Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Patch Tuesday patches are out

    Home Forums AskWoody blog Patch Tuesday patches are out

    This topic contains 139 replies, has 29 voices, and was last updated by  AJNorth 4 days, 21 hours ago.

    • Author
      Posts
    • #136370 Reply

      woody
      Da Boss

      Of course, we’re at MS-DEFCON 2, so you shouldn’t install any of these. I count 151 separate security patches, and 48 Knowledge Base articles. Nothing
      [See the full post at: Patch Tuesday patches are out]

      5 users thanked author for this post.
    • #136382 Reply

      PKCano
      AskWoody MVP

      Tues, Oct 10, 2017

      Group B Security-only patches have been updated at AKB2000003

      UPDATE: There are no Security-only .NET updates (these are not a part of Group B) listed this month.

      • This reply was modified 1 week, 5 days ago by  PKCano.
      • This reply was modified 1 week, 5 days ago by  PKCano.
      • This reply was modified 1 week, 5 days ago by  PKCano.
      10 users thanked author for this post.
    • #136387 Reply

      AJNorth
      AskWoody Lounger

      For those who use the Adobe Flash Player and manually update it, here are the direct download links for the off-line (full) installers for version 27.0.0.159, as well as the Uninstaller, all “clean” — (right-click; select Save Link As):

      NPAPI for Firefox, Safari, Opera: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe | 19.8 MB
      AX for Internet Explorer: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe | 19.3 MB
      PPAPI for Opera and Chromium-based browsers: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe | 19.7 MB
      Adobe Flash Player Uninstaller: http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe | 1.25 MB

      • This reply was modified 1 week, 5 days ago by  AJNorth.
      6 users thanked author for this post.
    • #136395 Reply

      AJNorth
      AskWoody Lounger

      For those who follow it, the SANS ISC have posted their chart for the October 2017 Security Updates: https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/ .

      3 users thanked author for this post.
    • #136407 Reply

      anonymous

      There is Word Zero-day vulnerability.

    • #136416 Reply

      Seff
      AskWoody Lounger

      And once again, the most secure OS – EVAR!!! – has the most vulnerabilities.

      And that’s not even just on mobiles ;)!

      Thanks for the update, Woody.

      3 users thanked author for this post.
      • #136447 Reply

        anonymous

        While this probably won’t make you feel any better, it could shed a little light on why 10 usually has more fixes.

        http://www.theregister.co.uk/2017/10/06/researchers_say_windows_10_patches_punch_holes_in_older_versions/

        That story, if true, probably warrants its own thread.

        • #136453 Reply

          Seff
          AskWoody Lounger

          While that doesn’t surprise me, Microsoft being what it is these days, I’m surprised that the article doesn’t point out very forcibly that MS are still contractually committed to providing security support for the older versions at the present time, and hiding behind the “no major updates” let-out, or the marketing push for a more secure OS with Windows 10 doesn’t really cut it. Either they are providing security support or they aren’t, picking and choosing which fixes to roll out to Windows 7 and 8.1 isn’t remotely acceptable.

          4 users thanked author for this post.
    • #136419 Reply

      MrBrian
      AskWoody MVP

      The October 2017 Security Update Review

      1 user thanked author for this post.
    • #136429 Reply

      Charlie
      AskWoody Lounger

      20 vulnerabilities to Win 7 in the course of only one month.  Wow, the miscreants must be working overtime!

      • #136442 Reply

        woody
        Da Boss

        Thar’s gold in them thar bugs.

    • #136430 Reply

      mobartz
      AskWoody Lounger

      For the first time, I’m seeing Delta Updates for Win 10 1607 and 1703 along with the regular Cumulative Updates.  This is on our WSUS server.  I thought the deltas were only for non-WSUS environments.  Supposedly there are known problems if you try to install both regular and delta.  I’ve declined the deltas, but I wonder what’s going on.

       

      • #136591 Reply

        mobartz
        AskWoody Lounger

        The delta updates KB4041676 and KB40491 for Windows 10 version 1607 and 1703 as well as Windows Server 2016 were all expired some time after the initial release to WSUS.  So it looks like it was a mistake that Microsoft corrected.

    • #136435 Reply

      MrBrian
      AskWoody MVP

      Note for those who use Windows security-only updates: From both October 2017 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4043766) and October 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 updates for Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 (KB 4043767):

      “All updates for .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 require the D3 Compiler to be installed. We recommend that you install the included D3 Compiler before applying this update. For more information about the D3 Compiler, see KB 4019990.”

      6 users thanked author for this post.
      • #136439 Reply

        PKCano
        AskWoody MVP

        The link to the Update Catalog for KB4019990

        4 users thanked author for this post.
      • #136467 Reply

        MrBrian
        AskWoody MVP

        Test: On a Windows 7 x64 virtual machine with no Windows monthly rollups installed, and .NET Framework 4.6.1 installed, Windows Update does not list the October 2017 .NET Framework monthly rollup. I’m sure this will be asked about again soon :).

        1 user thanked author for this post.
        • #136469 Reply

          MrBrian
          AskWoody MVP

          …But the manual installer for the October 2017 .NET Framework monthly rollup successfully installed. Ugh! I recommend not doing this.

          • This reply was modified 1 week, 5 days ago by  MrBrian.
          4 users thanked author for this post.
          • #136664 Reply

            ch100
            AskWoody MVP

            Hmm, on fully patched Windows 7 and Windows 2008 R2 with only 3.5.1 and 4.5.2 installed, the .NET Framework October Update KB4043766 shows as installed in WSUS, although it was never offered or installed manually.
            It is like .NET 3.5.1 and .NET Framework 4.5.2 do not need the patch. However it may well be a detection issue due to bundling of the updates for all versions together. If this is the case, it is likely that we will see a metadata update by the way of a revised update soon.
            Same thing applies for KB4043767 on Windows 8.1/2012 R2.

            • This reply was modified 1 week, 4 days ago by  ch100.
            • #136676 Reply

              abbodi86
              AskWoody MVP

              3.5 & 4.5.2 patches have not changed, same as September rollup
              only 4.7 got new “quality” patch, thus a new rollup must be rolled 😀

              3 users thanked author for this post.
        • #136580 Reply

          alpha128
          AskWoody Lounger

          Test: On a Windows 7 x64 virtual machine with no Windows monthly rollups installed, and .NET Framework 4.6.1 installed, Windows Update does not list the October 2017 .NET Framework monthly rollup. I’m sure this will be asked about again soon :). – MrBrian

          So you’re saying that users with with .NET 4.6 installed have to install the Update for the d3dcompiler_47.dll to get any future 4.6 updates, even if they don’t have or want .NET 4.7?

          • #136680 Reply

            MrBrian
            AskWoody MVP

            That is what I believe. Those who installed any of the recent Windows monthly rollups already have that file. Those in Group B may not have that file though.

          • #136717 Reply

            abbodi86
            AskWoody MVP

            Like i said before (not sure if my post still there or losted with Woody’s site problems)..
            starting July 2017, all .NET 4.6/4.6.1/4.6.2/4.7 updates had been reconciled into one rollup update that is based on 4.7 binaries version
            meaning, your .NET 4.6.x version is transforming into 4.7 under the hood

            so the best decision would be to install 4.7 itself 😀
            or install .NET 4.5.2, which is still separate

            2 users thanked author for this post.
        • #136718 Reply

          MrBrian
          AskWoody MVP

          Correction to previous test: With .NET Framework 4.6.1 installed, the October 2017 .NET Framework monthly rollup did in fact appear in Windows Update without KB4019990 installed. I missed it in the previous test because it was listed as an Optional update, while the September 2017 .NET Framework monthly rollup was listed as an Important update. The reason that both are listed is because the October 2017 .NET Framework monthly rollup doesn’t metadata supersede (first type of supersedence) the September 2017 .NET Framework monthly rollup.

      • #136543 Reply

        anonymous

        When one sees “KB 4019990,” It doesn’t say anything about 8.1??

        • #136599 Reply

          MrBrian
          AskWoody MVP

          Windows 8.1 doesn’t seem to be affected by the issue that requires that update.

        • #136593 Reply

          anonymous

          Does that mean win 8.1 users don’t need to install that update (kb 4019990)?

          • #136671 Reply

            EP
            AskWoody Lounger

            KB4019990 is for Windows 7 only and does not concern nor apply to Windows 8.1. The D3DCompiler_47.dll file is already included in Windows 8.1 and greater.

            1 user thanked author for this post.
      • #136850 Reply

        anonymous

        Since I installed the D3 Compiler AFTER installing the Security Only .NET Framework update for 4.6.2 for September, will I hurt my machine by uninstalling that .NET Framework update in order for it to be installed AFTER the D3 Compiler?

        • #136852 Reply

          PKCano
          AskWoody MVP

          That shouldn’t hurt anything. But if you are not having a problem, it may not be necessary.

          • #136915 Reply

            anonymous

            Thank you.

    • #136446 Reply

      GCG1000
      AskWoody Lounger

      Well, after being “updated” by KB4041676 my Win 10 1703 Home system is unable to correctly eject a USB 3 external 2 TB WD My Book Drive which I use for system backups.  When ejection is attempted, I get the following win error message:

      “Problem Ejecting USB Mass Storage Device’

      “Windows is unable to stop the device “USB Mass Storage Device”.  Don’t remove this device while it is still in use.  Close any programs using this device and then remove it.”

      Prior to updating to the aforementioned KB, there was no problem ejecting this device.   My problem is I don’t know of any other program or app that’s using this disk, after my Reflect backup app is closed.

      Edit to remove HTML

      1 user thanked author for this post.
      • #136475 Reply

        woody
        Da Boss

        Win 10 1703 Home system is unable to correctly eject a USB 3 external 2 TB WD My Book Drive

        What happens if you roll back the update?

    • #136470 Reply

      twbartender
      AskWoody Lounger

      Has Microsoft had a change of heart, or is it another Microsoft screw up? According to the support page: https://support.microsoft.com/en-us/help/4041678/windows-7-update-kb4041678, which is the October Security Only update for Windows 7,  there are now 2 ways to get the update, as quoted below…

      This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.

      • This reply was modified 1 week, 5 days ago by  twbartender.
      1 user thanked author for this post.
      • #136474 Reply

        PKCano
        AskWoody MVP

        There have always been two ways to get the updates that are distributed through Windows Update (like the Monthly Rollups),
        You can run Windows Update and it will download and install the patches for you.
        OR
        You can download the patches from the Microsoft Update Catalog and manually install them yourself.

        However, there are patches that are not available through Windows Update (like the Security Only Quality Updates for Win).
        If you want to install these patches, you have to download them from the Catalog and manually install them.

        5 users thanked author for this post.
        • #136478 Reply

          anonymous

          I think the issue is that the link in twbartender’s post is for a security only update, and yet the same link says that update will be downloaded and installed automatically from Windows Update. That’s not how it used to work; I. e., Windows Update did not download and install automatically security only updates, but rather, only the Rollups.

          2 users thanked author for this post.
      • #136476 Reply

        MrBrian
        AskWoody MVP

        Very likely a mistake. I reported the issue to Microsoft via feedback for the Microsoft page you linked to.

        1 user thanked author for this post.
        • #136480 Reply

          PKCano
          AskWoody MVP

          Somebody must have done a cut/paste from the Rollup page.

        • #136495 Reply

          twbartender
          AskWoody Lounger

          @mrbrian

          Very likely a mistake. I reported the issue to Microsoft via feedback for the Microsoft page you linked to.

          You might also want to let Microsoft know that the October 10, 2017 “Cumulative security update for Internet Explorer”, KB4040685 also states that, “This update is available through Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically.”  It also state that it can be installed using the Microsoft Update Catalog.

          https://support.microsoft.com/en-us/help/4040685/cumulative-security-update-for-internet-explorer

          4 users thanked author for this post.
          • #136503 Reply

            MrBrian
            AskWoody MVP

            The Internet Explorer cumulative updates should be available on Windows Update – see https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in.

            • #136507 Reply

              anonymous

              I don’t believe I’ve ever seen an IE 11 update come through Windows Update, at least not since they started doing rollups. I’m not seeing an IE 11 update for October on Windows Update.

              I was of the understanding that the rollup included updates for IE 11.

              Not arguing with you MrBrian, just with the statements in the MS link you gave above.

              1 user thanked author for this post.
          • #136508 Reply

            MrBrian
            AskWoody MVP

            On second thought, you might be right for some operating systems, but perhaps Microsoft intends it that way because one can get the Internet Explorer files via the Windows monthly rollups for those operating systems. If you want to report it anyway, use “Was this information helpful?” on the bottom of the relevant Microsoft page.

            • This reply was modified 1 week, 5 days ago by  MrBrian.
            1 user thanked author for this post.
            • #136512 Reply

              PKCano
              AskWoody MVP

              The IE11 update is included in the Monthly Rollup. For those using the Security-only patches, they also need to download the IE11 CU. It is NOT offered through Windows Update.

              3 users thanked author for this post.
    • #136468 Reply

      anonymous

      Windows 7 64 bit all OK but Malicious Software Removal Tool now created two  files with the same size (MRT.exe and MRT-KB890830.exe). This is normal? Never seen that before.

      • #136546 Reply

        anonymous

        I saw the same thing on my W10 1607 machine. I removed one of them.

    • #136479 Reply

      samak
      AskWoody Lounger

      “Adobe has told Brian Krebs that they have no security updates today.”

      I’m confused – I just updated it. From their release notes:

      “October 10, 2017

      In today’s scheduled release, we’ve updated Flash Player and the Windows AIR SDK with important bug fixes.”

      https://helpx.adobe.com/flash-player/release-note/fp_27_air_27_release_notes.html

       

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

      • #136482 Reply

        MrBrian
        AskWoody MVP

        Adobe released non-security fixes for these today.

        2 users thanked author for this post.
        • #136485 Reply

          samak
          AskWoody Lounger

          Got it, thanks. I guess I’m so used to all the Flash issues that I automatically assumed “important bug fixes” would be security-related.

          They obviously aren’t looking hard enough!

          W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

          2 users thanked author for this post.
    • #136491 Reply

      MrBrian
      AskWoody MVP

      From Fake Crypto: Microsoft Outlook S/MIME Cleartext Disclosure (CVE-2017-11776): “We discovered a vulnerability in Outlook’s S/MIME functionality. The short version: If you used Outlook’s S/MIME encryption in the past 6 months (at least, we are still waiting for Microsoft to release detailed information and update the blog) your mails might not have been encrypted as expected. In the context of encryption this can be considered a worst-case bug.”

    • #136497 Reply

      anonymous

      I switched over to Group A a couple months back, do I need to download KB 4019990?

      • #136502 Reply

        MrBrian
        AskWoody MVP

        Not if you installed any of the recent Windows monthly rollups.

        • #136510 Reply

          anonymous

          Thanks, I have the rollups from June to now (September) installed.

        • #136583 Reply

          alpha128
          AskWoody Lounger

          Not if you installed any of the recent Windows monthly rollups. – MrBrian

          I installed KB4019990 on September 29th.  At first I didn’t see the October .NET rollup in Windows Update.  However, upon second glance, I see it being offered as a optional rollup.

          • This reply was modified 1 week, 4 days ago by  alpha128.
          1 user thanked author for this post.
          • #136674 Reply

            EP
            AskWoody Lounger

            KB4019990 is required when installing .NET 4.7 and its updates/rollups.

    • #136498 Reply

      anonymous

      I was watching George Pal’s 1960 movie of H.G. Wells’ The Time Machine the other day and I couldn’t help but wonder if we’ll still be patching Windows security issues in the year 802,701 A.D.?

      Not as far fetched as it may seem, in my opinion.

      Carl D.

    • #136521 Reply

      abbodi86
      AskWoody MVP
    • #136520 Reply

      anonymous

      Is this Patch Tuesday also the last time Microsoft is going to patch Windows 10 Version 1511?

      • #136560 Reply

        PKCano
        AskWoody MVP

        From KB4041689

        Windows 10 version 1511 will reach end of service on October 10, 2017.  Devices running this operating system will no longer receive the monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.

        • This reply was modified 1 week, 4 days ago by  PKCano.
      • #136705 Reply

        anonymous

        I installed KB4041689 last night – against Woody’s advice. But I thought, last update for 1511, gonna have to do it some time, why not now? Screwed up everything. Dialog boxes in file explorer buggered. Uninstalled it less than an hour after it finished. Back to normal. Why does MS do this to us?

    • #136532 Reply

      Geo
      AskWoody Lounger

      Group A,  Win 7 X64, Home Premium  Office 2010.  Downloaded everything.  So far nothing out of the ordinary happened.

    • #136529 Reply

      anonymous

      By ‘design’, checking for updates on the Windows 10 Settings > Update & security page, download and install is triggered automatically when updates are avaialable. Of course, this is not what the user would expect, especially when running on Pro or Enterprise…

      However, there’s a workaround. Open a PowerShell console, enter:
      (New-Object -ComObject "Microsoft.Update.AutoUpdate").DetectNow()
      and hit Enter.

      Note that the DetectNow() method immediately returns to the prompt, but you can watch progress on the Windows 10 Settings > Update & security page. See https://msdn.microsoft.com/en-us/library/windows/desktop/aa385832(v=vs.85).aspx for details about the DetectNow() method.

      2 users thanked author for this post.
      • #136562 Reply

        woody
        Da Boss

        I also find that running wushowhide can display what’s available, without waking the Auto Update beast…

        • #136747 Reply

          anonymous

          Sure, it’s more convenient, but under the hood, it’s PowerShell as well and using Microsoft.Update.Session to gather the data. However, it doesn’t update the Update & security page.

          1 user thanked author for this post.
    • #136538 Reply

      anonymous

      The known issue for the W7 monthly:
      After installing KB4041681, package users may see an error dialog that indicates that an application exception has occurred when closing some applications.

      I am not English – can someone explain to me what package users are? Thanks!
      ~Annemarie

    • #136544 Reply

      anonymous

      I see on your latest Woody on Windows, u talk about Security Advisory ADV170012.  Where does Microsoft post these Security Advisories at?

    • #136575 Reply

      Seff
      AskWoody Lounger

      On the first of my two Windows 7 desktops, the .Net Framework Security and Quality  Rollup is only offered as an unchecked optional update (KB4043766). As important updates I only have KB4041681 (the usual Quality Monthly Rollup) and the usual MSRT.

      My second Windows 7 desktop has the same updates offered in the same way, plus 4 updates for Office 2010 (which is only installed on that machine).

      I am, of course, ignoring all of them for the time being.

    • #136579 Reply

      derzeitgeist
      AskWoody Lounger

      Came in this morning to see people frantic as my alpha test group was blue screening machines, following our nightly maintenance cycle, with “inaccessible boot device” error messages being displayed on machines.

      We believe it’s mostly Windows 10 systems. I’m just starting to investigate. Not every Windows 10 system that patched had a problem, so it definitely may be specific builds.

      Microsoft is really starting to piss my off with their lack of QA and cumulative update idiocy. They’ve basically screwed up every single Patch Tuesday cycle this year. I thought past years were bad. I’m just really glad we have an alpha release and beta release process, with an extended window. It’s sad that we have to be so cautious when it comes to their patches. Our process worked, but it’s going to be a nightmare day or two here.

      • #136582 Reply

        woody
        Da Boss

        Keep us posted!

        I get worried when I hear reports like this. Wonder how many others are going to get hit.

        • #136631 Reply

          derzeitgeist
          AskWoody Lounger

          The culprit is KB401691. The rumor mill is that Microsoft acknowledged that they screwed up with a release of a delta patch to WSUS. I can say that systems that patched with WSUS in my alpha group did have the problem, while other systems using a different patching methodology didn’t have the problem. I wanted to share my steps to fix the affected systems below. Others have shared the same information, but they didn’t put all the steps together for those who need it spelled out:

          If the system will allow you to get to a boot troubleshooting command prompt, great! That should be enough to proceed. However, if you can’t get to a command prompt, you will need to create a bootable flash drive from a Windows 10 system via the Control Panel applet “Create a Recovery Drive”. Or a DaRT flash drive would possibly serve the same purpose. Boot to the drive and use the menu to select the option to open a command prompt:

          Diskpart

          List volume

          Exit

          That should help you find the drive letter for the hard drive. Once you’ve found it, assuming the system drive may not be C:, substitute any references to C:\ with the correct drive letter in EVERY command below:

          Dism /image:C:\ /get-packages /format:table > results.txt

          Type results.txt

          That will give you the package names that are pending install which you can copy and paste to build the commands below:

          Dism /Image:C:\ /Remove-Package /PackageName:package_for_Rollupfix_wrapper~31bf3856ad364e35~amd64~14393.1770.1.6

          Dism /Image:C:\ /Remove-Package /PackageName:package_for_Rollupfix~31bf3856ad364e35~amd64~14393.1770.1.6

          Dism /Image:C:\ /Remove-Package /PackageName:package_for_Rollupfix~31bf3856ad364e35~amd64~14393.1715.1.10

          One or more of the “remove-package” commands may fail. Just move on to the next one if that happens until all 3 packages have been addressed. Reboot and wait for Windows to try to load. If some part of the packages couldn’t be removed, the system will try to complete the process. Be patient while it tries to complete and everything should be restored to working order.

          • This reply was modified 1 week, 4 days ago by  derzeitgeist.
          5 users thanked author for this post.
          • #136968 Reply

            twice-mo
            AskWoody Lounger

            @derzeitgeist,

             

            Thanks for this, you, sir, just saved my morning!

            I have 7 Win10 machines; one failed yesterday, two more this morning.

            Yesterday I cloned a working drive but that’s not a time-saving solution. Your steps seem to have worked on the other two, testing now. I have over eighty Win7 machines, no issues there.

            Just one small correction, your post shows a single tilde after amd64; I had to use a double tilde: “…amd64~~…”

            Again, many thanks!

             

        • #136833 Reply

          derzeitgeist
          AskWoody Lounger

          A director with Microsoft has responded to us through our account rep:

          “I did some digging as soon as I had the opportunity.

          Was the blue screen a 0x7B?

          If so, this is a known issue, because somehow they published both the cumulative update, and the delta (express) update to both WSUS and SCCM.  This should never happen.  There is no issue with the Windows 10 or 2016 Cumulative but only an issue when both the Cumulative and Delta are installed on a machine together.

          All customers should re-synchronise their WSUS / SCCM server and the Delta Updates Binaries will be expired.”

          Even though they say SCCM should have been affected, for some reason only pure WSUS-based systems seem to have been affected here. We are migrating to a SCCM SUP and the Automated Deployment Rule that I’ve been testing didn’t hose any of the potentially vulnerable systems. Since WSUS is used by either method, I’m not sure what the difference was.. all I can say is that it behaved differently with pure WSUS vs. SCCM.

          3 users thanked author for this post.
      • #136597 Reply

        anonymous

        See if it’s not the listed known issue:
        Problem: Systems with support enabled for USB Type-C Connector System Software Interface (UCSI) may experience a blue screen or stop responding with a black screen when a system shutdown is initiated.
        Workaround: If available, disable UCSI in the computer system’s BIOS. This will also disable UCSI features in the Windows operating system.

    • #136598 Reply

      MrBrian
      AskWoody MVP

      From .NET Framework October 2017 Security and Quality Rollup:

      “Today, we are releasing the October 2017 Security and Quality Rollup.

      The update applies to all supported Windows versions. It includes a known issue for Windows 10 1507 (see below).

      […]

      This release contains no new security updates.”

    • #136600 Reply

      anonymous

      All right, Win 7 Ultimate 32 bit, just installed this month’s group B patches, 4040685 and 4041678, plus the .NET bundle, 4043766, even though it’s just recommended. So far everything seems normal.

      But I keep seeing fixes added only to the bundle. There were quite a pile of IE fixes both last month and now, group A bundle only apparently, the only thing that made it through into the security-only IE patch was last month’s search bar thing, so not a fix but actually something that messed things up for some. And now I see a fix for an USB hub memory corruption causing crashes, again listed in the bundle only. Is this the norm now? Any way to just get the fixes out of the bundle? :/

      But have a question, saw KB4038923 as a .NET hotfix released after the August patch Tuesday and apparently not included in the September or October .NET rollups (at least they don’t have this among what they list as replacing and it lists nothing as replacing it). Would there be any use in installing that separately?

      • #136629 Reply

        MrBrian
        AskWoody MVP

        Group B should be getting the same Internet Explorer fixes as Group A since Group B installs the Cumulative security update for Internet Explorer every month. But in general, Group B doesn’t get some non-security fixes that Group A does.

        The issue fixed in KB4038923 was also fixed in the September 2017 .NET Framework monthly rollup, so you shouldn’t need to install KB4038923.

        1 user thanked author for this post.
        • #136684 Reply

          anonymous

          Thanks, so can get rid of that .NET one.
          Can tell you that those IE fixes aren’t applied with the cumulative IE (group B) patch though, or at least they don’t work. And they’re not listed in patch info there either.

    • #136617 Reply

      anonymous

      Crystal Reports connecting to Excel stopped working. Any ideas what patch from last night would have caused this?

      • #136622 Reply

        PKCano
        AskWoody MVP

        We need information before we can even guess the answer to your question.

        What version of Windows are you running?
        What Windows patch(s) were installed last nigh?
        What version of Office are you running?
        What Office patches were installed last night?

        • #136624 Reply

          anonymous

          Windows Server 2008 R2

          Office 2010

          Crystal Reports 2011

          We installed all recommended patches

          These are reports that are connecting directly to an xls file. Crystal Reports now returns a database logon error. Just wondering if anyone else is experiencing this or if it had been reported anywhere.

           

          Thank you.

          • #136636 Reply

            anonymous

            Follow up: the exact error is:

            Logon Failed.

            Details: DAO Error Code: 0xccb

            Source: DAO.Workspace

            Description: Unexpected error from external database driver (1).

            • #136654 Reply

              David F
              AskWoody Lounger

              I may be able to test that tomorrow (UK time) if the patches are on the test pc at the office.

              We use Crystal XI and Excel 2010 though on Win7 Pro (32bit) and Crystal is running on a Citrix box so it may not be a valid comparison.

              It was working correctly today in the live environment as I was using it to extract and reformat some data from a spreadsheet

            • #136795 Reply

              David F
              AskWoody Lounger

              UPDATE

              I was not able to reproduce the problem and had no problems connecting Crystal XI to an .xls spreadsheet.

              There is one large caveat however, although the test pc has been patched the Citrix box Crystal runs on hasn’t, so if there is a problem it would indicate it’s at the Crystal end rather than the Excel end.

              Also tested connections to Oracle, no problems there either

              • This reply was modified 1 week, 3 days ago by  David F.
    • #136627 Reply

      Cartographer7
      AskWoody Lounger

      We’ve got a user whose CRM integration with Outlook 2010 is broken since the update. All the CRM related items in the left hand navigation pane fail to load anything, but if he tries to open a CRM record in some other way (such as clicking on a name at the bottom of Tracked email) it opens just fine.

      Anyone else experiencing similar issues since the update? We’re still investigating on our end but wanted to check and see if anyone else was in the same boat.

      • #136648 Reply

        PKCano
        AskWoody MVP

        Please tell us which version of Windows are you using?

        • #136659 Reply

          Cartographer7
          AskWoody Lounger

          Windows 10.

          • #136667 Reply

            PKCano
            AskWoody MVP

            Which version of Windows 10  1511 November Update, 1607 Anniversary Update, 1703 Creators Update? They all have different updates that could have different effects.

            • #136708 Reply

              anonymous

              PK, relax, it’s going to be ok. Thanks for your passion, but Windows isn’t your problem, it’s Microsoft’s doing.  Isn’t it amazing how many versions of Windows there are now that there is only Windows 10? Sarcasm intended. MS is actively ruining windows. Historians take note – now is the inflection point – the last dive of Mighty MS.

              1 user thanked author for this post.
      • #136854 Reply

        youseeme
        AskWoody Lounger

        Hi,

        We also use CRM integration in outlook, the software provider has confirmed the following combinations have issues relating to the display of some entities (CRM 2011)…

        Win 7  Office 2010, 2013 –  KB4011178

        Win 7 Office 2010  – KB4011196

        Win 7 Office 2016  – KB4011162

        Win 10 Office2010  – KB4011089

         

        • This reply was modified 1 week, 3 days ago by  PKCano.
        • This reply was modified 1 week, 3 days ago by  PKCano.
        • This reply was modified 1 week, 3 days ago by  youseeme.
        • This reply was modified 1 week, 3 days ago by  PKCano.
        2 users thanked author for this post.
        • #136862 Reply

          woody
          Da Boss

          Which software provider?

          • #136864 Reply

            youseeme
            AskWoody Lounger

            https://www.pepperminttechnology.co.uk/

            They advise…

            If you have not yet applied the update we would advise blocking this from your Windows Server Update Services server (if appropriate) or advising users to refrain from installing it until the scope of the issue us understood or a fix is provided from Microsoft. A case has been logged with Microsoft to request further information regarding a resolution for this issue.

            • This reply was modified 1 week, 3 days ago by  youseeme.
      • #137200 Reply

        youseeme
        AskWoody Lounger

        I have been given a workaround for this (CRM 2011 display issues in outlook), which in testing seems to work fine…

        The following registry entry can be added:

        [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security]

        (replace 16.0 with your office version)

        “EnableRoamingFolderHomepages”=dword:00000001

        • This reply was modified 1 week, 2 days ago by  youseeme.
        1 user thanked author for this post.
    • #136646 Reply

      MrBrian
      AskWoody MVP
    • #136658 Reply

      Purg2
      AskWoody Lounger

      Note for those who use Windows security-only updates: From both October 2017 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4043766) and October 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 updates for Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 (KB 4043767): “All updates for .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 require the D3 Compiler to be installed. We recommend that you install the included D3 Compiler before applying this update. For more information about the D3 Compiler, see KB 4019990.”

      Currently 4043767 isn’t being offered to me.  Until it shows up in windows update, I’m not about to be overly concerned about it.  Thanks for the heads up though.  Should it appear I’ll be sure to grab the compiler.

      Incidentally, after all that fun we had with the hiding of those rollups since they began in August 2016, when I went to look for .NET history I had a look at my hidden list & lo & behold all the rollups were gone.  None of them were on the installed list.  Check it out fella.

      https://imgur.com/a/5kYmZ

      Win 8.1 Group B

    • #136699 Reply

      gborn
      AskWoody MVP

      Came in this morning to see people frantic as my alpha test group was blue screening machines, following our nightly maintenance cycle, with “inaccessible boot device” error messages being displayed on machines. We believe it’s mostly Windows 10 systems. I’m just starting to investigate. Not every Windows 10 system that patched had a problem, so it definitely may be specific builds. Microsoft is really starting to piss my off with their lack of QA and cumulative update idiocy. They’ve basically screwed up every single Patch Tuesday cycle this year. I thought past years were bad. I’m just really glad we have an alpha release and beta release process, with an extended window. It’s sad that we have to be so cautious when it comes to their patches. Our process worked, but it’s going to be a nightmare day or two here.

      I’ve collected a few details at Windows 10 V1703: Update KB4041676 install issues. This scenario occurs only in WSUS/SCCM, if both alpha and CU has been approved for install (it should have never been released, and admins never should have approved both update types).

      • This reply was modified 1 week, 4 days ago by  gborn. Reason: removing tags
      3 users thanked author for this post.
    • #136697 Reply

      anonymous

      Dear Woody,

      Your work with the information about this cumulative new patching system of Microsoft is very important. Thank you very much! That being said, I wish to know if there is a way to notice if patches include telemetry updates, because MS became too “imprecise” with the way they describe the patches contents.

      I have a telemetry-free (to my knowledge and for now) Windows 7 x64 Ultimate installation that works fast and flawlessly. I almost didn’t install ONE cumulative patch because it’s more difficult to really know what they contain, and have been avoiding the “conflicting” individual patches so far, following your reports and people’s feedback.

      Of course I don’t want to be exposed to vulnerabilities, I have a lot of protective measures nevertheless (firewalls, etc.) and a caring user behavior regarding security, but I don’t want to mess my great Windows 7 flawless install because Microsoft want to transform every Windows in a telemetry-bugged-beacon.

      Thank you again and everyone reporting here,

      G.

      • #136837 Reply

        woody
        Da Boss

        I fear that identifying telemetry-enhancing updates isn’t possible any more. There’s just too much floating around.

        Every month I publish a general, all-around series of steps to minimize telemetry – but it’s far from complete.

        2 users thanked author for this post.
    • #136719 Reply

      alpha128
      AskWoody Lounger

      My employer pushed the Windows 7 Rollup (KB4041681) to my work computer this morning. There were no apparent issues, but I’m not installing that update on my home system yet.

    • #136766 Reply

      anonymous

      This is the Office 2007 sp3 EOL, or they extended it?

      • #136770 Reply

        Kirsty
        AskWoody MVP

        Yesterday was End Of Life (EOL) for both Office 2007 and Win10-1511 – they will receive no further scheduled updates.

        • This reply was modified 1 week, 4 days ago by  Kirsty.
        1 user thanked author for this post.
    • #136822 Reply

      MrBrian
      AskWoody MVP

      From Windows devices may fail to boot after installing October 10 version of KB4041676 or KB4041691 that contained a publishing issue (my bolding):

      “Microsoft is aware of a publishing issue with the October 10th, 2017 monthly security updates for Windows 10 version 1703 (KB4041676) and version 1607 (KB4041691), and Windows Server 2016 (KB4041691) for WSUS/SCCM managed devices. Customers that download updates directly from Windows Update (Home and consumer devices) or Windows Update for Business are not impacted.

      2 users thanked author for this post.
    • #136828 Reply

      anonymous

      I have to report a bug or is it a “feature” maybe, with the:
      2017-10 Security Monthly Quality Rollup for Windows 7 for x64-based Systems KB4041681
      2017-10 Security Only Quality Update for Windows 7 for x64-based Systems KB4041678

      I work in IT and yesterday we got bombarded with the problem that we can not import an xls file into our application, which we have been doing since forever.

      It gives an error: Unexpected error from external database driver (1).
      We dug deeper and got to the Provider=Microsoft.Jet.OLEDB.4.0;Data Source={0};Extended Properties=\”Excel 8.0;HDR=Yes;IMEX=1\” not working anymore.

      After we removed both updates everything was back to normal.

      Just an FYI to everyone with the same problem.

      Edit to remove HTML
      Please convert to plain text before copy/paste

      4 users thanked author for this post.
      • #137155 Reply

        anonymous

        I ran into this, with broken production automation routines that relied on Excel via Jet OLEDB. What I did to remedy this was to install the latest version of AccessDatabaseEngine, which is Office 2010 compatible I believe. After doing so I then replaced any reference to Microsoft.Jet.OLEDB.4.0 with the Microsoft.ACE.OLEDB.12.0 provider. That did the trick. At first I thought I’d have to then connect to XLSX files instead of the current XLS files, but the provider works equally as well against XLS. So only one search-and-replace routine was needed. Thank God…

        1 user thanked author for this post.
        • #137206 Reply

          anonymous

          Hello
          Installing the AccessDatabaseEngine and using Miscrosoft.ACE.OLEDB.12.0 provider will work out and if you keep Excel 8.0 in the connexion string, you can still use .xls files.

          After installing the AccessDataBaseEngine Try changing :

          Provider=Microsoft.Jet.OLEDB.4.0;Data Source={0};Extended Properties=\”Excel 8.0;HDR=Yes;IMEX=1\”

          to

          Provider=Microsoft.ACE.OLEDB.12.0;Data Source={0};Extended Properties=\”Excel 8.0;HDR=Yes;IMEX=1\”

          1 user thanked author for this post.
    • #136849 Reply

      AlexEiffel
      AskWoody Lounger

      Last month after the automatic patching of Windows Server 2012 R2, my domain got unassigned from the network card and I lost all possibility to connect to the SQL database for the accounting package. This month, same thing, right after the automatic patching during the night. Nobody able to work in the morning. I don’t manage this server. I don’t know Windows Server, I don’t use it.

      The trick was to simply disable the network card, then reenable it. Quickly realizing the network was public and not domain, I tried things for an hour with a consultant last time before finding that: restarted, registry tricks, manually assigning the domain to the private network…

      2 users thanked author for this post.
    • #136856 Reply

      anonymous

      Another article about October’s KB4041676 update:

      Windows 10 mandatory October KB4041676 update is causing machines to BSOD

       

      1 user thanked author for this post.
    • #136883 Reply

      Noel Carboni
      AskWoody MVP

      On my Win 8.1 test VM…

      Windows Update service started, firewall reconfigured to allow updates, and the patches are going in Group A style as usual for this time of the month…

      Checking8.1

      AvailableImportant8.1

      AvailableOptional8.1

      Done8.1

      Also as usual, the updating process went smoothly and the VM booted right back up.

      No new errors or warnings have appeared in the event log.

      A quick comparison of my LogSystemInfo output before/after revealed:

      • KB4043763 and KB4041693 added, KB4038792 removed from WMIC qfe list.
      • Tasks in the WindowsUpdate section of the scheduler were re-enabled as usual.
      • A fair number of system modules, including protocol handlers updated to new build numbers.

      Fitness testing to commence next. More as I learn it.

      -Noel

      Attachments:
      You must be logged in to view attached files.
      2 users thanked author for this post.
    • #136923 Reply

      twbartender
      AskWoody Lounger

      I have 3.5.1 and 4.5.2 .NET  installed on my Windows 7 x64 machine, & even though I’m still Group B Security-only, I’ve been installing the .NET Framework Security and Quality Rollup when it’s offered to me in the monthly windows updates. The most recent one being the September 2017 update. Now after reading the various messages in this topic about the October 2017 .NET Security and Quality Rollup, I’ve been trying to determine if I need to install this new October .NET update, even though it didn’t show up in this months updates…

      According to what “abbodi86” wrote in message “#136676”,  “3.5 & 4.5.2 patches have not changed, same as September rollup. only 4.7 got new “quality” patch”

      The thing is when I compared the October 2017.NET Framework Security and Quality Rollup information to that of the September 2017 .NET Framework Security and Quality Rollup information: ( https://blogs.msdn.microsoft.com/dotnet/2017/10/10/net-framework-october-2017-security-and-quality-rollup/ & https://blogs.msdn.microsoft.com/dotnet/2017/09/12/net-framework-september-2017-security-and-quality-rollup/ ) there is an additional WPF Quality and Reliability Improvement in the October update that wasn’t listed in the September update.

      Considering that the October update States the following: “The update applies to all supported Windows versions”, does this additional October improvement (shown below) mean that there is a difference between the September & October 3.5 & 4.5.2 patches? And if so, should the October patch be installed on machines having 3.5.1 and 4.5.2 .NET Framework installed even if the September update was previously installed?

      The quality and reliability improvement that’s listed in the October update, but not the September update, is the following: Rendering of WPF UI Elements is disabled in Windows Services. [497334]

      • #136943 Reply

        MrBrian
        AskWoody MVP

        On a Windows 7 x64 computer with .NET Frameworks 3.5.1 and 4.5.2 installed, October 2017 .NET Framework monthly rollup appears as a Recommended update. That means it can appear in either the Important or Optional tab, depending on the setting “Give me recommended updates the same way I receive important updates.”

        1 user thanked author for this post.
        • #136977 Reply

          AJNorth
          AskWoody Lounger

          Indeed, “Give me recommended updates the same way I receive important updates” is deselected in WU (Win 7 x64) and this optional recommended (unchecked) update is offered:

          “2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4043766)” – 61.6 MB (.NET 4.7 is not installed).

          It is unhelpful that MS titles this a “Security and Quality Rollup,” yet it is optional and there is no associated CVE (the SANS ISC lists no .NET exploits for this month, https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/ and Martin Brinkmann at gHacks lists this as a non-security update, https://www.ghacks.net/2017/10/10/microsoft-security-updates-october-2017-release/ ).

          1 user thanked author for this post.
          • #137265 Reply

            DrBonzo
            AskWoody Lounger

            Just to verify and/or corroborate, when I have “Give me recommended updates the same way I receive important updates” SELECTED, I get the KB4043766 update listed as Important and also checked. (Win 7 x64, .NET 4.7 NOT installed)

            Can’t MS make up it’s mind? Doesn’t seem like that would be rocket science to me.

      • #136947 Reply

        DrBonzo
        AskWoody Lounger

        For what it’s worth:

        I’m group B and also quality and security on .NET – or what I’ll just call .NET Rollups.

        But after the snafus in Sept with the Rollup (which were apparently not present in the security only updates), I decided that from now on it’s security only for everything. I’m not installing any .NET updates for October, since there are no new security only updates this month.

        And if the “quality” of my .NET experiences isn’t what MS thinks it should be, well, that’s just too bad. After all the “quality” of my Win 7 experience has already tanked anyway. If my machine make it to end of support in early 2020, fine. Otherwise I’m fully prepared to leave MS permanently.

        1 user thanked author for this post.
      • #137175 Reply

        anonymous

        The quality and reliability improvements made in Oct update are only applied in .Net Framework 4.6.x – 4.7. You’ll be able to get better comparison between the Sept and Oct updates for Win 7 by looking at their respective knowledge base articles below:

        Sept:
        https://support.microsoft.com/en-us/help/4041083/security-and-quality-rollup-for-the-net-framework-3-5-1-4-5-2-4-6-4-6
        Oct:
        https://support.microsoft.com/en-us/help/4043766/october-2017-security-and-quality-rollup-for-net-framework-3-5-1-4-5-2

        From those 2 links, you can see the difference in terms of the KB numbering (at the “More information” section) for the .Net Framework 4.6.x – 4.7 that changes from KB4040973 (Sept) to KB4043764 (Oct), whereas the other versions of .Net remains the same for Sept and Oct. Therefore, installing the Oct update will give you no quality imrovements over the Sept update unless you have .Net Framework 4.6.x – 4.7 installed.

    • #137177 Reply

      Noel Carboni
      AskWoody MVP

      On my Win 7 test VM…

      Windows Update service started, firewall reconfigured to allow updates, and the patches are going in Group A style as usual for this time of the month…

      Win7CheckingForUpdates

      Win7ImportantUpdatesAvailable

      Win7OptionalUpdatesAvailable

      Win7UpdatesInstalled

      As usual, the update process went smoothly and the VM booted back up quickly and smoothly.

      The event log is clean of warnings and errors.

      The running process count settled to the usual count of 39 to support my otherwise idle desktop.

      A comparison of before/after LogSystemInfo output reveals:

      • “Unknown” status for several scheduled jobs, which previously reported “Ready”.
      • KB4041681 added and KB4038777 removed in WMI qfe list.
      • Quite a few components updated, showing new build numbers.

      I’ll update this thread with a response once I do more testing.

      -Noel

      Attachments:
      You must be logged in to view attached files.
      2 users thanked author for this post.
      • #137240 Reply

        AJNorth
        AskWoody Lounger

        On this Friday the Thirteenth, appropriately falling in the week of Black Tuesday, I should like to express my deep thanks, appreciation and gratitude to Da Boss, along with his cadre of indispensable — and outstanding — MVPs (as well as the many thoughtful contributors) for their dedication, tireless efforts and patience (and without whom — well, I’d rather not go there…).

        I am confident that I echo many others.

        Gold-Cup-black-background-with-light-rays

        • This reply was modified 1 week, 2 days ago by  AJNorth.
        • This reply was modified 1 week, 2 days ago by  AJNorth.
        • This reply was modified 1 week, 2 days ago by  AJNorth.
        Attachments:
        You must be logged in to view attached files.
        5 users thanked author for this post.
        • #137262 Reply

          DrBonzo
          AskWoody Lounger

          I’ll drink to that!

          This is the Number 1 Windows site, period.

          3 users thanked author for this post.
      • #137337 Reply

        Bob99
        AskWoody Lounger

        As an example of just how unique each person’s system is, I just ran WU on my Win7 x64 machine with .NET 3.5.1 and 4.5.2 installed as well as Office 2010 Professional Plus, and all I was offered by WU were four security updates for Office 2010 and the monthly Win 7 rollup along with the usual MSRT (KB890830).

        1 user thanked author for this post.
    • #137437 Reply

      Retire
      AskWoody Lounger

      I have Windows 7 Home Edition 64-bit system.  I have not seen KB4043766 in my Window update listing for October.  In stead, KB3186497 Microsoft .NET Framework 4.7 for Windows 7 and Windows Server 2008 R2 — Published 6/27/17 showed up. When the Ok is given to install October updates, do I install KB3186497 or ignore it.

      • #137454 Reply

        MrBrian
        AskWoody MVP

        Make sure to check both the Important tab and Optional tab for the existence of KB4043766.

        • #137482 Reply

          Retire
          AskWoody Lounger

          KB4043766 does not exist in the Important or Optional listing.   KB3186497 (the 6/27/17) update is checkmarked and exists in the Important listing.

          • #137488 Reply

            PKCano
            AskWoody MVP

            MS is pushing .NET versions later than 4.5 toward .NET 4.7, so it may be time to go ahead and install KB3186497 .NET 4.7.

            If you have been following the Group B method, you will need to install KB4019990 the D3D Compiler first. If you follow Group A (Monthly Rollups), the compiler should already be on your machine.

            Edit 3.5.2 changed to 4.5

            • This reply was modified 1 week, 1 day ago by  PKCano.
            1 user thanked author for this post.
            • #137493 Reply

              Retire
              AskWoody Lounger

              I do follow the Group B method for installs except for the .NET framework updates.  I install .NET framework updates from Window Update.  I do not install security only .NET framework updates from the Microsoft catalog.  Would I still need to install the D3D compiler first before installing KB3186497?

              • This reply was modified 1 week, 1 day ago by  Retire.
            • #137505 Reply

              PKCano
              AskWoody MVP

              Yes, you should install it first. The link is above.

              2 users thanked author for this post.
    • #137479 Reply

      anonymous

      KB4041678 (Security-Only Update) for Windows 7

      “ICS”(Internet Connection Sharing) / SMB Funktion is broken…

      WLAN Connection and SMB(File & Printer) transmission problems.

      – Laptop(ICS Server) / Windows 7 pro x64
      – Intel WiFi WLAN-Adapter
      – 3G+ Mobilfunk-Stick / USB

      Absolute unusable…!

      1 user thanked author for this post.
    • #138050 Reply

      AJNorth
      AskWoody Lounger

      Adobe have issued another update for their Flash Player, version 27.0.0.170.  As they have not yet released a changelog nor Security Bulletin, it is unclear whether this is a security update; however, since this follows so closely on the heel of 27.0.0.159, it is not unlikely.

      For those who manually update it, here are the direct download links for the off-line (full) installers for version 27.0.0.170, as well as the Uninstaller, all “clean” — (right-click; select Save Link As):

      NPAPI for Firefox, Safari, Opera: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe | 19.8 MB
      AX for Internet Explorer: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe | 19.3 MB
      PPAPI for Opera and Chromium-based browsers: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe | 19.7 MB
      Adobe Flash Player Uninstaller: http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe | 1.25 MB

      2 users thanked author for this post.
    • #138623 Reply

      AJNorth
      AskWoody Lounger

      For those who still require the Jave Runtime Environment (JRE), Oracle have issued an update, version 8u151: “This Critical Patch Update contains 22 new security fixes for Oracle Java SE.  20 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.”

      The full 2017.10 Critical Patch Update Advisory is at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html . Java can be manually updated through its Control Panel (if not set to do so automatically) or the off-line (full) installer may be downloaded at http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html (enterprise version; clean).

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Tuesday patches are out

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.