• Heads up! 50 new security patches just pushed to the Update Catalog

    Sometime in the past hour-or-so we got 50 new patches in the Catalog. They’re marked:

    IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent printing issue some users have experienced. Customers using Windows Update or Windows Server Update Services (WSUS) will be offered this update automatically. To help secure your devices, we recommend that you install this update as soon as a possible and restart your PC to fully apply the mitigations. Like all cumulative updates, this update supersedes any preceding update.

    Note This update does not replace the upcoming October 2019 monthly update, which is scheduled to release on October 8, 2019.

    According to @EP, we’re being treated to:

    KB4524135 IE update for IE9/IE10/IE11
    KB4524147 CU for 1903 (build 18362.388)
    KB4524148 CU for 1809 (build 17763.775)
    KB4524149 CU for 1803 (build 17134.1040)
    KB4524150 CU for 1709
    KB4524151 CU for 1703
    KB4524152 CU for 1607
    KB4524156 Rollup for Win8.1
    KB4524157 Rollup for Win7

    More info as we find out what the Sam Hill is going on.

    UPDATE: The KB article also says that it fixes the .NET 3.5 installation problem introduced in both the second and third September cumulative updates for all Win10 versions:

    This security update includes quality improvements. Key changes include:

    Addresses an intermittent issue with the print spooler service that may cause print jobs to fail. Some apps may close or generate errors, such as the remote procedure call (RPC) error.

    Addresses an issue that may result in an error when you install Features On Demand (FOD), such as .Net 3.5. The error is, “The changes couldn’t be complete. Please reboot your computer and try again. Error code: 0x800f0950.”

    That tells me somebody’s listening – but it also tells me that MS is doing a very poor job of updating their Windows Release Information page. I think I’ll write about that in Monday’s Plus Newsletter.

    By the way… depending on your definition, the September 23 cumulative update was absolutely NOT an out-of-band patch. A real out-of-band patch goes out to everybody (the Sept. 23 patch was download only), gets distributed through the update servers, and it’s reasonably well documented. This patch is an out-of-band update — except we still don’t know much about the zero day.