Newsletter Archives

• MS-DEFCON 4: With the Win7 Monthly Rollup now working, it’s time to get everything updated

  Posted on November 2, 2018 at 07:01 CDT by woody • Comment in the Forums

  Between the Win7 Monthly Rollup working, and Win10 version 1809 still in the shop for repairs, we’ve hit a golden time to get your patching done.

  Details in Computerworld Woody on Windows.

  I’m moving us to MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

  UPDATE: It looks like we aren’t out of the swamp with the Win7 Monthly Rollup installing correctly. See @PKCano’s post if you hit an error.

  Windows Patches/Security MS-DEFCON 4, October 2018 Black Tuesday

• Win7 Monthly Rollup, KB 4462923, makes a sudden re-appearance

  Posted on November 1, 2018 at 14:49 CDT by woody • Comment in the Forums

  Remember how we’ve been having problems with KB 4462923, the October Win7 Monthly Rollup?

  Looks like there was a reason why Microsoft buried it so deep.

  @PKCano reports

  KB4462923 2018-10 Security Monthly Quality Rollup showed up CHECKED in the “important updates” on my Win7 today 11/1/18.

  On a test machine, I installed it along with the 2018-10 .NET Rollup and MSRT without an error (Note: the SSU KB3177467 v1 was installed on my machine in 2016)

  AFTER the reboot, KB3177467 v2, the Servicing Stack released 10/9/2018 appeared and installed without requiring a reboot. The hash is the same and the file size is the same. Must be a metadata change to let it install without an error before KB3177467 v2 (the SSU).

  I don’t see any documentation of this, anywhere.

  Now aren’t you glad you haven’t yet installed the October updates?

  Windows Patches/Security KB 3177467, KB 4462923, October 2018 Black Tuesday

• What happened to KB 4462923, the October Win7 Monthly Rollup?

  Posted on October 30, 2018 at 10:21 CDT by woody • Comment in the Forums

  @PKCano has been on a mission to find what it takes to get Windows Update to offer this month’s Win7 Monthly Rollup. It ain’t easy.

  Details in Computerworld. Woody on Windows.

  Windows Patches/Security KB 4462923, October 2018 Black Tuesday

• MS-DEFCON 2: Still waiting on results for the Win10 cumulative updates

  Posted on October 25, 2018 at 08:05 CDT by woody • Comment in the Forums

  Patch Lady Susan Bradley says she managed to get all of the October patches installed without incident.

  I’m still waiting on reports about the massive Win10 cumulative updates, released last week and this week.

  Details on the latest cumulative update, for Win10 version 1803, in Computerworld Woody on Windows.

  I’m moving to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  I’m still skeptical, and advise that you hold off on patching for now.

  Windows Patches/Security MS-DEFCON 2, October 2018 Black Tuesday

• Microsoft releases a Patch Thursday cumulative update for Win10 version 1803

  Posted on October 24, 2018 at 16:36 CDT by woody • Comment in the Forums

  KB 4462933 brings Win10 1803 up to build 17134.376.

  Lots and lots and lots of individually identified bug fixes.

  No problems reported so far, but it’s only been a few minutes…

  You gotta wonder how many of these bugs appeared as the dev team was looking at 1809. I bet we see a huge cumulative update for 1809 shortly.

  If you intend to manually install this beast, remember: SSU before LCU except after C or when it sounds like an A. Why? Because the Win10 updater ain’t smart enough to update itself.

  Windows Patches/Security KB 4462933, October 2018 Black Tuesday

• Patch Alert: Where we stand with the October patches

  Posted on October 17, 2018 at 09:25 CDT by woody • Comment in the Forums

  It ain’t pretty, lemme tell ya.

  Information on Computerworld.Woody on Windows.

  Windows Patches/Security October 2018 Black Tuesday

• Microsoft seems to have pulled the October Win7 Monthly Rollup from Windows Update

  Posted on October 15, 2018 at 08:11 CDT by woody • Comment in the Forums

  Reliability. That’s what we need.

  If you’re looking for the Win7 Monthly Rollup, using Windows Update, you probably won’t find it.

  Computerworld Woody on Windows.

  Windows Patches/Security KB 3177467, KB 4462923, October 2018 Black Tuesday

• Patch Tuesday: The good, the bad, the ugly and the hopeless

  Posted on October 9, 2018 at 12:47 CDT by woody • Comment in the Forums

  Patch Tuesday patches are rolling out right now and there’s a bunch of them.

  Quick glance on the Microsoft Update Catalog shows 104 individual patches, dated Oct. 5 to 8 (none for Oct. 9 that I can see).

  Microsoft’s master list is here.

  I’m perplexed by the first cumulative update for Win10 version 1809, KB 4464330:

  Addresses an issue affecting group policy expiration where an incorrect timing calculation may prematurely remove profiles on devices subject to the “Delete user profiles older than a specified number of day.”

  There’s no indication if that fixes all of the disappearing Documents, Photos, etc., files that some encountered. Although it may well explain the “Delete user profiles” GPO problem. If it makes any difference, there’s been no change in the “Known issues” section of the original Win10 1809 release, KB 4464619. If Microsoft fixed the file deletion problem, they didn’t change the KB article to reflect the fix.

  There’s also no indication if this means the forced upgrades from 1803 to 1809 are poised to begin.

  Martin Brinkman at ghacks.net has his usual comprehensive list:

  • Windows 7: 13 vulnerabilities of which 2 are critical and 11 are important.
  • Windows 8.1: 14 vulnerabilities of which 2 are critical and 12 are important.
  • Windows 10 version 1607: 19 vulnerabilities of which 3 are critical and 16 are important.
  • Windows 10 version 1703: 18 vulnerabilities of which 3 are critical and 15 are important.
  • Windows 10 version 1709: 20 vulnerabilities of which 3 are critical and 17 are important.
  • Windows 10 version 1803: 20 vulnerabilities of which 2 are critical and 18 are important.
  • Windows 10 version 1809: 19 vulnerabilities of which 3 are critical and 16 are important.

  Dustin Childs on the Zero Day Initiative page weighs in:

  Microsoft released 49 security patches and two advisories covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office and Office Services. Of the 49 CVEs, 12 are listed as Critical, 35 are rated Important, one is rated as Moderate, and one is rated Low in severity. A total of eight of these CVEs came through the ZDI program. Three of these bugs are listed as publicly known at the time of release and one of these is reported as being actively exploited.

  We also got a Servicing Stack Update for Win10 1809, KB 4465477. If you’re manually installing the cumulative update for 1809 (sanity alert), be sure to get the SSU installed first. Thx @KPRP42.

  The only hole known to be actively exploited is a privilege escalation bug, which means the attacker has to be running on your machine already before they can take advantage of the bug.

  There’s a bumper crop of Office security patches, for Office 2010, 2013, 2016, several viewers, SharePoint Server 2010, 2013 and 2016.

  The SANS Internet Storm Center posted its usual overview, confirming that only one bug is currently known to be in use, and it’s a privilege elevation bug.

  Windows Patches/Security October 2018 Black Tuesday
• « Older Entries