Patch Lady – August 9th updates

Topic

New Reply

Abbodii reminded us on the Patchmanagement.org list that the KBs that some are seeing released on August 9th are merely the infamous two year old upda
[See the full post at: Patch Lady – August 9th updates]

Susan Bradley Patch Lady/Prudent patcher

17 users thanked author for this post.

abbodi86, Myst, SueW, David F, gborn, Noel Carboni, Pepsiboy, WildBill, ch100, PhotM, geekdom, Mr. Natural, Elly, Cybertooth, Microfix, satrow, woody

Reply | Quote

Replies

I wonder if this is due to maliciousness or mere incompetence. Or both?

And, lest we forget, there is, once more back from the dead, as I can personally attest, KB2952664: https://support.microsoft.com/en-us/help/2952664/compatibility-update-for-keeping-windows-up-to-date-in-windows-7

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Myst, anita.yk

Reply | Quote

OscarCP wrote:

I wonder if this is due to maliciousness or mere incompetence.

The answer is definitely “yes.”

Love the Pinocchio rating….

8 users thanked author for this post.

PhotM, Myst, SueW, lurks about, Jan K., JSTechGeek, anita.yk, Elly

Reply | Quote

Günter Born has additional details on his Borncity blog.

2 users thanked author for this post.

gborn, Elly

Reply | Quote

Ah the new Pinocchio rating is fabulous, it should probably be used from this day forward. I could almost expect you to use the image as an response to any e-mails you might receive, but it is understood you need to be respectful of the process. Thank you for your tempered graceful response to Microsoft.

1 user thanked author for this post.

WildBill

Reply | Quote

See my running commentary and request for answers on these 2 KB’s started this morning at 9:54am under:

“We continue at MS-DECCON 1:  Don’t install any of the July Patches”

(Sorry, I don’t know how to create that fancy link).

Reply | Quote

woody wrote:

OscarCP wrote:

I wonder if this is due to maliciousness or mere incompetence.

The answer is definitely “yes.” Love the Pinocchio rating….

I don’t just love the Pinocchio, I ADORE IT.

Reply | Quote

Pinocchio rating is brilliant and a brilliant discovery Abbodii! This patch was a major source of Windows problems from the start and they have obviously been “scrambling” for the past 2 years to try and fix the situation…..with zero success.

Mission Control…….we have a problem.

Red Ruffnsore

Reply | Quote

Microsoft needs to learn that knowledgeable Windows users will update their systems, but at their own pace, usually as one version falls out of support, they will move to the next – perhaps only out of necessity.

We do not need software to push feature updates on us as we know what we are doing and whether new features are needed or not. We do not need patches to the update stack that reset all of our settings and tries to update us while we sleep or are not looking.

Any KB ending in 3057 & 2664 should be burnt into the memory of those paying attention by now. Probably won’t be long before we have to add additional numbers to our mental patch avoidance list.

4 users thanked author for this post.

SueW, Cybertooth, lurks about, Elly

Reply | Quote

Patching any OS should use the following scenario:

1. Patches developed and thoroughly tested by competent professionals internally; optionally a release candidate is made available to outsiders for in the wild testing.

2. Released to users with the OS notification system notifying users of there availability.

3. Installed by users at convenient time; this especially true for Windows as often a system reboot is required.

MS fails 1 and 3 and is just above failing for 2. For 1 they do not thoroughly test internally before release. Thus buggy releases that often cause more problems than they fix. For 3, users have limited or no control over when the updates are installed. Thus work is interrupted often at inconvenient times with a loss of data as the user is scrambling to save their work. For 2, users often resort to hiding notifications to avoid issues with step 3. This means notifications are not necessarily seen by the users defeating the purpose of even having the patch.

2 users thanked author for this post.

Noel Carboni, Cybertooth

Reply | Quote

My guess is these patches are needed to fix underlying issues to get people to the next version.  For example I have yet to see the “fix” in 1803 where OEM partitions get assigned a letter/drive and then start complaining they are out of space.  I can’t tell if this has been fixed or not.  Clearly there are things that need fixing in the process to install feature updates.  If there was a bit more transparency, we’d know exactly what is being fixed instead of having to guess.

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

pclind, ch100, Myst, Elly

Reply | Quote

My guess Susan is there isn’t transparency because MS has no clue in general, they seem to be throwing “fixes” and updates haphazardly and at random, all the while attempting to look professional. Hope for more competency and a trusting source so we can all get on with the program. There’s a life out there people, and we don’t need to worry about all these stupid potholes.

MacOS iPadOS and sometimes SOS

3 users thanked author for this post.

AlexEiffel, lurks about, OscarCP

Reply | Quote

WG, Hear! Hear!

I’d hazard the guess that this is so, because all the senses and talent, such as they are, of the developers at MS, are now steadily focused on preparing things for the big transition towards the great all-for-rent-all-in-the-Cloud-all-the-time MS senior management is unswervingly directing the future of Windows towards. (And away from me.)

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

3 users thanked author for this post.

Cybertooth, Myst, lurks about

Reply | Quote

I am enough of an old timer to understand the original PCs were often a rebellion against centralized computing which required an always on connection to the mainframe (now server farm). The idea was to have local control of the computer and its software and to be partially independent of the mainframe/server farm. This work could be done locally on local boxes. The Cloud is in many ways the return to the dumb terminal days with timesharing as the data and application are stored remotely from the user and require an always on connection. But with a twist, one gets to pay monthly fees for these services and these fees can add up quickly as one is likely to need multiple services. Thus there is some value to having a local copy of the software with local storage; one time fees for software and equipment. Then if any online services are used they can be minimized to spare the budget.

Running whole hog into the Cloud sounds nice but many do not need or cannot use the cloud and should avoid its expense. Thus many who have a computer will minimize their cloud usage for pragmatic reasons and they will likely be a fairly significant percentage of users. Plus there is no particular reason to favor Azure over Google or AWS as they all require a browser to access and do not require any specific OS for the browser. So as along as one has a standards compliant browser (the best being Chrome/Chromium and derivatives) any OS will do.

The allure of the Cloud for a software company is it converts customers into subscribers theoretically. But this ignores that most users do use a limited subset of the features of any software package. So for many, using an older version, even if it is no longer officially supported, is not an issue as long as the files can be opened and edited. Thus many do not need the cloud offerings and will not subscribe to many of the offerings.

7 users thanked author for this post.

jburk07, Chris B, Cybertooth, ve2mrx, Myst, OscarCP, Elly

Reply | Quote

And there is also the no small matter of how much energy is necessary to use to keep those server farms running to make the “Cloud” work — and how much waste heat they generate. I was reading the other day that MS is experimenting with submarine server farms, to dissipate all that heat into the ocean:

https://www.theverge.com/2018/6/6/17433206/microsoft-underwater-data-center-project-natick

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Myst, Elly

Reply | Quote

So as I asked under another topic post since I just received both of these KB’s:
Do I hide them both with wushowhide for now?
Install one or the other?

If one or the other TRULY is needed to eventually smoothly move to ver 1803 (which cry as we like, we will all have to do in the near future) when should we install them?

Are we by chance causing these KB’s to be targeted at us because we are following the Defcon system and not currently up to date?  It seems that KB4023057 may be generated by MS to those they “think” may have a WUpdater problem because they sense we are not up to date.

Reply | Quote

What version of Windows 10 are you running now?  This is the part that I WISH they were more transparent about.  Clearly telemetry and WU has detected something in your system that indicates it needs these updates.  If I had your machine, yes I’d install them.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I am running Windows 10 Pro x64 ver 1709.  Per this site my system is set to fend off automatic updates:  Group Policy set at 2 (ask), Channel Non-Targeted, Feature Delay 365 days, Quality updates 0 days, but hide any updates via wushowhide until Woody gives the all clear.

Therefore for example I did not install KB4023057 when it came down two previous times (per this website, advice was it was a way to force install ver 1803), and have not installed the July KB4338825 or the two July patches pending Defcon 3.

Are we by chance causing these KB’s to be targeted at us because we are following the Defcon system and not currently up to date?  It seems that KB4023057 may be generated by MS to those they “think” may have a WUpdater problem because they sense we are not up to date.

Please read the below that adds some insight to these KB’s. What MS may see is that I/we do not have current updates and think the WUpdater needs fixing when I am the problem.

It is a long URL since this is in German and Google needs to translate. It was the only site that had any info on these 2 KB’s.
https://translate.google.com/translate?hl=en&sl=de&u=https://www.borncity.com/blog/2018/08/10/windows10-updates-kb4295110-kb4023057-9-8-2018/

So are those of us holding updates causing problems, or is this a ploy by MS to re-set our systems and force ver 1803 on us?

Should we hold or install?

One or both?

Or, should we hold waiting until we install July (if get Defcon 3) or the August regular updates and see if they are re-sent to us later?

Reply | Quote

Susan, please provide a reply to this topic so we have some guidance on these KB’s.

It is an important issue to come to resolution on.

Thx

Reply | Quote

I’m only guessing here due to the lack of transparency, my guess is that yes because you are a windows update machine still on 1709 when all my other machines have been offered up 1803, that this is why you are being offered up those updates.  If you have a small hard drive, I would go ahead and install those updates (my infamous 35 gig hard drive that always barfs on the feature releases), but for anyone else, especially when you have deferred the feature releases, you can skip these.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Susan, thanks so much for your response.

My system is still almost new (have’nt put much on it pending learning the ways of Windows 10).  Main drive is large at 1T and secondary is 2T both over 96% available.

I’m going to HOLD for now and see what happens after the August go-ahead.

FYI, as noted above I hide (via wushowhide) both KB4023057 and KB4295110 when received on Aug 9 via WU. I checked wushowhide today and KB4295110 is no longer listed as hidden. It is gone. ?

Reply | Quote

I have come to believe that Microsoft now believes that lack of transparency is assistive in achieving their objectives in the ongoing forced migration to W10. Your new new Pinochio rating I take as emblematic of the reputational damage Microsoft has incurred as a result of its outrageous behaviors and diminished quality control. The response to your survey, which was offered in a most constructive manner, was extremely patronizing and only helped reinforce my negative perception of this company.

1 user thanked author for this post.

Cybertooth

Reply | Quote

My only complaint with the Pinocchio rating system is that the nose will quickly become too long to view on my monitor.

1 user thanked author for this post.

columbia2011

Reply | Quote

Would sure be nice if they offered these updates to Managed Platforms that use SCCM to deploy patches.

Reply | Quote

This is just to thank the Patch Lady for updating, as usual, the Master Patch List to reflect the current patch situation on this first weekend after August’s Patch Tuesday. To me (Windows 7 x64, Group B) the MPL is, now days, my prime indicator of how things stand with patches for Win 7, together with what people, after a while, start reporting here on their experiences with them.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Just finished installing August updates on the production network at the office with no side effects.  I’ll be flipping the recommendations to install if I don’t see anything in the next 24 hours.

Susan Bradley Patch Lady/Prudent patcher

4 users thanked author for this post.

columbia2011, ch100, BobbyB, StruldBrug

Reply | Quote

Good job!

Reply | Quote

…vulnerability known as L2 Terminal Fault affecting Intel Copre and Intel Xeon processors.

I added the bolding for emphasis.
So, Intel’s come out with a knockoff line of processors known as the “Copre” processors?? 😉  😉

The above quote is from the listing in the Master Patch list for KB4343909 in the last column where the patched vulnerabilities are described. Just thought I’d point out the typo so to avoid someone thinking what I wrote above in jest (written in italics) was an actual happening.

Reply | Quote

Same anon as above in #211646.

The above-referenced typo also appears in the descriptions for Win 8.1 KB4343898 and Win7 KB4343900 in the same place as noted for the Win10 patch. Guess it must’ve been a case of copy/paste gone “wrong”.  🙁

Reply | Quote

I am wondering what to do with old updates that are showing ;Oh bother, no search results were found when searching out kb2977765, kb2978041, kb2978126, kb3074228, kb3074548 and so on for Windows 8.1 Updates? Your help would be greatly appreciated!!

Reply | Quote

KB2977765 Security update .NET 4.5.1/4.5.2 on Win8.1 9/9/2014

kb2978041 Security update .NET 4.5.1/4.5.2 on Win8.1 10/14/2014

kb2978126 Security update .NET 4.5.1/4.5.2 on Win8.1 11/11/2014

kb3074228 Security update .NET 4.5.1/4.5.2 on Win8.1 9/8/2015

kb3074548 Security update .NET 4.5.1/4.5.2 on Win8.1 9/8/2015

These are all old .NET patches. It will no hurt to install them. If they have been superseded by later patches they simp;y will not install.

We are at DEFCON 2 currently. In any case, you should wait until the DEFCON number is 3 or above to patch.

2 users thanked author for this post.

walker, Elly

Reply | Quote

Susan Bradley wrote:

Abbodii reminded us on the Patchmanagement.org list that the KBs that some are seeing released on August 9th are merely the infamous two year old upda[See the full post at: Patch Lady – August 9th updates]

And why does KB4295110 take 3-4 DAYS to download? Crazy if you ask me. Can 110 and 057 be disabled or denied?

Reply | Quote