December 2018 Patch Tuesday is under way

[PKCano]

December Updates are rolling out. Martin Brinkman at ghacks.com has his usual thorough summary. Operating System Distribution Windows 7: 9 vulnerabili
[See the full post at: December 2018 Patch Tuesday is under way]

15 users thanked author for this post.

Lori, Geo, deuce120, fk5353, Microfix, Pepsiboy, ch100, Myst, abbodi86, Mr. Natural, Elly, flackcatcher, woody, geekdom

Reply | Quote

[PKCano]

Group B Security-only downloads have been updated on AKB2000003 for Dec. 11, 2018

These are direct links to Catalog downloads. If Microsoft changes anything after Patch Tuesday, the downloads are current with the Catalog.

10 users thanked author for this post.

Steve, lanceboil, SueW, Pepsiboy, abbodi86, The Surfing Pensioner, LH, Elly, samak, geekdom

Reply | Quote

[geekdom]

Beta Test
Reporting on Windows 7 x64 Updates

– Windows Malicious Software Removal Tool x64 (KB890830)
– December Security Monthly Quality Rollup Windows7 x64 (KB4471318)
– Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4471987)

All installed without error and the system rebooted without error.
Please note that GWX Control Panel is used to prohibit Windows 10 upgrade.

Beta Work {Got backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0 WindowsDefender TRV=2004 WuMgr

5 users thanked author for this post.

Geo, rontpxz81, Chessie, Myst, columbia2011

Reply | Quote

[b]

Windows 10 version 1809; KB4471332 installed; now build 17763.194:

No known issues.

Fixed a Seek Bar issue that affected Windows Media Player.

Security updates to Windows Authentication, Microsoft Scripting Engine, Internet Explorer, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Storage and Filesystems, Windows Wireless Networking, Windows Kernel, Microsoft Edge, and Microsoft Scripting Engine.

3 users thanked author for this post.

flackcatcher, woody

Reply | Quote

[Microfix]

Windows 8.1 Pro x64 report (SMQR Patching)
KB4471320:
Fixed the Seek Bar issue in Windows Media Player (never use it)
Security updates to Microsoft Graphics Component, Windows Storage and Filesystems, Windows Wireless Networking, Windows Kernel, and Internet Explorer. (restart required)

KB4471989: Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2 (no restart required)

Both patches installed without errors or incidents within Event Viewer.
Disk clean/ clean system files performed and removed approx 952mb of patch installation data and a manual trim performed on SSD.
System seems snappier/ more responsive post reboot.

Windows 8.1: 8 vulnerabilities of which 8 are rated important

I’d say that W8.1 knocks W10 out of the park this month and every month for that matter 😀
doncha just <3 W8.1

No problem can be solved from the same level of consciousness that created IT- AE

4 users thanked author for this post.

BobbyB, columbia2011, radosuaf, PKCano

Reply | Quote

[anonymous]

Win 8.1 x64 updated.  Two XP x32 updated.  No anomalies noticed so far.   There’s an adobe reader out there too – fyi.

Reply | Quote

[BobT]

Most secuuuuuuuure OS ever..

Reply | Quote

[geekdom]

While patching may yet be young this month, reports here are encouraging.

Beta Work {Got backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0 WindowsDefender TRV=2004 WuMgr

Reply | Quote

[anonymous]

Just installed the lot, now on 17763.194.

Seems OK.

It makes sense to Seek early in the lifetime of a new W10 version, since it usually needs a few things fixed. Later, just before the next version, it is a different story…

Reply | Quote

[Elly]

Being a Seeker makes sense if you are techy enough, and need to check what problems exist… and I truly laud those who are able to test out the patches for us… but it doesn’t make sense for non-techy end users… No matter how encouraging that the new patches haven’t caused any obvious problems, I’ll wait until the next DefCon change before installing anything!

Non-techy Win 10 Pro and Linux Mint experimenter

7 users thanked author for this post.

Charlie, geekdom, SueW, deuce120, woody, Chris B, BobbyB

Reply | Quote

[BobbyB]

@geekdom Ahh the Month is still young yet between Patch Tuesday’s got burned with enthusiasm before with Win 10 1511 x64 and had a torrid time with BCD using a Boot USB and the full range of Boot Rec CMD’s. I wouldn’t have cared that much but I was running only Single Boot at the time not the usual Multi Boot (always good to back that one, BCD, up if you can in case you have to rebuild the MBR/UEFI partition from the CMD prompt)
Think I am going with @elly ‘s suggestion and holding off a while, besides I am a great believer in the philosophy If it aint broke don’t fix it and Touch Wood even 1803, 1809 are running fine, Win’s 7 and 8.1 x64’s never any worries there 😉

Reply | Quote

[Susan Bradley]

“Microsoft hasn’t learned its lesson” 

I would argue we haven’t learned the lesson.  Since day 1 on Windows 10 “check for updates” installs them.  We have to stop thinking 7ish on a 10 machine.

Susan Bradley Patch Lady

8 users thanked author for this post.

plodr, Charlie, deuce120, fk5353, woody, BobbyB, b, PKCano

Reply | Quote

[Elly]

That pinpoints one of the problems with W10- giving up things that worked better for us, on previous operating systems. Not willing to surrender- so for me, that is one of the things that is broken on W10- you can’t check and see what updates are available through Windows Update. They can make it rainbow colored and add bling- it is still something broken. Call it a feature and say it is supposed to work that way, and has been that way since the W10 downgrade- but it is something that impairs the functionality of Windows Update… Call the poor unfortunates that think the word check means to see what is there, Seekers (suckers, really). Change the functionality and change the terminology and  maybe people wont notice that they are getting more of what they don’t want and less of what they do want… Personally, I do want to see what updates are available in Windows Update, without having to use a special tool… and until that function is returned to Windows Update in W10, it is broken… I’m so glad that Windows Update is within my control in Windows 7, however near to end of life it might be… and that I can check and see what is available, any time, without risking an  unwanted update messing up my system…

Non-techy Win 10 Pro and Linux Mint experimenter

6 users thanked author for this post.

Steve, Charlie, geekdom, SueW, Lars220, BobbyB

Reply | Quote

[geekdom]

Regarding Windows 10 update implementation:

– If my vehicle manufacturer swapped forward and reverse, even with notice, I would have a difficult time adjusting to the change.

– Perhaps the button should state “Install Updates” not “Check for Updates”

Beta Work {Got backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0 WindowsDefender TRV=2004 WuMgr

3 users thanked author for this post.

BobbyB, lanceboil, Elly

Reply | Quote

[MrJimPhelps]

If that happened with my car, I’d want my money back!

And with wireless software updates occurring whenever, something like this could happen.

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

Reply | Quote

[anonymous]

To borrow a phrase “Microsoft shot first!”, and KB4023057 is their ever expanding lock pick tool.

Reply | Quote

[anonymous]

W7 x64 Home Basic. 3-Updates, installed & working.
Question. When does the Maliciuous Software Removal Tool run ?

AskWoody is my Windows Update Oracle. I read the comments, consensus dictates my actions.

Merry Christmas & Happy New Year !

Reply | Quote

[PKCano]

MSRT runs during the Windows Update installation process and any time you want to run mrt manually.

Reply | Quote

[anonymous]

How does MSRT indicate, that it has found something ?

Evey month, I manually dig out stuff like the following:-
KB4011207 & KB4461565 MS Office Compatability Updates.
Even though my WU indicates ‘For Windows and other products from Microsoft Update’.
Any observations, would be appreciated. CHEERS !

Reply | Quote

[geekdom]

anonymous wrote:

How does MSRT indicate, that it has found something ?

MSRT supposedly indicates that it has found malware on reboot after running it. I’ve never had any notification after reboot.

Beta Work {Got backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0 WindowsDefender TRV=2004 WuMgr

Reply | Quote

[anonymous]

For anonymous#post-239844, Microsoft is not always transparent to the user but the information is available.

As Geekdom says, MSRT is supposed to display any positive (found) results upon restart. A user would also expect to see some form of error indication if there were a failure. The frustration rises when there is no display at all and you are left to wonder if that indicates a clean system or a failure to run at all.

You could do a redundant check with detailed results displayed with Microsoft’s usual level of not quite clear information. PKCano mentioned you can run the executable mrt.exe to launch a new scan anytime. “mrt” is the filename for Windows Malicious Software Removal Tool. There are many ways to do this. One is to use keystrokes [Win key]+[R] to get the Run dialog box; type “mrt” into the prompt box; and press [Enter]. The process should be clear from this point, additional directions can be given if needed. When completed you have an option to view the results within this Graphic Interface. As noted by many others, nearly everyone with any kind of current AV protection have no threats found.

There is a place to read directly the results of the process already run before the update restart. PKCano assured that when you install the currently offered KB890830 the scan runs during the installation process. It also adds a new log entry to the bottom of an ongoing log file. By default, file attributions “.log” will open for view in Notepad. “mrt.log” can be found by search, or located in the directory tree C:\Windows\debug\mrt.log.

When opened in Notepad, [CTRL]+[END] will take you to the bottom where the most recent log entry will give you specifics on what ran, when, and how it was initiated. You will likely see:

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On #timestamp#

Return code: 0 (0x0)

If you are asked to save changes on exit from Notepad, just select ‘Don’t save’.

3 users thanked author for this post.

SueW, Elly, geekdom

Reply | Quote

[geekdom]

Some don’t like this monthly “update” at all and avoid it due to telemetry. The reasoning is thus: If you have an effective anti-virus in place, this update might be avoided, if you so choose.

I am not advising either way; I install it with all other patches.

Beta Work {Got backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0 WindowsDefender TRV=2004 WuMgr

Reply | Quote

[anonymous]

For those Windows 7 users upgrading Security Only Updates “B” style  you will need KB4471981 for Net Framework Security Only Updates.

This will give you KB4470500, KB4470600 and KB4470493.

1 user thanked author for this post.

Sandman

Reply | Quote

[fugitiv3]

Installed the below on my servers with no issues so far:

KB4471318 – windows server 2008 r2 sp1

KB4471321 – windows server 2016

KB4471320 – windows server 2012 r2

Also a question if anyone can give info on this.Why on every month MS offers 2 Cumulatives updates on Windows Server 2016 ?

Thank you

Reply | Quote

[anonymous]

The Security Monthly installs all updates, including any missing from previous months.  The Security Only installs only this months updates.  I tend to follow MS’s recommendation and install the Monthly option so that I know I am completely patched.

Reply | Quote

[anonymous]

Hello, Woody !

It seems that both security only and quality patches KB4470640, KB4470500 for .Net Framework 4.7.2 on Windows 7 SP1 64 bits failed to install.

No problems with .Net Framework patches this month on 32 bits systems. (I have 2 machines).

Regarding the error showed up – “Windows encountered an unknown error” – Error Code: 66A

I’ve tried to install them both via Windows Update and manually.
I’ll be interessed to see if is my pc only issue or is MS.
Could anyone confirm the same issue ?

Thank you,
NR

2 users thanked author for this post.

woody, Microfix

Reply | Quote

[anonymous]

Thanks, geekdom, but the compiler was installed long time ago, soon as he appeared with the first version of 4.7.2. I have the second version now. Btw, the update for 3.5.1 was installed seamlessly this month (she’s in the same package with the 4.7.2). Something is wrong somewhere…

NR

Reply | Quote

[geekdom]

Are you able to do a repair of .Net Framework 4.7.2?

Beta Work {Got backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0 WindowsDefender TRV=2004 WuMgr

Reply | Quote

[anonymous]

I’ve never have problems with .Net Framework; if you give me a clue about a repair, i”ll digg on it.  Thanks in advance, geekdom.

Reply | Quote

[Mr. Natural]

My WSUS system is showing something new. Office 2019 Perpetual Enterprise Client Update Version Perpetual for x86 and x64 systems. Yeah I know it’s redundant but that’s what it’s called. Since this is an Office 365 update I don’t have any control over the update in WSUS. And it has already been pushed and installed on some but not all of our E3 licensed users.

So I’m trying to figure out why this got installed on some but not all of our E3 users. I have an E3 license and WSUS shows my computer and a number of others as “not applicable”.

Anyone able to enlighten me? Thanks.

Red Ruffnsore

Reply | Quote

[PKCano]

In Office 2019, can you install the Perpetual without the 365 association?  You can on some of the earlier versions of Office. If that be the case, the Perpetual-only install would not receive updates through 365 maybe.

1 user thanked author for this post.

Mr. Natural

Reply | Quote

[Mr. Natural]

This term “Perpetual” is new to me and don’t really know what this is. I did a search and saw references from Microsoft that Office 2019 is available as of October.

All of our E3 users are on Office 365 2016. Some 32 bit and some 64 bit. These would be the CTR version so I have no control over these updates in WSUS. They can only be controlled if you use SCCM which we don’t use.

Trying to figure out why some E3 users got the update but a majority of our E3 users are showing “not applicable”.

Forgot to mention we are set for semi annual channel for office 365 updates.

Red Ruffnsore

Reply | Quote

[PKCano]

Perpetual is installed on the computer, not using the 365 online connection. Like the old standalone version.

Don’t know if this applies to 2019 because MS changed things. But I have Office 2010 Pro Plus. I installed it on my PC but do not use the 365 online part, do not have to login to Office online to use it. It is like the msu version. I get updates through Windows Update – no CTR.
But I believe I could use the online function if I wanted to. It would be a matter of setting it up. (I think) But I don’t want any more connection with MS than I have to have.

Reply | Quote

[Mr. Natural]

This may be related to the fact that we do have a small number of systems that had Office 2013 professional plus oem pre-installed on some Dell systems we had purchased a few years back. That would be the CTR version. Once I determined I did not have control over CTR we stopped getting Office pre-installed and started purchasing licensing separately. We later upgraded some people to Office 365 and perhaps there are some left over registry entries referring to CTR still.

Thanks PKCano

Red Ruffnsore

Reply | Quote

[PKCano]

Office 365 and Office CTR use online. Office Perpetual is installed on the computer only, does not use online.

Reply | Quote

[Mr. Natural]

I see said the blind man.  🙂

Red Ruffnsore

1 user thanked author for this post.

KevinG3

Reply | Quote

[Mr. Natural]

Alrighty then…the fog is clearing.

Microsoft states below that “Perpetual” licensing is the new term used instead of “Open License” or the versions people purchase which are not the subscription model. And they have now changed the Office update procedure from an msi installer to now use CTR. Great…..NOT!

https://support.microsoft.com/en-us/help/4086177/office-2019-perpetual-volume-license-products-available-click-to-run

Red Ruffnsore

Reply | Quote

[mn–]

That looks pretty much like Microsoft has decided that government institutions and others with heavy firewalls or air-gapped networks won’t be getting updates for Office 2019? Hm, that’ll do funny things to their market share in a few years…

Reply | Quote

[Lars220]

Just a “Heads Up” – Chris Hoffman at How-to Geek has a current article concerning the multiple update Tuesdays that is informative and interesting:

https://www.howtogeek.com/398226/now-windows-10-has-c-b-and-d-updates.-what-is-microsoft-smoking/

indeed, did Washington state legalize cannibis also?

Reply | Quote

[Geo]

Group A  Win7x64   Home Premium, AMD, basic user.  No problems, no slow down.  KB4471987 for Net. Frame work,  KB890830 for MSRT,  KB4471318 for Security monthly quality roll up.

1 user thanked author for this post.

Chessie

Reply | Quote

[anonymous]

About the error installing security only and quality patches KB4470640, KB4470500 for .Net Framework 4.7.2 on Windows 7 SP1 64 bits, geekdom suggestion works. I’ve performed a repair of .Net Framework 4.7.2  via add/remove programs, clicked change, repair. Finally, the above updates are installed with no errors. I have problems with the alignment of partitions on the hdd which is an advanced format drive, and the tool i used for alignment may cause the error, combined with the ahci controller, not specially designed for the mobo, but compatible and newer. Thank you, geekdom.

 

1 user thanked author for this post.

geekdom

Reply | Quote

[mbhelwig]

A post on Newsgroup —  “alt.windows7.general” this morning —

Help! Something made all folders/files read only.
This all happened after installing the MS monthly rollout this morning. — KB4471318 on win 7
Everything on my computer, both C: and D: have been made read only.  And I can’t seem to fix it. I’ve tried to change permissions and it just goes through and seems to change, however, the next time you access any folder or file, it goes back to read only.  Any ideas on how to get back to normalcy?

OP was referred to — “AskWoody says “December 2018 Patch Tuesday is under way” and “MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.”

OP — After I did a System Restore to eliminate this morning’s update and now, all seems to be fine.  Very weird.

I do not know if others are seeing this but i thought it should be reported here for the benefit of all.

KB4471318 still has the networking problem unresolved.

mbhelwig

3 users thanked author for this post.

Chessie, geekdom, woody

Reply | Quote

[mn–]

Saw another permissions problem, this time Windows 10 1803 (17134.471 = KB 4471324, this week’s) where there’s no read permission on attached USB sticks, even FAT-formatted.

Two isn’t a pattern yet but…

Reply | Quote

[geekdom]

Does this Windows 10 problem occur after updates?

Beta Work {Got backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0 WindowsDefender TRV=2004 WuMgr

Reply | Quote

[mn–]

So far we have only seen one example of this, but yes, it was only seen after installing the very latest updates… which we haven’t yet let through for those in the central management, so…

Reply | Quote

[geekdom]

If anyone else has seen this Windows 7 read-only error after update, please weigh in.

It’s difficult to tell if this problem is update related or computer system related.

Beta Work {Got backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0 WindowsDefender TRV=2004 WuMgr

Reply | Quote

[anonymous]

After making system partition backups for both W7 and W8.1 (dual-booted) on a 32 bit and 64 bit PC, I installed the Security Only and IE updates (and W8.1 Flash updates) from the Catalog (Group B-style) and the .NET updates via Windows Update.

The only problem was with W8.1 32 bit. After installing all updates the PC was very slow. Windows Firewall Notifier appeared out of control with multiple processes giving multiple notifications and Windows error messages, and eventually it crashed. After a short time there was a BSOD. After re-start, similar symptoms re-appeared.

I restored the system image and repeated the update installations, but this time all completed successfully without any obvious side-effect. The only difference between the 2 update runs was that there were longer time gaps between each stage in the successful 2nd run (I was doing something else at the time, only returning to the PC when convenient). The 2nd W8.1 32 bit .NET update did not need a restart, whereas the other 3 .NET updates did need a restart. (Maybe there was some conflict between the updating and background W8.1 activity during the 1st run, but this background activity did not occur duing the 2nd run?)

So my message in this post is always make a back-up before a windows update, even a W8.1 update! W8.1 is not always as reliable as contributors to this site often suggest 🙂

HTH. Garbo.

 

1 user thanked author for this post.

geekdom

Reply | Quote

[CraigS26]

W/ a.m. Macrium Image … All (6) W7-64 WU’s with just one Re-Start went without issue – I’m skipping MSRT as I’ve never had a pop-up – and WU is the only time Heartbeat & Maps Report back.

KB4471318 DEC Sec Qual Rollup;  KB4471987 NetFrmwk 4.72;  KB4461570 Ofce ’10; KB4461576 Outlook ’10 (non-functional);  KB4461521 PwrPoint ’10;  KB4461577 Excel ’10

W10 Pro 20H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desktop-Ethernet/ 12 GB / 256G SSD + 1 TB HDD / i5-8400 Coffee Lake/ GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

1 user thanked author for this post.

geekdom

Reply | Quote

[anonymous]

KB 4471987.
Security and Quality Rollup updates for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1.
__________
Question. Is there any requirement for Microsoft Visual C++ to be installed ?

Cheers !

Reply | Quote

[mn–]

On the .NET updates – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540 doesn’t actually seem to say the update fixes it… and neither do I see that for CVE-2018-8517.

That said, there is reported to be a remote code injection vulnerability somewhere in there, and those are nasty.

The “any requirement for Microsoft Visual C++ to be installed” part clearly depends on whether applications will need to be recompiled for full protection against this vulnerability, and on that I’ve seen no statement so far. Might depend on the application… and isn’t that fun to manage too…

Reply | Quote

[b]

mn– wrote:

On the .NET updates – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540 doesn’t actually seem to say the update fixes it… and neither do I see that for CVE-2018-8517.

The security update addresses the vulnerability by correcting how the Microsoft .NET Framework validates input.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540

The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8517

Reply | Quote

[PKCano]

I saw one Win7 Home Premium computer yesterday that had problems from what looked like Windows Update and Norton 360 program update running simultaneously. The laptop slowed to a crawl afterwards and the network connection was affected.

I ended up uninstalling the KB4471318 Rollup, Using NRnR (Norton Removal Tool) to uninstall/reinstall Norton 360, then reinstalling KB4471318. This solved the computer’s problems, except for one small part. The network connection was restored, but there remained a yellow caution triangle over the connection icon in the system tray. I had seen this before on a couple of my computers. It was corrected by one of the older (before Rollups) Windows updates, but I can’t remember the KB number.

Laptop was a Dell 17R 5737 dual-core i7 with a Realtek PCIe FE family NIC, RTL 8167 chip.

3 users thanked author for this post.

KevinG3, DrBonzo, satrow

Reply | Quote

[anonymous]

Win 10 1709 64 bit.  Applied December delta update, then Office updates.  Stable for 2 days.

Reply | Quote

[anonymous]

HP laptop reporting in…

Win 10 v1803 metered connection and not a seeker.

KB4471324 was pushed to me today and installed – appears OK.

Windows reports “up to date” but:

1.  There is no sign of the SSU update.

2.  MSRT has not installed since August 2018.

3.  Defender has not installed any new definitions since 21 Nov 18.

Strange…

Reply | Quote

[Microfix]

I found that by having the Defender Shield on the taskbar, and right clicking it, you can invoke a manual check for an update.(without triggering the the full blown WU)
Alternatively, you can manually download the definition file from
https://www.microsoft.com/en-us/wdsi/definitions
Have you blocked MSRT with the regkey and perhaps forgot?
or used a third party utility to block it?
1803 SSU can be manually downloaded and installed from:
kb4477137

No problem can be solved from the same level of consciousness that created IT- AE

Reply | Quote

[AJNorth]

To automatically update Windows Defender without engaging Windows Update, one might create an updating task in the Task Scheduler (remember to right-click on TS and select Run as Administrator).  Please see:

SOLVED: How to Make Windows Defender to Update Automatically

and

https://www.thewindowsclub.com/update-windows-defender-automatic-windows-updates-disabled .

 

(The same also applies to MSE in Win 7:

https://www.groovypost.com/howto/howto/solve-infrequent-mse-update-problem/ .)

Reply | Quote

[anonymous]

Thanks for the suggestion, AJNorth, but I am unwilling to go fiddling with things like Task Scheduler.  I spend enough time messing with IT.

Reply | Quote

[anonymous]

Third go.

Thanks for your help, Microfix.  I tried to cut and paste a detailed description of my actions but this webpage does not like cut and paste.

Win10 x64 Home.  Update claims it is up to date.

Defender shows last update was 21 Nov 18.  Last run yesterday – nothing found.

Followed your list – updated Defender to today.  This does not appear to have triggered a wider Windows Update.

Downloaded and ran KB4477137 but that reported it was already installed.  Who knew?

I have not fiddled with any registry keys so I am puzzled as to why MSRT has not installed and run since August.

DISM//scanhealth and sfc are both good.

Thanks.

Reply | Quote

[StoopidMonkey]

Do you think the December patches are stable enough to begin testing? I was planning on rolling out the November group as the new baseline as we can only patch critical systems every few months, but this lineup looks pretty solid so far.

Reply | Quote

[PKCano]

I have patched Win7/8.1, Win10 1709, 1803 and 1809 with December patches in test systems without any serious problems. Understand these are “test” systems and not under constant use. I would be sure you have the latest drivers, especially on Win10 systems. I would encourage image backups before hand even on test PCs.

Seems to be a fairly quiet month.
If you are thinking about upgrading to 1809, I’d still hold off for a while unless it is a test system.

Reply | Quote

[Jim]

On the 18th my Windows 1803 ver 1743.441 put a message on my Windows
Defender page saying I need to take action:  “A fresh reinstall with the
most up–to-date version of Windows”  Yeah, right.  Just another way to
trick users (not admins) into installing 1810.  Needless to say, I’m
staying with your Defcon 2

Reply | Quote

[anonymous]

GUINEA PIG / BETA TESTER REPORT, 12/2018:
…..
Win7 SP1 PC, x64 Intel, Haswell: Other details of PC, incl. not much M$ software, Use Firefox Release and Firef. Devel. Eds./Seamonkey/ Vivaldi; SOHO machine, see post 194577 on this board.
…..
In order, installed following Group B patches:
1. 12-2018 Secur only KB4471328
2. 12-2018 “original” IE11 patch KB4470199
3. 12-2018 Dot Net 4.7.1 patch KB4470500
4. 12-2018 “new/ show-stopper” IE11 patch KB4483187
…..
NOTE: Rebooted after each of above. NOTE ALSO: A benefit of reboots is that you have ability, as I did, to make manual Sys Recovery points, prior to each KB install; easier to roll back to one or more states, if a problem.
…..
RESULT: No black/BSODs; no spontaneous reboots; full Internet incl. email + Drudge Report + AskWoody.
…..
AVAST FREE ANTIVIRUS: I’ve run it for 2+ years; generally works OK but takes huge resources (I have 4GB RAM.) . I have it locked down as tightly as I can; Self-defense mode; “Hardened”. User interface opens fine; small manual sample scans went OK; no problems seen on any of the reboots.
…..
OBSERVATION: After steps 1–3 above, my IE 11 consistently showed the “old” version no., 447.199. Also, my jscript.dll, in both SYS32 and SYS-WOW, Vers. no. was …19203, NOT the “new” …19230. After install of patch 4 above, now IE 11 vers. no. …19230 plus update version no. 4483187; also, jscript.dll Vers. now …19230.
…..
RESULT: Hope all have a very MERRY CHRISTMAS; happy holidays; and a successful, prosperous new year! Woody et al.: Good luck on the site relaunch! Thanks to Woody, PKCano, Susan Bradley, GoneToPlaid, Noel Carboni, Kirsty, Mr. Jim Phelps, Ascaris, Microfix, OscarCP and many others that I’m probably overlooking! You all are a fine bunch of humans!

–dpacific (not a regist. member; am anon)

Reply | Quote

[Author]

Posts