MS-DEFCON 4: July updates should be installed

Topic

New Reply

ISSUE 18.28.1 • 2021-07-27 PATCH WATCH By Susan Bradley July patches have been well behaved. Consumer and home users If you’ve used the “pause updates
[See the full post at: MS-DEFCON 4: July updates should be installed]

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

abbodi86, Wayne, jburk07, AlphaCharlie

Reply | Quote

Replies

Re: Print Spooler

So what is the safest option for a household that has to have constant printer services for two work at home office Educators and Med professionals?

Computers have mix of direct USB printing as well as across MoCA LAN.  They also print from tablets and laptops over WiFi to same printer.

The MoCA LAN is hung off owned Cable Modem for ISP and the WiFi Router is hung off the owned Cable Modem.  Both Modem and WiFi Router have as much hardening as available in settings.

Manual Print Spooler reset every time is not viable for the amount of work they may have on any day.

Just stay with the current patches and follow normal security best practices in their daily usage?

Reply | Quote

If you really need to print, just be careful on what you click and watch for more updates soon.  I honestly expected either out of bands or preview updates by now.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Many thanks, but no W10 patches are listed as anything other than ‘Defer’ on 13 July sheet.

1 user thanked author for this post.

clivew

Reply | Quote

Grateful if the Master Patch List spreadsheet could be updated please. I always follow this when Approving patches on the WSUS server for which I am responsible. The current version is 13th July and says to defer pretty well everything. Good to see that 21H1 has been given the go ahead. Is this a minor update? I like to warn users if it is a major one that will take some time to install.

Thank you for providing this vital service.

Arthur J Davis
UK

1 user thanked author for this post.

clivew

Reply | Quote

If the July patches are already applied to the current version, the move from 2004 or 20H2 to 21H1 is a minor one. If the July patches have not yet been applied, you have the update PLUS the Enablement Pack turn on.
So it’s the July update itself that is the “big” part. The turn on of the switches is minor.

1 user thanked author for this post.

Ayjaydee

Reply | Quote

in Settings>System>About it lists an Experience Pack. In Installed Updates, it lists an Enablement Package. Are these two names for the same thing?

Reply | Quote

Will change the name to Enablement so you won’t be confused.

2 users thanked author for this post.

Fred, WCHS

Reply | Quote

PKCano, I am sorry that I do not understand this as I am in this situation — I have 2004 pending the July update & plan to install 21H1 soon.

I am not familiar with “Enablement” or with “switches” referred to in your 2nd par.

Thanks for your understanding and help.

Reply | Quote

v2004, 20H2 and 21H1 all have the same core based on 2004.
All three get the same updates and have the components.
The difference between them is the enablement of the components/packages that provide the extra features that 20H2 has over 2004, and 21H1 has over both of the others.
So, all three will get the same CU each month. Given that the version is up to date with the monthly patches (all have the same), the upgrade from 2004 to 20H1, for example, is just enabling the features that are already present by turning on the Enablement Package for that version.

1 user thanked author for this post.

hms

Reply | Quote

PKCano, thanks so much for the explantion of Enablement. Along the way I missed discussion of the term as it relates to Windows 10.

Reply | Quote

Apologies I forgot to hit publish last night.  The updated spreadsheet is there now.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Ayjaydee

Reply | Quote

As always, for my Win 7 Pro 64-bit machines, the .NET update KB5004229 actually contains various individual updates depending on the levels of .NET I have, but it’s still not clear which ones I should install.

Using the dotnet.exe utility, I see I have .NET 3.5 and 4.8 on my Win 7 machines.

While KB5004229 offers me KB5004116 for .NET 4.8 (good), it also offers me these and it’s not clear what version of .NET they apply to or whether I should try to install them:

KB4019990
msipatchregfix-amd64
KB4578952

What do you think?  Thanks.

Reply | Quote

Every month, the answer to your questions is published in this thread.
For the month of July, the answer is here (Scroll up for earlier months), also with a link to it here, in the Patch Tuesday Blog Post.

The KB number or the .NET version is in the file name(s) that you need.

1 user thanked author for this post.

glnz

Reply | Quote

PKCano – thanks.

Reply | Quote

Just hit “Check for Updates” and finished my July update KB5004237 for Win 10 Pro version 20H2.

But Belarc Advisors says I installed two updates, of which the second is KB5003742.

However, there is no MS article about KB5003742.

Any idea what it is?  Thanks.

