1 user thanked author for this post.

Alex5723

Reply | Quote

Is the KB4465065 patch reverse-able (removable) or is it a BIOS flash update?

Reply | Quote

It is not a BIOS Flash update.
It is a Windows software update.

Reply | Quote

[CBA]

So, if I uninstall KB4465065 I’m back to where I was before updating?!  No lasting “damage”?  Haven’t installed it, but, want to know regardless.

• This reply was modified 5 years, 9 months ago by CBA.

Reply | Quote

Win10 Home v1803 x64

Dell XPS15 laptop

Because of a deadline, I did not take a disk image as planned 2 days ago.

It is mid-morning and the deadline was achieved.  OK, now for the housekeeping.

Switched on, connected the USB drive and started Macrium.  Set the backup running.  Checked.  Walked away.  20 minutes later – why do I have the log-in screen?

Yep, Windows rebooted mid-backup despite “Active hours” set to 0800 to 1700hrs.   KB4346084 was the guilty update.

It could have been worse… But grrrrr!

1 user thanked author for this post.

Charlie

Reply | Quote

PKCano wrote:

What you have is not the Feb version of the patch, but the 6/11 version.

Thanks. My 1809 is deferred to SAC/120/21 so why didn’t Microsoft honor my settings ?

Reply | Quote

KB4465065 is an Intel microcode patch.
KB4465065 is neither a Feature update nor a Quality update.
Microsoft DID honor those settings.

Reply | Quote

PKCano wrote:

Microsoft DID honor those settings

So, Microsoft has several types of updates :
Feature updates
Quality updates
Other Microsoft products updates
Other 3rd party updates distributed by Microsoft that can’t be deferred.

Reply | Quote

I use these Windows Update settings. So far, I have avoided KB4465065, KB4023057, drivers, forced updates and forced upgrades with the Win10 Pro.

Don’t know how that’s going to work with 1903, considering the ongoing debate about those settings disappearing from the GUI. I upgraded one of my 1809 VMs to 1903 and can verify the deferral settings are no longer in the GUI (disappeared). I blew the 1903 VM away (not going there yet) and restored the 1809.
I’m waiting to see what Microsoft does. Was it unintentional on their part and they will restore the settings? Only time will tell.

Reply | Quote