Newsletter Archives

  • Patch Tuesday hits with a bang

    Posted on August 14, 2018 at 12:20 CDT by Comment in the Forums

    The Microsoft Update Catalog suddenly lists 116 separate downloadable patches, dated either Aug 10 or 11.

    Martin Brinkmann has his usual thorough review on Ghacks of the August patches:

    • Microsoft released updates for all versions of Windows, Microsoft Edge, Internet Explorer Microsoft Office, and other company products including Visual Studio, .NET Framework, Microsoft SQL Server, Microsoft Exchange Server, and Adobe Flash Player.
    • All client and server versions of Windows are affected by critical vulnerabilities.
    • Microsoft does not provide a general overview of resolved security issues anymore on support pages.

    Former ‘Softie patching guru, now working for the Zero Day Initiative, has details:

    Microsoft released 60 security patches for August… 19 are listed as Critical, 39 are rated Important, one is rated as Moderate, and one is rated as Low in severity. Twelve of these CVEs came through the ZDI program. One of these bugs is listed as publicly known at the time of release and two others are listed as being under active attack… 13 of the 20 Critical bugs affect [Internet Explorer and Edge]

    Looking through Childs’s list, the only currently exploited “Critical” security hole is in Internet Explorer. The second currently exploited security hole is only rated “Important” which means, of course, that it isn’t.

    The Win10 1703, 1709 and 1803 patches still list this known bug:

    After you install any of the July 2018 .NET Framework Security Updates, a COM component fails to load because of “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors. The most common failure signature is the following:

    Exception type: System.UnauthorizedAccessException

    Message: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    So it looks like MS still hasn’t fixed the .NET bugs from last month.

    Patch Lady Susan here with a late Tuesday evening update to this post:  Microsoft has updated the known issues section and removed the sections about the .NET/COM errors that were listed in July.  In my early testing I haven’t seen side effects but I will be doing more testing/more watching.  So for now hang loose and test and wait.  Clearly they messed up the documentation in this month’s release and copied and pasted the text from July’s releases.   The only known issues left are the ones with Exchange (make sure you install with admin rights) and the missing OEM note in Windows 7 (shown below).  In ALL of my Windows 7 testing I have had zero issues and my understanding this network interface problem is limited to VMware (virtual machine) installs.  Thus I don’t anticipate that we will see this on normal machines.

    From @PKCano:

    Win8.1 Monthly Rollup – https://support.microsoft.com/en-us/help/4343898

    Win7 Monthly Rollup – https://support.microsoft.com/en-us/help/4343900

    The Win7 Monthly Rollup still lists:

    There is an issue with Windows and third-party software that is related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.

    More .NET patches. The  main ones:

    • KB 4344145 – Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2
    • KB 4344146 – Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1, and for .NET Framework 4.6 for Server 2008 SP2

    Of course, Microsoft promises that these .NET patches work just fine, unlike last month’s. Susan Bradley has a bit to say about that:

    August 2018 Office Security Updates have been released for Office 2016, Office 2013, Office 2010, the Office Viewers and the SharePoint servers.

    SANS Internet Storm Center has their assessment, which reinforces Childs’s analysis.

    Windows Patches/Security , , , , , , , , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.