Reply | Quote

Look in Installed Updates (Control Panel\Programs & Features\View Installed Updates.
There should be a description there.

2 users thanked author for this post.

glnz, Coldheart9020

Reply | Quote

PKCano – thanks for good suggestion.  My old-style Installed Updates does not show KB5003742 but does show as today’s second item “Servicing Stack 10.0.19041.1081”.

Do you think that the mystery KB was this servicing stack?

Reply | Quote

yes glnz, KB5003742 is that .1081 SSU as verified in another forum in this post

2 users thanked author for this post.

Fred, glnz

Reply | Quote

I see that MSFT have dumped more? superseded? July patches in the catalog dated 07/26/2021
https://www.catalog.update.microsoft.com/Search.aspx?q=2021-07
for Win7/8.1 and 10 (and other updates); PIV/smartcard fix on (DC) that can leave multifuntion printers inoperable, I’ll leave it to the experts

Windows - commercial by definition and now function...

2 users thanked author for this post.

abbodi86, PKCano

Reply | Quote

It’s just for those printers that use smart cards to authenticate for printing jobs.  Big enterprises only, haven’t seen it widely reported at all.  Still doesn’t fully protect us from the unpatching printing bugs.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

those new out-of-land updates are only obtainable from the Catalog and will not be distributed thru WU. so those are not really needed for most of us

currently only available for Win7, 8.x and Win10 v1809; MS will probably release more out-of-band updates for other Win10 versions later this week

Reply | Quote

Installed KB5004237 for 20H2 as well as the MSRT (which seem to be back on a monthly cycle rather than quarterly); rebooted with no apparent issues.

Still have the Print Spooler service disabled, but I do anyway because I don’t print on this machine, and it’s easy enough to re-enable should I ever need to.

Bottom line: No issues that I can tell

1 user thanked author for this post.

jburk07

Reply | Quote

Office 2016 non-security updates  kb5001980 kb5001971 are not on your master patch list

Reply | Quote

Should a consumer user (Win10/Pro-20H2) be concerned if Shadow copies exist?

Reply | Quote

My hope is that Microsoft comes out with a fix.  As with any issue where the attacker first has to get on your system, my hope is that my hesitation in telling you (or any non business user) to take action and possibly leave you in a position where you can’t restore/recover is countered by your level of being paranoid enough to keep the bad guys away through your actions.  If shadow copies are on your machine, they are there because your backup software probably put them there.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

You are correct — that’s how the shadow copies got on my system. I am very careful in the URLs I visit and I don’t click on any link that comes through my e-mail. You would say I am paranoid, but that doesn’t mean that the bad guys can’t get to me.

Reply | Quote

WCHS wrote:

You would say I am paranoid,…

That doesn’t read right. I mean “you”, in general, not in particular. A better way to say it is I would say that I am paranoid, but that doesn’t mean that the bad guys can’t get me — How paranoid is that??

These updating issues and CVE’s drive me crazy. I’d like to just sit back and be confident that everything is running fine.

Reply | Quote

Home user.  I have an old HP Deskjet   The update didn’t affect it.  runs fine.

Reply | Quote

Took longer to install than expected after download. No issues. Printers print. Did appear to install two new Tasks under Windows for “Diagnosis”

Reply | Quote

WCHS wrote:

You are correct — that’s how the shadow copies got on my system

What backup software created Shadow Copies on your PC ?

I have created a daily schedule to create Shadow Copies. My backup software (Acronis) doesn’t create Shadow Copies.

Reply | Quote

Alex5723 wrote:

What backup software created Shadow Copies on your PC ?

You are not going to like to hear this, but I use Windows Settings>Update & security>Backup>Backup and Restore (Windows 7). I can hear you groan now

1 user thanked author for this post.

