• Patch Lady – we have an “out of band” release


    We get them so rarely these days it probably needs a bit of explanation:

    For those of you that use Windows update, you will get a security patch pushed out to your machine and it will demand a reboot.

    Susan update:  The KBs state that these will not be pushed out via Windows update, but instead come down only if you go to the catalog.  Thus totally BREAKING the definition of “out of band update”.  Geeze Microsoft.

    For those on Windows 10 it will be a cumulative update:

    4522016 for 1903

    4522015 for 1809

    4522014 for 1803

    4522012 for 1709

    4522011 for 1703

    4522009 for RTM of Windows 10

    4522010 for Windows Server 2016

    4522015 for Windows Server 2019

    4522007 for Windows 8.1, Windows 7, Server 2012, Server 2012 R2 it’s a patch JUST for Internet explorer – so both A and B patchers can install it.

    For those of you with WSUS updating rules or quality update deferrals, this will respect those settings.

    Bottom line, there’s a security issue for which Microsoft sees active targeted attacks to their customers and thus they’ve determined it should be pushed out now rather than waiting for the second week of next month to fix it. 

    Bottom line, there’s a security issue for which Microsoft has apparently deemed it an “out of band” but not enough of an “out of band” to be pushed out to automatically update.  Confused?  I am.  Should you install it?  Obviously not given how they are handling this update.

    Updated note:  Per Nick from the patchmanagement.org list, Microsoft has told Enterprise customers that this will be on Windows update and WSUS on Tuesday, September 24 Redmond time (aka the D week release).  So unless you have deferrals in place you will be getting it tomorrow on your Windows 10 machines.  I’ve always been informed that attackers can call a specific program so even though you aren’t using IE, that doesn’t mean it’s not embedded into the software.