September updates get released

Topic

New Reply

…and here we go again. Remember our mantra, if you care about your machine ensure that you have a full image backup. Ensure that you have deferred u
[See the full post at: September updates get released]

Susan Bradley Patch Lady/Prudent patcher

8 users thanked author for this post.

deuxbits, abbodi86, DrBonzo, lmacri, Pim, geekdom, creem, Alex5723

Reply | Quote

Replies

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on Sept 13, 2022.

There is a Security-only Update for those with Win7 ESU subscriptions.
There is no September IE11 CU for Win7 ESU subscriptions.

September Rollup KB5017361 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

There is a Sept 2022 Servicing Stack KB5017397 – Download 32-bit or 64-bit  for those with Win7 ESU subscriptions.

There are .NET Framework updates listed for Win7. See #2477558.

****** UPDATE: ********
Microsoft has released a new ESU Licensing Preparation Package KB5016892 for the extension of Win7/Windows Server 2008 R2 SP1 ESU on Aug 25, 2022. This is for the extension of the ESU into 2023 after the current one expires. Requires SHA-2 KB4474419 (9/23/2019 or later) and SSU KB4490628 (3/12/2019).

 

There is a Sept, 2022 Servicing Stack KB5017398 – Download 32-bit or 64-bit for Win8.1

6 users thanked author for this post.

Steve, abbodi86, Guest, SueW, Microfix, Pim

Reply | Quote

AskWoody experts:

Does the new ESU Licensing Preparation Package KB5016892 for the extension of Win7/Windows Server 2008 R2 SP1 ESU that was released by Microsoft on August 25, 2022, have to be installed prior to installing this month’s ESU updates or has this been subsequently rolled into the ESU for September?

The confusion ensues and enquiring minds want to know.

Reply | Quote

No, the new packages are not required yet
and yes, it’s already enrolled in September Monthly Rollup

1 user thanked author for this post.

7ProSP1

Reply | Quote

Thank you, as always, for your great wisdom, Abbodi Wan Kenobi.

As a follow up, is there a way to verify the new ESU Licensing Preparation Package KB5016892 has successfully been installed if you choose to not install it as a standalone update and instead opt for the monthly rollup option?

Reply | Quote

Run this in command prompt and you check the output for Year4/Year5/Year6
dir /b %SystemRoot%\System32\spp\tokens\channels\

You should install KB5016892 eventually, if Windows 7 ESU is extended

1 user thanked author for this post.

7ProSP1

Reply | Quote

Sorry for the delay in replying, but I just had an opportunity to run this command now.

Here’s the text of the output:

Client-ESU-Year1
Client-ESU-Year2
Client-ESU-Year3
Client-ESU-Year4
Client-ESU-Year5
Client-ESU-Year6
Client-FES-ESU-Year1
Client-FES-ESU-Year2
Client-FES-ESU-Year3
Client-FES-ESU-Year4
Client-FES-ESU-Year5
Client-FES-ESU-Year6
OCUR

So, all looks good and ready for years 4, 5 and 6.

Thanks again, @abbodi86, for your assistance.

One other quick question though, what does OCUR at the end of the above output stand for in this context?

Reply | Quote

https://docs.microsoft.com/en-us/previous-versions/windows/desktop/mstv/ocur-devices

something related to Media Center

1 user thanked author for this post.

7ProSP1

Reply | Quote

Interesting.

I tried to look up OCUR before asking my question and the Media Centre thing kept coming up.  I thought that couldn’t possibly be related to the further three year extension of ESU’s for Win 7/Server 2008 R2 SP1 but it appears that indeed was not the case

I thought OCUR was instead some top secret/convoluted Microsoft acronym because, you know, they are Microsoft after all.

Reply | Quote

Microsoft Windows Security Updates September 2022 overview

1 user thanked author for this post.

Pim

Reply | Quote

.Net 6.09 security patch

Reply | Quote

FYI,

.NET September 2022 Updates – .NET 6.0.9 and .NET Core 3.1.29

“These updates contain security and non-security improvements.”

HTH.

Reply | Quote

FYI,

.NET Framework for September 2022 was also released with Security Update on 13Sep2022:

.NET Framework September 2022 Security and Quality Rollup

HTH.

2 users thanked author for this post.

lmacri, Alex5723

Reply | Quote

Question, aren’t we still waiting for the okay to install the August updates? The last thing I read here on the website was tentative.  Did I interpret this incorrectly?

Reply | Quote

Susan moved us to DEFCON-3 for installing the August patches on August 23rd.

https://www.askwoody.com/2022/ms-defcon-3-issues-with-bootloader-patches/

1 user thanked author for this post.

Fred

Reply | Quote

Because the Secureboot patches were triggering issues I had a wishywashy August.  I’d defer until September – or manually download August patches.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

KB5012170 is blocked for Windows 11 only, if BitlockerStatus is locked or not ready

1 user thanked author for this post.

rontpxz81

Reply | Quote

September CU and .NET update:
SFC no violations, Event viewer clean, DISM analysis returned no corruption and USB connected Canon Pixma works as intended. So far so good..

If debian is good enough for NASA...

4 users thanked author for this post.

Coldheart9020, CAS, Alex5723, deuxbits

Reply | Quote

Installed all updates. No issues with printer. Ran sfc scan and checked window’s image health.  Now operating on 21H2 (OS Build 19044.2006).  All is well. It really helps to have other members’ responses before doing an install.

Peace, CAS

 

1 user thanked author for this post.

Microfix

Reply | Quote

First report of a problem with this month’s patching:
kb5017308 W10 Sept CU seems to be breaking created shortcuts within GPO:

Uninstalling the CU fixes the issue for those who have created shortcuts and run into problems (more geared to business than homeusers)

Gborn has also blogged further on the subject.

If debian is good enough for NASA...

2 users thanked author for this post.

deuxbits, lmacri

Reply | Quote

Microfix wrote:

First report of a problem with this month’s patching: kb5017308 W10 Sept CU seems to be breaking created shortcuts within GPO: …

After reading Gunter Born’s blog post <here> I’m not really clear on the scope of the this problem. From that blog:

“… After September updates, creating two shortcuts on the users desktop via GPO within the domain no longer works reliably.

After a GPUPDATE /force on the client, one of the two shortcuts created by the GPO disappears. After another manual call of GPUPDATE /force it is available again and disappears again independently (after the default GPUPDATE interval). This game can be played on as an endless loop…“

That blog post mentions Enterprise / Education editions of Windows 10 and 11, and it sounds like desktops shortcuts are corrupted on the client computer when third-party software updates are pushed out from a remote server. Does this problem only occur in a business environment where client computers are connected to a LAN?  I’m not a system admin and have no idea how user policies (GPOs) are used to create desktop shortcuts.
————-
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v104.0.2 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1751

Reply | Quote

Correct this is a business bug only, you won’t see it in consumer/home users even if you are using pro.  I haven’t seen the patches pulled.  This is a minor bug.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

lmacri

Reply | Quote

Noted in the post above and in the master list last night.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Windows 11 21H2.22000.978 x64 Beta Test (Guinea Pig)

• 2022-09 .NET Core 3.1.29 Security Update for x64 Client (KB5017903)
• 2022-09 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 for x64 (KB5017497)
• 2022-09 Cumulative Update for Windows 11 for x64-based Systems (KB5017328)
• Windows Malicious Software Removal Tool x64 – v5.105 (KB890830)

All updates installed via WUMgr without error; rebooted without error.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Hey Y’all,

Just updated my machines w/o issue!

All three machines got the same updates:

Dell XPS 8920 (Main Driver)
Dell XPS 8700 (Test Rig)
Dell Inspiron 173000 (Laptop)

Edition: Windows 10 Pro 64-bit
Version: 2009 21H2
Build: 19044.2006

KB5017308
KB5016705
KB5017022

BTW: the new PowerToys Text tool is da bomb!

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

1 user thanked author for this post.

deuxbits

Reply | Quote

RetiredGeek wrote:

KB5017308 KB5016705 KB5017022

Hi RetiredGeek:

What is the KB5016705 update that was installed on all your Win 10 v21H2 machines?

You didn’t provide a description and I couldn’t find any information on this update when I searched the Microsoft Update Catalog.
———–
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1889 * Firefox v104.0.2 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1751 * Macrium Reflect Free v8.0.6979

Reply | Quote

KB5016705 = SSU-19041.1940

Reply | Quote

You see it when you dism, you won’t see it on WU or in MU catalog.

As an aside I personally thing sfc/dism is overkill given the number of times that they’ve triggered a non fatal issue that we had to ignore.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

deuxbits, Fred

Reply | Quote

Imacri,

I’m a little baffled also, here’s why.

My WinVer program returns this:

But View Update History returns this:

Go figure. They have always returned the same information before.

Note: I did find one result of a user who couldn’t boot after that update on the MS Forums.

I went back and looked at the other 2 machines and I truly must have been out to lunch when I put the first post together.

Dell Inspiron 137000:

Dell XPS8700 (Test):

Now you have accurate view of what I got or didn’t get as the case may be. However, as stated before ALL machines are running fine!

Sorry for the confusion!

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

1 user thanked author for this post.

deuxbits

Reply | Quote

RetiredGeek wrote:

I’m a little baffled also, here’s why.

According to Microsoft’s Official Description, KB5017500 actually contains two “completely different” KB updates for .NET.

• CU for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 (KB5017022)
• CU for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H2 (KB5017025)

So, while the update history shows KB5017500 as having been installed (it was downloaded and successfully ran), your WinVer program, which shows which updates were “actual installed” by KB number, shows KB5017022 was installed but KB5017025 wasn’t (i.e. since your PCs don’t have .NET 4.8.1, the “second part” of KB5017500 wasn’t installed.)

2 users thanked author for this post.

RetiredGeek, WCHS

Reply | Quote

For those who may be interested here’s the PowerShell code I used to populate the tab on my program:

$HFFmt = @{Expression={
             ($_.InstalledOn).ToString("yyyy/MM/dd")};
            Label="Installed On";    Width=12},
          @{Expression={$_.HotFixID};
            Label="Hot Fix ID";      Width=10},
        @{Expression={$_.CSName};
           Label="Computer";         Width=14},
        @{Expression={$_.Description};
           Label="Description";      Width=35}

  $x = Get-HotFix

  $RetVal = $x |
    Sort-Object -Descending -Property InstalledOn |
    Format-Table $HFFmt | Out-String
  "$RetVal"

Note: the Get-Hotfix cmdlet is not my creation it is in the PSWindowsUpdate Module.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

1 user thanked author for this post.

deuxbits

Reply | Quote

Get-HotFix is built-in Microsoft cmdlet since Windows Powershell 4.0 (or 3.0)

Reply | Quote

“the new PowerToys Text tool is da bomb!”

Are you referring to the ‘Text Extractor’ ??

https://docs.microsoft.com/en-us/windows/powertoys/#text-extractor

Reply | Quote

Hardened Windows User

Windows 11 Pro Version 21H2 (OS Build 22000.978)

KB5017328 Cumulative Update for Windows 11 for x64-based Systems
KB5017497 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 for x64
KB890830 Windows Malicious Software Removal Tool x64 – v5.105

The B side of my dual boot also got

KB5017903 .NET Core 3.1.29 Security Update for x64 Client

No hiccups.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Did a win10 and 11 and all went well. Just had a call from a client that after rebooting his win10 pro after update lost his ability to use his usb keyboard on his Dell desktop. Worked OK for me remotely and didn’t notice anything much in devmgr or logs. Reboot fixed him up. Fluke I guess.

1 user thanked author for this post.

deuxbits

Reply | Quote

Both my machine (Win10 21H2 Home, the other Win 10 21H2 Pro) are offered KB5017500. Interestingly, the label assigned by WU to this update in my local language translates to “Preview Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2“, but the corresponding KB article and all other websites discussing this update do not label it as a “Preview” update.

I am under the impression that whoever applied the label in my local language to the update did a mistake and this is not in fact a preview update. Did anyone else notice the same issue and/or can anyone confirm this is not a preview update? Thanks!

Reply | Quote

Berserker79 wrote:

Interestingly, the label assigned by WU to this update in my local language translates to “Preview Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2“,

I am Win10/Pro 21H2.
WU delivered KB5017500 to me, also. WUSHOWHIDE hid it. I checked there and the label is “Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2.” I presume WU will show that label (no Preview in the title) when I unhide and get the “Download” button for it. (I have GP=2, notify download/install for producing the Download button).

I noticed that KB5017500 is not in the Master Patch List.
My understanding is that KB5017500 is for all three .NET versions (3.5, 4.8, and 4.8.1), whereas KB5017022 is for one pair of them (3.5 and 4.8) and KB5017025 is for the other pair of them (3.5 and 4.8.1).

Reply | Quote

KB5017500 appears to be a .NET Rollup bundling all three patches. In that case, Windows Update will install the applicable versions only.

3 users thanked author for this post.

opti1, Coldheart9020, WCHS

Reply | Quote

Since moving to .Net 5.x, 6.x I don’t get updates to .Net 3.x, 4.x

The last .Net 3, 4 update was on April 12, 2022-KB5012117.

Reply | Quote

Thanks Alex. I’m still on .NET 3.x/4.x, so that explains why I’m offered updates for those versions. KB5017500 was released on September 13, 2022 as noted here.

Reply | Quote

Alex5723 wrote:

.Net 6.09 security patch

.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2022-38013

https://devblogs.microsoft.com/dotnet/september-2022-updates/

Today, we are releasing the .NET September 2022 Updates. These updates contain security and non-security improvements. Your app may be vulnerable if you have not deployed a recent .NET update.

You can download 6.0.9 and 3.1.29 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64..

A denial of service vulnerability exists in ASP.NET Core 3.1 and .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding…

.NET Core 3.1 End of life

.NET Core 3.1 will reach end of life on December 13, 2022, as described in .NET Releases and per .NET Release Policies. After that time, .NET Core 3.1 patch updates will no longer be provided. We recommend that you move any .NET Core 3.1 applications and environments to .NET 6.0..

Reply | Quote

Windows 11 Pro Version 21H2 (OS Build 22000.978)

2022-09 Cumulative Update for Windows 11 for x64-based Systems (KB5017328)

2022-09 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 for x64

2022-09 .NET Core 3.1.29 Security Update for x64 Client (KB5017903)

2022-09 .NET 6.0.9 Security Update for x64 Client (KB5017915)

Windows Malicious Software Removal Tool x64 – v5.105 (KB890830)

All were installed without incident.

--Joe

Reply | Quote

I’m on Windows 8.1 and I’m not sure why I wasn’t offered the .NET update. I have version 4.7 installed and I was given the .NET update in August. Just strange.

I just had a thought it could be because I haven’t installed the SSU yet. I’ll have to see what happens after the go-ahead to install usually later in the month.

Win 10 ver. 22H2 x64

Reply | Quote

Only .NET 4.8/4.8.1 got new updates

1 user thanked author for this post.

JD

Reply | Quote

Thank you abbodi86. This is also a lesson for me that you can’t trust the Update History under Windows Update. When I went to the Installed Updates in the Control Panel, I found out that KB5016372, the .NET update, was already installed with the August updates.

Win 10 ver. 22H2 x64

Reply | Quote

Windows 10 Pro 21H2 Sept updates.
winver – 19044.2006
All is well.

1 user thanked author for this post.

Coldheart9020

Reply | Quote

Hi Susan:

Windows Update successfully installed the following Sep 2022 Patch Tuesday updates on my Win 10 Pro v21H2 laptop and I haven’t noticed any negative effects so far:

• KB5017308: 2022-09 Cumulative Update for Win 10 Version 21H2 for x64 (OS Build 19044.2006)
• KB5017500: 2022-09 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Win 10 v21H2 for x64 (includes security patch for CVE-2022-26929)
• KB5017903: 2022-09 .NET Core 3.1.29 Security Update for x64 Client
• KB5017195: 2022-09 .NET 6.0.9 Security Update for x64 Client
• KB890830: Windows Malicious Software Removal Tool x64 – v5.105

I did notice a minor glitch during the installation, which I’ve seen before when a .NET Framework update is delivered during a Patch Tuesday update. As soon as KB5017500 (2022-09 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1) finished installing Windows Update prompted me “Restart Now“, even though KB5017308 (2022-09 Cumulative Update for Win 10 Version 21H2) was still downloading. Once KB5017308 reached “Downloading – 100%” the installation process seemed to get stuck there (see image), but putting my computer to sleep and then waking from sleep cleared the problem and KB5017308 then finished installing (i.e., Status – Pending Restart).

This month I forgot to temporarily disable my Malwarebytes Premium real-time protection after Windows Update started downloading my Sep 2022 Patch Tuesday updates – I don’t if that’s what caused this KB5017308 installation glitch but in the past few months there have been reports that Malwarebytes seems to interfere with installation of the monthly cumulative Quality Update on Win 11 computers – see AgntZer0’s 11-Aug-2022 Win 11 Cumulative Update KB5016629 Failing to Install Due to Malwarebytes for one example.
————-
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.2006 * Firefox v104.0.2 * Microsoft Defender v4.18.2207.7-1.1.19600.3 * Malwarebytes Premium v4.5.14.210-1.0.1751

Reply | Quote

Microfix wrote:

First report of a problem with this month’s patching:
kb5017308 W10 Sept CU seems to be breaking created shortcuts within GPO:

Uninstalling the CU fixes the issue for those who have created shortcuts and run into problems (more geared to business than homeusers)

Gborn has also blogged further on the subject.

Thank you!

That explains why it appears MS has pulled the update – we’re not seeing it now.  Four early test machines (Win10 Pro 21H2) did see kb5017308. The 5th and final test machine yesterday did not see it – I assumed due to some odd timing and demand/bandwidth issue.

Oy!

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

Microfix

Reply | Quote

deuxbits wrote:

That explains why it appears MS has pulled the update

Just installed kb5017308 this morning.

It is still on Microsoft Catalog:

https://www.catalog.update.microsoft.com/Search.aspx?q=kb5017308

1 user thanked author for this post.

deuxbits

Reply | Quote

Alex5723 – yes, thanks. I should have said pulled from automatic update distribution. They often seem to leave it in their catalog for admins to decide on relative risk and such.

And automatic distribution appears to have been re-enabled. So testing resumes.

Thank you again

 

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

Alex5723

Reply | Quote

No issues to report on two Windows 8.1 Pro systems.

After taking a Macrium image of each system, installed the Servicing Stack Update first (KB5017398) downloaded from the Microsoft Catalog. Then via Windows Update installed the Monthly Rollup (KB5017367).

The End of Support (EOS) notification tasks (Microsoft implemented in the July updates) continue to remain disabled.

1 user thanked author for this post.

JD

Reply | Quote

about this quote from Susan in that article:

Windows 10 patch does NOT indicate audio issues are triggered in this release.

although that audio issue is not listed in the KB5017308 update of Sept. 13, it IS however mentioned or listed in the newly released KB5017380 preview update of Tue 9/20 for Win10 20H2/21H1/21H2:
https://support.microsoft.com/en-us/topic/september-20-2022-kb5017380-os-builds-19042-2075-19043-2075-and-19044-2075-preview-59ab550c-105e-4481-b440-c37f07bf7897

expand the “known issues in this update” section for KB5017380 and the audio problem is listed there

Reply | Quote