Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • June 2018 Patch Tuesday is upon us

    Posted on June 12th, 2018 at 13:05 PKCano Comment on the AskWoody Lounge

    The June Security Updates have been released for all versions of Windows, Office and various other Microsoft products.

    As usual, Martin Brinkman has his amazing overview available on the ghacks site. The updates according to operating system:

    • Windows 7: 9 vulnerabilities of which 2 are rated critical and 7 important.
    • Windows 8.1: 8 vulnerabilities of which 2 are rated critical and 6 important.
    • Windows 10 version 1607: 25 vulnerabilities of which 4 are rated critical and 21 important.
    • Windows 10 version 1703: 25 vulnerabilities of which 3 are rated critical and 22 important.
    • Windows 10 version 1709: 27 vulnerabilities of which 4 are rated critical and 23 important.
    • Windows 10 version 1803: 26 vulnerabilities of which 4 are rated critical and 22 important.

    Windows Server products

    • Windows Server 2008 R2: 9 vulnerabilities which 2 are rated critical and 7 important.
    • Windows Server 2012 and 2012 R2: 8 vulnerabilities which 2 are rated critical and 6 important.
    • Windows Server 2016: 24 vulnerabilities of which 4 are rated critical and 22 important.

    Other Microsoft Products

    • Internet Explorer 11: 4 vulnerabilities, 2 critical, 2 important
    • Microsoft Edge: 7 vulnerabilities, 3 critical, 4 important

    Martin also has a list of known issues for Windows 7 SP1, Windows 10 v.1607, Windows 10 v.1709, and Windows 10 v.1803 on his site.

    UPDATE: Security Updates are available for Microsoft Office 2010, 2013, and 2016. Also for the Excel Viewer 2007 and the Office Compatibility Pack SP3. These updates do not include Office 365 or C2R.

    Patch reliability is unknown at this time. Unless you have a specific reason to install updates, you should wait until Susan Bradley (Patch Lady) has had time to evaluate them and/or Woody gives the DEFCON go-ahead.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums June 2018 Patch Tuesday is upon us

    This topic contains 136 replies, has 37 voices, and was last updated by  MrJimPhelps 5 months, 2 weeks ago.

    • Author
      Posts
    • #197422 Reply

      PKCano
      AskWoody MVP

      The June Security Updates have been released for all versions of Windows, Office and various other Microsoft products. As usual, Martin Brinkman has h
      [See the full post at: June 2018 Patch Tuesday is upon us]

      9 users thanked author for this post.
    • #197424 Reply

      PKCano
      AskWoody MVP

      Group B Security-Only Patches have been updated in AKB2000003 for Windows 7, Windows 8.1 and IE11 Cumulative Update.

      11 users thanked author for this post.
    • #197426 Reply

      Microfix
      AskWoody MVP

      Note: Windows 7 SP1 Monthly Quality Rollup Update kb4282826 MAY have issues with the NIC again, for the workaround should you encounter the issue:

      https://support.microsoft.com/en-us/help/4284826/windows-7-update-kb4284826

      | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
      6 users thanked author for this post.
      • #197447 Reply

        leonardoco
        AskWoody Lounger

        I really can’t believe this issue is still not fixed… And again the “Third party software” is not named…

        1 user thanked author for this post.
        • #197469 Reply

          Bill C.
          AskWoody Lounger

          Microsoft believes they have fixed it.  They want you on Win10, under their control, so they “fixed” some Win7 machines to not work. I cannot believe it is truely unfixable

          Some say you should not see a conspiracy when ineptness will explain the situation, however when this affects home users, month after month, and it is not easily fixable to those who use the PC as an appliance, they may buy a new device.  So it s a win/win for MS, a user off of Win7 and by the stats, most likely onto Win10, it is one less assimilation for the MS-Borg to go.

          However, to refute my comment and advance those who say incompetence – Win10 is no picnic, and updates/upgrades are not so simple and easy that everyone LOVES Windows 10, so maybe it is ineptness.

          I do wonder what the new Spectre-type fixes will do for those without the updated microcode.

          1 user thanked author for this post.
        • #198889 Reply

          GoneToPlaid
          AskWoody Lounger

          My guess would be the update utilities which many big name computer manufacturers install on their computers.

    • #197431 Reply

      Mr. Natural
      AskWoody Lounger

      Looking at this new list of updates and the number of updates for each different OS begs the question, “I thought Windows 10 was the most secure OS ever.”

      12 users thanked author for this post.
      • #197451 Reply

        zero2dash
        AskWoody Lounger

        I’m fairly sure it’s been this way since the dang thing launched.
        Month after month, there’s more vulnerabilities advertised in every 10 version than in 7 and 8.1.
        Quite humorous indeed.

        3 users thanked author for this post.
      • #197509 Reply

        Carl D
        AskWoody Lounger

        One cannot help but wonder if there really are more security issues in Windows 10 than 7 and 8.1 or whether MS isn’t bothering to patch all of the security issues in it’s older OS’s as part of their ongoing crusade to get everyone onto Windows 10.

        I’ll take my tinfoil hat off again now (it has almost become a permanent part of my attire lately).

        1 user thanked author for this post.
        • #197510 Reply

          anonymous

          It might simply be that 7+8 are that much older and have had a lot more time to find the more serious bugs. I’m sure if you clean install the original Windows 7 7600 and check for updates, you’ll get a whole weekend’s worth of bug-fix patches to download.

          2 users thanked author for this post.
          • #197592 Reply

            Ascaris
            AskWoody MVP

            It might simply be that 7+8 are that much older and have had a lot more time to find the more serious bugs.

            I’m sure that’s the biggest part of the problem here, but it also illustrates that a piece of software that is undergoing constant change is inherently less secure than one that isn’t.  Inevitably, new features will mean new bugs, and that’s not just a Microsoft thing.  It’s software development in general.  The more code that is being introduced or changed, the more bugs that are entrained into the product, and the more bugs that must be discovered and fixed.  Some of the bugs are security issues, so any process that introduces more bugs necessarily tends to introduce more security issues.  Thorough testing can catch many of these bugs, but even thoroughly tested products end up having bugs that make it to production and aren’t discovered for years.

            What this means, in the context of Windows 10, is that the fast pace of code change and the lack of adequate testing both indicate a product likely to be riddled with unknown security issues, and we know this even without seeing the bug fix count every month, just by virtue of the big changes that keep happening with Windows.  The fix count simply serves as confirmation of the principle.

            Some security issues that make it into the wild will be be discovered by “good guys” and hopefully fixed, as the large number for this most recent set of fixes was, but some of those issues will be discovered by bad guys first, and they will use them as they wish without any of our knowledge until someone on the “white hat” side finds them and reports them to the developer.  Even then, these security issues only move from unknown to known by reporting them…it still takes the developer fixing them to complete the cycle, of course.

            One peculiarity about Windows as a Service is that instead of new features being the reason for the new versions as it was in the past, it is now the continuous parade of new versions that is the reason for the features.  MS has decided in advance when the “feature updates” will come, so they have to scramble to come up with new features to be in that feature update every six months.  They have to have some kind of thing to claim as a wonderful new feature to try to justify the hardship and annoyance the constant updates cause, and to draw attention away from the new monetization efforts, the usurpation of user control, and the large number of bugs that also ship with each new build.

             

            Group L (Linux): KDE Neon User Edition 5.14.4 (based on Ubuntu 18.04) + Windows 7 in Virtualbox VM

            12 users thanked author for this post.
            • #197603 Reply

              zero2dash
              AskWoody Lounger

              Expanding on those points, it also makes me want to point out why many servers do not have a GUI and are CLI-only; without a GUI, there’s a smaller vulnerability footprint and a smaller attack vector. You add a GUI, you add more levels and layers that can be exploited and attacked.

              Then there’s Win10, which keeps adding more cruft (and attack vectors) with each new release. Oh, wait, I meant “features”, because surely, people want this cruft.

              6 users thanked author for this post.
            • #197649 Reply

              Mr. Natural
              AskWoody Lounger

              @ascaris – yes indeed and until Microsoft launches this “Windows as a service” model this will be the new norm going forward. It’s unlikely there will ever be a relatively bug free and secure Windows OS until this situation changes.

            • #201523 Reply

              MrJimPhelps
              AskWoody MVP

              I think all of you are missing an obvious point — we are the Windows10 beta testers! So when Microsoft releases buggy patches which haven’t been tested sufficiently, it is so we can test them. At some point (which we aren’t aware of), the patch will be considered sufficiently tested and will be an approved patch.

              The problem is, Microsoft doesn’t let us know when a patch is still being tested vs when it is finally approved.

              Group "L" (Linux Mint)
              with Windows 8.1 running in a VM
      • #197546 Reply

        Microfix
        AskWoody MVP

        The more unnecessary bloat/ cr-apps MS introduce into W10, the more vulnerabilities need plugged?

        Both W7 and W8.1 can be made lean without returning, W10 cr-apps removal can be done, only to return on the next upgrade. A frustrating merry-go-round OS 🙂

        | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
        5 users thanked author for this post.
      • #197588 Reply

        Noel Carboni
        AskWoody MVP

        In all seriousness, something that’s being functionally changed – vs. something else being maintained at a given level of functionality – can be expected to gather more faults.

        Put another way, new software is generally less stable than old, well-tested and patched software. Until such time that the patches start to interfere with one another at least.

        If only they were making the new, functionally changed software better in tangible ways, then it all *might* just be worthwhile to deal with…

        I know, I know, just wait ’til all the developers make those killer Store Apps that are just around the corner, THEN…

        -Noel

        3 users thanked author for this post.
        • #197668 Reply

          Jan K.
          AskWoody Lounger

          No, Microsoft clearly states…

          Windows 10 … it’s the most secure Windows ever.

          But otoh in same blog, they also state…

          New features are now delivered through automatic updates, helping you to stay current and your system to feel fresh, so you’re free to do.

          Which, with english *not* being my native language, I’m finding is… erhm… un-understandable?

          Source: https://blogs.windows.com/windowsexperience/2015/07/24/security-in-windows-10/

          • #197670 Reply

            samak
            AskWoody Lounger

            From reading many of MS’s announcements, I don’t think English is their native language either.

            W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

            3 users thanked author for this post.
            • #197672 Reply

              HiFlyer
              AskWoody Lounger

              197670

              Telugu is the primary language in the state of Telangana, India.

              ’nuff said

    • #197439 Reply

      anonymous

      1803 keeps relisting in WUShowhide and each time I hide it-it reappears….odd.

      • #197441 Reply

        PKCano
        AskWoody MVP

        Try this:
        Verify that 1803 is hidden in wushowhide.
        Go to Services and Stop (not disable) the Windows Update Service .
        Shut down (not restart/reboot) the computer.
        Restart the computer.
        Wait an hour then look again – DO NOT manually search for updates. the 1803 update MAY be gone.

        1 user thanked author for this post.
        • #197454 Reply

          anonymous

          Don’t worry-I’ll try tonight when I get home. And also I don’t manually check on Windows Update-I stick to WUShowhide to hide my updates. Anyway I’ll do that tonight and then clarify if it’s gone or so. I can even do it right before bed or tomorrow morning too.

          I won’t let 1803 brainwash my baby.

      • #197444 Reply

        BobbyB
        AskWoody Lounger

        You could try WUMT, details and links here I am still sure quite what they are trying with Win10 1803. I am still on Win10 1709 and there was an attempt to “drag” me up to Win10 1803 but mercifully still kept at Bay.

    • #197455 Reply

      anonymous

      Oh boy, more Spectre mitigations. This time disabled by default. But it says delete the registry keys (if present) to disable this latest one, and set to 8 (so 1000) to enable. However, disabling the previous Meltdown/Spectre fixes require setting it to 3 (so 11). But if you delete it, it’ll enable the others. Wonder if it’s certain that if it’s set to 3, they’re all disabled. And what happens if you have it set to 11 (so 1011 – enable this, disable the others – not that I’d want to try it). Also, what’s that bit set to 0 in all scenarios? And why does the mask key still need to be set to 3 even just to enable this one, if as I understood it that told it which bits to read? Shouldn’t that be set to 11 now? Or even 15?

      — Cavalary

      2 users thanked author for this post.
    • #197470 Reply

      OscarCP
      AskWoody Lounger

      I have Windows 7 Pro, x64, I-7 “sandy bridge”, and have asked this question three times already in a previous forum without getting an answer (probably it is so because of the desperate rush to learn all about the evil new patches?).

      But this is about the incoming patches too, so I guess it also belongs here:

      Do I need to worry about SMBv1?

      Besides: people have been talking a lot about this creating problems with “networks”…

      Are they referring to company LANs, the Internet, or what? Neither of this, nor the above is made clear there.

      For more information, I update Group-B style, have a single WiFi/Ethernet router I use to connect to the Internet my one an only Windows PC, at home. (And also my Mac.)

      Off topic, but maybe not by much:

      By the way, and as a service to all those dual users that might also need to know this: my Mac (macOS Sierra) just got updated with a patch I got from Apple. today:

      https://www.bleepingcomputer.com/news/apple/apple-releases-security-updates-for-macos-ios-safari-more/

      A patch that looks a lot like it is meant for the Spectre/Meltdown pair was also received and installed by me on the first of this month. There is an article by C. Cimpanu in bleeping computer on this very topic:

      https://www.bleepingcomputer.com/news/apple/apple-releases-security-updates-for-macos-ios-safari-more/

      And if that is not enough for you, dual users:

      https://www.bleepingcomputer.com/news/security/mac-security-tool-bugs-allow-malware-to-appear-as-apple-software/

       

      • This reply was modified 6 months ago by  OscarCP.
      • #197474 Reply

        anonymous
        • #197484 Reply

          OscarCP
          AskWoody Lounger

          Thanks, by I am the sort that REALLY needs plain, simple and concise answers, not referral to documents whose applicability and relevance to my case might be (and who knows even then!) obvious to professional system administrators, no home users on foot, like me.

          So, still waiting here for an answer in plain English, concise and to the point. Oh Dear!

           

          1 user thanked author for this post.
          • #197491 Reply

            anonymous

            I have a relevant conversation going with Ascaris on the “MS-DEFCON 2: Get auto update turned off — and watch out for SMBv1 blocking complications this month” thread which might be helpful to you too.

            2 users thanked author for this post.
            • #197652 Reply

              OscarCP
              AskWoody Lounger

              I am Group B, have Win 7 Pro, SP1, x64 with “sandy bridge CPU, and had already asked this question three times, but with no luck — at least as far as getting the direct and pithy answer I said was all I was after:

              “Do I need to worry about SMBv1?”

              Practically all I had found at Woody’s on June’s patching, up to that point, were postings from people describing their issues running 1000’s of machines with Windows 10. Not exactly what happened to be the case with me, or all of us, the Win 7 (and also 8.1) plain citizens with our poky old home PCs out there. Finally, elsewhere, Ascaris ( #197526 ), as usual, had the splendid grace to answer with a simple and clear statement that, boiled down slightly, meant: “Not a problem for Win 7 or 8.1, at least for now. Maybe never, as MS seems not to care that much anymore about those “heritage” systems.” (He did not write “heritage”, that’s me, but is also the plain truth.)

              See? It wasn’t that hard!

              And: Good news everyone, fellow home users soldering on with Win 7 and 8.1, ye teeming citizens of Woodyland! As far as SMBv1 goes,  it’s “Move on, nothing, to see here!”

               

               

              1 user thanked author for this post.
            • #197658 Reply

              Kirsty
              AskWoody MVP

              For reference, there have been numerous problems with SMBv1 in recent months:

              https://www.askwoody.com/forums/topic-tag/smbv1/
              https://www.askwoody.com/forums/topic-tag/smb/
              https://www.askwoody.com/forums/topic-tag/smb-vulnerability/

              4 users thanked author for this post.
            • #197674 Reply

              OscarCP
              AskWoody Lounger

              Thanks, Kirsty. You certainly have put some real work into those numerous postings on related issues.

              For my part, after some consideration of all that I’ve been reading on this, so far, I am planning to treat this SMBv1 thing as a Meh sort of problem. On a pair with “some day I am going to die.” Which is true enough, but not really something that I believe one should start putting some seriously substantial effort to deal with  right away without having encountered first a a clear and present reason.

              When I lose that final game of chess to Mr. Bones, when I finally get there, then I’ll be there. Until then: Another game? Which hand?

              Cheers.

               

      • #197549 Reply

        DrBonzo
        AskWoody Lounger

        Watch out for the last link in OscarCP’s post immediately above. I picked up a Trojan there!! MSE removes it but only after a full scan.

        Edit: This message didn’t end up where I thought it would. The post is #197470 from oscarCP above.

        • This reply was modified 6 months ago by  DrBonzo.
        • #197553 Reply

          Microfix
          AskWoody MVP

          Nothing on VirusTotal probably a false positive by MSE or you had something already on your system.

          https://www.virustotal.com/#/url/2b66fc4dd5161134e6396b279a4fb4adf838b90daa556efc3ace7a89a70fd067/detection

          | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
          3 users thanked author for this post.
          • #197575 Reply

            DrBonzo
            AskWoody Lounger

            Possible I was already infected, although I do a full scan every day and they always come back clean.

            As I started to scroll down the page in the link I got a window that said I needed to call an 800 support number. I forced a shutdown, then updated the definitions and ran a full scan and there it was, a Support Scam Trojan. MSE successfully removed it and then I ran another full scan and everything was clean.

            Is it possible the website was infected for only a brief period of time?

        • #197655 Reply

          OscarCP
          AskWoody Lounger

          Oh, that’s not good. Thanks for the heads up, DrBonzo — and very sorry for getting you and probably several others unnecessarily worried.

          So, I might have got that one too, although I have not seen any signs so far, and scans with the Webroot “SecureAnywhere” anti malware application has not picked up anything, yet.

          But what others have posted after you on this issue seems somewhat reassuring.

           

          2 users thanked author for this post.
    • #197485 Reply

      Geo
      AskWoody Lounger

      Group A,  Win 7×64, AMD, Home Premium, home user.  Took the June monthly roll-up KB4284826 and MSRT.  No problems.

      5 users thanked author for this post.
      • #197505 Reply

        fernlady
        AskWoody Lounger

        Lets hope I am as lucky when Woody gives the go ahead.

        Windows 7 Home x64 AMD Group A
        Realtek PCLe GBE Family Controller

        2 users thanked author for this post.
      • #197578 Reply

        anonymous

        Updates went fine on my Win 7 (x64), Intel CPU, Home Premium and on my Win 10/ 1803.

        1 user thanked author for this post.
        • #198008 Reply

          HiFlyer
          AskWoody Lounger

          Updates went fine on my Win 7 (x64), Intel CPU, Home Premium and on my Win 10/ 1803.

          Which updates?

           

    • #197487 Reply

      Mr. Natural
      AskWoody Lounger

      1803 update KB4284835 installed on my Alienware 17 R3. No nic issues.

    • #197508 Reply

      anonymous

      For our WSUS environment with > 2000 clients none of the Internet Explorer 10 or 11 Cumulative Security Updates are showing as needed.  I believe that this is a metadata / detection error with all of the these updates.

      Interestingly the update for Internet Explorer 9 for our handful of Win 2008 (R1) works fine and is showing as needed by all of the clients with that OS.

      If Microsoft had this as a batting average, it would be sent down to the minors.
      Jim

      3 users thanked author for this post.
      • #197607 Reply

        anonymous

        I think it might be using last month’s detection metadata because I’m getting 2 out of 1750 computers showing up as needing the update. Both those computers are showing as needing older updates.

    • #197511 Reply

      anonymous

      I installed KB4284880 on my E5-2697 v2 server with no previous issue. The system rebooted to a Intel ME “recovery mode” error that requires me to press F1 to reboot the system.

      Is their something in this update that would modify any UEFI/BIOS portions or firmware?

      • #197576 Reply

        anonymous

        I have just installed the “May” security only update on my Windows 7 64 bit Arandale laptop.

        I have had ME problems with this rig before and again after I installed the ME exploit last year.

        After a couple of reboots it stopped regularly beeping at me and the PowerManagement settings stopped oscillating every 3 seconds.

        Just when I wondered if maybe I should rollback the update it settled down from this nonsense and higher than normal CPU use.

        Some of these latest updates seem to upset some of the basic system structure depending on the target system.

    • #197523 Reply

      anonymous

      We all like guinea pigs but what are they doing here?
      Learning, hopefully.

    • #197556 Reply

      PerthMike
      AskWoody Lounger

      Thanks, by I am the sort that REALLY needs plain, simple and concise answers, not referral to documents whose applicability and relevance to my case might be (and who knows even then!) obvious to professional system administrators, no home users on foot, like me. So, still waiting here for an answer in plain English, concise and to the point. Oh Dear!

      On your home network, do you connect to any non-Microsoft Windows-based file shares (such as a network attached storage device)? If so, you will need to check with the manufacturer of that box if they are SMBv2 capable/compliant. Or do you have a network attached scanner that sends files to your PC? Same thing, if the device can’t deal with SMBv2 shares, then you will have an issue.

      Otherwise, if you just have a single PC, or two Windows PCs talking to each other (like a second home theatre PC’s share) you should be fine.

      No matter where you go, there you are.

    • #197561 Reply

      PerthMike
      AskWoody Lounger

      I just noticed that Microsoft has already re-issued the 2018-06 Cumulative Windows 10 updates for all flavours. They first came down the pipe (on my WSUS server) on the overnight scan, but just appeared a second time, 12 hours later, with new revision versions, and the original versions have been deprecated/expired.

      Only Windows 10 seems to be affected (4284880, 4284835, 4284819, 4284874).

      No matter where you go, there you are.

      3 users thanked author for this post.
    • #197562 Reply

      anonymous

      W7 64-Bit Home Premium.
      2018-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4284826)
      Installation date: ‎13/‎06/‎2018 08:10
      Installation status: Successful
      Running ¦ OK !

      5 users thanked author for this post.
    • #197591 Reply

      Microfix
      AskWoody MVP

      Windows 7: 9 vulnerabilities of which 2 are rated critical and 7 important.
      Windows 8.1: 8 vulnerabilities of which 2 are rated critical and 6 important.

      Seen this so, yesterday and today in a spirit of adventure, I set about installing the June 2018 patches for both our W7 and W8.1.

      Both Operating Systems are Askwoody Group A
      Checks conducted on a Haswell PC on separate SSD drives (no dual boot).
      MSRT is disabled from downloading from WU on both OSes.
      Both OSes using Realtek PCIe GBE NIC and OEM drivers only.

      W7 x64 Pro SP1: Patched to May 2018
      Kb4284826 – Security Monthly Quality Rollup
      No NIC issue at all.

      W8.1 x64 Pro: Patched to May 2018
      Kb4284815 – Security Monthly Quality Rollup

      After a couple of restarts and a hard boot of each, ran Disk Clean to remove patch installation data then checked log files to find no obvious errors thereafter.

      SFC /verifyonly showed ‘no errors’ on both operating system after update 🙂

      Early indications look good for this month..for W7 and W8.1 (YMMV)

      | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
      7 users thanked author for this post.
      • #197609 Reply

        Noel Carboni
        AskWoody MVP

        Hi Microfix, thanks for sharing your experience. Glad it went well.

        Is there any chance you regularly do benchmarks, and can compare before and after measurements?

        Thanks.

        -Noel

        • #197774 Reply

          Microfix
          AskWoody MVP

          @Noel, thanks. Not one for doing benchmarks, used to do that for computer gaming set-ups years ago but, have had a console for games ever since so never needed.

          | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
      • #197628 Reply

        anonymous

        Non tech here, asking for education; why is the Malicious Software Removal Tool disabled?  Is there problems with MSRT that we all should avoid downloading?  Thank you.

      • #197630 Reply

        EP
        AskWoody MVP

        well Microfix since your Win7/8.1 machines are using Realtek PCIe GBE NIC hardware, get the newest Realtek PCIe LAN drivers from Realtek’s web site since Realtek has just released new drivers this June (v7.118 for Windows 7 and v8.064 for Windows 8.1).

        Using outdated Realtek PCIe GBE drivers is not a good idea and Windows Update may offer newer Realtek PCIe GBE drivers if the drivers that WU find on any supported PC are well outdated. To avoid this, obtain and install the newest drivers directly from Realtek.

        • This reply was modified 6 months ago by  EP.
        • This reply was modified 6 months ago by  EP.
        1 user thanked author for this post.
        • #197660 Reply

          samak
          AskWoody Lounger

          As long as you avoid any driver offerings from MS and your PC is working well, is there any need to update the drivers? It ain’t broke and I’m not keen to update!

          W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

          1 user thanked author for this post.
          • #197663 Reply

            Mr. Natural
            AskWoody Lounger

            Usually a very good idea to avoid driver updates offered by Windows Update.

            1 user thanked author for this post.
            • #197669 Reply

              samak
              AskWoody Lounger

              Thanks. The general question remains: if your PC is working well, is there any need to update the drivers at all?

              W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

            • #197671 Reply

              Mr. Natural
              AskWoody Lounger

              Probably not. “If it ain’t broke” is always a good approach to take.

              3 users thanked author for this post.
            • #201524 Reply

              MrJimPhelps
              AskWoody MVP

              I never do a driver update unless I have a specific reason for doing so. As others have said, if it’s working, and there are no vulnerabilities associated with it, I don’t update a driver.

              Group "L" (Linux Mint)
              with Windows 8.1 running in a VM
          • #197775 Reply

            Microfix
            AskWoody MVP

            Both OSes using Realtek PCIe GBE NIC and OEM drivers only.

            😉

            | W8.1 Pro x64 | Linux x64 Hybrids | W7 Pro x64 O/L | XP Pro O/L
    • #197599 Reply

      anonymous

      Did anyone notice the more and more extreme throttling is implementing while downloading updates? I checked Task Monitor to see why there is a lot of network activity going on for about the last half hour. It’s the dreaded Servicehost: Delivery Optimation with download speeds around 1 to 8 Mbps, mostly in the lower regions. Checked my internet speed and that really is still 250 Mbps. So now we don’t have only slow installs, but also painfully slow downloads. Which makes the whole weekly update process even more tiring. :-((((

      1 user thanked author for this post.
      • #197611 Reply

        Noel Carboni
        AskWoody MVP

        Just a reminder: Delivery Optimization can serve other people files from your system too. It can be disabled, but it’s on in Windows 10 by default.

        ScreenGrab_W10VM_2018_06_13_102845

        -Noel

        Attachments:
        You must be logged in to view attached files.
        3 users thanked author for this post.
        • #197643 Reply

          anonymous

          Excuse my ignorance but I didn’t know about this. So, MS wants to save money at their users’ expense. I wonder if at some point in the future a MitM attack would occur. In other words, how secure is this P2P updates delivery method? The more I know about W10, the more I want to never install it.

          3 users thanked author for this post.
        • #197679 Reply

          anonymous

          As I understand it the “download from other people” part is still enabled no matter which options you select in the user interface. To download just from microsoft you have to do some regedits.

          1 user thanked author for this post.
      • #197641 Reply

        BobbyB
        AskWoody Lounger

        @anonymous as @Noel Carboni has graciously illustrated, you can Turn off Delivery Optimisation. I think Susan Mentioned it as well and I read somewhere, some time back its efficacious to disable it from a Networking Perspective, slow downs High Bandwidth utilisation etc. While I believe it may well save on Size of Downloads, it often does it at the expense of speed as I believe WUD will look around the network and or the “Interweb” for other machines slowing everything down. I hit the problem a bit back when One of the Networks I was working on slowed to a crawl, disabled it on the Win10 Machines and “et Viola” Business as usual, not a spectacular improvement but quite noticeable. Memory serves me it was a Mixed bag inc. Win1607 or 1511? 10mbps or maybe a 100mbps and I was tweaking the NIC duplex settings at the time. But that’s whole other issue in the wacky complicated world of Networking. Another reason to avoid 1803 if you possibly can.

        1 user thanked author for this post.
    • #197623 Reply

      jescott418
      AskWoody Lounger

      Every time Microsoft sells a new Windows to users it claims better security. Yet I too also see a trend where Windows 10 has as least as much vulnerabilities every month as any other recent Windows. But then again Microsoft claimed Edge was a brand new browser too and we all know that ain’t true either. You can’t just take out some code add a little new and call it brand new.

      1 user thanked author for this post.
    • #197638 Reply

      anonymous

      Guinea Pig No. 20735 – A – 7 reporting for duty, Sir….

      Successful install of 6-2018 Group B Secur-only patch KB4284867-x64 , and IE 11 6-2018 patch kb4230450-x64 , this morn. Wed. 6-13. (The 13th, no less!)

      For details of my Win7 SP 1 X64 machine w/ Intel Haswell, and otherinfo re my PC, install prep/strategy etc., see Ask Woody older post:

      https://www.askwoody.com/forums/topic/patch-lady-kb4103718-known-issues/#post-194577

      After each install, logoff, then reboot, then logon & surf: Both times, Tbird gets my ATT/Yahoo email, and Seamonkey brings up DrudgeReport and Ask Woody (cache cleared prior to each try) . For my SOHO setup, use only direct cable, no wireless; on my Realtek PCIe GBE Family Controller, using 2010 and 2013 Realtek drivers.

      As of now, I have not enabled any of the registry hacks/ mitigations described in
      M$ “help” article for this patch, as to IBPB nor SBB; nor for prior mitigations M$ mentions as to Spectre and Meltdown.

      Side comment: Members and lurkers, what has been your practice so far as to enabling the mitigations? My hunch is that the busn. network mgrs. may have been doing it, and the SOHO like me, or only-personal users, may not have been; presumably waiting until zero-days pop up. Comments?

      As always: Profuse congratulations and praise, to Woody Leonhard for starting this invaluable resource in the first place, and building it! And to Patch Lady Susan Bradley, Noel Carboni, PKCano, Ascaris, Mr. Jim Phelps and all the Senior Posters and other posters, who make this blog Such A Valuable Resource for us humble souls!

      Oh, and PS: WHY now? A: Dealing with moderate health issues coming up; move of my residence coming up; translation: Not a lot of time right now to hemmorhage time on M$ and its (fill in your own adjectives) software.

      And also as always: Your Mileage May Vary. Best to all!

      3 users thanked author for this post.
    • #197678 Reply

      PKCano
      AskWoody MVP

      I just updated one of the Win10 1703 computers I support. I was offered the 2018-06 CU KB4284874 to Build 15063.1155, IE11/Edge Flash, MSRT and several Office 2010 updates. All installed and rebooted with no problem. No offer of 18030.

      HP Elite 800 i5 Kaby Lake, 8G BRAM. 500GB SSD.

    • #197688 Reply

      cesmart4125
      AskWoody Lounger

      Hello Woody!

      I’ve got two items on my mind.  Malwarebytes AdwCleaner 7.20 just found two pieces of Malware in CCleaner.  6/13/2018 7:02 PM EDST

      The second concerns system health.  In the “good ol’ days” Windows Secrets had articles on checking system health.  These included information on programs to use such as Performance Test and Disk CheckUp.  Would it be possible to have an article on this topic in AskWoody.

      Oh, and I recently wrote an article on women in the Civil War complete with links to YouTube sites.  If you or your wife were to read about three pages, you would be able to astound and amaze your neighbors with your knowledge of the Civil War, more properly called “The War.”  And remember our army is not the US Army, but rather the army of the CSA.  If you’d like me to send you a copy, just let me know.

      Look forward to hearing from you.  Best wishes in your endeavors.

      Charles

      • #197701 Reply

        geekdom
        AskWoody Lounger

        Malwarebytes AdwCleaner 7.20 just found two pieces of Malware in CCleaner. 6/13/2018 7:02 PM EDST The second concerns system health. In the “good ol’ days” Windows Secrets had articles on checking system health. These included information on programs to use such as Performance Test and Disk CheckUp. Would it be possible to have an article on this topic in AskWoody. Oh, and I recently wrote an article on women in the Civil War complete with links to YouTube sites.

        You have three topics there. Please consider starting three separate threads as this thread is about June Patch Tuesday.

        Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
    • #197690 Reply

      cesmart4125
      AskWoody Lounger

      Woody, PK Cano, and company,

      I put my above message here because I’m unable to figure out how to put Woody in the “To” box for direct messages.

      And, yes, I do indeed have an article on women in the Civil War.  If you’d like me to post it, just tell me where, and I’ll do so.

      Charles

      • #197702 Reply

        PKCano
        AskWoody MVP
      • #197725 Reply

        Kirsty
        AskWoody MVP

        There has been an issue with the DM system for a little while, in selecting @woody as the recipient, using New Message.

        However, if you click on Directory instead, and search for Woody, click on Send Message to the right of his yellow gravatar link towards the bottom of that list 🙂
        (Don’t use the Admin account at the top of that list, as the other account will reach him quicker.)

        4 users thanked author for this post.
    • #197703 Reply

      aerosmith598
      AskWoody Lounger

      i just have a yes or no question regarding windows 7 patch from yesterday, june 12, it says it offers a stop error, which is a blue screen, is every user experiencing that? i havent downloaded it yet . do i absolutely need it? im running windows 7 home premium with no issues. thanks for your help.

      • #197704 Reply

        PKCano
        AskWoody MVP

        Which patch are you referring to. Can you give a KB number?

        Patch Tuesday was just yesterday. You can wait a while and see if we get reports of problems. There hasn’t been enough time to know if people are having problems yet.

        • #197709 Reply

          aerosmith598
          AskWoody Lounger

          sure i apologize- its kb4284826… apparently it fixes the spectre meltdown? which like most i have no idea what that is or that it exists.  Just i always go to microsofts page to read the known issues and the first is  a stop error on certain machines, which i know is a blue screen, which i obviously want to avoid.

          • #197711 Reply

            aerosmith598
            AskWoody Lounger

            i would ‘hide’ it, but then i dont know if my system will become unstable, im basically asking if i fully ignore it this month will i be alright?

          • #197714 Reply

            PKCano
            AskWoody MVP

            You will need to install that patch eventually.

            But it will not hurt anything if you WAIT to install it for another two weeks. In that time, if people are having problems, they will report here. If not, Woody will give the go-ahead to patch safely and link to an article in ComputerWorld giving the instructions. The DEFCON number is the big number at the top of the page. Watch for it to change to 3 or above and read the article.

            • #197715 Reply

              aerosmith598
              AskWoody Lounger

              ok great, probably dumb on my part but i was thinking if i didnt install it right away my computer would crash or get infected, i always download the patches about a week to 10 days after they are released, honestly when i do my computer takes forever to restart which i try to avoid as much as possible, so im good if i hold off till like the middle of next week?

            • #197717 Reply

              PKCano
              AskWoody MVP

              Or the week arter that. I don’t believe there are any Meltdown/Spectre exploits in the wild yet.

            • #197718 Reply

              aerosmith598
              AskWoody Lounger

              I really do appreciate the help, im not just saying that, thanks again.

      • #197705 Reply

        geekdom
        AskWoody Lounger

        I installed  2018-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4284826) yesterday and have not experienced Blue Screen of Death.

        Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
        4 users thanked author for this post.
        • #197720 Reply

          OscarCP
          AskWoody Lounger

          Several good reports here that are encouraging! To me, in particular, the ones about security only and E11 for Win 7, my OS. But I rather wait a couple of weeks before installing anything and watch to see what else might surface that has not done so right away, in case what does surface is trouble.

          At the moment, I’m not aware of any urgent reason for me, at least, to update in a hurry, because, say, the word is out that some evil malware spawn is out to destroy the world and might be coming for me first, the way it was back in February. At least that anyone knows so far…

           

    • #197740 Reply

      ViperJohn
      AskWoody Lounger

      Had Win7 64 bit system with appropriate Intel Microcode Updates and FULLY WORKING Meltdown and Spectre mitigations per Gibson’s Inspectre BEFORE installing Win7 Security Only Update KB4284867.

      After installing KB4284867 any and all Spectre mitigations are completely disabled per Gibson’s Inspectre.  Inspectre actually acts exactly like it does when the appropriate Spectre enabling Intel Microcodes are not installed at all after the KB4284867 install.

      Setting registry “FeatureSettingsOverride” to 0 or 8 makes no difference in result after KB4284867 install where either would work before KB4284867 install (just gotta love bitmaps). The only way to restore Spectre mitigations to working status is uninstall KB4284867.

      This could be a bug in the Gibson’s Inspectre in combo with the June Windows updates but I doubt it cause after you install KB4284867 it’s like the Microcode Updates needed to enable Spectre mitigation are no longer installed when they if fact are.

      I tried to find the old PowerShell test routines to try them and couldn’t BUT I also couldn’t get them to work at all before either.

      • #197747 Reply

        ViperJohn
        AskWoody Lounger

        Okay just installed KB4284874 June Cumulative Update for Win 10 v1703 and got EXACTLY the same results and actions in regard to Spectre mitigations as listed above for Win 7 and KB4284867.

        At this point it could be a Gibson Inspectre detection issue after the updates are installed or Microsoft has managed to hose the Spectre mitigations completely all around.  No real way to know at this point but uninstalling the updates returns the Spectre mitigations back to working status every time.

         

        • #197749 Reply

          Kirsty
          AskWoody MVP

          it could be a Gibson Inspectre detection issue

          InSpectre is still at Release 8, now 2 months’ old. Not sure if/when it is likely to be updated…

    • #197748 Reply

      ViperJohn
      AskWoody Lounger

      Or the week arter that. I don’t believe there are any Meltdown/Spectre exploits in the wild yet.

      It’s only a matter of time though PK.

      • #197766 Reply

        aerosmith598
        AskWoody Lounger

        i ended up downloading them/updating, their were only 2 updates for june so i figured  why not. So far nothing changed, no stop error no blue screen thats a plus. Thanks again for the advice, but i didnt wanna leave it un- updated for 2 weeks and have something with my luck get in my system that id need to worry about later.

        1 user thanked author for this post.
    • #197753 Reply

      anonymous

      After creating system partition backups, I took the plunge for the 4 combinations W7 Home Premium and W8.1 Pro in both 32 bit and 64 bit variants by installing both the security only and Internet Explorer (IE) updates (and the W8.1 Flash for IE updates) i.e. Group B-ish.

      The IE updates which historically have given me most problems in various versions of Windows through the years, show me no problems this month.

      The W8.1 file explorer problems due to corrupted Registry settings which for me re-emerge every few months did not re-appear this month.

      The W8.1 32 bit Sandboxie problem introduced by the April W8.1 32 bit update and fixed/worked around by Sandboxie Beta 5.25.1 remains fixed/worked around after the June updates.

      Windows Firewall Notifier (WFN) version 2 Beta 3 continues to function (I had to replace the earlier WFN 1.9.0 following the May (.NET?) updates) and after a few hours use there have been no unrecognised outgoing “svchost.exe” internet accesses this month (unlike after the May (.NET?) updates).

      So “so far, so good”!

      HTH. Garbo.

      BTW: I’m just a home PC user with a small Microsoft footprint i.e. I normally use Panda AV not MSE/Windows Defender, Firefox/Vivaldi not IE, Thunderbird not Outlook, Softmaker Office not MS Office, VLC Media Player not Windows Media Player etc., so my active interaction with these updates may be less than some other people’s 🙂

      1 user thanked author for this post.
      • #197906 Reply

        anonymous

        It is also good to read your BTW in the other direction as well, Garbo. In your case Microsoft is keeping its hands to itself and not creating conflicts in those alternative applications either. More good news.

    • #197788 Reply

      Dismas
      AskWoody Lounger

      Hello,

      I don’t know what’s going on with the cumulative update KB4284880 and the Flash update KB4287903 but they are needed by none of my LTSB 1607 SCCM clients (4) and I get the  error “The update is not applicable to your computer” when trying to install them manually via the catalog.

    • #197791 Reply

      radosuaf
      AskWoody Lounger

      Patching my Lumia ended up with a sad face pic and I have to reflash my phone, which means starting fresh with W8.1 and installing all the upgrades one by one. Oh well, a few hours lost…

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1803 64-bit
    • #197954 Reply

      Dismas
      AskWoody Lounger

      Hello, I don’t know what’s going on with the cumulative update KB4284880 and the Flash update KB4287903 but they are needed by none of my LTSB 1607 SCCM clients (4) and I get the error “The update is not applicable to your computer” when trying to install them manually via the catalog.

      OK I figured it out : I missed KB4132216…

      1 user thanked author for this post.
    • #198001 Reply

      anonymous

      Hello all, glad I found this website.  I have gotten BSOD on Wednesday, June 13, 2018 at about 3 AM CST, another one at the same time on Thursday, June 14, 2018, and another one today, same deal, Friday, June 15, 2018.  Each time the BSOD shows “BAD POOL.”  My Windows 7 system is trying to install the 2018-06 Security Monthly Quality Rollup for Windows 7 for X64-based System (KB4284826) 222.6 MB.  From the Safe Mode screen, the last driver that is loading is CLASSPNP.SYS.  Not sure if this is related to the BSOD.  In Safe Mode, it says “Failure configuring Windows updates.  Preventing changes.”  Then when it regularly boots it says, “Preparing to configure Windows.  Do not turn off your computer.”  Any suggestions on what I can do?

      • #198009 Reply

        PKCano
        AskWoody MVP

        The support page for KB 4284826 gives a “Known issue” that was introduced in the March Rollup and still has not been fixed by Microsoft. This is due to a lack of support for SIMD/SSE2. If you can turn it on in the BIOS, it may fix the issue you are having.

        2 users thanked author for this post.
        • #198025 Reply

          anonymous

          Woody, thank you.

          When I visit that link it says: “A stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).”  Workaround: “Microsoft is working on a resolution and will provide an update in an upcoming release.”

          When I check my CPU using CPU-Z 1.85.0 May 2018, it tell me my Intel Core i7 4790K has MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, EM64T, VT-x, AES, AVX, AVX2, and FMA3.  I see SSE2 but I don’t see SIMD mentioned.  Could this be the problem?

        • #198048 Reply

          anonymous

          PKCano, thank you!

    • #198051 Reply

      Noel Carboni
      AskWoody MVP

      Here is my experience with the June 2018 patches for Windows 8.1 on my hardware system, which I could revert (even through restoral of a backup) as needed…

      The offered updates:

      ScreenGrab_NoelC4_2018_06_15_070857

      Of the above, I hid three that I do not want now or ever:

      • Update for Windows 8.1 for x64-based systems (KB2976978)
      • Microsoft – HIDClass – 10/27/2015 12:00:00 AM – 9.9.108.0
      • Surface – Keyboard – 2/8/2018 12:00:00 AM – 1.0.104.0

      The one ending 6978 is the compatibility metrics add-on Microsoft keeps trying to push over and over. The other two showed up out of the blue. I have no human interface device problems whatsoever, and it’s not a Surface (it’s a Dell workstation).

      The others went in without a hitch.

      After the required reboot, I had to undo the following things that the update process did:

      • Re-disabled scheduled task “Microsoft\\Windows\\.NET Framework\\.NET Framework NGEN v4.0.30319 64 Critical”.
      • Re-disabled scheduled task “Microsoft\\Windows\\.NET Framework\\.NET Framework NGEN v4.0.30319 Critical”.
      • Re-disabled scheduled task “Microsoft\\Windows\\WindowsUpdate\\Scheduled Start”.
      • Re-disabled scheduled task “Microsoft\\Windows\\WindowsUpdate\\Scheduled Start With Network”.
      • Service BITS (Background Intelligent Transfer Service) had been changed to “AUTO_START (DELAYED)” from my preferred “DEMAND_START” setting.
      • Shell Service Object “SkyDrive network states cache SSO” was reinstalled for both 32 and 64 bit Explorer; I prefer it to be disabled (via Autoruns).
      • Browser Helper Object “Office Document Cache Handler” was reinstated for both 32 and 64 bit Internet Explorer; I prefer it to be disabled (via Autoruns).
      • The MRT (Malicious Software Removal Tool) had once again deleted file “C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll”, which I had to restore from a backup.
      • Removed the root namespaces Microsoft seems to think I really, really need under “This PC” in Explorer, but which I really, really, really don’t.

      Before the updates, this system was supremely stable and performance was very good. Uptime was 50 days before these updates went in.

      After the above restorals of my preferred settings, per the PassMark benchmark, overall system performance measures about 2% slower than nominal. Arguably the most important metric, max I/O throughput, measures only about 1% slower than before at about 1591 MB/Sec. vs. 1609 MB/Sec. I will watch for confirmation of these slowdowns in scheduled I/O intensive scheduled jobs.

      Fitness for purpose testing will continue for some days, but initial tests imply that the patched OS is running stably and can support my ongoing engineering and business management work.

      Edit: It’s been stable for 24 hours now, and facilitated quite heavy work for me all day yesterday and this morning. However, I noticed that a nightly software build job that took 47 minutes consistently before the update now takes 51 minutes. This performance hit is not insignificant, even with Spectre and Meltdown mitigations disabled.

      -Noel

      Attachments:
      You must be logged in to view attached files.
    • #198055 Reply

      Carl D
      AskWoody Lounger

      The support page for KB 4284826 gives a “Known issue” that was introduced in the March Rollup and still has not been fixed by Microsoft. This is due to a lack of support for SIMD/SSE2. If you can turn it on in the BIOS, it may fix the issue you are having.

      MS doesn’t seem to be in too much of a hurry to fix this, do they?

      Second (or third?) month in a row now where I’m not game enough to patch Windows 7 on my 32bit 2006 vintage HP laptop.

      Maybe that’s part of the ongoing plan by MS to kill off Windows 7… get rid of the remaining 32bit versions by making them unpatchable then move on to the 64bit version? Well, I’ll give them one more month to fix this. If they don’t then out comes the Windows 7 SSD and in goes the Linux Mint one – for good this time.

      1 user thanked author for this post.
    • #198085 Reply

      Larry53715
      AskWoody Lounger

      Couple of questions, I installed KB4103718 on my 7-64 bit desktop with no issues.  If I did not have issues with the NIC with this update, is it safe to assume that if I install KB4284826 that I also will not run into any NIC issues.  I will still wait until we go to Defcon 3 to install.

      I also have a laptop which does not get much use and I have as yet to install KB4103718 on it.  I am guess that whenever I get to installing WU updates that I will only see the current month listed.  Do I need to manually install the May update or will installing the most current update be sufficient.  Most of these seem to be nearly the same size, except the most recent updates are usually slightly larger in size.

       

      Thanks

      • #198089 Reply

        PKCano
        AskWoody MVP

        is it safe to assume

        NO! With MS it is not safe to assume. But by the time we go to DEFCON-3. we should have reports whether there are still NIC problems or not.

        I am guess that whenever I get to installing WU updates that I will only see the current month listed.

        The Rollups are cumulative, so each month contains all the prior Rollups plus the current month’s fixes. You should not see more than the current month’s Rollup.

        1 user thanked author for this post.
      • #198109 Reply

        aerosmith598
        AskWoody Lounger

        I have a windows 7 desktop that i installed KB4284826 on and its been fine, nothing crashed no blue stop errors. I dont know if in the future a problem will arise, im just saying so far, its been fine, hope that helps. The last update that i installed that caused my screen to go blue/stop error was in april/may, i uninstalled them all and hid them all, they were known to do that, which i stupidly should have read before i did it. Anyways, in the june updates their were only 2,. which signals that they are phasing out slowly Windows 7 updates, as i always get atleast 5 or 6 updates, maybe this month their just weren’t that many? Hope this helps someone

    • #198104 Reply

      bsfinkel
      AskWoody Lounger

      Here is my experience on an HP Windows 8.1 laptop.  I installed KB4284878, which was the only one I saw on Windows Update (besides the update to Flash Player).  I have seen reference to KB4284815, but I am not sure what it is.  (Is it a piece of KB4284878?) The patch installation went without problems, then I rebooted and backed up the machine.  This was Tuesday afternoon (I install the security patches as soon as they appear in Windows Update).  Thursday night I took the laptop to a meeting to run GoToMeeting.  Most of the processes that auto-start were crashing.  Every minute I was getting a banner stating that I had not run Windows Update in over 30 days.  I went to WU, and I waited over five minutes while it searched for updates.  While it was still searching, I rebooted.  Then I again went to WU, and I got the immediate error code 80072F8F.  The GoToMeeting start application was crashing, and I could not use Firefox to go to GTM, as Firefox complained about a bad security certificate.  When I used IE to do a Google search for that WU error code, IE told me that the Google certificate had problems.  So I shut down the machine.  When I searched this morning for that error code (on my Windows 7 desktop), I saw references to a bad clock setting.  I powered-on the laptop, and I noticed that the clock was wrong.  Using NTP to change the clock did not do anything, so I manually changed the date and time.  Then NTP worked to set the exact time.  Then I rebooted, and the strange Windows Update messages every minute vanished.  I do not remember if the system clock was a few days ahead or behind of local time.  I have no idea how the system clock had the wrong time. I do not know if the patching I did not Tuesday was the cause.  I use that laptop about four times each month.

      • #198115 Reply

        PKCano
        AskWoody MVP

        If your system does not retain the time on the system clock, the probable cause is that the CMOS battery (a coin-type battery on the motherboard) is dead and needs to be replaced.

        You DID NOT get KB4284878 in Windows Update. It is the Win8.1 June Security-Only update and is not available through Windows Update. It has to be manually downloaded from the Microsoft Catalog.
        The June patch issued through Windows Update is the Security Monthly Quality ROLLUP KB4284815.

        I don’t know what you installed on the computer, but I recommend you try to uninstall it. Perhaps it was an incompatible driver for some hardware. Or you can look in the update history and try to determine what was installed, then uninstall it.

        • #198465 Reply

          bsfinkel
          AskWoody Lounger

          You are correct; I did install KB4284815, not KB4284878.  After I powered-down the laptop Thursday evening around 7PM, I had the laptop off until about 1PM this afternoon (Sunday).  The system clock had the correct time, so I do not know if the CMOS battery is running low on power.  So, I do have a definitive answer as to why the system clock did not have the correct time 48 hours after I patched, rebooted, and backed up.  Now, if Windows Update had told me that my system clock might be wrong instead of the cryptic “error 80072F8F”, I would have been able to diagnose and fix the problem promptly.

          • #199597 Reply

            bsfinkel
            AskWoody Lounger

            Here is a quick update.  This morning I took the 8.1 laptop, changed the date so that it was tomorrow’s date, and restarted.  I did NOT experience the problems that I had experienced the one previous time that the clock was incorrect.  So, I have no idea what was happening to cause the problems, and I still have no idea how the clock got to be wrong.

    • #198224 Reply

      DrBonzo
      AskWoody Lounger

      FYI the Win 7 Rollup and Security Only updates for June have been updated on the MS support site on June 15.

      There are NO issues now reported for the Security Only (i.e., no NIC problem and no stop error/SIMD/SSE2).

      There is no stop error/SIMD/SSE2 error listed for the Rollup, but the NIC issue IS still listed.

      It appears that some earlier months were also updated on June 15, so you might want to check these out if you haven’t yet patched through May.

      4 users thanked author for this post.
    • #198271 Reply

      RDRguy
      AskWoody Lounger

      @pkcano @kirsty @viperjohn @retiredgeek @SusanBradley

      All, I’ve updated one of my Win7 64Bit systems with the original release Jun 2018 Security Only (KB4284867) & IE11 Cumulative (KB4230450) updates on Jun 12th and all seemed well until today.

      I finally experimented with Microsoft’s newly updated Speculation Control Validation PowerShell Script version 1.0.8 to see how my previously hacked i7-990x BIOS CPU Microcode update fares with Spectre Variant 4.

      Microsoft Speculation Control Validation PowerShell Script version:

      1.0.8 (Current version)
      Added support for querying Speculative Store Bypass Disable (SSBD) setting

      https://gallery.technet.microsoft.com/scriptcenter/Speculation-Control-e36f0050

      However, since updating the Win7 (Ultimate – x64) system with the Jun 2018 Security Only (KB4284867) & IE11 Cumulative (KB4230450) updates, the PowerShell scrip fails during the “Import-Module” command. This now also occurs with the previous 1.0.7 script version which just last week ran successfully. Same results when running either PowerShell 64 Bit or 32 Bit on the 64 Bit system.

      Original as downloaded from Microsoft, PowerShell Script failure indication:

      Speculation-Control-PowerShell-Script-v1.0.7-v1.0.8-Results-original-SpeculationControl.psd1-script-4

      Essentially during script import, PowerShell complains about:

      “… module cannot be imported because its manifest contains one or more members that are not valid … Remove the members that are not valid (‘RootModule’), then try to import the module again.”

      When running both versions of the script on the same Win7 (Ultimate – x64) system without the Jun 2018 Security Only update, both script versions import and run as expected.

      It would seem that the Jun 2018 Security Only update includes an undocumented change to Win7’s PowerShell in which it no longer recognizes the ‘RootModule’ member nomenclature.

      I’ve found that by changing the ‘RootModule’ member nomenclature to ‘ModuleToProcess’ nomenclature, all is well again and both script versions run successfully on the system updated with the Jun 2018 Security Only (KB4284867) update.

      Script modification edits shown below:

      Speculation-Control-PowerShell-Script-v1.0.8-original-modified-3

      After script version 1.0.7 modification, results are:

      Speculation-Control-PowerShell-Script-v1.0.7-Results-modified-script-3

      After script version 1.0.8 modification, results are:

      Speculation-Control-PowerShell-Script-v1.0.8-Results-modified-script-3

      Not sure if this new PowerShell characteristic / feature also applies to the Jun 2018 Win7 Roll-up, Win8.1 Security Only / Roll-up or Win10 or 32Bit versions of Win7 but it sure looks like another bug put into the Win7 security update cycle for us Win10 “obstructionists”.

      Now, just how many of us Win7 users are out there using PowerShell scripts and just how many of our scripts use the ‘RootModule’ member nomenclature that now fail? Luckily, I’ve only got a few.

      Lastly, the latest updated CPUID 206C2 version “0x1E” CPU Microcode does not contain the required SSBD CPU Microcode update for Spectre Variant 4 so it looks like I’m waiting for either HP or Dell to release an updated BIOS for their XEON x5600 series systems.

      Win7 Group B (Ultimate & Pro) [x64 & x86]
      MSOffice Pro Plus 2010 SP2 (x86 Perpetual)
      MSOffice Pro Plus 2013 SP1 (x64 Perpetual)
      RDRguy

      EDIT—————-
      Running GRC’s Inspectre version #8 works the same for me on Win7 Ultimate SP1 64Bit pre & post Jun 2018 Security Only update (KB4284867) so maybe there’s a new Win10 problem as noted above by @viperjohn in post #197747.

      However, I do expect Steve to update his marvelous tool to add Spectre Variant 3a & 4 protection detection capability once he gets a chance to do so.

      Win7 Group B (Ultimate & Pro) [x64 & x86]
      MSOffice Pro Plus 2010 SP2 (x86 Perpetual)
      MSOffice Pro Plus 2013 SP1 (x64 Perpetual)
      RDRguy

      • This reply was modified 6 months ago by  RDRguy.
      • This reply was modified 6 months ago by  RDRguy.
      • This reply was modified 6 months ago by  RDRguy.
      • This reply was modified 6 months ago by  RDRguy.
      Attachments:
      You must be logged in to view attached files.
      2 users thanked author for this post.
      • #198295 Reply

        Noel Carboni
        AskWoody MVP

        You seem pretty into the details, RDRGuy…

        Out of curiosity what’s your take on the performance impacts of these mitigations?

        My experience based on some of my scheduled jobs last night is that even with the mitigations disabled there’s still a not insigificant performance hit since last December…

        For example, an intensive software build job that had been taking about 47 minutes is now taking 51 minutes, about an 8% decrease in overall performance.

        The price difference in top-end workstations to get an extra 8% throughput is not insignificant!

        What price security?

        -Noel

      • #198301 Reply

        mazzinia
        AskWoody Lounger

        There are now microcode fixes also for older cpus (5200/5400 onward)?

        Due to the current situation, I’ve stopped at march + fix vs security hole of the first spectre patches.

    • #198302 Reply

      mazzinia
      AskWoody Lounger

      I keep testing how these “new” monthly updates behave on a test win8.1 embedded pro behave… and up to now seems that really 8.1 has not been butchered, weirdly.

      But I got this weird situation upon the reboot of vmware and logging into the 8.1 vm :
      A command prompt like window named dwm.exe with the following inside :

      SYMSRV: dwmcore.pdb from http://msdl.microsoft.com/download/symbols: 4009984 by
      tes – copied
      DBGHELP: dwmcore – private symbols
      C:\Windows\Tweaks\AeroGlass\symbols\dwmcore.pdb\1AB1FFC6AB984DD0849810D6
      CCFD7FC22\dwmcore.pdb
      DBGHELP: .\uDWM.pdb – file not found
      DBGHELP: .\dll\uDWM.pdb – file not found
      DBGHELP: .\symbols\dll\uDWM.pdb – file not found
      DBGHELP: udwm – public symbols
      C:\Windows\Tweaks\AeroGlass\symbols\uDWM.pdb\153457D628204D88A67A6F9D60D
      D064E2\uDWM.pdb

      1 user thanked author for this post.
    • #198461 Reply

      ViperJohn
      AskWoody Lounger

      BIG HEADS UP FOLKS

      The June 2018 Cumulative KB4284874 for Win10 v1703 from the Windows  Update Catalog contains and installs the dreaded Windows 10 Update Assistant V2.

      It installs in the ?:\Windows\UpdateAssistantV2 folder which should be deleted before the horror show in the folder can execute.

      If memory serves the sole purpose this delightful piece of MS designed MalWare is to undo and /or reset every single User set or altered Service / PC Setting / Group Policy impediment to a forced version upgrade.

      2 users thanked author for this post.
    • #198466 Reply

      bsfinkel
      AskWoody Lounger

      I have another patch question – What are the “Preview of Quality Rollup” patches?  I saw two 2018-05 for Windows 7 the Tuesday after May Patch Tuesday, and, per AskWoody, I did not install them.  When will these be officially released?  Will there be 2016-6 Preview of Quality Rollup” patches released this coming Tuesday (a week after Patch Tuesday)?  I know that security-related patched are released on the second Tuesday of each month, but what exactly are the patches released the following Tuesday?

      • #198467 Reply

        PKCano
        AskWoody MVP

        Monthly Rollup patches contain three parts: security, non-security, and IE 11cumulative. They are released on the second Tues (Patch Tues). Rollups are CHECKED Important updates.

        The following week, the Preview for the next month is released. It contains that month’s Rollup PLUS the non-security updates for the next month. It is an UNCHECKED Optional update. It is there for Admins and IT Dept’s to test before updating next month. It is not intended to be installed by the consumer, hence UNCHECKED Optional.

        2 users thanked author for this post.
        • #198691 Reply

          bsfinkel
          AskWoody Lounger

          I have one problem with the response about “preview” updates.  In May, the Tuesday after Patch Tuesday, I saw for my Windows 7 system two preview patches:

          KB4103472 2018-05 Preview of Quality Rollup for .NET 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1
          KB4103713 2018-05 Preview of Quality Rollup for Win 7

          According to what PKCano wrote, these two patches  (or similar ones with different numbers) should have appeared as non-security patches on Patch Tuesday in June.  I saw no non-security patches last week.  What happened to these two patches?  (I am awaiting the  “preview” patches to be released today.)  Thanks.

           

          • #198705 Reply

            PKCano
            AskWoody MVP

            The Preview patches are always UNCHECKED optional patches.

            The Preview patches (with revisions if necessary) are incorporated into the following month’s Rollup. MS adds the security patches and IE11 updates to them and they are the CHECKED important Rollups.

            1 user thanked author for this post.
            • #198791 Reply

              bsfinkel
              AskWoody Lounger

              Today’s Windows Update (roll-up Tuesday) showed me the

              KB4103472 2018-05 Preview of Quality Rollup for .NET 3.5.1,…

              update, so that preview from May has not been released officially for June.  I assume that .NET patches would be separate from the base operating system patches.  Does this imply that that .NET patch is “not yet ready for prime time”?

            • #198792 Reply

              PKCano
              AskWoody MVP

              We do not recommend installing anything with “Preview” in the title. They are for testing. That goes for .Net also.

              We do not recommend installing anything that is UNCHECKED by default.

              1 user thanked author for this post.
    • #198505 Reply

      ViperJohn
      AskWoody Lounger

      Okay Big Problem for Gamers with Windows 7 June 2018 Updates …. both Rollup and Sec-Only.

      If you use an “Xbox Wireless Adapter for Windows” to connect your Xbox One or Xbox 360 Controller to your computer installing either KB4284826 (Rollup) or KB4284867 (Sec-Only) (and I DID try both updates) breaks the Wireless Adapter and your Xbox Controllers will no longer function at all.  You get an red exclamation point show on the Xbox Icon in “Control Panel / Devices and Printers” every time you turn the controller on and your Controller will no longer be listed at all.

      WindowsReport has a write up about the issue here:

      https://windowsreport.com/kb4284826-bugs/

      Note that both Windows 7 and Windows 8.1 use the exact same drivers for the Wireless Adapter so it may get broken in Windows 8 as well.  I tried removing and reinstalling the drivers from Windows Update (which gets them from the update catalog) and it did not correct the problem.  I do not know if uninstalling the updates will return normal operation as I just rolled back using a pre-update disk image to get my adapter functioning again.

      2 users thanked author for this post.
    • #198619 Reply

      anonymous

      Sorry if this is off-topic, but during the weekend I received an update through Windows Update for Windows Defender.  It reset Windows Defender, and I received updates for some old updates like Silverlight and C++ Redistributable.  It reset the last check for updates to never, and on further checking I found that it had changed my settings for Windows Update to “Automatically download and install updates” from “Check for updates but let me choose to download and install them”.  Needless to say, I soon reversed these settings.

      Windows 8.1 Group B and sometimes W.

       

      1 user thanked author for this post.
    • #198697 Reply

      anonymous

      I’ve just notice on the Malwarebytes forum there are a lot of Windows 10 people (1803 and 1709) who have updated to the June patches and are now getting regular BSODs (DRIVER_IRQL_NOT_LESS_OR_EQUAL and NETIO.SYS) when browsing the internet with Malwarebytes AntiMalware (MBAM) turned on. Could this be like Avast all over again?

    • #198819 Reply

      GoneToPlaid
      AskWoody Lounger

      Hello everyone,

      The following is both directly related to Microsoft’s June 2018 updates, and is also a rant which contains potentially useful information for all.

      I use Win7-64 on all of my computers. I am on Super Group B (SGB), which is my own moniker and sub-category of Group B. SGB is about avoiding all telemetry updates, is also about avoiding all other non-telemetry updates which cause serious issues, and is also about sometimes installing one or more specific updates in reverse order in order to get around Microsoft’s intentionally or non-intentionally created update issues.

      An example of one of Microsoft’s intentionally created update issues:

      Install the June 2017 update first, before installing the May 2017 and April 2017 updates (in this order), in order to prevent Windows Update from being blocked on some older CPUs. This was Microsoft’s way of saying “thanks — your CPU is not supported” to users who installed Windows 7 on newer generation hardware with newer AMD CPUs. Microsoft unintentionally also said “thanks — your CPU is not supported” to owners of Intel CPUs.

      That there was some mighty fine and obviously non-vetted programming by Microsoft. And Microsoft still wonders why consumers, such as all of us, distrust Microsoft. I remember when I used to trust Microsoft. Those days are long gone. Trust. It is a magic word in the business world. HP learned this lesson the hard way. Microsoft needs to learn this lesson the hard way, if Microsoft is to survive in anything other than the Cloud.

      I installed the June 2017 update, and found that my 4th gen Haswell CPUs were blocked from receiving future updates. Windows Update was hosed. I uninstalled the June 2017 update. Windows Update was still hosed. I then performed a System Restore. After the successful System Restore, Windows Update was still hosed. I was forced to perform a C drive restore from a Macrium backup image of my C drive.

      So again, my solution was to install the June 2017 update first, before installing the May 2017 and April 2017 updates (in this order), in order to prevent Windows Update from being blocked on some older non-AMD CPUs.

      Examples of Microsoft’s non-intentionally created issues:

      — The 2018 Total Meltdown vulnerability which Microsoft unintentionally created, when Microsoft tried to implement OS software protection in Windows for Meltdown.

      — The persistent networking settings in the registry, which can kill network connections after installing various 2018 updates.

      With regards to the persistent network settings in the register, I found none on my computers since all of my Win7 computers are home built. So then I decided to take a giant leap by installing the 2018 updates, some of which have the above noted issues and other issues. I installed the 2018 updates in a reverse order:

      1. I installed the June 2018 security only update.

      2. I then installed the earlier 2018 security only updates, starting with the January update, and then progressing through the May 2018 security only update. I chose to do this, in this order, in my hope to get around issues with all previous 2018 security only updates which had issues. The idea here, just as with the aforementioned 2017 updates which killed Windows Update for my Intel I5 CPU, was to see if I could get around the monthly update issues by first installing the June 2018 update first, and then installing the previous 2018 updates.

      The upshot presently is that I am Super Group B updated through June 2018, and without any noticed issues. Now that I have my Win7-64 computers at this state which includes protection from Meltdown, the following are my present observations:

      1. I/O performance for Microsoft’s implementation for Meltdown have significantly improved. In particular, the I/O performance is both significantly faster and is significantly more linear in terms of estimated backup time when performing backups of my computer’s OS hard drive.

      2. Somewhere along the releases of Windows Updates, starting from around mid 2017 through June 2018, Microsoft introduced and then finally corrected a bug in ntdll.dll. This bug caused some old Win32 programs to crash on exit, with a message that the program performed some sort of “pure function call”. This, finally and after at least a half year, also has been fixed. It is amazing that this issue was not resolved for approximately a half year. Well, perhaps this really is not too amazing since Nadella, upon becoming Microsoft’s CEO, fired Microsoft’s update quality assurance team, and then chose to leave the quality for all Windows Updates to the individual programmer for each specific update. This absolutely is one of the most stupidly “brilliant” decisions of all time. This is what Type A mental personalities do. And, inevitably and way down the long and winding road, they NEVER see that their decision, in hindsight, was a mistake. It is what it is.

      I hope that something which I said, above is useful. If not, then I apologize.

      My best regards to all,

      –GTP

       

      5 users thanked author for this post.
      • #198822 Reply

        DrBonzo
        AskWoody Lounger

        Thanks for the info GTP.

        I want to make sure I understand something you said in “An Example of One of Microsoft’s Intentionally Created Update Issues”. Was it the June 2017 or the June 2018 update that hosed Windows Update and also blocked further updates to your 4th gen Haswell?

        Maybe it’s sort of coincidence that you’re talking about the April, May, and June updates from both 2017 and 2018, but I wanted to make sure I was clear on what you said. I remember something about blocked updates from 2017 and am hoping there’s not a repeat in store for 2018!

        Thanks.

        1 user thanked author for this post.
        • #198887 Reply

          GoneToPlaid

          Hello DrBonzo,

          It was the April 2017 and May 2017 updates which blocked AMD Carrizo DDR4 CPUs, and which unintentionally blocked some Intel CPUs such as my fourth generation Haswell I5 CPUs. My solution was to install the June 2017 update first, since this update resolved the unintentional blocking of some Intel CPUs. I then installed the April 2017 and then the May 2017 updates.

          Separately, I believe that the issues of some older programs crashing in ntdll.dll when these older programs were being closed, started with either the September 2017 or October 2017 updates. I don’t know which, since I installed both of them at the same time, after holding off on installing them for a few months. Eventually I updated all of my Win7 computers with all security updates through December 2017, yet I was still having the issues of some older programs crashing on exit.

          Earlier this year, I had installed the January 2018 and February 2018 updates which prevent Meltdown. After a security researcher discovered Microsoft’s Total Meltdown bug in these two 2018 updates, I uninstalled them. Until several days ago, all of my Win7 computers were updated through December 2017, yet I was still experiencing the issues of older programs and ntdll.dll. I was still experiencing this issue when I also had the January 2018 and February 2018 updates installed.

          I backed up my primary Win7 computer’s OS partition this last Saturday. I then decided to bite the bullet and try the 2018 updates through June 2018. I started by installing the June 2018 update. I immediately noticed that the ntdll.dll issues with older programs was resolved. So then I installed the January 2018 through the May 2018 updates, praying that the already installed June 2018 update would have supersedence in terms of specific files which the older 2018 updates would try to update. The supersedence of the June 2018 update appears to have been properly done. Then I downloaded and ran the proof of concept program for Total Meltdown. The POC program crashed as soon as it tried to enumerate and access any memory other than the memory which was assigned to it by the kernel. This crash was reassuring to see, since it confirmed that installing the earlier 2018 updates did not somehow reintroduce the Total Meltdown bug.

          The other reason why I installed the June 2018 update first, and then the earlier 2018 updates was to avoid several very serious issues in the earlier 2018 updates. These issues apparently were finally resolved in the June 2018 update. The amazing thing is that it took Microsoft approximately nine months to resolve the issues in ntdll.dll. I guess this is what happens if it is the same programmer who is staring at his own code and who fails to see his own coding mistakes. I sure do miss Microsoft’s fired Update Quality Assurance Team.

          Best regards,

          –GTP

           

          2 users thanked author for this post.
          • #199444 Reply

            OscarCP
            AskWoody Lounger

            GoneToPlaid, ( #198887 )

            Would you also say, perhaps, that someone like myself, who has updated Windows 7, x64, as “Group B”, through May without problems, and has an older “sandy bridge” I-7 CPU, needs to remove the March and April updates before installing June’s, then install them again?

            Or is this only something to do for those with the recent generation of Intel chips in their PCs?

             

            • #199651 Reply

              GoneToPlaid
              AskWoody Lounger

              It is only for those who encountered issues with the previous 2018 updates. Since your computer is updated through May, you can go ahead and install the June 2018 update without first uninstalling and then reinstalling the previous 2018 updates.

              2 users thanked author for this post.
    • #199189 Reply

      anonymous

      Applied June 2018 Windows 10 1709 delta update (via manual download) and Office 2013 updates (via on demand WU), after using WUSH util to block unwanted KB4134661  —  machine is stable.

    • #199240 Reply

      Grond
      AskWoody Lounger

      Sorry if this is off-topic, but during the weekend I received an update through Windows Update for Windows Defender. It reset Windows Defender, and I received updates for some old updates like Silverlight and C++ Redistributable. It reset the last check for updates to never, and on further checking I found that it had changed my settings for Windows Update to “Automatically download and install updates” from “Check for updates but let me choose to download and install them”. Needless to say, I soon reversed these settings. Windows 8.1 Group B and sometimes W.

      Has anyone else seen Defender not being able to be updated manually? I have always updated it manually since the GWX campaign but haven’t seen any updates since 6/11/18. That’s 11 days now and by far the longest I’ve seen between updates.
      Win 7 SP1 x64 Home Premium home-built desktop
      The last WU updates I’ve installed (besides the Defenders) were on 6/3/18:
      KB4103718 (2018-05 SMQR for Win 7 x64-based systems
      KB890830 (MSRT x64 – May 2018
      KB4099633 (2018-05 SQR for .NET 3.51, 4.52, 4.6, 4.61, 4.6.2, 4.7, 4.71 on Win 7 / Server 2008 R2 for x64
      I haven’t even looked in WU since 6/3/18 to see what’s in there, but has anyone else noticed Defender not updating? The above quoted post has me a bit leery ATM.
      Thanks, Grond

      • #199254 Reply

        columbia2011
        AskWoody Lounger

        I also noticed this. Updates have not been set since June 11. I decided that this is a glitch. Completed the downloading of signatures manually.
        https://www.microsoft.com/en-us/wdsi/definitions

        1 user thanked author for this post.
        • #199267 Reply

          Grond
          AskWoody Lounger

          TYVM for the link. Downloaded & updated. 🙂

      • #199331 Reply

        anonymous

        Columbia2011 gave the help you needed and I am not contradicting that.
        But I wanted to highlight a point that may confuse others along the way. The anonymous you quote to introduce your question specified a Windows8.1 operating system. Grond, you describe Windows 7.
        Microsoft gave two different products the same name, Defender.
        Grond, in Windows 7 the item named Defender is not sufficient protection by itself. If you have no other antivirus, I recommend installing Microsoft Security Essentials for Windows 7. It also has a name often confused with yet another unrelated item.
        Installing MSE will disable the thing you call Defender and work in its place. MSE will provide you the same definitions from the same source used by the full sized Defender used in Windows 8 and 10.
        This does not read clearly when you haven’t already known what Microsoft did years ago. So do not take my word for it. Look up the information and decide for yourself what level of protection satisfies your needs.

        5 users thanked author for this post.
        • #199384 Reply

          Grond
          AskWoody Lounger

          I very much appreciate you looking out for me and the advice. 🙂

          I also run up-to-date premium versions of Kaspersky for my AV and MBAM for my malware solutions. Defender is, for me I guess, a last line of defense. 🙂

          • #199481 Reply

            anonymous

            I am glad that I misunderstood your needs and that you have two additional respected protections in place.
            For others that may still wonder what Microsoft recommends, I followed the link provided by columbia2011. In usual Microsoft fashion, you can page down until you find the table of latest definitions for various products.
            But reading from the top of the document, before the specific helpful directions for Windows 10, there is a link to the threat protection catalog and this recommendation for Windows 7 and earlier.
            Please note that Microsoft only discusses Defender in terms of Windows 10 and Windows 8.1 and directs all earlier systems to an MSE download. Take care in selecting the proper “bitedness” next to your preferred language.
            Of course, just like Grond, to reduce potential conflicts, you should only run one live protection at a time.

    • #199340 Reply

      EP
      AskWoody MVP

      New Win10 updates for v1607, v1703 and v1709. see this new blog from Born’s Tech & Windows world site:
      https://borncity.com/win/2018/06/22/windows-10-v1607-v1709-updates-vom-21-juni-2018/

      1 user thanked author for this post.
      bjm
    • #199593 Reply

      Nibbled To Death By Ducks
      AskWoody Lounger

      This being the only time I’m going to have to do any PC maintenance for a week, read Patch Lady’s, Woody’s, the MVP’s and everyone’s input before diving into the deep end of the pool and patching, even tho Defcon 2.

      Reporting in on installation of KB428426 Rollup:

      No NIC issues, Broadcomm/Dell NIC.

      Total time to download, install, and reboot, about 13 minutes.

      Disk Cleanup afterwards took about 7 minutes.

      Noticed that the machine was using about 20% more mem than it usually does in the fully booted and mostly quiescent state, so did a reboot, and the usage went back to normal.

      Time for complete reboot, about 3 minutes, which seems a little longer than normal. Probably more “CPU Mitigation Meddling” responsible. Steve Gibson’s tool showed the system was still vulnerable to Spectre. (But not Meltdown.)

      All in all, a good run so far, and “we shall see what we shall see.”

      ====================

      P.S. I really don’t know which is worse at this point in time….Windows or Android; SmartA**phone broke this week, had to get a new one, start to learn the new OS version’s peculiarities/outrages/design flaws/snooping systems/embedded bloatware-spyware toggles, configure the new device, hassle with a new carrier, etc, etc…I really do think I’m going walkabout in the bush with just a radio, and I may not come back. “Hey, Mick, wait up…” :p

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "A/B [negative] :)", Multiple Air-Gapped backup drives in different locations, "Notify but do not download or install without asking."

      --

      "The more kinks you put in the plumbing, the easier it is to stop up the pipes!" -Scotty

      3 users thanked author for this post.
    • #201135 Reply

      anonymous

      For the first time since February (when KB4088875 failed with error 80242016 and I rolled back), I have just updated a Windows 7 64bit Professional running on an AMD A88XM-Plus m/b with FM2+ (Bolton D4) processor and MBR boot, with the June update (KB4284826 and KB4099633).

      No initial problems – starts and I have the internet. No sign of Defender though. Not too sure what the added value is when I have Malwarebytes, F-Prot real time virus protector, EMET.

      Thanks for the Update advice here that I have been reading since the update failure.

      Alan, UK

      • #201516 Reply

        anonymous

        Today was offered a Defender definition update. So it is still working for me 🙂

        Alan, UK

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: June 2018 Patch Tuesday is upon us

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: