News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • April Patch Tuesday Windows and Office patches are out

    Home Forums AskWoody blog April Patch Tuesday Windows and Office patches are out

    This topic contains 45 replies, has 17 voices, and was last updated by  anonymous 5 months, 3 weeks ago.

    • Author
      Posts
    • #350207 Reply

      woody
      Da Boss

      Stay tuned while we pull in the pieces….
      [See the full post at: April Patch Tuesday Windows and Office patches are out]

      7 users thanked author for this post.
    • #350208 Reply

      PKCano
      Da Boss

      Group B Security-only patches and the IE11 Cumulative Update have been updated AKB2000003 on 4/9/2019.

      11 users thanked author for this post.
    • #350218 Reply

      Microfix
      Da Boss

      Martin Brinkmann has his links updated, wow that was quick..ghacks.net
      Taken from Ghacks:

      Windows 8.1
      Monthly rollups won’t include PciClearStaleCache.exe anymore starting with this update

      Sounds like W8.1 may encounter similar NIC issues as Win7 has from march 2018..
      Think I’ll hang off updating for a while

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      • #350230 Reply

        columbia2011
        AskWoody Plus

        It’s applies only to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1. Windows 8.1 and Server 2012R2 free from NIC issues.

      • #350482 Reply

        Microfix
        Da Boss

        The blog correction has been made 🙂
        Still not updating

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

        • #350486 Reply

          PKCano
          Da Boss

          The pciclear executable has only been bundled with the Win7 Rollups in the past, not the Win8.1.

          1 user thanked author for this post.
    • #350221 Reply

      GoneToPlaid
      AskWoody Plus

      400 bad request when clicking on the Zero Day Initiative link, due to a trailing apostrophe in the link.

      1 user thanked author for this post.
    • #350231 Reply

      Geo
      AskWoody Plus

      Thanks for the  Adobe flash mention.  It was faster to manual download then waiting for the auto-update.

      1 user thanked author for this post.
      • #350296 Reply

        GoneToPlaid
        AskWoody Plus

        I have had auto update issues for Adobe Flash on two different occasions. In both cases, I had to uninstall Flash and then install the latest manually downloaded update. One has to wonder if Adobe now is also using artificial intelligence, like Microsoft, to see if their updates “appear” to be good to go.

      • #350302 Reply

        GoneToPlaid
        AskWoody Plus

        Hmm, and you all do know that flashplayer32_xa_install.exe version 2.0.0.332, which was released in around the middle of March 2019, may have been infected? I got several hits for it on VirusTotal, and the intermediate release after it inexplicably would not install on a couple of my computers. I had to uninstall Flash, and then install the subsequently released version.

        So to anyone who can’t get a Flash update to install, uninstall Flash, reboot, and then download and install the latest version.

        Final note: I just downloaded and successfully installed the latest Flash version via the Flash update utility on two of my computers. No issues.

        1 user thanked author for this post.
        • #350357 Reply

          anonymous

          Interestingly, for the first time ever as far as I can recall, Comodo failed to recognize the Flash updater when it triggered today, said unrecognized and on top of asking whether I wanted to allow it to connect, which always happens since I have it set to always prompt on new connection attempts, the HIPS also asked whether I wanted to allow it to do what it wanted to.
          It’s like the file wasn’t signed. And not like I could check it after it was done, since it gets deleted. The actual files seem signed just fine though.

        • #350358 Reply

          anonymous

          (Instead of editing) Ah, just checked again, seems like Adobe changed the name for the certificate and it’s just Adobe Inc. now? That probably confused it, and I see that 1h after the update it filed some other Flash files as untrusted, then added Adobe Inc. as trusted vendor and reassessed one more hour later.

          I see that the company name had been changed back in October, but maybe it took this long for them to change it in file signatures too?

          1 user thanked author for this post.
    • #350252 Reply

      seamonkey420
      AskWoody Lounger

      We just noticed a newly published Feature Update to Windows 10 in WSUS from 3/28/19.

      • Feature update to Windows 10 (business editions), verison 1809 x64 2019-03B, en-us
      • Feature update to Windows 10 (business editions), verison 1809 x86 2019-03B, en-u

      If you click link in WSUS for info, it will bring you to the 1803 update history page of course.  Is this an updated 1809 feature update or a possibly mislabed update? We have declined in our WSUS since we are in the middle of rolling out 1809 feature updatse to all of our 1607 clients and don’t want to change the criteria that we have tested with.

      Anyone else noticing this or know what this is?  TIA!

      Attachments:
      • #350274 Reply

        PKCano
        Da Boss

        1809 was recently declared ready for business (SAC that is not SAC anymore 🙂 ) Perhaps that is why you are seeing it.

        As to the labeling mixup, who knows. The Windows Software Distribution Update History page shows the CU for 1607 KB4493470 as being for 1803. MS documentation is not necessarily the best.

        3 users thanked author for this post.
        • #350292 Reply

          seamonkey420
          AskWoody Lounger

          we have been using the 1809 update in wsus that did have the same name except the ending 2019-03B since early Jan (after they re-released it after issues w/user profile and data deletion).  Nonetheless, will wait to hear from others but until then we are declining it and using the one we’ve been using the last two months 🙂

          thanks for the reply!

          • #350412 Reply

            abbodi86
            AskWoody_MVP

            It’s just refreshed installation media with March 2019 updates, B stands for second update tuesday (aka patch tuesday)

            4 users thanked author for this post.
    • #350297 Reply

      CraigS26
      AskWoody Plus

      Successful Install of KB4493509 Cum Update 1809 / KB4493478 Adobe Flash/ KB890839 MSRT + C2R Std-Hm Office ’16.

      Although a willing early Update Test-er, with a new HP W10 desktop using mostly Firefox & Office ( & Macrium) I’m too simple a setup to be a real test for many of your multi-layered systems. Loving the speed of SSD + HDD and haven’t missed Win 7 at all.

      W10-64 1903-18362.418 Home / Hm-Stdnt Ofce '16 C2R / i5-8400/ 12 GB / 256 SSD + 1 TB HDD / InSpectre #8 = GREEN

    • #350293 Reply

      anonymous

      I’ve seem somewhere in this website that Group B’s patches should be installed in chronological order because they are not cumulative.

      Question: What happens if you install them randomly? Will they fail to install? Will they BSOD your system? Will they need the other patches as a base for installing? (shouldn’t supercedence take care of this mess?)

      Thanks.

      • #350299 Reply

        PKCano
        Da Boss

        Supercedence should work.

        But there is that word “should” again.

      • #350308 Reply

        GoneToPlaid
        AskWoody Plus

        PKCano is correct that supersedence should work (it always has for me, so far). On the other hand, there are a few circumstances in which you will want to install some Group B updates out of order, and specifically in order to allow supersedence to get around issues which were present in one or more earlier updates which could block updates for specific CPUs. The latter is a really fun thing to try to resolve since performing a System Restore won’t fix the issue.

        In the two attached GIF images, I have renamed the downloaded Windows Updates for Group B such that each update’s name starts with the desired installation order, followed by the date of the updates’ release by Microsoft, and followed by the update’s description and KB number to which I added info about the update. All of the Reboot.txt listings are zero length text files which simply tell you when you need to reboot after installing either an individual update or after having installed several updates listed after the previous Reboot.txt file entry.

        Yeah, the above (and as shown in the two attached GIF images) would be a pain to manually perform. This is why I would like to call upon the expertise of any an all here to create a script which does the following for a given flavor of Windows 7:

        1. Download all Group B Windows Updates for a given flavor of Windows 7, as described above, and and save the updates to a given folder.

        2. The script should then appropriately rename the updates using the nomenclature which I described in the second paragraph, above, and similarly as shown in my two attached GIF images.

        The slick thing about renaming the downloaded updates, similar to what is shown in my attached GIF images, is that one could rename each update to start with an underscore character after the user has installed each update. In this way, the user can keep track of their progress in terms of installing all Group B updates in the proper order.

