Windows patches are rolling out NOW

Topic

New Reply

Per @MrBrian: Five Microsoft updates today so far: Unbootable state for AMD devices in Windows 10 Version 1709 — this is another one of those weird “
[See the full post at: Windows patches are rolling out NOW]

8 users thanked author for this post.

SueW, Pepsiboy, geekdom, Tiernan, ryegrass, Microfix, AJNorth, MrBrian

Reply | Quote

Replies

If anybody is curious how I discovered these updates, I used the Microsoft Knowledge Base Articles Lister that I mentioned at https://www.askwoody.com/forums/topic/how-to-list-new-or-updated-microsoft-knowledge-base-articles/#post-134444.

13 users thanked author for this post.

walker, SueW, Cascadian, HiFlyer, Elly, lurks about, WildBill, abbodi86, Geo, woody, Tiernan, AJNorth, ryegrass

Reply | Quote

Windows 10/2016 updates are all semi-official/preview updates, not available on Windows Update or WSUS, Catalog only.
Most users here should be advised to stay away from them until they get published on the regular channels.

3 users thanked author for this post.

walker, woody, Geo

Reply | Quote

see why i never upgraded my 1511, even 1607 is still buggy

1 user thanked author for this post.

RamRod

Reply | Quote

but your v1511 version will be exposed to new security vulnerabilities and there are no new updates to install for your version anymore, AElMassry. So take that with a little grain of salt.

Reply | Quote

From the articles for the v1607 and v1703 Windows 10 cumulative updates released today: “Addresses issue where some customers with AMD devices get into an unbootable state”.

1 user thanked author for this post.

woody

Reply | Quote

There are .NET preview rollups too

searching catalog became easy once they start “numbering” updates by year-month

IE (auto arranged by date)
http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=2018&lang=en

other browsers (need to click on Last Updated to sort)
http://www.catalog.update.microsoft.com/Search.aspx?q=2018

9 users thanked author for this post.

walker, SueW, Elly, WildBill, Geo, ch100, woody, AJNorth, MrBrian

Reply | Quote

Interesting that there’s no Monthly Rollup Preview in Win7….

2 users thanked author for this post.

Cascadian, rontpxz81

Reply | Quote

Also, no .NET preview rollup for Win 7 (possibly because of the confliction issue with .NET 4.7.1)

asynchronous release of updates is not new for MS, specially with current CPU mess 🙂

4 users thanked author for this post.

SueW, Cascadian, woody, JDeC

Reply | Quote

I’ve got a .Net framework update in WU that was checked, but now is not checked.  As usual, I’m holding off.  It’s only middle of the month, and we’re still at Defcon 2.

Win 7, HP, 64bit, Group B

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

2 users thanked author for this post.

SueW, JDeC

Reply | Quote

Which KB?

Reply | Quote

For me it’s KB4055532, checked initially but unchecked for some days now.  In addition, KB4033342 is the .Net Framework 4.7.1 update which was optional and has been hidden.

Reply | Quote

Same here – KB 4055532.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

KB4055532 – mass confusion!

First listed as “Important” and checked, now shows up as unchecked

“Uninstall Notes:
This software update can be removed by selecting View installed updates in the Programs and Features Control Panel.”

Shows up in ‘View Update History’ but not in ‘Installed Updates’ – can’t uninstall!

to add to the confusion:

https://github.com/dotnet/announcements/issues/53

https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/

“Please avoid installing this update on Windows 7 or Windows Server 2008 R2.”

Enlightment, please.

2 users thanked author for this post.

walker, ch100

Reply | Quote

Maybe this can help How to (manually) uninstall Windows updates

MintDE is my daily driver now. Old friend Win10 keeps spinning in the background

2 users thanked author for this post.

HiFlyer, lgjr3491

Reply | Quote

@lqir3491:  I am becoming TOTALLY “lost” trying to keep up with the .NET Framework updates.   Afraid to touch any of these.   When is this ever going to get straightened out, I wonder.    Not a good way to run a railroad, that’s for sure.   Thank you to all who are knowledgeable enough to understand what the heck is going on.   ????

2 users thanked author for this post.

lgjr3491, Cybertooth

Reply | Quote

Similarly, KB4055532 – Important and originally checked, is now unchecked, while .NET 4.7.1 (KB4033342) is no longer even being offer by WU (Win 7 Pro x64).

1 user thanked author for this post.

ch100

Reply | Quote

I think this is significant too.
185 older superseded updates for Office 2007 have been expired in WSUS and this is likely to mean that they were retired from WU servers too.
The final cleanup to coincide with the end of life for Office 2007 perhaps.

5 users thanked author for this post.

Cascadian, HiFlyer, woody, MrBrian, abbodi86

Reply | Quote

I keep an old Office 2000 CD around just in case. That was the last version that didn’t require activation or any other interference from MS. It still works.

4 users thanked author for this post.

SkipH, HiFlyer, Charlie, Cybertooth

Reply | Quote

Got one pushed again too. So [] tiring. Windows as a service more and more starts to look like a horrior scenario for the average user. Every update is hit or miss. Some vague KB’s earlier this week made an event id 2 appear in the logs with every boot. We’ll see if this (big) KB solved it. Or made things even worse. I switched to an iMac at the beginning of this year. Turned out to be a life saver, without it I would have worked a lot less the last 14 days. Now I just see Windows machines update or produce the occasional BSOD in the corner of my eye. Still annoying (it must be solved after all), but not so threatening anymore. I think Microsoft really choose the wrong direction with Windows 10. :-/

4 users thanked author for this post.

HiFlyer, Cybertooth, Elly, WildBill

Reply | Quote

the only bad news is that KB4073290 is not available for x86 yet, so 32bits machines are still affected

Reply | Quote

Precisely what does all this flurry of update activity signify?

Are we supposed to do anything?

Start a pool on which updates fail?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

2 users thanked author for this post.

HiFlyer, Cybertooth

Reply | Quote

I think it signifies the impending arrival of MS DefCon Zero – “Abandon Windows Updates and trust to your own security measures because Microsoft haven’t a clue what they’re doing”!

Seriously, it’s getting quite silly now, what with updates popping up and then disappearing, then reappearing, others first checked then unchecked, machines locking up etc etc.

Meanwhile, thanks to Woody and the team for trying to keep on top of developments – and good luck later in the month when trying to advise everyone how best to proceed!

20 users thanked author for this post.

Cousinjack, BobbyB, walker, SueW, Cascadian, HiFlyer, ve2mrx, fk5353, johnf, FakeNinja, David F, Elly, Sessh, lurks about, WildBill, JDeC, ryegrass, Charlie, AJNorth, geekdom

Reply | Quote

The crack-up.  (F. Scott Fitzgerald, re his descent into something like lunacy, circa 1948.)

That’s what is going on. The crack-up of computing.  For consumers, certainly.

Will the BIOS be updated?  Possibly not.  How do I know?  Hmmm.  Will the browser be updated?  They haven’t reached out to me and assured me that they have, although I read third-party reports.  What about the AV software?  They haven’t said squat either.  And Microsoft?  To quote Woody: Whatta mess.

All these players run for cover, dissembling as they go.

Eventually, we’ll start to see blog posts that claim, This is what you must do.  Like how to survive a nuclear war.

4 users thanked author for this post.

Elly, HiFlyer, Charlie, johnf

Reply | Quote

Defcon 0 or could it be the emergency Defcon -1 (you are month late).

1 user thanked author for this post.

Elly

Reply | Quote

Defcon Omae Wa Mou Shindeiru (You Are Already Dead).  😀

1 user thanked author for this post.

Elly

Reply | Quote

I don’t have a Win10 machine, but I am really curious. How is it that you can update a bricked machine? Obviously, you will need another machine just to download.

CT

6 users thanked author for this post.

Cascadian, HiFlyer, fk5353, woody, Elly, ch100

Reply | Quote

I have been wondering the same for the regular end-user, although I know how to do it if there is no other way. 🙂

2 users thanked author for this post.

Cascadian, woody

Reply | Quote

We’ve had several methods listed here — but can either of you come up with a simple method that always works?

Reply | Quote

I’m not either one of the two addressed here, but I’m going to throw out my opinion anyway, FWIW.

The average end-user has Win Update on Automatic. They know nothing of how the computer works, they just use it. The only possible way out for them (and even it is a far cry) is F8 or a Rescue Disk/USB stick (if they made one – most didn’t) to access “Repair my computer” then a Restore Point before the install/crash. Even that is not going to be possible for most of the “Joe Users” I take care of.
Talking “Eleveted Command Prompt,” PowerShell commands,” and “DISM” is way over the average User’s head. They are not capable of that (IMHO) even with detailed instructions. Witness the daily ministrations for over a month of @MrBrian a while back and multiply that by all the Joe Users you know.
And when the computer goes to the local shop for repairs, there is no telling how long it will take, or what will happen to the User’s data (which is usually not backed up, in my experience), or what it will cost.

I think it is time Microsoft take responsibility for the quality control of it’s updates. They need to stop using their customers (and that includes businesses as well as individuals) for Beta testers. The Updates should be “finished products” before they are released.

Even if their focus is no longer on the OS, morally and legally they should be held to their stated terms of support.

19 users thanked author for this post.

woody, Cousinjack, wdburt1, Bill C., walker, SueW, Cascadian, Elly, HiFlyer, DrBonzo, Charlie, dononline, Cybertooth, fk5353, johnf, BobbyB, WildBill, Canadian Tech, Sessh

Reply | Quote

+1

Reply | Quote

PK, If I understand the history correctly, MS fired all the quality checkers back at the end of 2014. Essentially, they push updates to unsuspecting customers that they have not really tested. I believe it was done on the age-old idea that the coders should get it right the first time.

Anyone who ever managed a bunch of programmers and developers, has learned this lesson the hard way time after time after time. MS policy on WU is unconscionable. It is without a doubt the same as selling cars with defective brakes. When my mechanic works on my brakes, I am not permitted to drive it until his boss test drives my vehicle. At the tire place, a supervisor must torque the lug bolts on my wheels before I am allowed to drive it, and they insist I bring it back within 40km to have them re-torqued.

A bunch of MS operators ought to have their hats handed to them and the company sued out of existence.

WU was built into the Windows user psyche as a must do crucial responsibility. The vast majority of users still practice this like it is a must. A visit to the Answers forum will show you the extent of this problem. It is huge. On that page where I offer advice, I never hesitate to advise people to stop using WU altogether or at least delay till the last moment and refer them to the askwoody forum for background. I have never had MS criticize my advice.

CT

14 users thanked author for this post.

Cousinjack, wdburt1, walker, SueW, Cascadian, Elly, HiFlyer, Charlie, dononline, Cybertooth, fk5353, BobbyB, Sessh, PKCano

Reply | Quote

Hear, hear, @pkcano!

The only possible way out for them (and even it is a far cry) is F8 or a Rescue Disk/USB stick (if they made one – most didn’t) to access “Repair my computer” then a Restore Point before the install/crash.

Adding to the repair woes is the fact that Microsoft, in its infinite wisdom, sets System Restore to “Off” in Windows 10 and if you enable it, it gets disabled again when you install a new version of Windows 10. At least that’s the way it worked for me, more than once, when I was in the Insiders program. So even System Restore is probably not going to be available to save most normal people (i.e., non-techies).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

7 users thanked author for this post.

johnf, PKCano, Elly, HiFlyer, Canadian Tech, MrBrian, Sessh

Reply | Quote

Cybertooth. What an incredibly stupid decision — Restore turned off by default. Another good reason to avoid Win10.

In fact, I find the number of restore points available by default in Win7 to be too few. It really is a dumb level — usually maybe 3 percentage points. In 99% of systems today, the hard drive is 500G or larger and very few people use more than 100G or so. Restricting Restore space to a mere 3% is foolish. As a matter of course, I reset my clients’ restore space to provide at least 30G for restore points, thereby providing a substantial improvement in the ability to restore, even long after an event.

CT

8 users thanked author for this post.

johnf, Sessh, SueW, Elly, HiFlyer, Charlie, dononline, Cybertooth

Reply | Quote

As a matter of course, I reset my clients’ restore space to provide at least 30G for restore points, thereby providing a substantial improvement in the ability to restore, even long after an event.

CT, that’s an excellent policy.

I know that some people say System Restore is unreliable, and it’s true that it doesn’t always work. But still, it’s an additional layer of safety, it’s much simpler than restoring a drive image, and it’s saved my bacon countless times. Can’t understand why Microsoft would want it disabled.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

5 users thanked author for this post.

Sessh, SueW, Elly, HiFlyer, Canadian Tech

Reply | Quote

Cybertooth, A common cause of Restore “failures” is the security suite people install in their computers. The software prevents Restore from working. Most often, if you to go into safe mode you can get Restore to work.

CT

4 users thanked author for this post.

Sessh, SueW, Elly, Cybertooth

Reply | Quote

@CT,

I think the bricked machine conundrum is only solved by an assumption that the user was able to boot from a recovery disk or did a reinstall of the Windows OS. Then they would be able to download/install the replacement update after the uninstall of the patch that BSOD the system. Is it time for the unpaid beta testers of the world to unite? Probably not so much because it’s hard to leave the circus!

Reply | Quote

This confirms my firm decision to reject Windows 10 completely.

This is an excellent example that proves my reasoning behind this and my decision to reject ALL Microsoft updates of every kind.

The risk of Microsoft screwing up a machine is much greater than the risk of a hacker or virus.

CT

15 users thanked author for this post.

Cousinjack, grayslady, walker, SueW, HiFlyer, Cybertooth, johnf, Elly, The Surfing Pensioner, Karlston, amraybt, wdburt1, Sessh, Seff, JDeC

Reply | Quote

Or pressing F8 (or whatever key works) during boot and then choosing “Repair Your Computer”, and then issuing one of the DISM commands discussed in other topics.

Reply | Quote

MrBrian, that is not something a normal everyday Windows computer owner has any idea how to do. If I understand this correctly, the average Joe would have one option: Take it his local WorstBuy and have them charge him $100 or more and likely replace the hard drive as well whether it needs it or not. A lot of people just scrap the machine.

This is a ghastly mistake on Microsoft’s part. A Class-Action must be in the works somewhere.

CT

16 users thanked author for this post.

Cousinjack, walker, Cascadian, HiFlyer, dononline, Cybertooth, fk5353, johnf, woody, Elly, The Surfing Pensioner, ch100, Sessh, JDeC, AJNorth

Reply | Quote

The real kicker with this is who gets to pay for it? Microsoft destroys your property to the point that it doesn’t function anymore and you, the customer, have to foot the bill to fix it? There have been CA’s popping up against MS for the last two years at least due to Windows 10. I’m sure there will be many more to come.

Microsoft issues a Windows 10 update that renders people’s computers useless forcing the casual computer user (read: most PC owners) to have to pay money out of pocket to fix a problem directly caused by Microsoft’s incompetence and was not in any way their fault? How does that even make sense? It’s amazing the hoops users are expected to jump through just to make their W10 PC’s work at all which now includes doing BIOS updates to prevent said updates from ruining your computer? Seriously? There are people that are actually cool with this level of incompetence? It’s unbelievable what some people are willing to put up with these days.

I, too, will never go to Windows 10. Despite going on nine years old, Windows 7 is still far superior to Windows 10 on the basis of stability, reliability and the ability to have control over your computer instead of it having control over you. I’m sure Windows 10 does some things better than Win7, but those things are outweighed into the negative because of all the hassle one has to go through just to keep it working and maintain some degree of control over it. Programs that work now may not work with the next update or you have to do extra work to make programs work when the next upgrade is rammed down your throat when MS decides to ignore your update deferral settings pretty much whenever they feel like it. However, you can be sure all the stupid games that continue to install themselves against your wishes that you don’t even want will continue to work perfectly.

10 users thanked author for this post.

Cascadian, mulletback, Cybertooth, fk5353, Canadian Tech, David F, Elly, wdburt1, ryegrass, lurks about

Reply | Quote

Canadian Tech wrote:

a ghastly mistake

“Mistake”, the word gives them to much leeway…

Reply | Quote

All good until the last paragraph.

Reply | Quote

“MrBrian, that is not something a normal everyday Windows computer owner has any idea how to do. If I understand this correctly, the average Joe would have one option: Take it his local WorstBuy and have them charge him $100 or more and likely replace the hard drive as well whether it needs it or not. A lot of people just scrap the machine.”

Maybe this site should have the address woodysavedyou100bucks[dot]com :).

8 users thanked author for this post.

johnf, Sessh, walker, SueW, Elly, HiFlyer, Cybertooth, BobbyB

Reply | Quote

Or half the hundred buck should go to Woody…

5 users thanked author for this post.

walker, Elly, HiFlyer, BobbyB, MrBrian

Reply | Quote

I’d be happy with one tenth that….

3 users thanked author for this post.

AlexEiffel, Elly, MrBrian

Reply | Quote

Hmmm….Going to donate my computer to my worst enemy and go back to writing checks and using notebook and pen to keep track…also breaking out and blowing the dust off of the old typewriter 🙂

2 users thanked author for this post.

wdburt1, WildBill

Reply | Quote

I’m not going full Luddite… but I’m not on any version of Windows 10, either. Still on Win 8.1 until Win 10 becomes Much more stable (hey, I can dream, can’t I?), or until Win 8.1 is close to End of Life in 2023. Then probably get a Chromebook.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

I had to refresh my updates to see the Previews of Monthly Rollups. I never install them because they become the Monthly Rollups in the next month. The .NET Framework for 4.7.1 (KB4033369 for Windows 8.1) I will install when Woody gives the yellow or green light next month.

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

So like the January 3rd one, we should block this one as well, I am sure, right?

1 user thanked author for this post.

woody

Reply | Quote

January 2018 Preview of the Quality Rollups for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1, RT 8.1 and Server 2012 R2 (KB 4057272)
https://support.microsoft.com/en-us/help/4057272/january-2018-preview-of-the-quality-rollups-for-net-framework-3-5-sp1-

Description of Preview of Quality Rollup for .NET Framework 4.6 on  Server 2008 SP2 (KB 4054981)
https://support.microsoft.com/en-us/help/4054981/description-of-preview-of-quality-rollup-for-net-framework-4-6-on-serv

Description of Preview of Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 SP2 (KB 4054992)
https://support.microsoft.com/en-us/help/4054992/description-of-preview-of-quality-rollup-for-net-framework-4-5-2-for-w

Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4054979)
https://support.microsoft.com/en-us/help/4054979/description-of-preview-of-quality-rollup-for-net-framework-4-6-4-6-1-4

Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 for Windows 8.1, RT 8.1 and Server 2012 R2 (KB 4054980)
https://support.microsoft.com/en-us/help/4054980/description-of-preview-of-quality-rollup-for-net-framework-4-6-4-6-1-4

January 2018 Preview of the Quality Rollups for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4057271)
https://support.microsoft.com/en-us/help/4057271/january-2018-preview-of-the-quality-rollups-for-net-framework-3-5-sp1-

Description of Preview of Quality Rollup for .NET Framework 4.5.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4054990)
https://support.microsoft.com/en-us/help/4054990/description-of-preview-of-quality-rollup-for-net-framework-4-5-2-for-w

January 2018 Preview of the Quality Rollups for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 for Windows Server 2008 SP2 (KB 4057273)
https://support.microsoft.com/en-us/help/4057273/january-2018-preview-of-the-quality-rollups-for-net-framework-2-0-sp2-

Description of Preview of Quality Rollup for .NET Framework 4.5.2 for Windows Server 2012 (KB 4054991)
https://support.microsoft.com/en-us/help/4054991/description-of-preview-of-quality-rollup-for-net-framework-4-5-2-for-w

5 users thanked author for this post.

walker, johnf, woody, ch100, AJNorth

Reply | Quote

Also seeing a KB4056446 Update (non-security, it appears) for all Windows 2008 flavours. Absolutely no support articles anywhere yet, even the included link is dead, as usual.

No matter where you go, there you are.

Reply | Quote

update for Smart Card Subsystem Client

Reply | Quote

I can confirm that – see my blog post Updates KB4074906 (.NET), KB4077561 (Windows 8.1), and KB4056446 (Windows Server 2008)

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

2 users thanked author for this post.

WildBill, abbodi86

Reply | Quote

The fix for WS2008 is probably the same one documented in Win7/WS2008R2 preview rollup
https://support.microsoft.com/en-us/help/4057400/windows-7-update-kb4057400

Addresses issue where every smart card logon to a Windows Terminal Server/Remote Desktop Server may result in a handle leak in the certprop service. Token leaks result in session leaks on computers that have installed MS16-111/KB3175024 and superseding fixes.

1 user thanked author for this post.

MrBrian

Reply | Quote

It appears that the x64 version of Windows 8.1 update January 17, 2018—KB4057401 (Preview of Monthly Rollup) includes all of the updated files (version 6.3.9600.18896) that are included in KB4073576. Therefore I believe that KB4057401 will probably not cause boot problems with AMD processors.

Reply | Quote

Technical note: Today I discovered that the Windows 7 version of expand.exe (and therefore also CBS Package Inspector, which I assume uses expand.exe) could not extract some of the files in the Windows 8.1 .msu files that I inspected. The Windows 8.1 version of expand.exe (in a Windows 8.1 virtual machine) worked fine.

Reply | Quote

The distinguish factor is dpx.dll, expand.exe is merely an interface

yes, win7 can’t extract some Intra-Package Delta cab updates since win8 ones

1 user thanked author for this post.

MrBrian

Reply | Quote

Do you know of any solution for Windows 7?

Reply | Quote

Correction, it’s dpx.dll that handle the extraction

no
i once tried to forces replace win7 files with win8.1 but it didn’t work

1 user thanked author for this post.

MrBrian

Reply | Quote

Also notice that issue “Microsoft has received reports from some customers about AMD devices getting into an unbootable state this update is installed” is not listed at KB4057401.

Reply | Quote

I Installed KB4057272 and KB4057401 and got a BSOD the very next time I booted up.  Uninstalled them and hid these updates.  We’re definitely at Defcon 2.

Reply | Quote

@Hopper15: are you using an Intel processor or AMD processor when you encountered the BSOD problems on your computer?

personally I stay away from any preview rollups for any OS

Reply | Quote

Ya think Hopper?! YOU DON’T INSTALL UPDATES until were at DEFCON 3-DEFCON 3 Soldier! You need to be more careful! Once it’s in the green, THEN IT’S SAFE TO install!

1 user thanked author for this post.

SueW

Reply | Quote

Skyfall and Solace
More vulnerabilities in modern computers.
Following the recent release of the Meltdown and Spectre vulnerabilities, CVE-2017-5175, CVE-2017-5753 and CVE-2017-5754, there has been considerable speculation as to whether all the issues described can be fully mitigated.

Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre.

Full details are still under embargo and will be published soon when chip manufacturers and Operating System vendors have prepared patches.

Watch this space…”

https://skyfallattack.com/
https://solaceattack.com/

3 users thanked author for this post.

SueW, AJNorth, MrBrian

Reply | Quote

This could be a hoax.

4 users thanked author for this post.

walker, Elly, HiFlyer, WildBill

Reply | Quote

Yep, but I will “watch that space…” just in case.

Reply | Quote

I will NOT watch such a space.

If it is a hoax, so be it. If it is real so be it. Or just maybe is could be a test platform (or a placeholder for such a platform) for a soon to be real world exploit as the curious come to investigate.

There is a reason that some of the most common places to get malware are celebrity gossip sites and adult sites. A few applets/popups, java, or injected code into an unpatched browser of the curious and there you go.

Reply | Quote

The initial post now links to More Windows patches, primarily previews, point to escalating problems this month.

3 users thanked author for this post.

walker, abbodi86, AJNorth

Reply | Quote

Return with us now to those thrilling days of yesteryear… (Duck & Cover).

3 users thanked author for this post.

BobbyB, walker, MrBrian

Reply | Quote

Was doing a test win7 install, and noticed that none of any .NET 4.x versions is offered in WU

possibly it’s the regular temporary pull for revising metadata, and we could expect new .NET preview rollup

Reply | Quote

What happens if you set the QualityCompat registry setting?

Reply | Quote

This is after setting the key

in WU, no .NET 4.x
in WUMT, .NET 4.0 Client appears in the search result

1 user thanked author for this post.

AJNorth

Reply | Quote

It seems Windows 10 ver 1709 is the first to get additional 32bit mitigations
new cumulative just released
https://support.microsoft.com/en-us/help/4073291/january-18-2018-kb4073291-os-build-16299-201

Reply | Quote

They replaced the old cumulative update with a new one from what I saw when I hid the update and checked hidden updates.

At least when it’s level 3-it’ll be safe to install each update as usual. I just hope though they don’t change other updates around before level 3.

Reply | Quote

Seems like Microsoft is supposed to release KB4075200 for Win10 v1511 Enterprise/Education editions on 1/18 but is currently not there yet as it was mentioned in MS support KB article 4056888:
https://support.microsoft.com/en-us/help/4056888/windows-10-update-kb4056888

Ditto for KB4075199 for Win10 v1507/RTM Enterprise LTSB/LTSC mentioned in MS support KB article KB4056893:
https://support.microsoft.com/en-us/help/4056893/windows-10-update-kb4056893

1 user thanked author for this post.

MrBrian

Reply | Quote

They are available now

along with Windows 7’s Preview of Quality Rollup for .NET (KB4057270)

1 user thanked author for this post.

AJNorth

Reply | Quote

Sure enough, KB4055532 is baaack – and checked (Win 7 x64).

Reply | Quote

I was checking MS Update Catalog thru my relative’s Win7 ultimate computer who lives nearby with a cable internet connection (provider is Spectrum) around lunch time and KB4075199 & KB4075200 weren’t yet available then.

But recently checking MS Update Catalog thru my home computer (Win7 ultimate edition x64) and using a DSL connection from AT&T, the KB4075199 and KB4075200 updates for the v1507 & v1511 releases of Win10 have shown up, along with their KB articles.

I’ll pass on the .net rollups for a while.

Reply | Quote

KB4055532 on all the W7/32 systems I support, it is still unchecked.

Reply | Quote

anonymous wrote:

Ya think Hopper?! YOU DON’T INSTALL UPDATES until were at DEFCON 3-DEFCON 3 Soldier! You need to be more careful! Once it’s in the green, THEN IT’S SAFE TO install!

Hey, some people have test systems to check out behaviour, you know. This is a revolution, son! 😉

No matter where you go, there you are.

