Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • A most unusual Patch Tuesday

    Home Forums AskWoody blog A most unusual Patch Tuesday

    Tagged: 

    This topic contains 74 replies, has 28 voices, and was last updated by  MrBrian 11 months, 3 weeks ago.

    • Author
      Posts
    • #120505 Reply

      woody
      Da Boss

      Microsoft has released its usual Patch Tuesday flood, and it’s enormous: 358 patches addressing 96 individually identified security holes. Gregg Keize[See the full post at: A most unusual Patch Tuesday]

      12 users thanked author for this post.
    • #120507 Reply

      MrBrian
      AskWoody MVP

      Some older unsupported operating systems had new security updates released today. See https://technet.microsoft.com/en-us/library/security/4025685 for more details.

      • This reply was modified 1 year, 2 months ago by  MrBrian.
      4 users thanked author for this post.
      • #120515 Reply

        MrBrian
        AskWoody MVP

        From Microsoft: Latest security fixes thwart NSA hacking tools:

        “Microsoft has confirmed its latest round of security patches has fixed three remaining vulnerabilities built by the National Security Agency, which the company previously said it would not fix.

        The company confirmed to ZDNet that it had reversed course on releasing patches for the exploits, which Microsoft said earlier this year only affect older operating systems that have since been retired, notably Windows XP and Windows Server 2003.”

        5 users thanked author for this post.
      • #120720 Reply

        Pim
        AskWoody Lounger

        Those that still use a Vista machine do not have to install all updates mentioned on the Guidance for older platforms page, if the machine has been patched until the last Patch Tuesday in April. Some of the updates mentioned on that page have been published earlier when Vista was still supported and therefore are likely already installed. If you have patched a Vista machine until April, the updates to download and install manually from the table are: 4018271, 4018466, 4019204, 4021903 and 4024402.

    • #120510 Reply

      Cartoonist Aaron
      AskWoody Lounger

      Please tell me this doesn’t mean 48 patches to individually download and install…

      • #120559 Reply

        Seff
        AskWoody Lounger

        No, the number relates to total fixes, not separate updates – individual updates generally incorporate a number of fixes.

        On my Windows 7 home machine with Office installed I have the single Quality Security Monthly Rollup (KB4022719) plus the usual MSRT, along with 7 updates for Office 2010. Nothing installed yet, of course, but I’ve already hidden a Silverlight update (KB4023307) as I don’t have Silverlight installed and have also hidden the old favourite KB2952664.

        I imagine I’ll get the same updates on my Windows 7 gaming machine but without the Office updates as I don’t have Office installed on that machine.

        2 users thanked author for this post.
    • #120506 Reply

      anonymous

      Is Computerworld and offshoot of InfoWorld?

      • #120514 Reply

        PKCano
        AskWoody MVP

        IDG is the umbrella company for Infoworld and Computerworld

        4 users thanked author for this post.
    • #120512 Reply

      MrBrian
      AskWoody MVP

      According to https://www.zerodayinitiative.com/blog/2017/6/13/the-june-2017-security-update-review, two vulnerabilities fixed today have already been exploited: CVE-2017-8464 | LNK Remote Code Execution Vulnerability and CVE-2017-8543 | Windows Search Remote Code Execution Vulnerability.

      A summary of all Microsoft vulnerabilities fixed today, by severity: http://blog.talosintelligence.com/2017/06/ms-tuesday.html.

      3 users thanked author for this post.
    • #120523 Reply

      bymar
      AskWoody Lounger

      This is unbelievable, even for Microsoft. I sure hope Woody can sort them out.

       

       

      • #120527 Reply

        Cascadian
        AskWoody Lounger

        To be fair to Microsoft, and I’m not generally one who tries, the unbelievable part is the secret vulnerabilities in place for so long. Now that they are exploitable, full credit to MS and the folks in Redmond for doing the right thing… belatedly.

        The problems that may arise are likely to result from flawed code standing so long, that changing it now may have unforeseen results. But this part is in MS’s wheelhouse, they’ll likely get it right.

        It’s the new ideas they have difficulties with.

        2 users thanked author for this post.
      • #120539 Reply

        anonymous

        Bear in mind that the SMB1/Eternalblue vulnerability has existed since Win 2000/Win XP days and was secretly used by the NSA for a very long time to infect their targets with spyware until recently exposed/leaked by Shadow Brokers in Aug 2016, and subsequently released into the wild in April 2017.
        … Looks more like damage control or a cover up by MS.

        2 users thanked author for this post.
    • #120528 Reply

      Noel Carboni
      AskWoody MVP

      Everyone remember, MS-DEFCON 2 means Woody recommends we let other folks test the software for a little while first before we jump in and start stomping around the minefield ourselves.

      -Noel

      4 users thanked author for this post.
    • #120520 Reply

      anonymous

      So they released updates for XP and Vista long after support for them has ended? Why do I feel like this sets a dangerous precedence for Windows 10? We all know that Microsoft wants everybody on Windows 10, but by releasing updates for XP and Vista after support has ended it’ll make people less likely to upgrade won’t it? Because they see Microsoft is still patching the older operating systems.

      1 user thanked author for this post.
      • #120704 Reply

        JohnW
        AskWoody Lounger

        Well I just gotta say, I am glad that they did.  I am a happy Win 10 user on two computers, but I also run one with Windows 7, as well as one WinXP as a VM.

        The only reason I use XP is to run old software that Win 10 has broken.  I cannot see replacing hundreds of dollars of commercial software, just to run it on Windows 10.  I do my best to keep XP contained and locked down, but it is reassuring that MS has our backs on these major exploits.

        At the same time, I would encourage everybody to update to a supported OS, unless you have a major overriding reason to run an old OS beyond end of life!

    • #120535 Reply

      ch100
      AskWoody MVP

      UPDATE: Microsoft even released a patch for Win10 1507 — the original, “RTM” release, which is supposed to be out of support. See KB 4022727.

      Brad Sams, writing on Petri.com, calls the XP patch “a dangerous precedent.” I say hogwash. It’s an overdue CYA patch. Can you imagine what would happen with a working XP SMB worm?

      Peter Bright = Dr. Pizza, writing on Ars Technica says “Microsoft’s decision to patch Windows XP is a mistake.” I say he’s wrong. Microsoft didn’t have any choice – and won’t have any choice, in the future, but to patch NSA-derived security holes in all versions of Windows from XP onward.

      Dan Goodin, also on Ars Technica, now has technical details. He hits the nail on the head when he says, in conclusion:

      Company officials are showing that, as much as they don’t want to set a precedent for patching unsupported Windows versions, they vastly prefer that option to a potential replay of the WCry outbreak.

      It is all in the numbers.
      Microsoft is not protecting old operating systems, but the internet as a whole.
      There are multiple other vulnerabilities which are known to Microsoft but because each of them affects lower numbers of users, they are not and will never get patched.

      It also has to do with politics.
      I was always wondering why when there is a bush fire affecting tens or hundreds of people, the Government feel like compensating those affected and pass emergency legislation, while when there is an isolated fire burning down one person’s house, it is considered just a personal issue. Aren’t those affected impacted in the same way?

      8 users thanked author for this post.
    • #120536 Reply

      ch100
      AskWoody MVP

      A lot of people see only the patching issue when considering older operating systems and end of support.
      In fact an even bigger issue is that many newer applications are either blocked from running on the older operating systems by manufacturer’s design or simply use newer technology which was not available at the time when the older operating systems were in mainstream use.
      Microsoft could keep a single OS and enhance it forever, but they are running a business and fixing an existing OS does not fit their business model, unless they would charge for updates.
      Charging for enhancing an existing operating system seems to be less accepted by the public than charging for something “new” and so we end up by having this mess.

      2 users thanked author for this post.
      • #120537 Reply

        Cascadian
        AskWoody Lounger

        ch100, I agree completely as far as this goes. Have made similar points about the cost of development and the need for revenue.

        But given these truths, why would Microsoft make a sales pitch promising the one Operating System that will forever be current, and answer all user’s needs? Did they oversell?

        I think many of us recognized this was an impossible goal that would never be true, and should not have been promised.

        • #120564 Reply

          Seff
          AskWoody Lounger

          Agreed, plus moreover there has never been a really clear statement to ordinary Windows 10 users as to how MS are going to raise revenue from it. Most people went for the upgrade because it was free, but it can’t remain that way forever.

          I also find it interesting that Windows 10 has pretty much as many security fixes as the older systems, despite being said to be so much safer!

          2 users thanked author for this post.
          • #120873 Reply

            Ascaris
            AskWoody MVP

            Windows 10 was only free in the consumer/SOHO sector.  For corporate customers, it was never free, and that’s the most important market for MS.

            In the consumer sector, the vast majority of money MS made from Windows was from OEM sales.  People buy a PC with Windows preinstalled, and for the most part, use that version until the PC dies or is retired.  It was only a small segment of that market who would take it upon themselves to buy and install a newer Windows version than what came on the PC.

            As such, MS is not losing a great deal of money by not charging for consumer-level upgrades.  MS was already paid for Windows (7 or 8.x) on all of those PCs (by the OEM who preinstalled it), and they were never going to get any more than that on 99%+ of them.  MS no doubt calculated that the benefit of boosting the adoption rate outweighed the small decrease in revenue incoming from the relative few who do buy and install Windows.

            Given how the uptake of 10 has slowed since the official free upgrade ended (unofficially, it’s still going, of course), it is quite likely that the Windows 10 market share would be but a fraction of what it was if not for the free upgrade (not to mention the means of questionable ethics that MS used to push those upgrades).  MS is trying hard to convince us all of the inevitability of Windows 10 (resistance is futile), and that would be a much harder thing to do with less market share than they have now.  The marketing value alone was certainly worth much more than the loss of upgrade revenue.

            While it is true that MS is looking for new ways to “monetize” Windows (they’ve told us this), there’s no need to make up for the lost revenue of the free upgrade.  I think they’d happily keep the official free upgrade going indefinitely in the consumer sector if it wouldn’t arouse people’s suspicions about why they’re doing it and where the revenue is coming from.

            There was discussion of whether MS would extend the free upgrade period in the months before it actually did expire (officially), given that their desired “one billion devices running Windows 10” goal was looking more and more unrealistic.  The general consensus seemed to be that MS would seem too desperate if it did so.  The open secret of the free upgrade period that really never ended is the next best thing, I suppose.  If the powers that be in MS didn’t see it so, there’s no doubt that the unofficial continuation of the free upgrade would not have continued one minute past the expiration date.  There’s just no way it is an oversight or something that is unintentional on Microsoft’s part.

        • #120604 Reply

          MrToad28
          AskWoody Lounger

          Microsoft would probably like move to Software as a service SAAS model, [annual fees] and away from versioning as a way to solve the need for revenue and keep OS up to date. Users who have bought versions will resist this. Microsoft can’t just say, ‘s**ew em’ because of the ecosystem vulnerability.

          Edit for content

          • This reply was modified 1 year, 2 months ago by  PKCano.
    • #120538 Reply

      flackcatcher
      AskWoody Lounger

      Lets not forget the PR aspect here. For three years Microsoft has been hammered for the way they have tried to move users to Windows 10. Combine that with hand waving away best practices with massive personal cuts, and  MS has a mushrooming nightmare on their hands. If they did not patch, then they would be signing their own death warrant. It is not Microsoft’s fault that we and they are caught in the middle of a major fight between two state actors. But it would be Microsoft’s fault, if  having the means to protect their products, they did nothing. Woody’s right, MS had no choice.

      1 user thanked author for this post.
    • #120541 Reply

      radosuaf
      AskWoody Lounger

      What is much more interesting when it comes to this Tuesday is:

      “Addressed issue where an unsupported hardware notification is shown and Windows Updates not scanning, for systems using the AMD Carrizo DDR4 processor or Windows Server 2012 R2 systems using Xeon E3V6 processor. For the affected system, follow the steps in the Additional Information section below to install this update.”

      Additional information says:

      “Run the DISM /Online /Add-Package command to install the update: DISM.exe /Online /Add-Package /PackagePath: CAB file path”.

       

      Does this mean that in case of any future block it will be possible to install updates via DISM or there must be something special in this particular package to bypass it?

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1803 64-bit + Windows 10 Mobile 1709 (Lumia 640 LTE)
      • #120557 Reply

        abbodi86
        AskWoody MVP

        Yes, DISM works for all blocked systems

        1 user thanked author for this post.
        • #120560 Reply

          radosuaf
          AskWoody Lounger

          So, with one, two cumulative patches each month, the block shouldn’t be much hassle then.

          MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1803 64-bit + Windows 10 Mobile 1709 (Lumia 640 LTE)
      • #120608 Reply

        MrBrian
        AskWoody MVP
      • #120662 Reply

        Sessh
        AskWoody Lounger

        Indeed. I’ve been taking my time catching up on Security-Only updates, Net Framework, IE and all that stuff and I exclusively use the DISM command to install them. I write/edit batch files for each update and run them before I reboot my system for whatever reason or I’ll reboot, run the next batch file and then reboot again. Haven’t had an issue yet.

        So, yeah, the block doesn’t seem like it will be much of an issue.

    • #120545 Reply

      Cascadian
      AskWoody Lounger

      Woody, I don’t know how many times I scanned over your update before I noticed:
      “This doesn’t smell right.”

      Which immediately reminded me of the very real, and metaphorical value of, “sunlight is the best disinfectant.”

      Lets get these out in the open and shine light on the tests that confirm patches, to remove the stench.

      1 user thanked author for this post.
    • #120551 Reply

      anonymous

      Is it true they didn’t do anything with the .Net Preview update – kb4019288? It’s still there and I didn’t get any other .Net Framework update offered.

      • #120566 Reply

        anonymous

        I can confirm too that I did not get any proper .NET Framework update either. All there was, was the preview rollup for it.

    • #120565 Reply

      James Bond 007
      AskWoody Lounger

      The article Peter Bright wrote that Woody mentioned was written more than 3 years ago when Windows XP just went off support. It is just a rerun with minor updates for the just released XP patches.

      Anyway, I agree with Woody that Peter Bright is dead wrong on this issue. He said in one of the recent comments that “Nobody should be using Windows XP today. At all.” I say that he obviously has no or little understanding why so many people still stick with Windows XP today. Perhaps he should ask those users before making such a sweeping statement?

      Peter Bright also said that “It isn’t exceptional. There are lots of unpatched and exploitable Windows XP flaws now. The release of the patch this week doesn’t alter that.” Oh, but it is exceptional. The vulnerabilities probably can be adapted for use by a computer worm that propagates without user action, like WannaCrypt, which can potentially affect a large number of users. I believe that’s why Microsoft decided to release the corresponding patches for Windows XP / Vista / Server 2003.

      Hope for the best. Prepare for the worst.

      • #120581 Reply

        Jan K.
        AskWoody Lounger

        Didn’t sound too bright to me either…

        Perhaps he’s not aware of the many instances used by “non-persons” like the info-boards in my daily train (sometimes I see it boots… nearly brings me to tears). I think some process controls boards are xp based and Ive heard atm machines use xp as well.

        But Woody is way out of touch with mr. Bright’s readers! Not much xp love there! 😀

    • #120579 Reply

      b
      AskWoody Lounger

      Could anyone help me understand this comment by Woody?

      There’s a reason why Microsoft released XP/Server 2003 updates – they didn’t bother to patch either last month, with the WinXP patch for WannaCry.

      which seems to conflict with his statement in the ComputerWorld article;

      There’s a reason why Microsoft released XP and Server 2003 patches again this month.

      • #120596 Reply

        PKCano
        AskWoody MVP

        Last month XP/Vista were patched for the EternalBlue vulnerability. The three additional vulnerabilities that were mentioned in the ComputerWorld article (EnglishmanDentist, EsteemAudit and ExplodingCan) were not patched in XP/Vista.

        There’s a reason why Microsoft released XP and Server 2003 patches again this month. Three reasons, actually. As I said in April, when the Shadow Brokers revelations emerged, the earlier MS17-010 patched all of the NSA-derived attack vectors, except three known vectors in XP and Server 2003 machines:

        Microsoft says none of the other three exploits—EnglishmanDentist, EsteemAudit, and ExplodingCan—runs on “supported platforms,” meaning Windows 7 or later and Exchange 2010 or later.

        That appears to be the motivation for this month’s highly unusual XP and Server 2003 patches. Microsoft is fixing known holes in XP and Server 2003 that weren’t fixed before — holes that were plugged already for Win7 and later.

        MS didn’t bother to patch those three vulnerabilities so they are releasing patches again this month for XP/Vista to do so. Where is the conflict?

        1 user thanked author for this post.
        • #120616 Reply

          b
          AskWoody Lounger

          Thanks. I had trouble understanding that “they didn’t bother to patch either last month” was referring to the three additional vulnerabilities (which hadn’t been mentioned here at that stage).

    • #120591 Reply

      anonymous

      It is a good thing that Microsoft released security updates that remediate certain exposures in out of support systems (e.g, XP, Vista).  However, we should not attach more significance to these updates than is warranted.   These are not cumulative updates that magically fix all security issues between the date that these Windows versions reached End of Life and now.  These older systems, especially XP, will continue to contain exploitable vulnerabilities.

      Moving away from out of support versions that are past End of Life continues to be an appropriate recommendation.  Those who choose to remain with XP and Vista do so at their own risk.  Don’t complain later should problems occur.

      4 users thanked author for this post.
      • #120730 Reply

        anonymous

        “These are not cumulative updates that magically fix all security issues between the date that these Windows versions reached End of Life and now.”

        Is that true for the IE10 update for Windows 8 and the IE9 update for Windows Vista listed in Older platforms 2 of 3 in the Microsoft Security Advisory that Woody linked to? These updates are described as Cumulative Security Updates and are fairly large updates.

        Cumulative Security Update for Internet Explorer 9 for Windows Vista for x64-based systems (KB4018271)
        https://www.microsoft.com/en-us/download/details.aspx?id=55426

        Cumulative Security Update for Internet Explorer 10 for Windows 8 for x64-based Systems (KB4018271)
        https://www.microsoft.com/en-us/download/details.aspx?id=55449

    • #120606 Reply

      MrToad28
      AskWoody Lounger

      Has Woody permanently shifted from Infoworld to Computerworld? I see nothing on the June patch on Infoworld patch management.

      • #120609 Reply

        PKCano
        AskWoody MVP

        Yes, he will be on ComputerWorld now. Both InfoWorld and ComputerWorld are in the IDG group.

      • #120613 Reply

        woody
        Da Boss

        Yep, Computerworld is my new home sweet home.

        IDG is moving its Windows coverage to Computerworld. Should be pretty amazing.

        But I’m still on vacation! So I only post when I absolutely can’t stand sitting on my thumbs…

        4 users thanked author for this post.
        • #120632 Reply

          BobbyB
          AskWoody Lounger

          @woody ahh thats why you popped in to my inbox this morning “all is revealed” better come in here first before dealing with the mail lol 🙂

          • This reply was modified 1 year, 2 months ago by  BobbyB.
    • #120610 Reply

      MrBrian
      AskWoody MVP

      Non-security fixes are documented for both the Windows 7 and Windows 8.1 June 2017 monthly rollup and security-only update that are not documented in the Windows 7 and 8.1 May 2017 preview monthly rollup.

      • This reply was modified 1 year, 2 months ago by  MrBrian.
      • This reply was modified 1 year, 2 months ago by  MrBrian.
    • #120614 Reply

      MrBrian
      AskWoody MVP

      June 2017 Office Update Release

      1 user thanked author for this post.
    • #120617 Reply

      PKCano
      AskWoody MVP

      For those in Group B, AKB2000003 has been updated 6/13/2017 with the Security-only and Cumulative IE11 patches

      3 users thanked author for this post.
    • #120622 Reply

      EP
      AskWoody Lounger

      hey woody.

      check out this recent ZDNet article from Ed Bott titled “Microsoft warns of ‘destructive cyberattacks,’ issues new Windows XP patches”

      http://www.zdnet.com/article/microsoft-warns-of-destructive-cyberattacks-issues-new-windows-xp-patches/

    • #120624 Reply

      anonymous

      Patch is causing issues with printing in at least Internet Explorer 11. Basically, IE creates a temporary file to print but looks on the server for the temporary file instead of the local machine.

       

      More info:

      https://stackoverflow.com/questions/44547861/ie11-windows-7-print-issue-after-kb4021558

      • #120627 Reply

        PKCano
        AskWoody MVP

        Reference is to KB 4021558 June Cumulative Update for IE11. Since this is included in the 2017-06 Security Monthly Quality Rollup, it may also include the Rollup.

    • #120648 Reply

      anonymous

      All right. Win 7 Ultimate 32-bit, installed security-only patch (4022722), IE patch (4021558) and that update required for .NET 4.7 (4019990), though I’m not installing .NET 4.7 itself yet. So far so good, not spotting anything obvious. Just that Comodo logs seem to indicate that regsvr32.exe did something with the startup folder (nothing there now though).

      Regarding the mentioned IE printing issue, don’t have a printer, so no clue.

    • #120654 Reply

      ViperJohn
      AskWoody Lounger

      The article Peter Bright wrote that Woody mentioned was written more than 3 years ago when Windows XP just went off support. It is just a rerun with minor updates for the just released XP patches. Anyway, I agree with Woody that Peter Bright is dead wrong on this issue. He said in one of the recent comments that “Nobody should be using Windows XP today. At all.” I say that he obviously has no or little understanding why so many people still stick with Windows XP today. Perhaps he should ask those users before making such a sweeping statement? Peter Bright also said that “It isn’t exceptional. There are lots of unpatched and exploitable Windows XP flaws now. The release of the patch this week doesn’t alter that.” Oh, but it is exceptional. The vulnerabilities probably can be adapted for use by a computer worm that propagates without user action, like WannaCrypt, which can potentially affect a large number of users. I believe that’s why Microsoft decided to release the corresponding patches for Windows XP / Vista / Server 2003.

      Peter Bright and the others need to educate themselves before making “dummer than a rock” statements like they did.

      The only thing for XP that changed April 2014 was security patch release to the GENERAL PUBLIC ceased.  XP security patches  became a “pay for service” where you could pay MS “your two first born children” for XP Sec Updates every month.  I get/have gotten them every month since “XP support ended” and it averages about 4-5 Sec patches per month.

      What MS did this, and last, month was to release SELECT security patchs to the general public for Uber Bad Exploits developed by our very own US NSA (and were hacked into and stolen from those very same US NSA idiots), that were made for paying business/enterprise customers.  There is little doubt that was all about MS liability CYA.

      The simple fact is WinXP still is the OS (embedded version) used in miilions of POS terminals and ATM’s in the US and around the world.  It is also still used in a hugh numbers (one could almost say it is still the primary OS in some areas) that runs the propriatary software used on 1000’s of SCADA Command and Control systems used to control power generation on the US Grid as well as other utilities like Water, Sewage Treatment, HVAC systems, etc, etc, etc……….

      Viper

      2 users thanked author for this post.
    • #120655 Reply

      anonymous

      Should we consider “DEFCON 2” for Windows XP as well or those systems should be patched right away?

      Any know problems on the XP patch?

      • #120657 Reply

        PKCano
        AskWoody MVP

        Yes, go ahead and patch. The supported versions of Windows were patched last month. Microsoft is late with this. It’s important to get protected.

        I patched mine yesterday with no problem.

        Edit to add info

        • This reply was modified 1 year, 2 months ago by  PKCano.
        • #120659 Reply

          anonymous

          I’m not quite sure which updates I should be installing… The MS page on https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms is a little confusing…

          Which of those KBs should I be applying on my XP SP3 system?

          Also, since I’ll be installing them manually, should I reboot upon each install, or install them all then reboot?

          • #120661 Reply

            PKCano
            AskWoody MVP

            There are three tables for XP SP3
            Table 1: 988644, 2347290, 4012598, 4012583
            Table 2: 4022747, 4018271 (for IE8), 4018446, 3197835, 4024343
            Table 3: 4025218, 4024402, 4019204

            Check my numbers, I can mistype.
            Just to be safe, back up your data before you start.
            It would be a lot easier if you could use Windows Update to do the installation for you.

            • #120667 Reply

              anonymous

              Thanks a lot mate…

              I’ll be doing things manually, so would it be necessary a reboot at every single update?

            • #120670 Reply

              PKCano
              AskWoody MVP

              You can try to install without reboot. If the next patch won’t install, reboot. Then wait 10 minutes after logging in to give the install time to complete before trying to install again.

            • #120690 Reply

              grayslady
              AskWoody Lounger

              I couldn’t get the first two to install, apparently. They appeared to install with no problems, but when I went looking for them in Add or Remove Programs, they were nowhere to be found. Interestingly, if it weren’t for Ask Woody, I wouldn’t even have known about these additional patches. What I did receive today, unasked, was a security update for my Office 2003 which is on the same machine. This whole issue of remote access and control seems to be a major problem for MS.

    • #120671 Reply

      ViperJohn
      AskWoody Lounger

      It would be a lot easier if you could use Windows Update to do the installation for you.

      Well actually you can with a registry edit but beware once done you can’t undo it.  It’s also technically cheating but no worse than MS’s highway robbery IMO.

       

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
      “Installed”=dword:00000001

      Viper

       

      • #120672 Reply

        PKCano
        AskWoody MVP

        Did that one a long time ago. Updates are important (even cheating).

    • #120675 Reply

      ViperJohn
      AskWoody Lounger

      So they released updates for XP and Vista long after support for them has ended? Why do I feel like this sets a dangerous precedence for Windows 10? We all know that Microsoft wants everybody on Windows 10, but by releasing updates for XP and Vista after support has ended it’ll make people less likely to upgrade won’t it? Because they see Microsoft is still patching the older operating systems.

      Only free security updates to the general public ended for XP 04/2014.  Dearly paid for security updates never stopped and come the 2nd Tuesday of every month like clock work.  That included Feb 2017 when W7 thru W10 patch Tuesday was  canceled.

      As for not upgrading (oximoron) to W10.  Most people seem tp be doing all they can to not get roped into “downgrading” their good OS’s to that steaming brown pile of spyware known as Windows 10.  That’s one of the reasons W10 uptake has fallen off the table since MS stopped trying to force W10 down users throats in every under handed way imaginable (and you can still “upgrade” for free to this day).

      1 user thanked author for this post.
    • #120697 Reply

      anonymous

      Table 1 in https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms omits the 32-bit version of Windows Server 2003, for all patches including MS17-010 and MS17-013. Is this an error?

      • #120702 Reply

        PKCano
        AskWoody MVP

        If you click on MS17-010 at the top or the table (it’s a link), it takes you to the bulletin. Scroll down and you will find the 32-bit version. Click on its name on the left and it takes you to the MS Catalog to download.
        I didn’t check out the other, but I suspect it’s the same

        • #120705 Reply

          anonymous

          Thank You, found it after selecting Server 2008 32-bit in the manner you suggest.  Selecting an “older” out-of-extended-support 32-bit system {Server 2008, 8, Vista} shows the set for all of the older 32-bit systems MS has this patch for.  Selecting one currently under support (7, and using their newer patch bundling style) does not for Server 2003.

    • #120707 Reply

      JohnW
      AskWoody Lounger
    • #120732 Reply

      Kirsty
      AskWoody MVP

      June 13, 2017
      Microsoft Releases Additional Updates to Protect Against Potential Nation-state Activity
      By Adrienne Hall | General Manager, Cyber Defense Operations Center

      On May 12, 2017, the WannaCrypt ransomware served as an all too real example of the danger of cyber attacks to individuals and businesses globally.

      In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows. Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt. For more technical information and links to related articles, visit our Microsoft Security Response Center blog.

       
      Read the full post here

    • #120774 Reply

      Noel Carboni
      AskWoody MVP

      A data point:

      I have virtual machines I pre-test updates on. They are not critical and are easily restored to prior states if something goes wrong.

      I’ve just updated my Win 7 test VM with June security-only updates per: This AskWoody page

      Specifically, I downloaded the .msu files for these updates and installed them in the following order, rebooting after each:

      1. KB4022722 (Security Only Quality Update for Windows 7 x64)
      2. KB4021558 (Cumulative Security Update for Internet Explorer 11 for Windows 7 x64)

      The updates went in smoothly and initial testing seems to imply they have not caused new problems.

      -Noel

      3 users thanked author for this post.
    • #120813 Reply

      anonymous

      I’m using SCCM 2012 to deploy updates and wanted to make sure I distributed these packages to the very small number of XP machines we have.  However, I cannot find the updates themselves in the SCCM database although they appear on the WSUS.  These aren’t all bundled together somewhere?

      Brad

    • #120889 Reply

      ch100
      AskWoody MVP

      I also find it interesting that Windows 10 has pretty much as many security fixes as the older systems, despite being said to be so much safer!

      That one is really an interesting observation. It is the nature of the industry I suppose and the fixes may not be the same for different operating systems, unless they have the same KB number, which seems common in many instances for Windows 7 and 8.1 (and their server equivalent 2008 R2 & 2012 R2).

    • #120947 Reply

      anonymous

      So Microsoft is patching old OSes out of support (although security updates is always a good thing), while not supporting Windows 7 (ok, under extended support only) and specially 8.1 (under full support and development) for new CPU architectures. MMMmmmm… Right………

    • #120992 Reply

      AJNorth
      AskWoody Lounger

      @woody:

      A total non-sequitur: was the title of this post in any way influenced by the scene in Alfred Hitchcock’s classic film of murder, mayhem, mistaken identity and screwball comedy, “North By Northwest” (1959), where Roger O. Thornhill (Cary Grant) walks into the Plaza Hotel with “A Most Unusual Day” heard playing in the background in the lobby?

      • This reply was modified 1 year, 2 months ago by  AJNorth.
      • This reply was modified 1 year, 2 months ago by  AJNorth.
      1 user thanked author for this post.
      • #120998 Reply

        Cascadian
        AskWoody Lounger

        Niche reference these days, but very cool. I like how you make connections. Worth another viewing now.

        1 user thanked author for this post.
    • #121093 Reply

      Noel Carboni
      AskWoody MVP

      More data points:

      For my Win 8.1 Pro/MCE x64 systems, managed in an “almost group A” fashion…

      On my test system, I installed all updates except optional KB2976978 (which I always hide) via Windows Update, including Office 2010 updates.

      • The updates went in easily and quickly.
      • All my software that I tested appears to be working. No new error messages or failures are noted.

      My verdict: “Group A with exceptions” June Win 8.1 x64 updates are OK from my perspective.

      For my heavily tweaked Win 10 Pro v1703 test system, I installed the latest cumulative update from the Windows catalog to bring it up to build 15063.413. I’ve also done some brief testing on this system and found it to be functional.

      This Win 10 setup does NOT make any unexpected/unsolicited online connections, and has been trimmed to optimize for “legacy Win32-only” operation – i.e., no Apps, no cloud integration, compatibility with desktop software such as Visual Studio, Photoshop, etc. It settles to 66 processes and 1.3 GB of RAM usage to support an idle desktop.

      The only minor instability I’ve seen on this test setup so far is some minor issues with the program I use to resurrect Aero Glass and facilitate re-theming – something I could do without in a pinch, though it’s still being actively developed and I suspect there will be a new version before long. I’ll drop it back to an unthemed, ugly Win 10 desktop if I must.

      My verdict: “Group A” June Win 10 v1703 x64 updates are OK from my perspective.

      At this point I’ve tested the June Win 7, 8.1, and 10 updates to my own satisfaction using virtual machines.

      I still recommend waiting for Woody to raise the MS-DEFCON level unless you have your own test methodology as I do, and/or you feel particularly vulnerable to current security threats.

      -Noel

      1 user thanked author for this post.
    • #121292 Reply

      bjm
      AskWoody Lounger

      Hello,
      W10 Home 1607 (14393.1198) waiting for DEFCON to change.

      I have 4022715 Cumulative 1607, 4022730 Flash Player, 3150513 compatibility, 4023834 Servicing Stack & 3186568 NET Framework 4.7 hidden thru wushowhide tool.

      I’ll keep 3150513 hidden…..wondering about 4023834 Servicing Stack & 3186568 Framework 4.7 ?

      • This reply was modified 1 year, 1 month ago by  bjm.
      • #121293 Reply

        PKCano
        AskWoody MVP

        You definitely need the Servicing Stack, and I think .NET 4.7 is OK for Win10 – when the DEFCON number is 3-5

        • This reply was modified 1 year, 1 month ago by  PKCano.
        1 user thanked author for this post.
        bjm
    • #123125 Reply

      bjm
      AskWoody Lounger

      You definitely need the Servicing Stack, and I think .NET 4.7 is OK for Win10 – when the DEFCON number is 3-5

      Okay, @DEFCON 3:  just installed 4023834 Servicing Stack, 3186568 NET 4.7, 4022715 Cumulative 1607 & 4022730 Flash Player.
      > Care to comment re hidden updates
      W10 Home 1607 (14393.1358)

      • This reply was modified 1 year, 1 month ago by  bjm.
      • This reply was modified 1 year, 1 month ago by  bjm. Reason: edit attachment
      Attachments:
      You must be logged in to view attached files.
    • #130731 Reply

      MrBrian
      AskWoody MVP

      An issue has been added to the knowledge base article for June 2017 Windows 7 security-only update:

      ‘After you install this update, you may experience behavior that resembles that of Microsoft Security Bulletin MS16-087. For more information, see the “Known issues” section of the following Microsoft Knowledge Base article:

      3170005 MS16-087: Security update for Windows print spooler components: July 12, 2016’

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: A most unusual Patch Tuesday

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.