        The upshot is that all of this is “food for thought” in terms of how I have successfully remained on Group B, and in terms of how I have avoided various pitfalls by using supersedence when updating.

         

        Attachments:
    • #350306 Reply

      warrenrumak
      AskWoody Plus

      Interesting….. many of the vulnerabilities that were fixed are all in the same component — the filesystem driver for UAC File Virtualization.  All those vulnerabilities would’ve been introduced when Vista was being developed — and this is a security component!

      Just goes to show that even with the best of intentions, writing secure code is hard.

      There’s a whole bunch of new Jet Database Engine remote code execution vulnerabilities too.  Hopefully they won’t cause a lot of disruption like the last time around.

      1 user thanked author for this post.
      • #350312 Reply

        GoneToPlaid
        AskWoody Plus

        Microsoft fully intended to lock down Vista Unix style. Yet the AV software vendors threatened to sue since Microsoft wanted to remove all hooks into the kernel. And thus secret deals were made.

        2 users thanked author for this post.
    • #350399 Reply

      E Pericoloso Sporgersi
      AskWoody Plus

      My machine succesfully feature updated to Win 10 x64 H 1809 17763.437 on 3 Oct 2018.

      Then cumulatively updated to KB4490481 on 4 Apr 2019

      At my request, 30 min. ago (10 Apr 2019), Windows cumulatively updated to KB4493509.

      I then ran CCleaner (v5.56.7144).

      So far I found no issues. Everything works fine.

      Clevo portable, motherboard 32 GB RAM, dual monitor
      Intel(R) Core(TM) i7-4810MQ
      NVIDIA GeForce GTX 970M
      500 GB SSD
      1 TB HDD
      7 external USB 3.0 HDDs, 17 TB in total
      Windows 10 x64 Home (configured to look like Windows 95)

    • #350424 Reply

      radosuaf
      AskWoody Lounger

      I cannot update my phone with the latest update, first I got the 0x80070002 error, now downloading is stuck at 0%…

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1809 64-bit
    • #350435 Reply

      anonymous

      W7 – 64. 2 Updates. Grp – B. Downloaded / Installed. Apparently. OK.

      • #350616 Reply

        deanwmn
        AskWoody Plus

        I just installed the two updates to Windows Defender and another monthly one.  But in addition to those I unchecked and hid (the Win 7 Preview rollups of Security, etc) there was one I hadn’t seen before – a Win 7 Service Stack Update. I hid it too – but what is it?

        • #350619 Reply

          PKCano
          Da Boss

          You need to install the Servicing Stack. It is the update for the Windows Update mechanism.

          1 user thanked author for this post.
        • #350626 Reply

          Microfix
          Da Boss

          As @pkcano has posted, you NEED the Servicing Stack KB4490628 and the SHA-2 update KB4474419.
          These will be required for use with WU insothat WU works as intended in the future.

          ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

          2 users thanked author for this post.
    • #350443 Reply

      woody
      Da Boss

      Just got this from a reader:

      I think I mistakenly clicked checked updates and I can’t enable the pause button. Now they want to update to April. I’d prefer to wait until you give the all clear; anything I can do other than keep setting specific times a few days ahead? My restart only has restart with update options.

      You’ve mentioned before that clicking to update windows is a bad thing within the current scheme of things so once having done that is there a way to get the pause button back and running without doing the current patch? and will that revert once I do the latest patch? My scheduled update is now set to April 16 but the restarts stills include updates.

      1 user thanked author for this post.
    • #350466 Reply

      anonymous

      I found new retro-numbered “important” 2010 Excel and 2010 Office (32-bit) security patches waiting for me in Windows Update on my Windows 7 rig. Couldn’t find them on this website or in the downloadable Excel file of patches:

      Excel 2010 KB4462230

      Office 2010 KB4462223

      Office 2010 KB4464520

      Safe to install?

      1 user thanked author for this post.
    • #381461 Reply

      anonymous

      Win 10 1709 64 bit.  Installed April delta update, stable for 3 days.  Blocked KB4346085 Intel microcode and 1809 upgrades.

      • #513936 Reply

        EP
        AskWoody_MVP

        v1709 just went EOL (aka “out of support) on April 9, 2019. you need to upgrade to at least v1803

        1 user thanked author for this post.
        • #544322 Reply

          anonymous

          Correct – this is the last month of supported 1709.  Next month, we’ll upgrade from 1709 to 1803 by installation from previously obtained 1803 optical media, and then apply May 1803 cumulative update if it appears to be stable.

    • #422893 Reply

      Tex265
      AskWoody Plus

      Since I have my Quality Updates deferred for 5 days, I just got the Windows 10 Pro v1803 Updates for April KB4493464, Adobe, and MSRT.

      I also checked wushowhide and have re-issue KB4346084 awaiting download.  A seach indicates that this is a Micosoft Microcode Update. It apparently also replaces KB4100347 which I had previously hidden and is now gone.

      I’m going to hide this pending more information, but per Born City this now covers: Spectre Variant 2, 3a, 4, and L1TF.

      At what point should we take these Microcode updates seriously and install?

      Windows 10 Pro x64 v1803 and Windows 7 Pro SP1 x64
      2 users thanked author for this post.
      • #423198 Reply

        PKCano
        Da Boss

        As yet, there are no exploits in the wild. Personally, I would hold off on the microcode updates

        2 users thanked author for this post.
    • #511912 Reply

      anonymous

      I had hidden KB4100347 after updating from v1709 to v1803 (Home). It was staying hidden up until yesterday (hide/metered connection as per PK instructions). Today, I get a notification that it is ready to install! I’ve stopped it by delaying the restart, but it is already downloaded and shows up as an update in Settings>Windows Update>View Update History. I went to the Control Panel>Programs>…>Installed Updates to see when it was ‘installed’ and there is no date. I assume that is because the restart is what really ‘installs’ it.
      Question 1: I notice in the above thread that there is another KB (KB4346084) that replaced it. So why isn’t that one being installed?
      Question 2: Should I remove it? If so can I remove it before the restart, or do I have to let it install and then remove it?

      • #513702 Reply

        EP
        AskWoody_MVP

        the KB4346084 update for v1803 is a Catalog only update – only obtainable thru the MS Update Catalog; usually never pushed thru Windows Update

        you can just manually download & install KB4346084 on top of KB4100347 as it is not necessary to remove that one. be sure to restart the computer after installing the KB4346084 update

        • #515393 Reply

          anonymous

          Thanks for clarifying my first question about the difference between the two KBs. My 2nd question was whether to remove KB 4100347 and before or after restart? I get the impression
          that it should NOT be installed given comments from PKCano and others.

        • #545068 Reply

          Tex265
          AskWoody Plus

          EP wrote:

          the KB4346084 update for v1803 is a Catalog only update – only obtainable thru the MS Update Catalog; usually never pushed thru Windows Update

          Unless I’m the exception, per my post, KB4346084 was in my Windows Update queue to be downloaded. I caught it and it is currently hidden via my wushowhide.

          PKCano currently does not recommend installing either of these KB’s. Others who know more than me can chime in, but from what you are saying, it seems you are beyond being able to stop the installation of KB4100347. If it installs, check to see if it can be uninstalled then make your decision. You do not have to seek out or accept KB4346084 regardless.

          Windows 10 Pro x64 v1803 and Windows 7 Pro SP1 x64
    • #515561 Reply

      anonymous

      Sorry – missed your second paragraph. I was hoping to find out IF I really should be installing either of them at all, and if not, do I have to let the restart finish the install and then remove?

    • #551664 Reply

      anonymous

      Thanks for clarifying. And yes, the KB 4100347 already installed. Things seem to be working fine, but I’ll see if I can remove it using the Control Panel Uninstall, since it is showing up there. Although I’m not really sure why people are objecting to it, maybe that was in another post?

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: April Patch Tuesday Windows and Office patches are out

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.