Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • September Windows/Office security patches

    Posted on September 11th, 2018 at 12:29 woody Comment on the AskWoody Lounge

    Martin Brinkmann has his usual comprehensive (and fast!) list on ghacks.net. Summary:

    Operating System Distribution

    • Windows 7: 18 vulnerabilities of which 3 are critical and 15 are important.
    • Windows 8.1: 22 vulnerabilities of which 4 are critical and 18 are important.
    • Windows 10 version 1703: 25 vulnerabilities of which 5 are critical and 18 are important. (extra critical is CVE-2018-0965)
    • Windows 10 version 1709: 24 vulnerabilities of which 4 are critical and 20 are important.
    • Windows 10 version 1803: 29 vulnerabilities of which 5 are critical and 24 are important. (extra critical is CVE-2018-0965)

    Windows Server products

    • Windows Server 2008 R2: 18 vulnerabilities of which 3 are critical and 15 are important.
    • Windows Server 2012 R2: 22 vulnerabilities of which 4 are critical and 18 are important.
    • Windows Server 2016: 25 vulnerabilities of which 5 are critical and 20 are important.

    Other Microsoft Products

    • Internet Explorer 11: 6 vulnerabilities, 3 critical, 3 important
    • Microsoft Edge: 13 vulnerabilities, 7 critical, 6 important

    I see 127 individual patches in the Microsoft Update Catalog.

    47 entries in the Security Updates Summary.

    Office 365 has a new Click to Run version. For those of you with installed (“MSI”) versions of Office, there’s a long list of new patches which includes 2010, 2013, 2016, Office viewers and Share Point Servers. (Thx @PKCano.)

    Official Release notes include two new advisories.

    There’s a servicing stack update for Win10 1803. If you install updates through Windows Update, that doesn’t matter — but if you are manually downloading and installing 1803 updates, be sure to snag KB 4456655 first.

    UPDATE: The SANS Internet Storm Center list is up.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums September Windows/Office security patches

    This topic contains 19 replies, has 10 voices, and was last updated by  EP 4 days, 22 hours ago.

    • Author
      Posts
    • #216797 Reply

      woody
      Da Boss

      I see 127 individual patches in the Microsoft Update Catalog.
      [See the full post at: September Windows/Office security patches]

      8 users thanked author for this post.
    • #216800 Reply

      PKCano
      AskWoody MVP

      September 2018 Group B Security-only patches have been updated in AKB2000003.

      11 users thanked author for this post.
      • #216812 Reply

        anonymous

        Thank you!

        As a Group B member, this AKB resource is super-handy each month, as well as for occasionally rebuilding a system. I really appreciate the extra time it takes to keep this list accurate and up-to-date.

    • #216808 Reply

      geekdom
      AskWoody Lounger

      Beta Test
      Reporting on Windows 7 updates:

      • Windows Malicious Software Removal Tool (KB890830)
      • Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4457918)
      • September Security Monthly Quality Rollup (KB4457144)

      All installed without error and the system rebooted without error.
      Please note that I have GWX Control Panel to prohibit Windows 10 upgrade.

      Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
      • This reply was modified 1 week ago by  geekdom.
      • This reply was modified 1 week ago by  geekdom.
      1 user thanked author for this post.
    • #216822 Reply

      Wazhai
      AskWoody Lounger

      Like usual, the newer the version of Windows, the more critical and important vulnerabilities that exist and have to be fixed.

      2 users thanked author for this post.
      • #216828 Reply

        Ed
        AskWoody Lounger

        This information is undoubtedly incorrect! Windows 10 is the best and most secure operating system EVER!

        /sarcasm off now, it appears my Sarcastic font has been rendered by M$

    • #216832 Reply

      krzemien
      AskWoody Lounger

      Just updated my both Windows 8.1 & 10 x64 Home instances without issues.

    • #216823 Reply

      anonymous

      In my desktop:
      Windows 10 (1803), KB4457128 (OS Build 17134.285) installed twice, perhaps because the Service Stack Update (SSU) (KB4456655) must be installed before the most recent cumulative update (LCU) (KB4457128) is installed.

      The LCU will not be reported as applicable until the SSU is installed.

    • #216824 Reply

      anonymous

      Martin Brinkmann forgot to include Windows Server 2008 SP2 in his list. This month marks the first time Windows Server 2008 SP2 is serviced just like the other supported Windows Server OS with the choice of using a cumulative monthly rollup or a single security-only update.

      This change was announced by Microsoft last june in this blog:
      https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/

      Francis

      1 user thanked author for this post.
      • #216889 Reply

        EP
        AskWoody Lounger

        Martin already included the Windows Server 2008 SP2 security rollup & security only updates (KB4458010 and KB4457984)

    • #216844 Reply

      Charlie
      AskWoody Lounger

      Like usual, the newer the version of Windows, the more critical and important vulnerabilities that exist and have to be fixed.

      You beat me to it, I was going to say almost the same thing.  Way to go.  Win 7 lives on.  Not really any surprise there.

      Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

    • #216845 Reply

      geekdom
      AskWoody Lounger

      If you are installing updates (beta testing), could you also provide the update names with numbers that installed or failed to install?

      Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
      • This reply was modified 1 week ago by  geekdom.
      • This reply was modified 1 week ago by  geekdom.
    • #216857 Reply

      BobbyB
      AskWoody Lounger

      Here’s todays little “haul” for Win10x64 Home 1803 on a VHD captured at Boot/Log in time in the midst of my daily read 😉 , with metered set, and WUMT set to run at Log in with this little Task Scheduler trick. Of course hidden awaiting pending developments, seems to work and has been doing now for the last 2 Official (B) Patch Tuesdays may bring some relief with it set on Auto run at log in. The question is will it work with the 1809 upgrade next Month? I guess I will find out soon enough, it has done so far with Win10 1709 Home back in April/May.
      Win10-Home-1803-WUMT-run-at-Boot

      Attachments:
      You must be logged in to view attached files.
    • #216866 Reply

      anonymous

      On our WSUS servers we are seeing detection logic problems for multiple .NET Framework updates.

      KBs: 4457914, 4457915, 4457916, 4457917 and 4457919 ares showing installed on a significant number of our WSUS client systems where none of those have been installed or for that matter had sufficient time to install them.

      Additionally none of those KBs have yet been approved on WSUS.  However our configurations do allow Windows Update to be run locally to check back directly to Microsoft.

      The fact remains that WSUS clients are showing the mentioned KB as installed, and therefore not needed, when it is definitely not installed and is needed.

       

      Jim

      2 users thanked author for this post.
    • #216870 Reply

      anonymous

      Updated my Win 7 pc’s last week for July & August security patches (Group B) along with Office 2010 patches (and ran manual chk for click to run for Office 2013 on other system). I held off downloading/installing KB4343900 (Spectre patch) as you advised. Should we still hold off on that patch,? And if so, the Sept patches will include an updated KB4343900 patch or would we first download/install Grouo B Sept security patches and then download/install KB4343900 when you raise the Defcon back to 4? Thx! Very appreciative!

      Edit to remove HTML

      • #216873 Reply

        PKCano
        AskWoody MVP

        I held off downloading/installing KB4343900 (Spectre patch)

        KB4343900 is not a “Spectre patch.” KB4343900 is the 2018-08 Security Monthly Quality ROLLUP for Win7. If you are in Group B you do not install Rollups, even under DEFCON-4. Group B installs only the Security-only Updates. and the IE11 CU.

        3 users thanked author for this post.
    • #216878 Reply

      woody
      Da Boss

      @abbodi86 reporting in a different venue:

      In WSUS, all Windows 10 CUs and Windows 7/8.1 Monthly
      Rollups have two versions.

      The first is automatically expired of course, and the second is all
      dated 2018-09-09

      seems a last minute bug fix included 🙂

      4 users thanked author for this post.
    • #216943 Reply

      anonymous
    • #217061 Reply

      anonymous

      Win 8.1 x64 – updates installed – no problems found.

      Win 7 x32 starter – All updates installed, so far, no problems.

      I noticed discussion on a zero day, privilege escalation bug was patched.

      https://www.zerodayinitiative.com/blog/2018/9/11/the-september-2018-security-update-review

      “This CVE could allow an attacker to execute code on a target system just by convincing someone to view an image. That’s all the user interaction needed. Open the wrong image – even through a web browser – and code executes”

      That code might execute at system level, because kernel mode graphic drivers are involved.  Patching that is my top priority.   If something break, system restore has been very dependable.

      1 user thanked author for this post.
    • #217423 Reply

      EP
      AskWoody Lounger

      @woody:

      OH NO:(
      those problematic meltdown/spectre microcode updates (KB4100347, KB4090007, KB4091663, KB4091664 & KB4091666) that were released on 2018-07 are back on MS Update Catalog with new revised dates (9/13/2018). search for any of those updates and you will see.

      On a test machine with Win10 Pro v1703 (using an AMD Phenom II X4 processor), Windows Update offered KB4091663 dated today THU Sept. 13, 2018 [oh no 🙁 ]
      but I used WindowsUpdate MiniTool to immediately block/hide it

      • This reply was modified 4 days, 22 hours ago by  EP.
      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: September Windows/Office security patches

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: