• “Fourth Tuesday” patches finally arrive

    Home » Forums » Newsletter and Homepage topics » “Fourth Tuesday” patches finally arrive

    Author
    Topic
    #214243

    Microsoft just released the “D Week” patches that we’ve been expecting since Tuesday. The short list: Win10 1803 KB 4346783 Win10 1709 KB 4343893 Win1
    [See the full post at: “Fourth Tuesday” patches finally arrive]

    6 users thanked author for this post.
    Viewing 24 reply threads
    Author
    Replies
    • #214252

      What about this?:

      2018-08 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4346080)
      Download size: 63.8 MB
      Update type: Optional

    • #214250

      Is there still a network card bug or do they need to revise their “advices” for that patch?

      • #214319

        If you’re talking about the

        missing file (oem<number>.inf)

        bug, it’s still there. But it only affects some (as yet undefined) VMWare installations.

        • #214365

          Okay that is better news for most of us people; Also I’m wondering how many months time it will take to disclose the affected VMware installations. Maybe they hope VMware will fix the issue for them?

        • #214429

          FWIW I’ve been running patches against my virtual desktops (hosted on ESXI 6.5) since April without issues.  I’ve only run those patches against a couple servers so far, but I haven’t seen problems yet either.

          From memory, I believe the problem was the March 2018 patch that tried to patch an issue in one of the patches that was released to fix the Rollup patch… If you did not install March patches then I think you bypassed most of the issues.  If you DID install the Match fix of a fix of a patch, then the issue may still be reoccurring as I know in discussions on April/May patches I saw people stating the problem they had in March was now reoccurring for them.

          • #214455

            Good, being casual user of the VMware virtual machine product it is nice to know a patch can be finally be applied to Windows 7.

    • #214255

      Great, something to play with at last 😀

      • #214258

        Do have fun. I am so tired of playing with all Windows Update patches. There was a magical time, over three years ago, when I rarely had to worry about installing any Windows Update patches. This magical time was prior to Sinofsky and Nadella. It is what it was. What mostly amazes me is the virtually zero course correction by Microsoft. I say “mostly” amazes me. Why? Because Microsoft has a long history of deep entrenchment in terms of their goals, versus the real world in terms of achieving those goals. In other words, and historically, the eventual Microsoft “wake up call” which Microsoft eventually pays attention to, arrives anywhere from three to four years too late. This is exactly like Chrysler, and that was repeated twice, with government bailouts, in Chrysler’s history of deep and stupidly asinine entrenchment of top level management who could not see the light of day.

        Yet there is a difference. With Chrysler, it was all of the top management. With Microsoft, just one or two delusional top heads dictate everything, with potentially extraordinary impacts on the company. The upshot is that there are no checks and balances within Microsoft. The flawed corporate culture perseveres within Microsoft to this day.

        9 users thanked author for this post.
        • #214260

          EDIT keep on topic please, and respect lounge rules

          Back to the main issue discussed here: I’m so glad people are now relieved. I really don’t have anything to do with Previews, as I am told they are for developers and such that can use them to adapt their codes to what will be coming in with the following month’s patches. Anyone here knows otherwise?

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

          • #214271

            Well, if you’re Win 7 there is some useful info in the preview.

            The MS support page for the August Rollup (KB4343900) has the usual NIC issue, but also a Single Sign On (SSO) issue. But the support page has just been modified to say that the preview FIXES the SSO issue.

            If you’re Group A, you’d probably want to wait until the September patches are out.

            But if you’re Group B, then you should note that the MS support page for the IE 11 August patch (KB4343205) mentions the SSO issue and says that a NEW patch, KB 4459022, FIXES that issue.

            I’m Group B and I’m still going to wait a while before patching, but it’s nice to know that the SSO issue has presumably been fixed.

            EDIT: The MS support page for the new IE11 patch, KB4459022 is referred to as a ‘Cumulative’ patch, and yet says ‘This update doesn’t replace a previously released update.’ I’m not sure what to make of that statement.

            8 users thanked author for this post.
            • #214301

              EDIT: The MS support page for the new IE11 patch, KB4459022 is referred to as a ‘Cumulative’ patch, and yet says ‘This update doesn’t replace a previously released update.’ I’m not sure what to make of that statement.

              It’s cumulative, as it replace all IE11 payload from August 14
              also, if you check “About Internet Explorer” menu option you see new version 11.0.76 (KB4459022), instead 11.0.75 (KB4343205)

              but it’s only available within the Preview Rollup, not separately

              4 users thanked author for this post.
            • #214304

              Thanks for pointing out that the new IE 11 patch is only available within the Preview Rollup. I missed that but it seems pretty sneaky for MS to do that,

              I wonder if MS will make the new IE 11 patch available by itself and not as part of a preview Rollup or Rollup. If they don’t, that pretty much wrecks the Group B patching strategy.

              2 users thanked author for this post.
          • #214376

            It’s generally recommended that you don’t install preview updates unless using a test environment.

            Think about it for a moment: We routinely see a final, tested (I know!) update and accept that we should hold fire on it until the dust has settled some 3 or 4 weeks later and Woody proclaims “Go for it!”. A preview update hasn’t been finalised or fully tested and is simply an early draft of the following month’s update some 5 or 6 weeks before it’s going to be recommended here. You’d have to have a really specific reason to risk it now, for example if it was supposed to address a critical bug that you were suffering from but even then the better bet for most users would often be to uninstall the earlier update that was causing the bug until the new update incorporating the fix had been finalised and fully tested, and cleared for overall effectiveness.

    • #214267

      “There is an issue with Windows and third-party software related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.”

      Now it’s not even “may”! Now it’s “Will stop working”!! And still no ID on the 3rd-party vendor.

      Can’t wait to see next month’s Patch Tuesday….I don’t know whether to laugh hysterically or weep.

      They

      just

      won’t

      fix

      the

      patch.

      Aaaaaargh.

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
      --
      "The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

      • #214278

        NibbledToDeathByDucks  #214267 It looks like the issue starts with the OEM and the third party software makers not being on the same page. But if the choice is between users not being able to run some third party software (whatever this might be, those who need to use it will find soon enough) and them not being able to do anything at all in a network (which I assume, is the real problem here — forgive my arrant ignorance on interface etc. controllers), then it is passing strange that the latter is what MS has chosen as the way to go.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #214273

      Looking at the long list of “fixed” items for these Windows 10 patches

      EDIT please note the Lounge Rules

    • #214283

      Intriguing they showed up on Win7 x64 about 1900h MST dated for the 31st Aug along with another 17MB Defender Signature update, there’s been some biggies just lately, I wasn’t aware of any major Malware/Exploits outbreaks. Is this a new phenom. “Patch Thursday?” already got pretty much every Tuesday set on reminders in Outlook.

    • #214302

      Windows 10 Updates did not hit WSUS

      although, 4346783 (1803) and 4343889 (1703) was delivered as Dynamic Updates (i.e. feature upgrade companions)

      1 user thanked author for this post.
      • #214310

        Most of the time they don’t, because they are more or less Preview updates – named Updates in Catalog, unlike the main Patch Tuesday updates which are Security Updates or Critical Updates.
        The Preview Updates are less targeted to mainstream Enterprise and those pros who are interested in testing, have enough knowledge to figure out where to find them. 😉

        3 users thanked author for this post.
        • #214315

          That was not the case in 2015/2016 and most of 2017 😀
          there were published to WSUS most of the time

          1 user thanked author for this post.
          • #214318

            There is also the other aspect, that all Windows 10 updates including the out-of-band preview are supposed to be mandatory and as such are not pushed unless strictly required.
            This obviously does not apply to WSUS, but in general there is a 1 to 1 correspondence between Windows/Microsoft Update and WSUS, although there are exceptions like the time zone updates.

          • #214320

            That was not the case in 2015/2016 and most of 2017 😀 there were published to WSUS most of the time

            Yep, it’s changing. What bothers me isn’t the change, so much. It’s the fact that things are changing without any explanation or rationale.

            What we’re seeing is the Win10 Fourth Tuesday cumulative updates aren’t really cumulative updates as much as they’re combined bug fixes and non-security previews. The blurring of the intent of the patches can be awfully confusing.

            For two months in a row now, we have Win7 Monthly Rollup Previews that contain important bug fixes for bugs introduced by patches earlier in the month. To my mind, anyway, a “Preview” should be a Preview. Not a fix for bugs introduced earlier in the month.

            6 users thanked author for this post.
            • #214330

              It was my impression that the Previews were to contain the current month’s CU PLUS the non-security portion of the coming month’s CU. This would include non-security changes to the OS. But since the non-security portions of the bug fixes should/will be contained in the coming month’s CU, they would be included in the Previews as well, but not the exclusive purpose of the Previews. Bug fixes can be buggy too.

              It seems to me the security portion of the bug fixes should be handled in a security-only “Preview.” But since the SOs are not supposed to be cumulative, you can’t say it “replaces” the previous SO (even when it does and contains the previous SO plus the bug fixes). That is the confusion we have run into – Do you need the SO and the later patch, or just the later patch only.

              One thing that concerns me is that there will be bug fixes in the non-security patches (thus the Rollups) that do not get fixed in the security-only patches.

              2 users thanked author for this post.
            • #214335

              One thing that concerns me is that there will be bug fixes in the non-security patches (thus the Rollups) that do not get fixed in the security-only patches.

              Ouch! so, out-with our/ end-user control, is this the start of non-cumulative merging with cumulative with a view to having one NO option of patching? Patch or scratch!
              It certainly seems that way..MS altering the deal further?

              Edit: perhaps not see: post-214400

              Win8.1/R2 Hybrid lives on...
              1 user thanked author for this post.
            • #214336

              What we’re seeing is the Win10 Fourth Tuesday cumulative updates aren’t really cumulative updates as much as they’re combined bug fixes and non-security previews. The blurring of the intent of the patches can be awfully confusing.

              All 10 updates released for Windows 10 yesterday are listed and delivered as “Cumulative”.

              I thought the practice and intent of week B and C/D patches for Windows 10 was described very clearly in this month’s IT Pro Blog post and video: Windows 10 update servicing cadence

              Where’s the confusion (for Windows 10, not Windows 7/8 or Office)?

            • #214368

              From the official announcement:

              The “C” and “D” releases occur the third and fourth weeks of the month, respectively. These preview releases contain only non-security updates, and are intended to provide visibility and testing of the planned non-security fixes targeted for the next month’s Update Tuesday release. These updates are then shipped as part of the following month’s “B” or Update Tuesday release.

              The Win10 “D” releases this month include non-security updates and fixes for multiple bugs introduced in the earlier “B” updates (Aug. 2018, Apr. 2018, Mar. 2017 forward). July was so bad we had two cumulative updates — “C” and “D”, sorta — that included bug fixes.

              The current situation is neither simple, predictable, nor agile — and it certainly isn’t transparent.

              1 user thanked author for this post.
            • #214379

              Bug fixes, even if for recently introduced issues, are “non-security fixes targeted for the next month’s Update Tuesday release.” Seems simple and predictable to me.

              Transparency however is a different issue and it’s significant to me that in that recent announcement the “Be transparent” guiding principle is all about information. Yet when applied to monthly quality update releases further down, the four paragraphs under the Be transparent heading say absolutely nothing about information.

              2 users thanked author for this post.
            • #214362

              Scroll down and read the comments:

              “Instead of defending the state Windows is in, you should be acknowledging the problem, and engaging the community transparently on how to fix it. Susan Bradley articulated what your entire user base is experiencing. Brushing that off is a mistake.”

               

    • #214309

      This is what the rest of the World sees or perceives about Microsoft which is quite different than what many of the comments here on the Lounge are about.
      https://www.investopedia.com/news/microsoft-prepping-dividend-surprise-ms/
      Few keywords/key phrases from the article:
      legacy tech giant Microsoft Corp. (MSFT)
      – Microsoft Surpasses Alphabet in Market Value – Alphabet is more or less Google
      – Bulls have cheered Microsoft’s successful restructuring to maintain its leadership position in the next era of tech, doubling down on growth markets such as gaming, cybersecurity, the Internet of Things (IoT) and cloud computing.

      Did anyone notice any mention of desktop OS for consumers?

      2 users thanked author for this post.
      • #214314

        I think that’s the view from an ancient, out-of-control train that’s headed down the tubes.

        4 users thanked author for this post.
      • #214332

        This is what the rest of the World sees or perceives about Microsoft which is quite different than what many of the comments here on the Lounge are about.

        If Microsoft’s strategies and plans are successful (targeting the big-money customers), they WILL make lots of money, certainly for a while anyway. That’s what Investopedia is looking at.

        On the other hand, the people here at the Lounge are looking at how Microsoft’s strategies and plans affect them, and they come away with negative conclusions, because as you pointed out, the desktop OS for consumers (the little-money customers) doesn’t seem to be a priority in Microsoft’s plans.

        Group "L" (Linux Mint)
        with Windows 10 running on a separate hard drive
        8 users thanked author for this post.
    • #214326

      Thanks for creating this forum. Updates are ultimately unavoidable and sometimes break thinks, but these are only updates in name. Microsoft has stated that Windows 10 is transitioning into a service. But the problem is as a service it’s a nightmare. I have experienced earlier, even the previous build install an updater and attempts to force a full upgrade and most of time fail, re-download the same installer files over an over and fail. Once this starts, deferral, disabling wus services, etc. Make no difference.

      So because the concept of a managed service is that the host is in control, better get use to it. Only LTSB gives you full control, but an Enterprise license alone (except academic, nonprofits) can cost as much as the PC.

      Windows 7 support has less than 1 year left, 8.1 a couple more. But Intel Gen 7 won’t update or sometimes even install previous a versions without a few hacks.

      Please don’t kick me off for saying this but except for CAD, CGI or specialized applications or hardware, I may eventually just go full Mac for everyday use.

      If each time an onsite tech had no choice but to sit in front of a Windows 10 PC update in progress (nothing to multitask at the time or site), can a field tech charge by the hour hor staring at a drunken-looking little wheel at the bottom of the screen?

      I can’t do this…

      DlzUn82WsAAChb8

      3 users thanked author for this post.
      • #214333

        Please don’t kick me off for saying this but except for CAD, CGI or specialized applications or hardware, I may eventually just go full Mac for everyday use.

        Welcome to AskWoody. I see that you are new here, this being your first post.

        Dig around on the site; you will find that lots of people are making plans to move away from Windows to other OSs, either immediately or at some point in the future. Linux seems to be the most popular destination; but there are those going to the MAC as well.

        Here you will find help and advice in how to successfully make the move to something other than Windows, as well as strategies for continuing with Windows.

        Group "L" (Linux Mint)
        with Windows 10 running on a separate hard drive
        6 users thanked author for this post.
      • #214358

        Please don’t kick me off for saying this but except for CAD, CGI or specialized applications or hardware, I may eventually just go full Mac for everyday use.

        I don’t think you’re going to find those on Mac, short of video/design side where you still have Adobe CC and Apple’s Final Cut Pro.

        Go Linux, it’s easier now than it’s ever been. Check this out if you need inspiration: https://www.forbes.com/sites/jasonevangelho/2018/07/19/ditching-windows-2-weeks-with-ubuntu-linux-on-the-dell-xps-13/#16a13ddb1836 You can keep your hardware, you don’t need to buy anything. It’s free. Free is good…free is great. No reason to go out and pay 2x or more for the same innards as an HP or Dell in a white box with a piece of rotten fruit on the box when you have perfectly good hardware (I assume) at home. Unless you have a failing motherboard or soemthing, and even in that case, I’d say build a PC and stick Linux on it (over paying the Apple tax).

        Linux is no longer this insurmountable behemoth that requires Terminal knowledge and grade A chops to use. Most of the distributions out there include Software Centers with most of the common apps that people use, and installing them is a 1-click process. Even better, they are updated when the OS updates, due to how Linux packages are maintained.

        My main sticking point is games, since most of them use DirectX, but I have hope now with Valve unveiling their Proton wrapper which is allowing a lot of previously-not-available-in-Linux games to be run in Linux. (More info: https://www.forbes.com/sites/jasonevangelho/2018/08/27/steam-for-linux-adds-1000-perfectly-playable-windows-games-in-under-a-week/#7749de0755ae)

        I’ve already switched every other app I use including productivity design, to FOSS which is also available in Linux land. I ditched Adobe CC for GIMP, Inkscape, and Scribus, and Quicken for HomeBank and I’m completely happy.

        Give it a try man. Download a Live USB of either Ubuntu, Mint, or Budgie – those are arguably the 3 best, easiest to use you’re going to find. Try the Live USB, boot off it – it won’t make any changes to your Windows drive. If you want to take the plunge, image your current system and then install one of those along side (or over top/in place of) Windows.

        1 user thanked author for this post.
        • #214403

          @MrNoodle: As far as CAD, you may be able to pull that off in Linux by having LOTS of RAM (32GB or more) and a Windows virtual machine installed in Linux.

          I don’t know how successful you would be with running, say, AutoCAD in a Windows virtual machine. If you allocate lots of memory to the vm (16GB or more), you would likely have no memory issues. You should be able to regenerate a complex drawing rather quickly if you allocate a lot of memory to the vm.

          The concern I would have is with video – I don’t know how successful you would be in getting high-grade video in a VM. In truth, I haven’t researched it; but I have read a hint here and there that there could be some video issues when trying to run high-grade video in a Windows VM.

          I’ve been reading some comments out on the web about AutoCAD and Linux. At this point, it seems you have two choices if you want to run AutoCAD: Windows or MAC.

          Group "L" (Linux Mint)
          with Windows 10 running on a separate hard drive
      • #214370

        Please don’t kick me off for saying this but except for CAD, CGI or specialized applications or hardware, I may eventually just go full Mac for everyday use.

        I’m leaning toward ChromeOS. The world’s changing quickly.

        1 user thanked author for this post.
      • #214413

        I couldn’t do it either.  However, I saw the writing on the wall when I downloaded an evaluation version of Win 10 and Win 8.1.

        I found I liked the 8.1 better, so, I bought a 8.0 upgrade disk (no migration from 7 straight to 8.1), Windows Update eventually offered 8.1,  and so I kicked the can down the road until 2023.

        It seems that between 7, 8.1 and 10, the least hassles is with 8.  Classic shell restored the start menu, and I couldn’t be happier, at least until 2023.

        1 user thanked author for this post.
      • #214417

        Windows 7 support has less than 1 year left, 8.1 a couple more

        I appear to be running on a different calendar 😉 Windows 7 has 16+ months, and Windows 8.1, 3 more years after that.

        Far too close for comfort, but it’s over a year a little bit longer.

        7 users thanked author for this post.
        • #214521

          Agreed on the timescale, Kirsty, although it can be argued that given the present quality of support the pending end of support may not prove to be as critical as one would have assumed a couple of years ago.

          1 user thanked author for this post.
      • #214431

        Join the club!

    • #214341

      Late to the party. All I’m seeing in WSUS are previews which I just declined all of them. I agree with Woody in that I don’t install previews in the corporate environment.

    • #214348

      Don’t know about you, but I can’t download the key Win10 1803 Intel microcode patch, KB 4100347.

      I can.

      • #214354

        Care to post some helpful information about how to download it?

        Group "L" (Linux Mint)
        with Windows 10 running on a separate hard drive
        2 users thanked author for this post.
        • #214363

          Er, OK: Click link above, click Download, click filename, click Save.

          Woody’s wording today appeared to be asking if it was just him.

          • #214364

            Woody’s ‘wording’ was some 12? hours before your confirmation that the download now works, which was some time after Ms Bradley asked MS about it. https://twitter.com/SBSDiva/status/1034882356115456001

            2 users thanked author for this post.
            • #214366

              Please forgive me for trying to be helpful. I didn’t realize there was a time limit in play.

              1 user thanked author for this post.
            • #214372

              It works!

              1 user thanked author for this post.
            • #214373

              There’s no time limit, nether is it play time.

              Timings have context implications, as does omitting to read/check the context in which a quote was taken; in this instance, there were only two sentences and two links in that partially quoted paragraph.

              Woody might well have been wondering whether MS had rolled out this update based on a specific time zone, as neither he, nor Ms Bradley had been able to access the download during the hours before publication of the article.

              2 users thanked author for this post.
            • #214382

              Timings have context implications, as does omitting to read/check the context in which a quote was taken; in this instance, there were only two sentences and two links in that partially quoted paragraph.

              Why do you incorrectly assume I omitted to read/check the context?

              Woody might well have been wondering whether MS had rolled out this update based on a specific time zone, as neither he, nor Ms Bradley had been able to access the download during the hours before publication of the article.

              So my post may have been helpful? (As it prompted him to try again and find that it now works.)

          • #214387

            Don’t know about you, but I can’t download the key Win10 1803 Intel microcode patch, KB 4100347.

            I can.

            Care to post some helpful information about how to download it?

            Er, OK: Click link above, click Download, click filename, click Save.

            Woody’s wording today appeared to be asking if it was just him.

            The way you answered makes it sound like you don’t think Woody knows how to download a file.

            Group "L" (Linux Mint)
            with Windows 10 running on a separate hard drive
            • #214392

              Sorry. It works. For me. Today. This afternoon. EDT. In the context of the quote. All words read. All links followed. Links can go down as well as up. YMMV.

              (It’s getting a little strange round here when I can apparently upset two MVPs with a two word reply to “Don’t know about you,…)

              Woody, I apologize if you thought I had inferred that I thought you wouldn’t know how to download a file from the Microsoft Catalog by now.

              1 user thanked author for this post.
            • #215308

              No problem. My system gets hiccups, too.

    • #214349

      Releasing D updates before a 3 day holiday weekend. Man, that’s just evil, even for MS… 😀

      2 users thanked author for this post.
    • #214352

      woody

      Microsoft has also released its first preview monthly rollup of .NET Framework for Windows Server 2008 (SP2) – KB4346083.

      it looks like on September patch Tuesday, Microsoft will be issuing security only & security rollups for Windows Server 2008 SP2 instead of just individual patches.

    • #214360

      Win 8.1 x64.   Since system restore works well if I need it, tossed in the 2 previews.  So far, so good.

    • #214377

      Grandpa, please tell me the story again of when Woody’s had DefCon Four.

      Mint is easy to get used to. I’m just too used to Win 7…but this machine dual boots, and the machine on top of it is running Mint..

      Just to old to have MicroSoft think my name is Ben Dover!

    • #214391

      W7 Basic Home users don`t need to install Preview’s.

    • #214400

      The problem is https://support.microsoft.com/en-us/help/4346783 (Windows 1803 D week preview). Looking at the known issues table, Microsoft confirms that the August Patch Tuesday update is buggy (no surprise at all) and lacks important commits shipped with the July D week preview update. The workaround offered is:

      1) Uninstall the August Patch Tuesday update.

      2) Install the July D week preview update.

      3) Re-install the August Patch Tuesday update before installing the August D week preview update.

      End of the story, Patch Tuesday updates are not cumulative at all — and Microsoft continues to patch patches of patches for patches patched (or not).

      1 user thanked author for this post.
    • #214410

      Install this before, NO, after. Uninstall this before installing that and then reinstall that. Microsoft needs to change their name to Whack-A-Mole.

      1 user thanked author for this post.
    • #214441

      Thanks for pointing out that the new IE 11 patch is only available within the Preview Rollup. I missed that but it seems pretty sneaky for MS to do that, I wonder if MS will make the new IE 11 patch available by itself and not as part of a preview Rollup or Rollup. If they don’t, that pretty much wrecks the Group B patching strategy.

      The SSO patch will almost certainly be in Septembers IE11 Cumulative update for Windows 7.  Not sure how you can say it “wreaks” Group B strategy though.  G-Ber’s normally install the monthly Windows 7 Security Only Update and the monthly IE11 Cumulative Update.  As long as you avoid the Windows 7 monthly Security and Quality Rollup or anything that includes “Rollup” in the title (.NetFramework updates excepted) and the sneaky sucker telemetry patches like 2664, etc, you’re following Group B strategy.

      2 users thanked author for this post.
      • #214452

        I said that IF they don’t make the new IE 11 patch available by itself, then Group B patching will be wrecked. And it will be wrecked because I will then have to install the September Rollup if I want the new IE 11 patch (assuming I don’t install the August preview, and I never install previews).

        1 user thanked author for this post.
        • #214790

          Not necessarily. The Monthly IE Rollup (Group B) is cumulative. I suspect the fix will most likely be included in the next Patch Tuesday IE Rollup.

          I say this because the “Group B” catalog patches are mainly for admins, and as such, not really directed to SOHO users. Why antigonize the larger users who htey hope will migrate to Win10. We all know the SOHO users have been cut loose already.

          I may be wrong, but I hope not.

          1 user thanked author for this post.
          • #214793

            I hope you’re right! I also hope they can manage to put out a September IE 11 patch with no issues requiring yet another repatch. I can envision a scenario where MS fixes a previous month’s patch with a current month’s patch that also has an issue that doesn’t get fixed until the following month, and this cycle repeating itself until Win 7 end of support. But then perhaps I’m being too pessimistic.

            • #214808

              Based on the example of the recurring NIC card and oemXXX.inf issue in both the rollups and SOs, I suspect you are being cautious.

    • #214453

      Making the SSO patch available separately is probably a long shot but ya never know. My bet is it will be included in the next months IE11 cumulative (and the security and quality rollup) although than may be way to logical for Satya to grasp.  In 11 more days we will know.

    • #214520

      Thanks for the feedback to my earlier post. Aside Macs, Linux has always been part of the mix, and the desktop-GUI friendly distros will be looking at mode seriously.

      Some of the comments make the connection of Microsoft’s directors’ goals (cloud, services, managed, etc) which makes sense from their goals to remain a relevant, profitable, still-growing company, which I get. Where I find this going south is due to the company culture, which for me explains the fiasco of perpetual, round-the-clock “updating”:

      Friend who previously worked for Microsoft in the U.S., Canada had the same complaint: silos. Virtually every department, team, coworker work in bubbles, whether due to insecurity, interdepartmental politics, they don’t talk to each other. Hence the surprise roll outs, mystery patches (i.e. multiple re-releases of the same KBs), extremely polite and caring support staff who haven’t been notified that solutions exist and available while 1000’s of calls roll in for identical issues (365 India reps must be kept in an underground bunker, and level 2 support have blocked their calls). Same reason why open Technet forum admins are the most clueless posters, while the users offer their possible solutions to common issues. (To be fair Google stays dark on their forums, but eventually the issues are addressed (sometimes 🙂

      With this flawed environment, the sometimes 24/7/365 dysfunctional updating makes more sense.

    • #214509

      Hi @woody,
      In your computerworld article you write “The Win7 Monthly Rollup Preview, KB 4343894, contains a major bug fix for Internet Explorer 11; a bug that Microsoft introduced in the Aug. 14 Monthly Rollup, KB 4343900, and in the Aug. 14 Internet Explorer Security-only update, KB 4343205, but then why are these two still classified as “Ok to install” & “None at this time” in @sb ‘s Master Patch List????

      Thx

    • #214670

      Second try at posting this in the right place…

      I just downloaded KB4346783 and applied it to my Win 10 VM that otherwise doesn’t do updates on its own. This brought the version to 17134.254.

      Win10Updated

      All seems to be well. I’ve finally found a little time to try to tweak it to be a bit more lean. So far I’ve been able to get it the process count to support an empty desktop into the mid 80s. I’m imagining it could be trimmed of at least 5 or 10 more processes that really don’t need to be running.

      Wish I could figure out why so many RuntimeBroker processes (4 at the moment) start and just sit there, and there are a few Apps that should never start, like Microsoft.Photos.exe and SearchUI.exe. If this were my host desktop system and not just a VM for dabbling with I’m sure I’d get more aggressive, as I really do want all my resources for what I choose to do with this system, and not to run sloppy code Microsoft didn’t see fit to avoid starting or at least have time out and exit if it doesn’t have anything to do…

      -Noel

      2 users thanked author for this post.
    • #214914

      Hey Y’all,

      FWIW:

      Just returned from a trip to Africa last week (been gone a month in total) and decided to give the 1803 update a chance on my main computer. Been running it on my backup machine for over a month w/o problems.

      What caused this change of mind was trying to get a clean run on the PowerShell Spectre/Meltdown mitigations. I just couldn’t get it clean with 1709 and Windows refused to download updates for it with the settings I had in place to prevent 1803 from loading.

      So after taking an image backup I set all the Advanced Update settings back to their default values and away I went. The update went smoothly, of course I had to reset all my customizations but my PowerShell program to do that worked just fine. I also had to reinstall the Win 7 MS games, to get classic minesweeper back.

      Currently showing version 1803 (OS Build 17134.228)

      I now get a clean run with the Spectre/Meltdown code:

      PS> G:\BEKDocs\Scripts\Query-SpeculationControlSettings.ps1
      For more information about the output below, please refer to https://support.mic
      rosoft.com/en-in/help/4074629

      Speculation control settings for CVE-2017-5715 [branch target injection]

      Hardware support for branch target injection mitigation is present: True
      Windows OS support for branch target injection mitigation is present: True
      Windows OS support for branch target injection mitigation is enabled: True

      Speculation control settings for CVE-2017-5754 [rogue data cache load]

      Hardware requires kernel VA shadowing: True
      Windows OS support for kernel VA shadow is present: True
      Windows OS support for kernel VA shadow is enabled: True
      Windows OS support for PCID performance optimization is enabled: True [not requi
      red for security]

      Speculation control settings for CVE-2018-3639 [speculative store bypass]

      Hardware is vulnerable to speculative store bypass: True
      Hardware support for speculative store bypass disable is present: True
      Windows OS support for speculative store bypass disable is present: True
      Windows OS support for speculative store bypass disable is enabled system-wide:
      True

      Speculation control settings for CVE-2018-3620 [L1 terminal fault]

      Hardware is vulnerable to L1 terminal fault: True
      Windows OS support for L1 terminal fault mitigation is present: True
      Windows OS support for L1 terminal fault mitigation is enabled: True

      BTIHardwarePresent : True
      BTIWindowsSupportPresent : True
      BTIWindowsSupportEnabled : True
      BTIDisabledBySystemPolicy : False
      BTIDisabledByNoHardwareSupport : False
      KVAShadowRequired : True
      KVAShadowWindowsSupportPresent : True
      KVAShadowWindowsSupportEnabled : True
      KVAShadowPcidEnabled : True
      SSBDWindowsSupportPresent : True
      SSBDHardwareVulnerable : True
      SSBDHardwarePresent : True
      SSBDWindowsSupportEnabledSystemWide : True
      L1TFHardwareVulnerable : True
      L1TFWindowsSupportPresent : True
      L1TFWindowsSupportEnabled : True
      L1TFInvalidPteBit : 45
      L1DFlushSupported : True
      [/code]
      Please note I also updated my Dell XPS8920 to the latest BIOS 1.0.17 to get the latest micro code updates.

      So far the only problem I’ve had is with Synegry 2.12 loosing the cursor. Since this version was put back into Beta I reloaded version 1.10.1 stable and the problem is resolved.

      As always YMMV.

      HTH 😎

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      2 users thanked author for this post.
      • #215472

        Hey Y’all,

        Just an update I went through the process with my other machine Dell XPS8700 successfully.

        Dell XPS 8700

        BIOS Version: A12

        BTIHardwarePresent : True
        BTIWindowsSupportPresent : True
        BTIWindowsSupportEnabled : True
        BTIDisabledBySystemPolicy : False
        BTIDisabledByNoHardwareSupport : False
        KVAShadowRequired : True
        KVAShadowWindowsSupportPresent : True
        KVAShadowWindowsSupportEnabled : True
        KVAShadowPcidEnabled : True
        SSBDWindowsSupportPresent : True
        SSBDHardwareVulnerable : True
        SSBDHardwarePresent : False
        SSBDWindowsSupportEnabledSystemWide : False

        BIOS Version: A13

        BTIHardwarePresent : True
        BTIWindowsSupportPresent : True
        BTIWindowsSupportEnabled : True
        BTIDisabledBySystemPolicy : False
        BTIDisabledByNoHardwareSupport : False
        KVAShadowRequired : True
        KVAShadowWindowsSupportPresent : True
        KVAShadowWindowsSupportEnabled : True
        KVAShadowPcidEnabled : True
        SSBDWindowsSupportPresent : True
        SSBDHardwareVulnerable : True
        SSBDHardwarePresent : True
        SSBDWindowsSupportEnabledSystemWide : False

        After applying Registry Settings:

        reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverride /t REG_DWORD /d 8 /f

        reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

        BTIHardwarePresent : True
        BTIWindowsSupportPresent : True
        BTIWindowsSupportEnabled : True
        BTIDisabledBySystemPolicy : False
        BTIDisabledByNoHardwareSupport : False
        KVAShadowRequired : True
        KVAShadowWindowsSupportPresent : True
        KVAShadowWindowsSupportEnabled : True
        KVAShadowPcidEnabled : True
        SSBDWindowsSupportPresent : True
        SSBDHardwareVulnerable : True
        SSBDHardwarePresent : True
        SSBDWindowsSupportEnabledSystemWide : True

        HTH 😎

        May the Forces of good computing be with you!

        RG

        PowerShell & VBA Rule!
        Computer Specs

    • #215208

      No change in Woody’s Defcon system? We patched weeks ago over our 200+ seat domain both Win10 and 7 with no issues.

    Viewing 24 reply threads
    Reply To: “Fourth Tuesday” patches finally arrive

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: