News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Confusion reigns supreme for admins facing this month's patches

    Home Forums AskWoody blog Confusion reigns supreme for admins facing this month's patches

    This topic contains 33 replies, has 15 voices, and was last updated by  E Pericoloso Sporgersi 1 week, 5 days ago.

    • Author
      Posts
    • #1967069 Reply

      woody
      Da Boss

      Site admins I know are livid about this month’s mess-ups. Read this Twitter thread from Bryan Dam: https://twitter.com/bdam555/status/1177566749744685056[See the full post at: Confusion reigns supreme for admins facing this month’s patches]

      3 users thanked author for this post.
    • #1967083 Reply

      WildBill
      AskWoody Plus

      His tweet that started the thread listed the WSUS KB#’s for Win7 & Win8.1. Someone else & myself mentioned KB4522007 for those 2 OS’s. BTW, how does M$ expect customers to trust that Redmond will deliver corrective patches when needed?

      M$ Narrator: Blindly.

      Woody: Blindly… but 99.44% of customers don’t trust M$ patches for anything now.

      Windows 8.1, 64-bit, leaning toward returning to Group A... & toward Windows 10 V1909. As long as it's a Lot Less Buggy!
      Wild Bill Rides Again...

      2 users thanked author for this post.
    • #1967108 Reply

      geekdom
      AskWoody Plus

      KB4522007 / Windows 7 / Windows 8
      2019-09 Cumulative Security Update for Internet Explorer 11 (Update: 9/20/2019)
      2019-09 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (Update: 9/22/2019)

      These updates are available only from Microsoft Update Catalog:
      https://www.catalog.update.microsoft.com/Search.aspx?q=%20KB4522007

      Group G{ot backup} TestBeta
      Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
      • This reply was modified 2 weeks, 2 days ago by  geekdom.
      • This reply was modified 2 weeks, 2 days ago by  geekdom.
      • This reply was modified 2 weeks, 2 days ago by  geekdom.
      1 user thanked author for this post.
      • #1967798 Reply

        geekdom
        AskWoody Plus

        KB4522007 Summary:

        This security update resolves a vulnerability in Internet Explorer. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could run arbitrary code in the context of the current user. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.

        https://support.microsoft.com/en-us/help/4522007/cumulative-security-update-for-internet-explorer

        Group G{ot backup} TestBeta
        Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
    • #1967122 Reply

      abbodi86
      AskWoody_MVP

      IE share market is too low for MS to dissent their patching schedule 😀

      • #1967125 Reply

        geekdom
        AskWoody Plus

        IE share market is too low for MS to dissent their patching schedule

        I think you meant disclose instead of dissent, but, no doubt, just very small potatoes.

        Group G{ot backup} TestBeta
        Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
        • #1967129 Reply

          geekdom
          AskWoody Plus

          …or perhaps, descend?

          Group G{ot backup} TestBeta
          Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
          • #1967189 Reply

            b
            AskWoody Plus

            … or disseminate?

            Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

      • #1967126 Reply

        Alex5723
        AskWoody Plus

        IE share market is too low for MS to dissent their patching schedule 😀

        IE should be patched not because it is a browser but because IE is baked as part of Windows Explorer.

        • #1967270 Reply

          warrenrumak
          AskWoody Plus

          This was true in very old versions like Windows 2000, but it is not true in Windows 10.

          You can verify this for yourself by using the Sysinternals listdlls tool. Use it to analyze a running copy of Windows Explorer for what libraries it has loaded into memory, and you will not see MSHTML.DLL listed at all.  Nor will you see JSCRIPT.DLL listed, which is the actual file that contains this current vulnerability.

           

          • This reply was modified 2 weeks, 2 days ago by  warrenrumak.
          2 users thanked author for this post.
      • #1967464 Reply

        woody
        Da Boss

        (Assuming you meant disrupt)… That’s one of the things that bother me about the update.

        From everything I’ve seen, the security hole is only exposed directly through IE. That means if you don’t use IE, you aren’t exposed.

        I haven’t heard even a breath of getting bit by, e.g., using the IE rendering engine, or having a piece of malware call Windows directly.

        1 user thanked author for this post.
        • #1967555 Reply

          b
          AskWoody Plus

          (Assuming you meant disrupt)… That’s one of the things that bother me about the update.

          But Microsoft did interrupt their scheduled programming to bring you this important message.

          Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    • #1967132 Reply

      Geo
      AskWoody Plus

      Group A ,  W7X64. home premium.  Took the 007 IE security update from the cat.but not the preview.  Group A is normally take everything automatically; but this is the first time with 007 you had to go to the catalogue. I need IE for updating.

      • This reply was modified 2 weeks, 2 days ago by  Geo.
    • #1967118 Reply

      anonymous

      Skipping the Windows 7 September 2019 “Security Only” Updates and I will wait for the Oct 2019 updates before deciding to patch anything. Hopefully the Oct 2019 Windows 7 SO patches will be telemetry free and the Oct 2019 IE update will be cumulative and have all the zero day fixing included. And only 4 more months of Windows 7 patching to worry about anyways before switching to Windows 8/8.1 on at least one laptop that came with a Windows 8/8.1 Pro license but has been running Windows 7 Pro its whole life.

      Maybe a retail 8.1 Pro OEM license key for one other laptops and the other older laptops getting Linux Mint. So until 2023 it’s on to watch all that Windows 10 Fun and eat the popcorn and drink the suds while that Update Hilarity Game is viewed from the sidelines.

       

      1 user thanked author for this post.
    • #1967137 Reply

      E Pericoloso Sporgersi
      AskWoody Plus

      Today I’m at 20 failures for KB4515384 and a 1st one for KB4517211.

      Maybe I shouldn’t lean out?

      My computer works fine though … 

      • #1971052 Reply

        E Pericoloso Sporgersi
        AskWoody Plus

        UPDATE:

        I dove in and grabbed the 1903 update when it was available. (the 19H1 update for Windows 10 Home 64 bit 1809)

        But since then Microsoft gradually and completely depleted my patience with my, up to now, unsuccessfully updated 1903 version!

        So I restored images of my C:\System and D:\Applications partitions taken just before the August 13th Windows Update and then I rebooted my computer and myself.

        Quite unexpectedly while updating Aghast Avast Free, Windows Update automatically downloaded and (Oh joy) successfully installed several updates:
        KB4515384 
        – KB4514359
        – KB4516115

        I have no idea why the KB4515384 patch did fully install this time, versus 23! failures before the restore. But I’m sure glad it did, and I’m positively ecstatic I didn’t need images recorded before the 1903 update, because I don’t have those any more.

        I admit I consider myself lucky. [Slight tremor] This time. [Shudder]

        Henceforth I shall wait to delete older images, taken BEFORE updates, until AFTER a fully successfull update.

         

    • #1967124 Reply

      anonymous

      ? says:

      the only confusion i have with Windows is if i can make it to January’s last patch? over at Linuxland it is only Confucius:

      https://en.wikipedia.org/wiki/Confucius

      Golden Rule, treating others as you want to be treated…

    • #1967178 Reply

      EP
      AskWoody_MVP

      seems like that twitter link is no longer working when I try to access it
      all I can find was this one

      fwahahahaha FWA-HA-HA-HA 🙂

      • This reply was modified 2 weeks, 2 days ago by  EP.
      • #1967182 Reply

        Kirsty
        Da Boss

        If you clicked the truncated link on this page, you would have got an error (now corrected), but the link on the blogpost was just fine. It’s a function of the automatic topic creation process used in BBPress, that we occasionally get caught with…

        The tweet has not been deleted 🙂

        1 user thanked author for this post.
    • #1967474 Reply

      anonymous

      ? says:

      KB4522007 shows how to “mitigate,” the known issue ie: internet zones 3 & 4 settings 140c to 3 for disabled…

      https://support.microsoft.com/en-us/help/4522007/cumulative-security-update-for-internet-explorer

      • #1967543 Reply

        b
        AskWoody Plus

        ? says:

        KB4522007 shows how to “mitigate,” the known issue ie: internet zones 3 & 4 settings 140c to 3 for disabled…

        https://support.microsoft.com/en-us/help/4522007/cumulative-security-update-for-internet-explorer

        That’s an entirely different issue: A double-check for recommended defaults which MAY be required AFTER installing the fix for Windows 7.

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

        • #1967624 Reply

          anonymous

          ? says:

          thank you underscore b,

          if it is not to much trouble, as i am obviously “confused,” if you see bleeping computer:

          https://www.bleepingcomputer.com/news/security/microsoft-issues-windows-security-update-for-0day-vulnerability/

          under “workaround to mitigate this vulnerability,” 32bit:
          takeown /f %windir%\system32\jscript.dll
          cacls %windir%\system32\jscript.dll /E /P everyone:N

          how is the end result of blocking jscript & jscript.dll “better” by applying the KB4522007 than disabling them in the internet zones?

          • #1967646 Reply

            b
            AskWoody Plus

            how is the end result of blocking jscript & jscript.dll “better” by applying the KB4522007 than disabling them in the internet zones?

            It’s not better; it’s an alternative to installing the patch.

            But the Internet Zone mitigation to which you referred and linked (first time) is an additional check for recommended defaults AFTER installing the patch; it’s about VBscript, not Jscript. So that is not the correct mitigation for “the” issue (IE 0-day) on its own.

            Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

            • #1967647 Reply

              anonymous

              ? says:

              thank you, b_

              so this component from the patch file list is what “fixes,” the problem?

              Vbscript.dll 5.8.9600.19467 496,128 15-Sep-2019 23:16 x86 Not applicable

              ok then i guess it is apply the patch or wait until the next regularly scheduled roll-up…

            • #1967650 Reply

              b
              AskWoody Plus

              Nope. The IE 0-day is Jscript.

              Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

            • #1967686 Reply

              anonymous

              ? says:

              alrighty then, b i’m like the title of the post says

              what exactly does KB4522997 do for IE? this?

              Jscript.dll 5.8.9600.19467 660,480 15-Sep-2019 23:06 x86 None Not applicable?

            • #1967757 Reply

              b
              AskWoody Plus

              Yep. (KB4522007)

              Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

            • #1967762 Reply

              anonymous

              ? says:

              ok, thank you b, i’m no longer “confused,”… right?

              1 user thanked author for this post.
              b
    • #1967645 Reply

      mdbwe
      AskWoody Plus

      ERROR IN THE MASTER PATCH LIST “2019-09-24-Pre-Win10-Updates.pdf”

      On page 6, Win 7 Update listed as “4504602” is fat fingered.

      It should be shown as “4514602”  Same description.

      I assume that the advice is still the same as of this date? — Defer?

      Thx

       

      • #1967649 Reply

        mdbwe
        AskWoody Plus

        Another issue with the Win 7 updates file 2019-09-24-Pre-Win10-Updates.pdf

        Page 8, update listed as 4474419 shows as released Jun 11.  It is in my update pile and dated Sep 10.

        PLUS if I click the imbedded link in the AW pdf, I come to a completely different KB # here: https://support.microsoft.com/en-us/help/4503287/windows-server-2008-update-kb4503287

        Whoo boy.  I appreciate the critical look at the Win updates, but so far, this month, I am 0 for 2! Two listing errors.

        Thx

         

        • #1967775 Reply

          Susan Bradley
          AskWoody MVP

          It got re-released.  The original date was back in June.  I’ll fix the link and thanks!

          Susan Bradley Patch Lady

      • #1967655 Reply

        mdbwe
        AskWoody Plus

        Another issue in the Patch lists —

        KB4503548 — Net Frame 4.8 — Not listed in any patch file — dated Aug 13.

        Man o man.  Now batting only 1 for 4 this month!

         

        • #1968231 Reply

          Susan Bradley
          AskWoody MVP

          I don’t recommend installing it on older platforms is why.  But I’ll note it in the spreadsheet.  Thank you for the eyeballs.  There is literally no place where Microsoft lists all of the updates.  I don’t have some of the OS’s (server 2008 sp2 for example) so my apologies if things slip through.  I appreciate your detailed info!

          Susan Bradley Patch Lady

    • #1968160 Reply

      Fred
      AskWoody Plus

      KB4517211  just pushed. W10H1903, fully pathed without the recent IE/Edge-patch.

      Had one mysterious reboot when pc_sleeping, one day earlier (*%/+** !!). Also had some black-blinking of the screen since mysterious boot.

      Show/hide_windowsupdates and miniupdatetool  both did not see this KB4517211 coming, looked regularly.

      Metered connection on, yes. OOw10Shutup used.

      And MSdefenderDefinitionsUpdated regularly when seeking with miniupdatetool.

      Looked all normal and quiet.

      WupdateCatalogus showed a new servicestack dd.sept26th, installed manually

      The pushed update KB4517211 : I have downloaded from wucatalogus installed it manually.

      Today, looking whats right or wrong. YAMYAM.

      Though MS doesnt get it that “some” people
      dont like to be hostedged this way, always.

      PGP-ID=0x(askforit)

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Confusion reigns supreme for admins facing this month's patches

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.