News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Reaffirming that we’re still at MS-DEFCON 2

    Posted on January 5th, 2018 at 08:28 woody Comment on the AskWoody Lounge

    There’s still no pressing reason to install the early crop of Patch Tuesday patches.

    Computerworld Woody on Windows.

    Correction: @teroalhonen notes that there’s no such thing as Win10 1511 LTSC. He’s right, my Computerworld article’s wrong. Win10 1511 is supported through April 2018, but only for Enterprise and Education editions.

    But that brings up a related question. Why are the Surface firmware updates only going out to 1703 and 1709? What about 1607 and 1511? They’re both being supported.

    UPDATE: We have a report of a BSOD with the Win7 32-bit patch. Details to follow.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Reaffirming that we’re still at MS-DEFCON 2

    This topic contains 25 replies, has 11 voices, and was last updated by  anonymous 1 year, 1 month ago.

    • Author
      Posts
    • #156500 Reply

      woody
      Da Boss

      There’s still no pressing reason to install the early crop of Patch Tuesday patches. Full rundown coming in Computerworld.
      [See the full post at: Reaffirming that we’re still at MS-DEFCON 2]

      3 users thanked author for this post.
    • #156570 Reply

      jrmoffett
      AskWoody Lounger

      I am wondering for Windows PC users (Win 7 in my case) who want to avoid any performance hits if it is going to be generally safe to assume that if we do any online transactions or banking, that a simple reboot afterwards will clear kernel memory and thus avoid any problems? It would seem that if all I have done over the last few hours was work on a Word document or Excel spreadsheet, or maybe play an online game, that there won’t be any loot in loaded in memory that can be stolen. Obviously patching will be necessary soon, but I was hoping to wait for improved work arounds in the future, rather than applying the first patch they come up with.

    • #156628 Reply

      Geo
      AskWoody Plus

      Group A  Win 7 X64.  No problem so far.  No slow down.  I use windows up date clean up after down loading.  KB4056894

    • #156656 Reply

      DrBonzo
      AskWoody Lounger

      I’m missing something, I think. I’m group B so I do all my updates manually, by which I mean I download the stand-alone patches and then install them. Woody’s article in Computerworld says something to the effect of ‘for heaven’s sake don’t update manually’ (pardon the paraphrase).

      Please educate me as to what’s bad about the manual installs. (I am waiting until Defcon 3 or 4 before any installation of any patches this month.)

      Thanks

      • #156658 Reply

        PKCano
        Da Boss

        There is a Registry entry that is made by anti-virus programs to show that it is compatible with the SO or Rollup. It prevents the Rollup from showing in WU, thus preventing the install from WU.

        However, the lack of the Registry entry does not prevent a manual install. If the AV is incompatible it can cause a BSOD. So, you need to check for the Registry entry BEFORE installing.

        AND, We are still at DEFCON 2. WAIT WAIT WAIT

        4 users thanked author for this post.
        • #156740 Reply

          DrBonzo
          AskWoody Lounger

          OK, got it. Thanks PKCano.

          I’m definitely waiting, waiting, waiting. 🙂

          I’m running Microsoft Security Essentials and I did get the Rollup notification on Windows Update, so I should be OK with the Security Only update. I’ll grit my teeth and check the registry, though.

        • #156776 Reply

          Ascaris
          AskWoody_MVP

          Ah, so that’s how it works… the least elegant and consumer-friendly way possible.  Should have known, really.  Thanks for the info, though.

          With each passing day, Windows gets less and less relevant. If this is the point of reckoning with regard to Windows updates, well… it’s gotten here earlier than I expected.

          Group "L" (Kubuntu 18.10)

        • #156847 Reply

          lizzytish
          AskWoody Lounger

          We’re Group B (and of course we are NOT updating until Woody says) but the January patches are
          not showing in WU – the December roll ups are still there- as we had installed the Security only
          manually for December. We run Norton Security and have just updated – but it is on Live Update automatically… My question/request is. When the time comes to update would someone very kindly run through the steps of being able to check the Registry to see if the AV has the correct setting please before one goes ahead and install the security patches manually. Have just changed the settings in WU to NEVER and then reverted back to Check but let me decide to download etc. and the
          same ones have been offered again, that is the December ones…… mind you I didn’t reboot and that might have triggered the new batch should our computers have passed muster.
          Once more we owe a great big vote of thanks to Woody and all those who’ve chimed in to help.
          Many thanks! LT

          There’s an indeterminate sized
          not quite full
          moon,
          shining like an arrow,
          through an
          undefined gap of
          ancient Persian elegance,
          in an old and endangered Deodar Tree.

          The little red monkeys are squeaking
          and grizzling as
          dark
          and cold
          come on.
          (Can’t say I blame them.
          Would I like dark and cold, sleeping in a tree?)

          I enjoy the moon
          and the dark redbrown
          fearful colour of the mountains
          immediately post
          alpenglow.

          T’wasn’t sweet and pink tonight,
          our winter alpenglow.
          The world is trembling,
          shaking
          and all life’s balance is
          nervewrackingly precarious.

          I know the feeling.

          So hell, reach out to the world
          reach out to your friends and their friends
          and create ripples
          of caring
          sharing
          helping
          and let us all
          hunker down,
          legs spread and feet planted firmly
          for balance
          and see if we can just, together, save the world.

          Happy New Year.

          love joy peace freedom to all and impeachment where needed….
          (Courtesy of the Guardian UK – quote by FerenjiNan )

          • This reply was modified 1 year, 1 month ago by
             lizzytish. Reason: to request notification via email
          1 user thanked author for this post.
    • #156665 Reply

      anonymous

      sadly I have to inform that after installing this updates in serveral computers with Windows 10, now they does not start anymore, they just stuck in Windows Logo after the first reboot, so seems thet last update introduced the same bug that is present in Insider Build 17063 :S

      all the machines affected have AMD Athlon 64 X2 CPUs.

      • #156671 Reply

        PKCano
        Da Boss

        Which version of Win10 are you using?
        Was the RegAllow key present in the Registry before the install?

        • #156682 Reply

          anonymous

          Windows 10 1709 with Windows Defender only.

    • #156703 Reply

      santino
      AskWoody Lounger

      Tried a manual installation on v.1607 with the full accumulative file, didn’t finish. After 15-20 min. it replies with a generic message saying that it will revert the changes. And that’s that.

      Mind you: it requires the Windows Update service to be enabled or it won’t install.

      Tomorrow I’ll test with a couple of v.1709. Well, at least it isn’t an important issue!

    • #156755 Reply

      MrBrian
      AskWoody_MVP

      List of vulnerabilities Microsoft fixed this month (from https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2018/av18-002-en.aspx):

      “CVE-2017-5754, CVE-2017-5753, CVE-2017-5715, CVE-2018-0818, CVE-2018-0788, CVE-2018-0754, CVE-2018-0750, CVE-2018-0741, CVE-2018-0753, CVE-2018-0746, CVE-2018-0747, CVE-2018-0748, CVE-2018-0751, CVE-2018-0752, CVE-2018-0744, CVE-2018-0745, CVE-2018-0749, CVE-2018-0743, CVE-2018-0762, CVE-2018-0772, CVE-2018-0766, CVE-2018-0773, CVE-2018-0774, CVE-2018-0781, CVE-2018-0800, CVE-2018-0758, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0803”

      1 user thanked author for this post.
    • #156775 Reply

      anonymous

      I’ve installed the security only patch and theIE 11 patch on a Win7 X64 machine and have had no issues as of yet. It has a Core i3 processor. I am NOT installing the security only patch on my main AMD (Ryzen) machine, although I did install the IE 11 patch, as my understanding is that it’s for Meltdown, which doesn’t appear to affect AMD chips. Again, no issues are apparent.

      To be clear, both machines are Win 7 X64, I’m group B, and have at this time experienced no problems. My name is guinea pig.  🙂

      justaned

      1 user thanked author for this post.
      • #156972 Reply

        anonymous

        patch is not only against Meltdown, it’s again more vulnerabilities too, so you should install it anayway, even if you are using a Ryzen CPU.

        • #157205 Reply

          anonymous

          I will politely disagree with your assessment; especially given the BSOD issue.

          justaned

    • #157270 Reply

      PerthMike
      AskWoody Lounger

      Anyone know what’s going on with KB4056898 for Windows 2012 R2?

      My WSUS server received TWO entries for the x64 processor on 01/06. They look identical, except for the revisions:
      – one shows revisions 203 and 204 (and it appears 204 is now marked expired)
      – the other shows revision 200 (not expired in revision history view, but in the main view it is also marked as expired).

      This one’s a minefield to install. So theoretically I should approve revision 203, but the main entry containing 203 is marked as expired.

      No matter where you go, there you are.

    • #157314 Reply

      anonymous

      Ardvark here…Updated my W7 64 bit system after verifying Avast had fixed their Virus Scanner…downloaded security update kb4056897 only (not rollup kb4056894) from MS Catalog… downloaded & installed with no issues… understand it probably only covers Meltdown fix from MS… not sure when/where Spectre fix will be available…no BSOD or other issues so far… system working fine… will need IE 11 update at some point, but not sure where to get it…assume I will need to contact ASUS or visit their web site at some point for firmware or BIOS updates. Can anyone confirm my assumptions?

    • #157387 Reply

      MrBrian
      AskWoody_MVP

      From https://twitter.com/GossiTheDog/status/950325474022092800 (my bolding): “Microsoft have added the following text to their KB article to clarify that unless the AV compatibility registry key is set, Windows Update will not delivery January’s *or all future* security updates. […]”

      2 users thanked author for this post.
      • #157394 Reply

        anonymous

        What if someone isn’t running antivirus, will the registry switch ever be set?

        • #157400 Reply

          PKCano
          Da Boss

          If you are not running AV, you can manually add the RegAllow key. But at this point, I wouldn’t take the chance of a BSOD. Wait until this is sorted out.

        • #157402 Reply

          MrBrian
          AskWoody_MVP

          From https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/:

          “If you’re one of the unlucky souls whose AV company doesn’t plan to add that registry key, this is a .reg file Bleeping Computer put together to automatically create the following registry key for you.

          […]

          We’ll display this in red so it sticks out. Do not run the .reg file unless you’ve confirmed with your AV vendor that they’re compatible with the Meltdown and Spectre patches.”

        • #157409 Reply

          anonymous

          Not for me, I know what is going on. I mean for someone barely gets updates installed let alone keeps good track of their antivirus.

          Are they just going to stop getting updates because nothing set the key?

          Starting state:
          Gets updates but has no (working) AV protection.

          Ending state after this update is released:
          Still has no (working) AV protection, key not set, no-longer gets updates either.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Reaffirming that we’re still at MS-DEFCON 2

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: