September Windows/Office security patches

Topic

New Reply

I see 127 individual patches in the Microsoft Update Catalog.
[See the full post at: September Windows/Office security patches]

8 users thanked author for this post.

cesmart4125, Elly, PhotM, Laptop Boy, DrBonzo, geekdom, AlphaCharlie, Microfix

Reply | Quote

Replies

September 2018 Group B Security-only patches have been updated in AKB2000003.

11 users thanked author for this post.

Elly, Kranium, LH, SueW, Bill C., Laptop Boy, woody, MikeFromMarkham, DrBonzo, geekdom, Microfix

Reply | Quote

Thank you!

As a Group B member, this AKB resource is super-handy each month, as well as for occasionally rebuilding a system. I really appreciate the extra time it takes to keep this list accurate and up-to-date.

Reply | Quote

Beta Test
Reporting on Windows 7 updates:

• Windows Malicious Software Removal Tool (KB890830)
• Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4457918)
• September Security Monthly Quality Rollup (KB4457144)

All installed without error and the system rebooted without error.
Please note that I have GWX Control Panel to prohibit Windows 10 upgrade.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

2 users thanked author for this post.

Chessie, DrBonzo

Reply | Quote

Like usual, the newer the version of Windows, the more critical and important vulnerabilities that exist and have to be fixed.

2 users thanked author for this post.

Seff, Charlie

Reply | Quote

This information is undoubtedly incorrect! Windows 10 is the best and most secure operating system EVER!

/sarcasm off now, it appears my Sarcastic font has been rendered by M$

Reply | Quote

Just updated my both Windows 8.1 & 10 x64 Home instances without issues.

Reply | Quote

In my desktop:
Windows 10 (1803), KB4457128 (OS Build 17134.285) installed twice, perhaps because the Service Stack Update (SSU) (KB4456655) must be installed before the most recent cumulative update (LCU) (KB4457128) is installed.

The LCU will not be reported as applicable until the SSU is installed.

Reply | Quote

Martin Brinkmann forgot to include Windows Server 2008 SP2 in his list. This month marks the first time Windows Server 2008 SP2 is serviced just like the other supported Windows Server OS with the choice of using a cumulative monthly rollup or a single security-only update.

This change was announced by Microsoft last june in this blog:
https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/

Francis

1 user thanked author for this post.

woody

Reply | Quote

Martin already included the Windows Server 2008 SP2 security rollup & security only updates (KB4458010 and KB4457984)

Reply | Quote

Wazhai wrote:

Like usual, the newer the version of Windows, the more critical and important vulnerabilities that exist and have to be fixed.

You beat me to it, I was going to say almost the same thing.  Way to go.  Win 7 lives on.  Not really any surprise there.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

If you are installing updates (beta testing), could you also provide the update names with numbers that installed or failed to install?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Here’s todays little “haul” for Win10x64 Home 1803 on a VHD captured at Boot/Log in time in the midst of my daily read , with metered set, and WUMT set to run at Log in with this little Task Scheduler trick. Of course hidden awaiting pending developments, seems to work and has been doing now for the last 2 Official (B) Patch Tuesdays may bring some relief with it set on Auto run at log in. The question is will it work with the 1809 upgrade next Month? I guess I will find out soon enough, it has done so far with Win10 1709 Home back in April/May.

Reply | Quote

On our WSUS servers we are seeing detection logic problems for multiple .NET Framework updates.

KBs: 4457914, 4457915, 4457916, 4457917 and 4457919 ares showing installed on a significant number of our WSUS client systems where none of those have been installed or for that matter had sufficient time to install them.

Additionally none of those KBs have yet been approved on WSUS.  However our configurations do allow Windows Update to be run locally to check back directly to Microsoft.

The fact remains that WSUS clients are showing the mentioned KB as installed, and therefore not needed, when it is definitely not installed and is needed.

 

Jim

2 users thanked author for this post.

columbia2011, woody

Reply | Quote

Updated my Win 7 pc’s last week for July & August security patches (Group B) along with Office 2010 patches (and ran manual chk for click to run for Office 2013 on other system). I held off downloading/installing KB4343900 (Spectre patch) as you advised. Should we still hold off on that patch,? And if so, the Sept patches will include an updated KB4343900 patch or would we first download/install Grouo B Sept security patches and then download/install KB4343900 when you raise the Defcon back to 4? Thx! Very appreciative!

Edit to remove HTML

Reply | Quote

anonymous wrote:

I held off downloading/installing KB4343900 (Spectre patch)

KB4343900 is not a “Spectre patch.” KB4343900 is the 2018-08 Security Monthly Quality ROLLUP for Win7. If you are in Group B you do not install Rollups, even under DEFCON-4. Group B installs only the Security-only Updates. and the IE11 CU.

3 users thanked author for this post.

Elly, walker, woody

Reply | Quote

@abbodi86 reporting in a different venue:

In WSUS, all Windows 10 CUs and Windows 7/8.1 Monthly
Rollups have two versions.

The first is automatically expired of course, and the second is all
dated 2018-09-09

seems a last minute bug fix included

4 users thanked author for this post.

Elly, walker, columbia2011, geekdom

Reply | Quote

Information also here:
https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-2018

and here:
https://support.microsoft.com/en-us/help/20180911/security-update-deployment-information-september-11-2018

Regards
Alitai

Reply | Quote

Win 8.1 x64 – updates installed – no problems found.

Win 7 x32 starter – All updates installed, so far, no problems.

I noticed discussion on a zero day, privilege escalation bug was patched.

https://www.zerodayinitiative.com/blog/2018/9/11/the-september-2018-security-update-review

“This CVE could allow an attacker to execute code on a target system just by convincing someone to view an image. That’s all the user interaction needed. Open the wrong image – even through a web browser – and code executes”

That code might execute at system level, because kernel mode graphic drivers are involved.  Patching that is my top priority.   If something break, system restore has been very dependable.

1 user thanked author for this post.

RockJohny

Reply | Quote

@woody:

OH NO:(
those problematic meltdown/spectre microcode updates (KB4100347, KB4090007, KB4091663, KB4091664 & KB4091666) that were released on 2018-07 are back on MS Update Catalog with new revised dates (9/13/2018). search for any of those updates and you will see.

On a test machine with Win10 Pro v1703 (using an AMD Phenom II X4 processor), Windows Update offered KB4091663 dated today THU Sept. 13, 2018 [oh no ]
but I used WindowsUpdate MiniTool to immediately block/hide it

1 user thanked author for this post.

BobbyB

Reply | Quote

I’ve been trying to figure out how to manage Windows 10 Updates without using WSUS (for good reasons not on topic here).  I finally had a DOH!! moment.  I was under the assumption that deferring Windows updates would put them more under our control.  Well, “control” can mean a lot of things I guess….

We’ve been deferring updates on most computers and testing on a few others.  This led to questions like:
– If an update is deferred, how do we know this?
– If an update is deferred, when was it deferred or when will it be installed (date)?
– If an update is deferred, how do we proceed to install it NOW?
and so forth….

It suddenly occurred to me that we aren’t expected to be that much in control.  Microsoft will manage the deferrals AND the installations AND …… so that there’s nothing but a few settings for us to make.

It would be a bit more assuring if the deferral settings were actually being met.  But no,  deferrals of 365 days end up being more like 120 days in reality.  hmmmm…..

Why is it so hard to understand and interact with anyway?

Reply | Quote