Reply | Quote

anonymous wrote:

Yep, but I will “watch that space…” just in case.

That space might fill up with adware quickly. 😀

Probably someone trying to get their 15 minutes of fame, trying to see if any media outlets will bite and make it go viral.

 

No matter where you go, there you are.

Reply | Quote

Does anyone know if KB4055002 update on a machine with .NET 4.6.1 only, and staying at 4.6.1 will break?

Reply | Quote

These are the known issues in the Microsoft pages

Known issues in this update

• Windows Presentation Foundation (WPF) applications that request a fallback font or a character that is not included in the currently selected font return the following error messages:

  System.TypeInitializationException

  “FileFormatException: No FontFamily element found in FontFamilyCollection that matches current OS or greater: Win7SP1”.

  Inner exception originates from: CompositeFontParser

  For more information and workarounds, see the following Knowledge Base article: 4074906 “TypeInitializationException” or “FileFormatException” error in WPF applications that request fallback fonts after you install the January 9, 2018, .NET Security and Quality Rollup (KB4055002)

Reply | Quote

The text of that page was changed substantially today, along with a few other pages.

1 user thanked author for this post.

walker

Reply | Quote

A new version is now available.

2 users thanked author for this post.

walker, woody

Reply | Quote

Does this mean that the hotfix (KB4054856) isn’t needed and that the new version of kb4074880 (4.7.1 rollup) has been fixed and is safe to install? I downloaded all the files for KB4055002 again just now, but still have the hotfix. Is it not needed now?

1 user thanked author for this post.

walker

Reply | Quote

I’m not sure about the hotfix but the new release supposedly doesn’t have this issue.

1 user thanked author for this post.

walker

Reply | Quote

No, KB4054856 still required

3 users thanked author for this post.

walker, Sessh, woody

Reply | Quote

Great, thanks. So, the Hotfix (KB4054856) is still needed and presumably should be installed before KB4074880. Together, they solve the issues people were having with January’s 4.7.1 rollup.

Reply | Quote

Actually, one more question. Is the hotfix required for people who did not install the flawed NET rollup? I am intentionally way behind on updating, so I did not install the flawed rollup. If one did not install that (for whatever reason), can they simply install the recently released and fixed rollup without the hotfix? It shouldn’t be needed in this situation, right?

1 user thanked author for this post.

walker

Reply | Quote

The hotfix is independent, not connected to the rollup issues
you should install it

3 users thanked author for this post.

walker, Sessh, woody

Reply | Quote

Will do. Thanks. 🙂

Reply | Quote

At this point it looks to me like we’re back to not having a Patch Tuesday. This month has been an absolute “keep your eyes peeled for stuff coming down the tube” day all month long. Feels quite nostalgic.

No matter where you go, there you are.

Reply | Quote

Just saw that a new Java 8, version 161 was released today. The flood continues.

I wonder how many of the various non-MS software patches depend on the OS patches being applied first or if they stand alone. Plus the software patches and OS patches only go so far and need the firmware and hardware patches to be truely effective.

I wonder how long it will be for revised CPU chips to appear.

Reply | Quote

Its back KB4055532 ?

https://support.microsoft.com/en-us/help/4055532/security-and-quality-rollup-for-net-framework-3-5-1-4-5-2-4-6-4-6-1-4

“Notice

On January 18, 2018, update 4055532 was re-released to include an update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4074880). Update 4074880 replaces update 4055002 for this configuration, and prevents the issue that is described in the following Knowledge Base article:

4074906 – “TypeInitializationException” or “FileFormatException” error in WPF applications that request fallback fonts after you install the January 9, 2018, .NET Security and Quality Rollup (KB4055002)
This update has been released as part of the January 2018 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1.”

No info on KB4074880 yet.

It is now checked again!
Good luck, I hid it!

4 users thanked author for this post.

walker, SueW, NoLoki, AJNorth

Reply | Quote

For those who employ it, Oracle have released a Critical Patch Update for their Java SE Runtime Environment (to version 8u161), containing 21 new security fixes. “18 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.” The English text form of the Risk Matrix can be found here.

Downloads for manual installation (all platforms) are at: http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html.

2 users thanked author for this post.

SueW, MrBrian

Reply | Quote

Thanks for the update.

Reply | Quote

The advisory page (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002) states:

01/18/2018
Microsoft has released security update 4073291 to provide additional protections for the 32-bit (x86) version of Windows 10 Version 1709 related to CVE 2017-5754 (“Meltdown”). Microsoft recommends that customers running Windows 10 Version 1709 for 32-bit systems install the update as soon as possible. Microsoft continues to work to provide 32-bit (x86) protections for other supported Windows versions but does not have a release schedule at this time. The update is currently available via the Microsoft Update Catalog only, and will be included in subsequent updates. This update does not apply to x64 (64-bit) systems.

 

I hope they’ll release an update for W7 32bit soon.

1 user thanked author for this post.

MrBrian

Reply | Quote

Worth noting that Symantec have pulled their latest hotfixes as these patches resolve issues seen with Meltdown patching in SEP:

https://support.symantec.com/en_US/article.TECH248552.html

Reply | Quote

This morning KB4055532 checked on all W7/32 systems I support and received KB4057270 as optional.
Will test both on test system today. As a previous poster pointed out, info on KB4074880 is required.

Reply | Quote

https://support.microsoft.com/en-us/help/4055532/security-and-quality-rollup-for-net-framework-3-5-1-4-5-2-4-6-4-6-1-4

KB4055532 shows as checked important prior to installation.

KB4074880 shows as update after installation.

It would be helpful if Microsoft provided the same update name before and after installation. Cross-checking names to determine what update has been installed or omitted is extremely tedious.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

SueW

Reply | Quote

Günter Born:

Update KB4057144 for Windows 10 Version 1703 is offered via Windows Update and via Microsoft Update Catalog.

1 user thanked author for this post.

abbodi86

Reply | Quote

Does anyone else here already know that the following also applies to them?

If so, I’ll be grateful if someone could let me know how this was resolved, assuming it already has been resolved:

I have the Windows SecureAnywhere anti malware installed in my Win 7 Pro, SP1, x64 PC.

The new updates that are contingent to the anti malware manufacturer setting up the “QualityCompat” key in the Registry are not yet being offered to me by MS (my PC is set to “Inform me, but do not install new updates”). Checking for the existence of the new “QualityCompat” Key, I find it is not in the Registry yet.

Looking around, I have then found that a new version of Webroot SecureAnywhere (9.0.19.36) was distributed on 9 January, but the one in my PC is an older one, from well before the news of Spectre and Meltdown broke out. As installed in my PC, Webroot is set to update my version automatically.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Have you tried manually updating your AV? You might also check their forum to see if anyone else is reporting the same issue there.

1 user thanked author for this post.

OscarCP

Reply | Quote

Kristy,

Thanks!

After I submitted that posting, I did email a similar question to Webroot, and was answered that:

(1) A new version will be released shortly that will install and set the QualityCompt key automatically.

(2) If I wanted to get the key installed now, by using the instructions in the link:  https://download.webroot.com/MSJan18RegFlag.zip (provided by Webroot in the same email), I could download the compressed file ” MSJan28RegFlag ” and then click on it and continue clicking through multiple warnings, until the message “Key installed” (or words to that effect) finally appeared. I did all that and then checked myself to see if the, until then absent key, was in fact installed and properly set, and yes, it was and it was.

At the moment, the only updates offered in my PC’s “Windows Update” box are still those that have been there since soon after Patch Tuesday: for MS Office plus the latest MS Malware Removal Tool. So now it might be a matter of time before the rest appear, I suppose. After which I’ll have to wait until what to do about them becomes a little clear.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Further to my previous posting answering to Kristy:

I just run “check for updates” and found two new ones: this month’s “security and quality rollout” and the .Net rollout. I won’t install the quality and security rollout, but it’s showing up now probably means I could, if I so choose, download and install the security only update from the MS Catalogue. Although first I’ll wait for clearer signs that it is safe to do.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Anyone got update KB4057144 via Windows Update?

Reply | Quote

KB4033342 has returned to WU as an unchecked Optional update (Microsoft .NET Framework 4.7.1 for Windows 7 and Windows Server 2008 R2 for x64).

1 user thanked author for this post.

MrBrian

Reply | Quote

Incidentally, the version of KB4033342 provided for download from the MS Catalog (after it was pulled from, then restored to, WU) is identical to the version originally released on 2017.10.04 (with the same digital timestamp — even though WU now shows the release date as being 2018.01.09).

Reply | Quote

If I am not mistaken, the .NET 4.7.1 installer was OK. It was the Jan .NET Rollup that caused the problem.

2 users thanked author for this post.

Cascadian, AJNorth

Reply | Quote

.NET 4.7.1 is “released” to WU on 2018/01/09
how do you expect WU to show older date for it? 🙂
regardless the original date of .NET 4.7.1 release

besides, the WU also bundles KB4054852 patch

Reply | Quote