Alex5723

Reply | Quote

My experiences with the July patches

What I hope/expect/want from Windows Update:

o Un-pause WU ==> search for updates
o Download updates (at “normal” speed)
o Install updates
o Prompt for reboot

What happened:

Search for updates found two updates – July MRT.exe and Win 10 Pro 64-bit Cum 21H1, and the download started. MRT was fairly quick to download and install because it is small. It took about an hour to download KB5004237. After WU said that the download was 100% complete, there was still more Internet activity than usual. So I started Wireshark to see what the activity was; Wireshark wanted to download a new version, so I allowed it. The download was 71.4 Mb at a constant 4 Mb/s (about 2 minutes and much faster than WU). After the Wireshark install (about 30 minutes after WU said that the download was 100% complete), the install of the 21H1 update started.  It took about 2 minutes to install. But there was NO prompt for an update. I needed to reboot anyway to fix a problem caused by a full Defender scan.  I noticed that TiWorker,exe was using 44% CPU, and I had no idea what this Trusted Installer executable was doing, I figured that if it was doing something important, the reboot would be refused. The reboot started, and Windows told me that updates were being installed; do not power down. The reboot completed, but I have not done much to see if anything is not working.  I think that WU (i.e. TiWorker.exe) did not complete normally, so it did not prompt for a reboot.  But WU did schedule the required updates for the reboot,

 

Reply | Quote

“NO prompt for an update” should have  been “NO prompt for a reboot”.  Sorry.

Reply | Quote

I downloaded & installed 21H1 on 7/15/21 using WU.  I use GP Edit settings to prevent Quality updates. I changed that setting to 0 days once we got the go ahead for July updates.  Have not seen anything yet – would the version of 21h1 have it? If not, I’ll just have to keep waiting…….

Reply | Quote

Restart the computer. Then run wushowhide and see if it’s available.

1 user thanked author for this post.

dmt_3904

Reply | Quote

Last year I requested from PKCano step-by-step instructions for running WUSHOWHIDE and received very explicit instructions that have worked fine until the last two months. I am following the same written instructions, but WUSHOWHIDE is not cooperating. Today, I followed the normal steps up to   setting Windows Update Services to “Disabled” and then stopped the service. I then restarted the computer and then set Windows Update Services to “Manual”. When I open WUSHOWHIDE and tried to Pause to 7 days, I could not because the “Cumulative Update Preview for .NET Framework had already downloaded. I don’t get a chance to hide the file and the only options available was to restart and install. Any suggestions?

OS:                        Window 10 Pro

Version:               10.0.19042 Build 19042

Computer:           ASUS x-64

Reply | Quote

[Bob99]

Last year I requested from PKCano step-by-step instructions for running WUSHOWHIDE and received very explicit instructions that have worked fine until the last two months.

Are you referring to instructions in AKB2000013 that deal with hiding unwanted updates that may have already shown up in Windows Update but have not yet been downloaded for installation?

• This reply was modified 3 years, 8 months ago by Bob99. Reason: Added clarification to the question posed

1 user thanked author for this post.

HE48AEEXX77WEN4Edbtm

Reply | Quote

Sorry for my late reply, but I had surgery and have not been able to respond. Yes, those are the instructions that I am referring to.

Reply | Quote

 

If PK’s suggestion above doesn’t do the trick to get the July update to show up, please consider the following:

Since you say that you installed the upgrade to 21H1 back on July 15th, the July update may very well have been part of that package. That was the case for me when I updated to 21H1 last month…I got the latest updates out there as part of the package without being asked and despite having settings the same as yours for Quality Updates.

So, right click on the Start icon on the taskbar and select the “Run” command. Now, in the resulting box, type”winver” and hit the enter key. If it reports that you have Windows 10 build number 19043.1110, then you’ve already got the July update so there’s no need to keep looking for it. 

If it says you’ve got a build number of 19043.1052-19043.1083, then keep looking for the update (as PK suggests above) and it should show up any moment if it hasn’t already by now.

2 users thanked author for this post.

JD, Lars220

Reply | Quote

Windows 10 build number 19043.1110

thanks this is my version

Reply | Quote

Build 1943 = 21H1 and .1110 = the July update.
So you already have v21H1 and it is up to date as of July!

Reply | Quote

July patches installed with no problems to report on Win 8.1. 

Installation Successful: Windows successfully installed the following update: 2021-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 for x64 (KB5004231)

Installation Successful: Windows successfully installed the following update: 2021-07 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB5004298)

Win 10 ver. 22H2 x64

1 user thanked author for this post.

DrBonzo

Reply | Quote

I just duplicated JD’s results on two 8.1 x64 computers.

Reply | Quote

Title: Microsoft Security Update Revisions
Issued: July 28, 2021
************************************************************************************

Summary
=======

The following advisory and CVE have undergone major revision increments.

======================================================================================

* ADV210003

– ADV210003 | Mitigating NTLM Relay Attacks on Active Directory Certificate
Services (AD CS)
– https://msrc.microsoft.com/update-guide/vulnerability/ADV210003
– Version: 1.1
– Reason for Revision: Executive Summary text has been revised, and a statement has
been added to inform customers that KB5005413 –
https://support.microsoft.com/help/5005413 has been revised. These are informational
changes only.
– Originally posted: July 24, 2021
– Updated: July 28, 2021
– Aggregate CVE Severity Rating: N/A

* CVE-2021-36934

– CVE-2021-36934 | Windows Elevation of Privilege Vulnerability
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
– Version: 4.0
– Reason for Revision: The following revisions have been made: 1) Removed Windows
Server versions from the Security Updates table as they are not affected by this
vulnerability. 2) Updated the Workaround information with a Caution regarding
restoring a system from backup.
– Originally posted: July 20, 2021
– Updated: July 27, 2021
– Aggregate CVE Severity Rating: N/A

Reply | Quote

I have some questions about the update guide for CVE-2021-36934 (HiveNightmare / SeriousSAM) and have posted them <here>… so, as not to cause veering off topic.

Reply | Quote

@SB and AskWoody Readers

KB5004772 .NET

I am a manual installer.  2021-07 .NET Core 3.1.17 Update for x64 Client (KB5004772) shows the pictured items for download.

I am not doing any .NET development so don’t need the SDK files. (Likely the x86 files there, are a mistake.) I am down to 3 files pictured below: Core runtime, Runtime and Desktop runtime.

Any comments on what is the appropriate use is for each of these three files?

 

Reply | Quote

Looking back at 3.1.16, I am guessing the Desktop runtime is needed. We also installed the Core .NET from February 2021 so we may need that too.

Reply | Quote

I think I only need Desktop runtime since that is what is in 3.1.16 .NET Core. Looking back at June 24 Patch Watch, I think the 3.1.16 .NET core is referencing a patch released in February 2021 hence my confusion about Core.

Reply | Quote

Command to see what .NET you have installed, then you will know which one(s) to install.

dotnet –list-runtimes

source: https://docs.microsoft.com/en-us/dotnet/core/install/how-to-detect-installed-versions?pivots=os-windows

Reply | Quote

For some reason the editor took out a dash; therefore it should be ‘-‘ twice before the word ‘list’. Also it can be seen in the source article.
“dotnet -–list-runtimes”

Reply | Quote

new “preview” updates released Thursday July 29 afternoon for recent Windows 10 versions:

KB5004296 (build 1904x.1151) for Windows 10 versions 2004, 20H2 & 21H1:
https://support.microsoft.com/help/5004296

KB5004293 (build 18363.1714) for Windows 10 version 1909 enterprise & education:
https://support.microsoft.com/help/5004293

these recent preview updates, however, do not include the fix from MS support article 5005408 for smart card authentication printing/scanning problems

Reply | Quote

Just a report:

July 2021 Update:  Major Mouse Issue

After installing the July, 2021 update, I notice lag, inaccurate and other “glitchy” like symptoms with using my Microsoft mouse.  Updating the mouse drivers did not fix the problem.

Uninstalling the update resolved the problem.

Works fine pre July, 2021 update.  Flawlessly and never had an issue until update.

Mike

Lenovo Z580 Laptop

Edition Windows 10 Pro
Version 20H2
Installed on ‎10/‎26/‎2020
OS build 19042.1052
Experience Windows Feature Experience Pack 120.2212.2020.0

Device name DESKTOP-3SNQMJ2
Processor Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz 2.50 GHz
Installed RAM 8.00 GB (7.86 GB usable)
Device ID 1E7F429F-FEAE-440B-BF57-A085B0AACCCD
Product ID 00330-81478-16093-AA278
System type 64-bit operating system, x64-based processor
Pen and touch No pen or touch input is available for this display

 

 

Reply | Quote

I also had mouse issue but I think it happen after the May patches installed. (PCs upgraded from W10 1909 in May. (One to W10 20H2 and one to W10 2004.) I had problems with a Microsoft mouse and a Logitech mouse. A third Microsoft mouse ended up being the solution. I can’t explain why this one mouse is OK on both PCs.

Reply | Quote

“After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, “PSFX_E_MATCHING_BINARY_MISSING”.”

For more information and a workaround, see KB5005322

https://support.microsoft.com/en-us/topic/kb5005322-some-devices-cannot-install-new-updates-after-installing-kb5003690-june-21-2021-66edf7cf-5d3c-401f-bd32-49865343144f

Reply | Quote

BTW that’s a business related patching issue not home user one.  That said an inplace repair is often the only way to get machines to behave and fix windows updating issues.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Alex5723

Reply | Quote

Windows 7 64-bit computer hooked (USB) to an older HP Inkjet printer. Printer is only turned on when we are printing (literally 2-3 times per month). KB5004951 stopped the printer from working, with an odd message saying (paraphrased) that HP solution center needed an Adobe Flash Player update for Internet Explorer.

Those are several products that I don’t touch right there. Uninstalling the printer spooler update immediately brought the printer back to life.

For a while I followed all the update do and don’t threads religiously but to be honest it became too much: time, frustration, effort.

Should I just skip the print spooler update and hope for the best? Like I said, we don’t print much but we do need to occasionally print documents to be signed and mailed.

Thanks.

 

Reply | Quote

OK I ran into a problem getting KB5004237 on my 20H2 WIn 10 Pro laptop. It downloads fine – but then stops at Downloading 100% and won’t install. I restarted twice now, and it will download up to that 100% point and then it won’t move to Installing.

I have turned off metered connection, but I can’t seem to find the setting for changing the active hours if that might have anything to do with it – seems that was just for restarting after installation.

Suggestions welcome and how to get this moving.

Thanks!

Reply | Quote

Update – third time must have been the charm. I stopped Windows Update in Services, rebooted and let it run again and it finally did install. Not sure what the problem was, but seems OK now.

1 user thanked author for this post.

rontpxz81

Reply | Quote

Reboot is the usual fix for all things! 

cheers, Paul

2 users thanked author for this post.

Cybertooth, LHiggins

Reply | Quote

Same happened to me- thanks for the tip.

Reply | Quote

glnz wrote:

Using the dotnet.exe utility,

Where is this utility?

Reply | Quote

Susan Bradley wrote:

BTW that’s a business related patching issue not home user one.  That said an inplace repair is often the only way to get machines to behave and fix windows updating issues.

New updates 8/24/21 : KB5005322 – Some devices cannot install new updates after installing KB5003214 (May 25, 2021) and KB5003690 (June 21, 2021)

Resolution/Workaround
We recommend an in-place upgrade. An in-place upgrade installs an operating system on your device without removing the older version first. Your files, apps, and settings will not be affected. There are a few ways to perform an in-place upgrade, but we will only focus on the following:

Wait for the Windows Update Medic Service (WaaSMedicSVC) to automatically perform an in-place upgrade. The Windows Update Medic Service runs in the background and diagnoses and repairs Windows updates based on the WaaS Assessment Impact Level. This in-place upgrade process will only run automatically on devices that are significantly out of date.

For a faster resolution, perform a manual in-place upgrade as described below. Doing this will install the most recent security quality update available. This is our preferred workaround.

Updated 8/24/21

Note The in-place upgrade option is only available to devices that have been online for at least 30 days.

Note For ARM64 devices, an in-place upgrade will only succeed if KB5005932 has already been installed. You can verify that KB5005932 has been installed by going to Settings > Windows Update > Update History > Other Updates. If your ARM64 devices do not have KB5005932 installed, select Check for Updates on the Windows Update settings page to initiate a scan…

I had to restart my 21H1 August updated PC after a version update to Kaspersky A/V.
After the restart I watched Task Manager and noticed WaaSMedic.exe running for ~5min with high CPU. It is the first time I have seen this service running.
I no Windows Update problems.

Reply | Quote

WCHS wrote:

glnz wrote:

Using the dotnet.exe utility,

Where is this utility?

I never saw an answer to this question.

Reply | Quote

WCHS wrote:

WCHS wrote:

glnz wrote:

Using the dotnet.exe utility,

Where is this utility?

I never saw an answer to this question.

You mean portable .NET Version Detector ?

Reply | Quote

Alex5723 wrote:

You mean portable .NET Version Detector ?

In this thread you are reading, at #2380231, @Ginz mentioned using a dotnet.exe utility to find out what .NET versions were on a Win 7 machine. I did a search for it, but could find nothing, so I was asking for more information about where/how to find this utility.

I don’t really know what was meant, but portable .NET Version Detector might be what @Ginz was referring to.

I’ll try it.

Reply | Quote

A late answer and not exactly what you asking but another way to try.

The command may not show up right, in which case it best to see the Microsoft web site.
“dotnet -–list-runtimes”

Reply | Quote