News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Tuesday patches are here

    Posted on January 8th, 2019 at 12:53 woody Comment on the AskWoody Lounge

    As usual, Martin Brinkmann has the first full list:

    • Microsoft released security updates for all client and server versions of Windows.
    • No critical vulnerabilities in Windows 8.1 and 7.
    • Microsoft released security updates for Microsoft Edge, Internet Explorer, Adobe Flash Player, .NET Framework, Microsoft Office, Microsoft Exchange Server, and Microsoft Visual Studio
    • The Update Catalog lists 187 updates for January 2019.

    Dustin Childs has an interesting take on the patches for the Zero Day Initiative:

    • CVE-2019-0547 – Windows DHCP Client Remote Code Execution Vulnerability
      If you are running Windows 10 or Server version 1803, this patch has to be on the top of your deployment list.

    • CVE-2019-0586 – Microsoft Exchange Memory Corruption Vulnerability
      This corrects a bug in Exchange that could allow an attacker to take control of an Exchange server just by sending it a specially crafted email.

    • CVE-2019-0550, CVE-2019-0551 – Windows Hyper-V Remote Code Execution Vulnerability

    Which means most of you aren’t in the crosshairs. The only known exploit he lists is for the Jet Database engine — another hole found in ancient technology that probably won’t affect you unless you use an old database application.

    There’s also a new Servicing Stack Update for Win10 version 1703, KB 4486458. As if any of you are still running 1703.

    There are January Security-only patches for .NET as well as the Security and Quality Rollups.

    January 2019 Security Updates for Microsoft Office 2010, Office 2013, Office 2016, the Office Viewers, and SharePoint Servers are available on the Office Support Pages. These Updates are for the .msi versions of Office, not Office 365 or C2R.

    UPDATE: It looks like the Win10 version 1803 patch, KB 4480966, may be something you need to install quickly. So far there are no known exploits, and no proof of concept code. But Microsoft is saying it’s bad.

    Will keep you posted as the drama unfolds.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Patch Tuesday patches are here

    This topic contains 35 replies, has 17 voices, and was last updated by

     EP 22 hours, 20 minutes ago.

    • Author
      Posts
    • #245112 Reply

      woody
      AskWoody Plus

      As usual, Martin Brinkmann has the first full list: Microsoft released security updates for all client and server versions of Windows. No critical vul
      [See the full post at: Patch Tuesday patches are here]

      6 users thanked author for this post.
    • #245117 Reply

      PKCano
      AskWoody Plus

      Group B Security-only Updates and the IE11 Cumulative Update have been updated on AKB2000003 as of 1/8/2019.

      11 users thanked author for this post.
    • #245119 Reply

      Microfix
      AskWoody_MVP

      Strange that the patch KB4480961 for W10 v1607 doesn’t contain the ‘Windows Storage and Filesystems’ fix, whereas every other OS does including W7-Windows Server 2008 R2 SP1 and W8-Windows Server 2012 R2..

      | W10 Pro x64 | W8.1 Pro x64 | Linux x64 Hybrids | XP Pro O/L
      1 user thanked author for this post.
    • #245122 Reply

      banzaigtv
      AskWoody Lounger

      Backing up my disk drive and installing it now. Will report the results of the update within a few days after vigorous testing.

      i7-4790k, HyperX FURY 16 GB RAM, Galax GTX 980 HoF, Samsung 850 EVO 1 TB SSD, Windows 8.1 Pro 64-bit

      2 users thanked author for this post.
    • #245149 Reply

      Barry
      AskWoody Lounger

      Installed on my 1809 machine. No apparent problems other than it messed up the HDMI scaling but that seems to happen with every update.

      Barry

       

      Barry

      • #245155 Reply

        banzaigtv
        AskWoody Lounger

        Bugs seem to occur on every Windows 10 cumulative update these days, so it’s not just you.

        i7-4790k, HyperX FURY 16 GB RAM, Galax GTX 980 HoF, Samsung 850 EVO 1 TB SSD, Windows 8.1 Pro 64-bit

    • #245160 Reply

      b
      AskWoody Plus

      Installed on 1809:

      1809updates01082019

      No drama.

      Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker" (Group ASAP)

      Attachments:
      You must be logged in to view attached files.
      2 users thanked author for this post.
    • #245164 Reply

      geekdom
      AskWoody Plus

      Beta Test
      Reporting on Windows 7 x64 updates

      Backups made first

      – Windows Malicious Software Removal Tool x64 (KB890830)
      – January Security Monthly Quality Rollup Windows7 x64 (KB4480970)
      – Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4481480)

      All installed without error and the system rebooted without error.
      Please note that GWX Control Panel is used to prohibit Windows 10 upgrade.

      Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
      • #292447 Reply

        geekdom
        AskWoody Plus

        I have a plain-vanilla operating system with few peripherals and carefully selected useful-to-me software. From reading other threads and posts on Windows 7 updates, it appears that if you have anything beyond plain-vanilla operating system, there may be difficulties. My hypothesis is that Microsoft testing is probably done in an ideal environment on a minimal operating system with no peripherals, connections, or other vendor software rather than a real environment. With inadequate Microsoft testing, it comes as a small surprise that there are update problems in a real-world environment.

        Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
        1 user thanked author for this post.
    • #245177 Reply

      anonymous

      UPDATE: It looks like the Win10 version 1803 patch, KB 4480966, may be something you need to install quickly. So far there are no known exploits, and no proof of concept code. But Microsoft is saying it’s bad.

      Woody, where are your comments coming from?  I dont see anything  alarming from Brinkmann or the MS site?

      Are you going to give a early Defcon 3 for Win 10 – 1803?

    • #245189 Reply

      banzaigtv
      AskWoody Lounger

      No issues with the Windows 8.1 monthly rollup patch so far. I will be closely monitoring for bugs during the next few days.

      i7-4790k, HyperX FURY 16 GB RAM, Galax GTX 980 HoF, Samsung 850 EVO 1 TB SSD, Windows 8.1 Pro 64-bit

    • #245188 Reply

      anonymous

      Win 8.1 x64 updates installed – no problems noticed.
      Win XP x32, updates installed – no problems noticed.

    • #245192 Reply

      zero2dash
      AskWoody Lounger

      Work machine (out of my hands) upgraded from 1803 to 1809 this afternoon. Doesn’t seem to be any ill affects but I’m not recommending the upgrade to 1809 yet still. I think we’re probably at least 4-5 months before it’s safe on that.

      Another troublesome/scary patch Tuesday makes me happy that I’ve switched to Ubuntu host machines running Win7 guest VM’s. The only reason I have to run the VM’s is because there is no Roblox client for Linux and I have kids. 😀

    • #245198 Reply

      warrenrumak
      AskWoody Lounger

      Installed on my 1809 machine. No apparent problems other than it messed up the HDMI scaling but that seems to happen with every update. Barry

      I’ve seen this on Windows 8.1, and if you look around a bit, you can see people having issues with it on Linux, too.  Usually with AMD cards.  It’s a problem with the interaction between the driver and display.  Make sure you’re using the latest manufacturer drivers.

      2 users thanked author for this post.
    • #245209 Reply

      OscarCP
      AskWoody Lounger

       

      No critical vulnerabilities in Windows 8.1 and 7Which means most of you aren’t in the crosshairs.

      Good news, I think. And also think that I am one of the “most of you” that do not need to worry about dangerous vulnerabilities in need of immediate patching, so can wait to install updates till everything has settled and become clearer and even until the out-of-band updates, if any, that might come out later, have had enough time to show up already. Waiting a few weeks is something I do every month, when nothing in urgent need of attention has been reported, anyway.

      Group B – Windows 7 Pro, SP1,x64, I-7 “sandy bridge.”

      2 users thanked author for this post.
    • #245228 Reply

      b
      AskWoody Plus

      These Updates are for the .msi versions of Office, not Office 365 or C2R.

      Updates for Office 365 were also made available today for all release channels (Semi-Annual, Semi-Annual (Targeted), Monthly, Monthly (Targeted), but not Office Insider Fast as far as I can tell):

      Update history for Office 365 ProPlus (listed by date)

      Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant "Toxic drinker" (Group ASAP)

    • #245289 Reply

      gborn
      AskWoody_MVP

      Windows 7 SP1 /Server 2008 R2 SP2: Updates kb4480970 and kb4480960 are causing serious sharing issues. See my blog post:

      Network issues with updates KB4480970 and KB4480960

      • This reply was modified 1 week ago by
         gborn. Reason: typo
      2 users thanked author for this post.
      • #245295 Reply

        PKCano
        AskWoody Plus

        The same known issue that has been there for a year, about the network interface controller stopping working, is included with KB4480970. And the pciclear .exe is still bundled with the Rollup.

        It appears MS has a persistent underlying network problem with Win7.

        1 user thanked author for this post.
    • #245376 Reply

      anonymous

      “Most of you” don’t need to worry about patching with a DHCP vuln in 1803 and an Exchange bug that allows you to take over a server by sending it an email?

      Excuse me, but what?

      1 user thanked author for this post.
      b
      • #257251 Reply

        mn–
        AskWoody Lounger

        That would actually be literally correct if people who have either a Windows 10 1803 installation with DHCP turned on, or an Exchange server, (or both) to look after … are in the minority.

        Which may or may not be the case.

        I for one do have to worry about some number of systems currently running 1803, but …

         

        Do we have confirmation that the DHCP vulnerability is 1803 ONLY and not, say, 1709 or early builds of 1809 too? Because, well, we seem to have some cases of expensive USB-connected instrumentation not working if the control computer is updated beyond about last June’s builds…

    • #251619 Reply

      CADesertRat
      AskWoody Plus

      W10 Pro, 1803, just got the updates 1- KB4480966 cum., 2- KB4480979 Flash, 3- MSRT

      All seems well so far 🙂

    • #263390 Reply

      anonymous

      Although we were hoping that the breakneck speed that MS is putting out feature updates would slow down, that might not be the case. Build 1903, according to ZDNet is just around the corner and with some new storage requirements.

      https://www.zdnet.com/article/microsoft-windows-10-to-grab-7gb-of-your-storage-so-big-updates-dont-fail/

    • #300707 Reply

      anonymous

      There seems to be little to no problems reported with the critical Window 10 ver 1803 update KB4480966.
      OK to install?

      • #301842 Reply

        Microfix
        AskWoody_MVP

        We are at MS-DEFCON 2 and you are not obliged to follow any path but your own.
        If MS patches botch your PC, come back for instructions for a fix giving all the relevant details of the device and patches concerned in a new support topic.

        | W10 Pro x64 | W8.1 Pro x64 | Linux x64 Hybrids | XP Pro O/L
        1 user thanked author for this post.
      • #302928 Reply

        Seattle27
        AskWoody Lounger

        As one data point, I decided to install it a couple of days ago and it didn’t cause any problems (Dell E6430 laptop, Win10 Pro).

    • #308358 Reply

      akm
      AskWoody Lounger

      Our “Select updates to install” list doesnt show KB4481480 as x64, only as “2019-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 ”
      We are W7, SP1, x32.
      Should we update with KB4481480 ?
      Thank you !

      Beta Test Reporting on Windows 7 x64 updates Backups made first – Windows Malicious Software Removal Tool x64 (KB890830) – January Security Monthly Quality Rollup Windows7 x64 (KB4480970) – Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4481480) All installed without error and the system rebooted without error. 

      Thanks again for your help, akm (Dell Vostro200, W7x32Sp1(forced from XP), Ofc2003, IE11/FireFox, Privfwall/Avast/SuprAntiSpywr/MBAM)!

      • #308364 Reply

        PKCano
        AskWoody Plus

        If you are using Windows Update, WU will deliver the right bitedness to your computer.

        If you are doing a download from the Catalog, you will not only have to choose 32-bit yourself, but you will have to choose the individual update from the Rollup bundle that matches the version(s) of .NET you have installed.

        1 user thanked author for this post.
        akm
    • #308664 Reply

      banzaigtv
      AskWoody Lounger

      After installing the update, Windows 8.1 is still smooth sailing. The DEFCON ratings need to be split so that Windows 7 is DEFCON 2, Windows 8.1 is DEFCON 4 or 5, and Windows 10 is DEFCON 2 or 3 depending on the version.

      i7-4790k, HyperX FURY 16 GB RAM, Galax GTX 980 HoF, Samsung 850 EVO 1 TB SSD, Windows 8.1 Pro 64-bit

      • #308690 Reply

        PKCano
        AskWoody Plus

        The patches have only been out for three days at this point. It is far too early to raise the DEFCON number for any collection of patches. You many not have had problems, but that doesn’t mean the rest of the Users out there are immune.

        1 user thanked author for this post.
        • #308747 Reply

          anonymous

          But what about Woody’s earlier comments?  Do 1803 users have the luxury of waiting?

          UPDATE: It looks like the Win10 version 1803 patch, KB 4480966, may be something you need to install quickly. So far there are no known exploits, and no proof of concept code. But Microsoft is saying it’s bad.

          • #308758 Reply

            PKCano
            AskWoody Plus

            I’m holding off a while longer on the v1803s I manage.

            But you are under no obligation to follow any other path but your own. AskWoody is not responsible for your computer. You are.

    • #310490 Reply

      anonymous

      Windows 10 1709 64 bit.  After Macrium Reflect clone, enabled WU service and tried January 2019 delta update, it did not install.   Installed January 2019 cumulative, then ran WUShowHide and blocked 1809 upgrade, KB4023814 Update Asst, KB4090007 Intel microcode udpates, updated MS Office.  Machine stable for 3 days.

    • #311308 Reply

      EP
      AskWoody_MVP

      New updates for Windows 10 v1703, v1709 & v1803 (released January 15):

      KB4480959 for Win10 v1703

      KB4480967 for Win10 v1709

      KB4480976 for Win10 v1803

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Tuesday patches are here

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: