News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • All of the out-of-band patches were re-issued in the past few hours

    Home Forums AskWoody blog All of the out-of-band patches were re-issued in the past few hours

    This topic contains 56 replies, has 29 voices, and was last updated by  Pixie 1 week, 1 day ago.

    • Author
      Posts
    • #1974975 Reply

      woody
      Da Boss

      Every. Single. One. I just woke up to discover that all 50 2019-10 patches in the Microsoft Update Catalog have been re-issued. They used to be dated
      [See the full post at: All of the out-of-band patches were re-issued in the past few hours]

      7 users thanked author for this post.
    • #1975008 Reply

      Pepsiboy
      AskWoody Lounger

      Every. Single. One. I just woke up to discover that all 50 2019-10 patches in the Microsoft Update Catalog have been re-issued. They used to be dated
      [See the full post at: All of the out-of-band patches were re-issued in the past few hours]

      Woody,

      OK, I guess I’m a day late and a dollar short. All of the Windows Updates listed in Windows Update this morning on my Win7 x64 SP1 machine have changed. Should I still install the Sept updates or hold off?? One update is missing, too. KB4416003 has gone AWOL.

      Dave

      • This reply was modified 1 week, 3 days ago by  Pepsiboy. Reason: added "this morning"
    • #1975019 Reply

      fernlady
      AskWoody Lounger

      When KB4524157 came in October 3rd it was checked so I hid it. This morning I restored it and it came in unchecked so I hid it again.

      Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller

    • #1975021 Reply

      Pepsiboy
      AskWoody Lounger

      We are on DEFCON-1 – that’s pretty explanatory.

      WAIT!

      PK,

      Thanks, I figured it would be that. I’ll keep watch here for the OK to install the Sept updates.

      Dave

    • #1975024 Reply

      woody
      Da Boss

      What are you folks seeing in Windows Update for Win7? Is it a checked KB 4524157?

      • #1975026 Reply

        fernlady
        AskWoody Lounger

        Unchecked

        Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller

      • #1975040 Reply

        280park
        AskWoody Lounger

        I checked for updates using Windows Update at 5:38 Pacific time. Service stack update KB4515566 was the only update reported.

        Windows 7 Home Premium 64-bit.

      • #1975047 Reply

        Razz
        AskWoody Plus

        FYI for what its worth. Around 2pm EST Oct 3rd I was working to install the 2019-09 series when the 2019-10 showed up.

        Following a review of PKCano comments on threads I completed the 2019-09 KB4516655, KB4474419 and KB4516065 installation in sequence successfully while 2019-10 was hidden. After reboot no errors apparent. sfc  /verifyonly shows no violations. No issues printing. My standard usage was trouble free.

        Check for updates produces nothing, while 2010-10 KB 4524157 still hidden.

        Just for you here, I restored hidden files, and after WU did its check there are no presented important updates, and of course I no longer have hidden files now.

        Win 7 Home Premium SP1 64bit Acer E1-572; core i7 1.8Ghz Tboost 3.0Ghz;HP J4680.

        • #1975155 Reply

          Razz
          AskWoody Plus

          Update

          Reboot now, on return from the gym, to see if that changes anything. Still no Important Updates presented.

          FYI I have not used Explorer as my browser for about 4 years. So unless there was a rare need to use it, I would not know if it was buggy.

      • #1975051 Reply

        anonymous

        It’s not coming up at all for me. Only thing I have showing is the “important” update for .Net 4.8.

      • #1975069 Reply

        anonymous

        KB4524157 that appeared a few days ago has disappeared and the original Sept 10 updates reappeared (KB4514602, Kb4516065, and KB4474419).  Windows7 Pro x64.  Have not installed any updates yet for September.

      • #1975070 Reply

        anonymous

        ? says: when i checked for updates yesterday 10-4 on win7 pro at 10:24 a.m. KB4521457 Oct. SMQR (202.4MB) was offered as Important (checked).

      • #1975095 Reply

        jburk07
        AskWoody Plus

        On one of our two Windows 7 x64 laptops, KB4524157 had disappeared from Windows Update when I logged in this morning.

        On the other laptop, the out-of-band rollup was still there, checked, when I first logged in, but Trusted Installer was running so I just let it sit for a few minutes. When I opened Windows Update again, it had disappeared.

        I had already installed the September updates, except for the SSU, on Thursday.

        Group A Win7 x64 Home Premium SP1 Ivy Bridge

        • This reply was modified 1 week, 3 days ago by  jburk07.
      • #1975117 Reply

        GoneToPlaid
        AskWoody Plus

        Win7 Group B. I just unhid KB4524157 and let Windows Update do its checking. KB4524157 is still available yet now it is not checked. I hid it again since I have already installed the September security only update KB4516033.

        2 users thanked author for this post.
        • #1975169 Reply

          AJNorth
          AskWoody Plus

          Exactly the same experience.  (Win 7 Pro x64, Group ‘B’.)

          1 user thanked author for this post.
    • #1975025 Reply

      trparky
      AskWoody Lounger

      For me, it didn’t break the Start Menu but like the previous update, the Action Center was broken. This means I can’t dismiss notifications and I can’t reconnect to Bluetooth headphones using Windows Key+K since that part uses the same overlay that the Action Center uses.

      1 user thanked author for this post.
    • #1975028 Reply

      Microfix
      Da Boss

      yeah, I noticed the catalog changes earlier this morning (Win 8.1 OS image now restored)

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      2 users thanked author for this post.
    • #1975027 Reply

      anonymous

      Today on My desktop And laptop with 1903 this update offer The option To install It or Not, yesterday in My wife laptop  (1903 also) It was installed without The option To install It or not

      • #1975053 Reply

        anonymous

        Same thing here. Updated desktop yesterday and the KB4524147 was NOT an optional update, this morning on laptop, got the usual Windows Defender update and it listed KB4524147 as an optional update. Holding off on updating the laptop, but didn’t have any Start Menu problems on the desktop after the update yesterday.

    • #1975056 Reply

      rontpxz81
      AskWoody Lounger

      Win7 out-of-band patch, KB 4524157 still appearing in my Windows Update, though unchecked.

      1 user thanked author for this post.
    • #1975073 Reply

      epaff
      AskWoody Plus

      Today at 6:10 am, KB4524157 (from Oct 3rd) showed up in Windows Update, though unchecked.

      Windows 7 Pro SP1 64bit

      Wait or install?

      • This reply was modified 1 week, 3 days ago by  epaff.
      • #1975077 Reply

        PKCano
        Da Boss

        We are on DEFCON-1 which means WAIT.

        1 user thanked author for this post.
    • #1975100 Reply

      pmcjr6142
      AskWoody Plus

      Today at 6:10 am, KB4524157 (from Oct 3rd) showed up in Windows Update, though unchecked.

      Windows 7 Pro SP1 64bit

      Wait or install?

      • This reply was modified 1 week, 3 days ago by  epaff.

      Ditto for me….KB4524157 is available via Windows Update Oct. 3 for Win 7, but is unchecked.  I suppose I’ll hide it, but definitely won’t install it if it remains unchecked.

    • #1975110 Reply

      bbearren
      AskWoody MVP

      Seeker (cannon fodder) report:

      Version 1903 (OS Build 18362.388) fully updated with everything Windows Update has to offer, last checked a couple of minutes ago.

      No bugs or issues.

      Create a fresh drive image before making system changes, in case you need to start over!
      "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow
      "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns

      "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

      3 users thanked author for this post.
    • #1975103 Reply

      anonymous

      I somehow mistakenly got the idea that this should be installed.  My Windows 7 HP 64 bit system so far has shown no ill effects.  Not sure what might be broken if anything.  Should I just leave it alone for now or do a system restore or uninstall the patch?

      Thanks

      1 user thanked author for this post.
      • #1975113 Reply

        PKCano
        Da Boss

        There is no need to uninstall or do a System Restore if you are not having any problems.
        You can just sit tight for now.

        4 users thanked author for this post.
      • #1975248 Reply

        rick41
        AskWoody Lounger

        Just as another data point:  Win 7 64-bit Group A.  I recklessly went ahead and installed KB4524157 (pre-checked, BTW) on all 3 pc’s on October 3.  No issues.

        1 user thanked author for this post.
    • #1975119 Reply

      WildBill
      AskWoody Plus

      Nothing has disappeared from Windows Update on my Win8.1 machine. It probably changed on 10/02/19 (maybe the 3rd), but here’s what my Monthly Rollup shows: “2019-10 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4524156)”.  In the Catalog, it’s dated 10/04/19. Also, early this week or late last week, this was removed from Windows Update (fortunately, it was Optional): “2019-09 Preview of Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4516041)”. It’s still in the Catalog.

      Windows 8.1, 64-bit, leaning toward returning to Group A... & toward Windows 10 V1909. As long as it's a Lot Less Buggy!
      Wild Bill Rides Again...

    • #1975127 Reply

      Susan Bradley
      AskWoody MVP

      Nothing new in WSUS.  No expired updates, no new updates related to the out of band.

      Susan Bradley Patch Lady

      2 users thanked author for this post.
      • #1975145 Reply

        woody
        Da Boss

        Strange. Any indication why they were re-issued (or at least re-dated)?

    • #1975139 Reply

      anonymous

      While testing our airgapped lab for the new patches (which is a long process for import/export and downloading and filecopying), awaiting MS PFE response to Email inquiry, I too discovered this Email… UGH, but MS responded

      The Sept 23 release mitigated the vulnerability, these second release and third release (Oct 2/3) are bug fixes that were introduced and will be mitigated even more by the Oct 8 release.

      WAIT.

      • James
      1 user thanked author for this post.
    • #1975152 Reply

      Alex5723
      AskWoody Plus

      We are on DEFCON-1 – that’s pretty explanatory.

      WAIT!

      As I understand : last week’s DEFCON-3 was for Septemner‘s patch Tuesday (not for weeks C & D).
      The new DEFCON-1 is for October‘s out-of-band updates and has nothing to do with Septenber’s updates.

      Am I right ?

      Edit: Please see post #1975252

      1 user thanked author for this post.
      • #1975154 Reply

        PKCano
        Da Boss

        Woody’s Blogpost says:

        We’re still at MS-DEFCON 1, folks. There’s absolutely no good reason to install ANY September patches.

        1 user thanked author for this post.
    • #1975153 Reply

      Seff
      AskWoody Plus

      On my main Windows 7 x64 machine, I installed this morning the .net framework patch KB4514602 (no apparent issues) and left KB4524157 which had replaced the original rollup KB4516065 in accordance with the DefCon 1 rating.

      Having switched off as I was out for some hours I’ve just switched back on and am now being instead offered the original KB4516065 along with the previously-disappeared KB4474419, both dated 10th September and checked. I am leaving well alone, but if all is still well with the machine tomorrow then I will install KB451602 on my other machine along with the three Office 2010 updates that are checked but not the one that is unchecked (assuming those are still the same when I switch that machine on) – unless I am advised to the contrary!

      • #1975156 Reply

        PKCano
        Da Boss

        Did you read the last line of the BlogPost you are replying to?

        • #1975182 Reply

          Seff
          AskWoody Plus

          The bit about not installing any September updates? Yes, it was written after I installed this morning’s .net framework update (UK time) of course, and I did ask for clarification on the original updates versus the out of band ones yesterday but got no response – which is perfectly fine, you guys are rushed off your feet – so I went with the only one that had been cleared previously and, as stated, will only consider anything tomorrow in the light of the status at that time.

           

    • #1975167 Reply

      Alex5723
      AskWoody Plus

      There’s absolutely no good reason to install ANY September patches.

      Which September patches ? Patch Tuesday ? September 23 ? 24 ? 30 ?

      I think woody meant ANY October..

      • This reply was modified 1 week, 3 days ago by  Alex5723.
      • #1975235 Reply

        anonymous

        @ Alex5723

        Alex57 wrote:

        Which September patches ? Patch Tuesday ? September 23 ? 24 ? 30 ?

        I think woody meant ANY October..

        Just wondering, what part of Woody’s statement did you not understand?

        @ Woody:

        We’re still at MS-DEFCON 1, folks. There’s absolutely no good reason to install ANY September patches.

        If you think Woody has made an error in his statement, email him with your suggested correction. Don’t muddy the waters here with conjecture.

        2 users thanked author for this post.
      • #1975252 Reply

        woody
        Da Boss

        Alex, No. That’s not correct.

        We’re at msdefcon 1. Don’t install anything.

        The patches identified as 2019-10 in the update catalog are the fourth monthly updates for September.

        I’m doing this from my phone, so apologies.

        But you should NOT install any updates at this point. If you’ve already installed older patches, no need to fret. But if you just change your default browser app so it isn’t IE, you’re in good shape.

        • This reply was modified 1 week, 3 days ago by  PKCano.
        • This reply was modified 1 week, 3 days ago by  woody.
        2 users thanked author for this post.
        • #1975316 Reply

          OscarCP
          AskWoody Plus

          Woody, My understanding is that not having IE11 as the default browser is only half the story, because elements of IE11 (dlls, executables of various kinds, libraries?) are also used by the operating system, so only not using an unpatched IE11 as a browser is not really a great idea if those shared elements remain unpatched along with it. This does not mean we have to install these latest, problematic patches of IE11 right away, but I find it interesting that, at least in this case, it is enough not to use it as a browser. I am really interested in understanding better the IE11 – OS linkage and how it works in this case, as might be others, because this is not a new issue but a permanent one, at least for those of us running Windows 7.

          Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

          2 users thanked author for this post.
          • #1975429 Reply

            GoneToPlaid
            AskWoody Plus

            You bring up a really good point. Several days ago I went into Control Panel >> Default Programs and then to “Associate a file type or protocol with a program” on my Windows 7 computers. I then chose to associate .MHT and .MHTML files with Editpad Lite which is an alternative to Notepad. I figured that doing so would mitigate the IE vulnerability for malicious .MHT and .MHTML files.

            After doing the above, I decided to see what would happen if I tried to view a non-malicious .MHT file in the windows explorer preview pane. The .MHT file is stored on my computer. Guess what? The above file association with Editpad Lite doesn’t matter. It appears that windows explorer’s preview pane readily uses IE DLLs to open and display the contents of any .MHT and .MHTML files, regardless of the fact that I associated these file types with Edipad Lite.

            3 users thanked author for this post.
          • #1975506 Reply

            woody
            Da Boss

            The specific description given by Microsoft indicates that the infection vector goes through IE – whether it’s directly or indirectly (by, e.g., clicking a link that opens IE).

            See the penultimate paragraph:

            Customers are encouraged to use Microsoft Edge or other modern web browsers where possible. For tasks that require Internet Explorer, customers should limit its use to these tasks and set a different application as the default browser.

            That doesn’t say, specifically, that using a different browser will prevent the infection. But it sure hints broadly in that direction.

            4 users thanked author for this post.
    • #1975257 Reply

      dgreen
      AskWoody Lounger

      The above post is mine. Sorry, I forgot to sign in.

      FYI
      Reporting in regarding KB4524157 (Out of band update)

      Yesterday morning when MS-defcon was a 3, I went ahead and
      installed the Sept. Updates.
      I was able to show them by hiding the out of band update.
      I installed:
      KB4516065 (rollup)
      KB4514602 (.net),
      KB4474419 (sha-2) (this was installed 1st)

      I hid Kb4516655 (serv stack)
      I hid KB4524157 (out of band update)

      I have not experienced any issues.
      I actually checked my HP inkjet printer and it worked fine.
      I print via USB port on my tower.

      After reading the above posts in this thread today,
      I went and did a “search for updates”.
      Results were 2 optional.
      KB4516048 2019-o9 Preview of monthly rollup
      KB4516551 2019-09 Preview .net rollup

      I then unhid KB4524157 and did another “search for updates”.

      KB4524157 is no longer offered either important or optional.
      It is gone.
      the 2 Optional mentioned above remain.

      Dell Inspiron 660 (new hard drive installed and Windows 7 reloaded Nov. 2017)
      Windows 7 Home Premium 64 bit SP 1 GROUP A
      Processor: Intel i3-3240 (ivy bridge 3rd generation)
      chipset Intel (R) 7 series/C216
      chipset family SATA AHCI Controller -1 E02
      NIC Realtek PCLE GBE Family Controller
      MSE antivirus (has new name now)
      Chrome browser
      DSL via ethernet (landline)

      2 users thanked author for this post.
      • #1975262 Reply

        PKCano
        Da Boss

        I hid Kb4516655 (serv stack)

        Right now KB4490628 is good enough. But when we clear DEFCON-1, you should go ahead and install Kb4516655. You may need it eventually.

        3 users thanked author for this post.
        • #1975531 Reply

          Pierre77
          AskWoody Plus

          I also lost KB4524157 overnight on all 3 PCs running W7 Home Premium What a mess!

          1 user thanked author for this post.
    • #1975458 Reply

      abbodi86
      AskWoody_MVP

      https://answers.microsoft.com/message/38a53e53-ed74-4001-bde5-45bb7c6fbfea?threadId=8ac2f5fb-7e9b-4de5-b137-0737d1f4cc04

      (b) when there are potential quality issues found in the first day or two of release (so we can slow the deployment while we gather data to assess the scope of an issue)

      1 user thanked author for this post.
    • #1975514 Reply

      NightOwl
      AskWoody Plus

      @ GoneToPlaid

      After doing the above, I decided to see what would happen if I tried to view a non-malicious .MHT file in the windows explorer preview pane. The .MHT file is stored on my computer. Guess what? The above file association with Editpad Lite doesn’t matter. It appears that windows explorer’s preview pane readily uses IE DLLs to open and display the contents of any .MHT and .MHTML files, regardless of the fact that I associated these file types with Edipad Lite.

      Well, I had to test that out for myself. I have had several occasions when I have clicked on a file type, and it has pulled itself up in Internet Explorer (IE). And I know I have switched my default browser to FireFox. So, your results bothered me.

      I’m thinking you must have somehow mucked up the file association process. I even downloaded the *EditPad Lite* program to test things out. My file association for a *.mhtml* file was currently *Notepad* (Note: in the file association settings found at *Control PanelAll Control Panel ItemsDefault ProgramsSet Associations*, Windows default setting for a *.mhtml* file was IE–*Notepad* was the secondary option). When I clicked on a *.mhtml* file, it opened with *Notepad*.

      I then switched the association to the *EditPad Lite* program–I had to browse to find that program–it was not a current listing in the associated program list. Again clicking on the *.mhtml* file type now opened in *EditPad Lite*.

      I then switched the file association to IE, and it now tried to open in IE, but I have that file type blocked because I have scripting blocked–so it could not successfully *open*, but it tried to.

      Switched it back to *EditPad Lite*, and clicking the *.mhtml* file type, and it again opened in *EditPad Lite*.

      So, I’m pretty sure something did not go as planned when you were changing the file associations. I noted that each time I attempted to change the file association, the program highlighted what it feels is the *default* program–in this case IE. If you clicked *OK* without changing the highlighted selection to the program you wanted, the file type would be associated with IE. You have to manually change the highlighted item, and then click *OK*.

      You should check to see which program your files are associated with to see if it shows as *EditPad Lite* or something else.

      File-Associations

      NightOwl

      No question is stupid ... but, possibly the answers are 😉 !

      Attachments:
      • #1975613 Reply

        anonymous

        @nightowl

        GoneToPlaid is not talking about the file association, but about explorer’s preview pane. Of course explorer’s preview pane does not change when you change the file association. GoneToPlaid did some debugging and found that IE dlls were used in the preview pane.

        I doubt this is exploitable in any case, as explorer probably does not run scripts in the preview pane. But what you are talking about appears unrelated to what you are responding to.

        • #1975704 Reply

          NightOwl
          AskWoody Plus

          @ anonymous in reply 1975613

          GoneToPlaid is not talking about the file association, but about explorer’s preview pane. Of course explorer’s preview pane does not change when you change the file association. GoneToPlaid did some debugging and found that IE dlls were used in the preview pane.

          Thanks for the feedback. I have to admit that I do not use Windows File Explorer very much–I use a third party file manager mostly. So, I have never used the *Preview Pane* feature until now.

          However, my experience with the Preview Pane does not match @ GoneToPlaid’s described experience, and probably not yours either.

          If I have a test *.mhtml* file set in *file associations* to *EditPad Lite*, and if I use Windows Explorer with the *Preview Pane* open telling me to select a file to *preview*, this is what I get:

          Preview-Screen-File-in-Use

          The file was sent to *EditPad Lite* (EditPad Lite immediately opens and the file content is shown) before the *Preview Pane* has a chance to access the file, and apparently Windows Explorer is prevented from accessing the file:

          If on the other hand, I change the *file association* from *EditPad Lite* to *Internet Explorer* (IE), and now open *File Explorer*, and click on the file–the file is immediately sent to *IE* which attempts to access and run the script that that file type apparently is supposed to have, but is prevented from successfully opening the file:

          Internet-Explorer-Restricted-from-Opening-File

          And, now Windows Explorer’s Preview Pane is *blank*:

          Nothing-Shows-up-in-Preview-Pane

          So, my experience is that if a *file type* has a program defined as the *associated program* for that *file type*, then that program gets the file sent to it before Window Explorer and its Preview Pane gets a chance to do something with the file. (I could not immediately find a way to disable the file association setting for the *file type*. I can add programs, and change the setting to another program, but I can not *dis-associate* the program so it does not have an *association*. I’ll have to work on that later. I’m leaving later this morning for the next 4 days–so it will have to wait.)

          So, there must be some other *magic* that is needed to get a file to show up in the *Preview Pane* than what I know of so far. And the *associated file* program has a major effect on how Windows Explorer and the Preview Pane reacts.

          NightOwl

          No question is stupid ... but, possibly the answers are 😉 !

          Attachments:
          • #1975878 Reply

            anonymous

            So, there must be some other *magic* that is needed to get a file to show up in the *Preview Pane* than what I know of so far.

            The file was sent to *EditPad Lite* (EditPad Lite immediately opens and the file content is shown) before the *Preview Pane* has a chance to access the file, and apparently Windows Explorer is prevented from accessing the file:

            No magic needed, you simply have to select the file without opening it.

        • #1976215 Reply

          mn–
          AskWoody Lounger

          as explorer probably does not run scripts in the preview pane

          That’s the big question, isn’t it?

          Because it certainly used to be exploitable for cross-site scripting from mhtml at some point… hm, what year was that again? 2011?

          Doesn’t seem to run a simple regular JavaScript test case though, which may have been the default after one of those problems. But once you’d add iframes and whatnot…

    • #1976251 Reply

      Marvel Wars
      AskWoody Plus

      Win 7 64

      Hello !!

      Yesterday I installed KB4516065,KB4514602,KB4474419 and 4524157.

      Now I have KB4516655 but when I tried to install it, it didn’t worked.

      I know that we are now in defcon 1 so I will not try to install it again but do you know why it didn’t worked ?

      • #1976506 Reply

        rick41
        AskWoody Lounger

        On October 2, on one of my three Win 7 64-bit pc’s KB4516655 failed for me, too (worked OK on the other two).   I tried again about an hour later, after a couple reboots, and it installed OK.

    • #1976545 Reply

      Pixie
      AskWoody Lounger

      Ok so I have been holding off on the out-of-bank release KB4524148 (Win10 v1809). This morning it downloaded and installed automatically on my laptop!  I am very unhappy about this!  So MS pushed this update onto my laptop. So far as I can tell everything is working ok.  My printer is working.   I have Chrome set as my default browser. Never had IE installed on my laptop and don’t use it.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: All of the out-of-band patches were re-issued in the past few hours

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.