Friday night patch dump: KB 4088881, a flawed Win7 Monthly Rollup preview and KB 4089187, an IE fix

Topic

New Reply

Microsoft continues its any-day-of-the-month patching policy with a highly anticipated preview of the April Win7 Monthly Rollup and a rushed patch for
[See the full post at: Friday night patch dump: KB 4088881, a flawed Win7 Monthly Rollup preview and KB 4089187, an IE fix]

6 users thanked author for this post.

Pepsiboy, Mr. Natural, MrBrian, geekdom, JDeC, AJNorth

Reply | Quote

Replies

Well, looks like i was right in ceasing to update my WIN7 box  last updated Nov 17 group B

one [problem] after another – updating your machine is now pointless, imo

Reply | Quote

I am Windows 7 (x64) Group B, as well. I updated through December, but have only applied IE patches for January and February. Since I only use IE about 6 times per year, after reading the comments below about the latest IE kerfuffle, I don’t think I’m going to update IE anymore. I haven’t experienced any issues on either 7 or IE 11 so far, and my current thinking is to produce a first-rate system clone and leave well enough alone. I’m sorry to say that I don’t think MS knows what it is doing anymore with updates. When I start seeing suggestions to tweak the BIOS or change registry settings–on my own, and not through a well-thought-out update–in order to accommodate poorly conceived patches that address questionable issues, I lose all trust.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Installing a Windows “Preview” Update is asking for trouble.

-lehnerus2000

Reply | Quote

Does the IE Cumulative security update KB4096040 address additional security vulnerabilities from KB4089187, or is it simply a patch that addresses internet explorer not opening?

The only info I could find: CVE-2018-0889 which reports a remote code execution vulnerability  that is addressed by KB4096040 but for only Windows 7 32-bit platform.

Reply | Quote

I believe that KB4096040 doesn’t fix any additional vulnerabilities relative to KB4089187.

Reply | Quote

For a longer answer, a search for 4096040 on the security portal returns CVE-2018-0942, CVE-2018-0935, CVE-2018-0932, CVE-2018-0929, CVE-2018-0927, CVE-2018-0891 and CVE-2018-0889. All are “Published: 03/13/2018 | Last Updated : 03/23/2018” so note that date published. Also, all are listed as being fixed in 4096040 and 4088875, which is the March bundle, which would include 4089187. 4088881, which includes 4096040, is not listed. Also, searching for each of those CVE numbers has them listed as being fixed in 4089187 for Win 8.1. (Interestingly, CVE-2018-0889 is listed as being fixed in 4096040 in Win 7 32-bit and Win Server 2008 R2 for x64 only, while for Win 7 for x64 the fix is still listed as being in 4089187. Probably a slip.)

So, yep, seems like there are no new fixes in 4096040 and I’d say that if you can start IE with 4089187 or don’t use it and don’t care whether you can start it, you’re fine without installing 4096040.

(On a different note, those fixes for UCRT in KB4088881 seem important. Wonder when the bugs appeared and whether they were introduced by some security-only fixes too, and if so whether they’ll be fixed in the next security only patch as well. Why do I doubt it?)

4 users thanked author for this post.

The Surfing Pensioner, cesmart4125, woody, MrBrian

Reply | Quote

Er, forgot to sign, so since I’m anonymous, adding

— Cavalary

🙂

1 user thanked author for this post.

Elly

Reply | Quote

What a nightmare.  Microsoft continues to turn a blind eye to the confusion and havoc loosed upon the Windows ecosystem by its unending stream of hastily released, buggy patches and upgrades.

I’ve given up trying to keep track of it all — I already have a full-time job!

4 users thanked author for this post.

JDeC, cesmart4125, HiFlyer, Cybertooth

Reply | Quote

I looked for Friday’s update to the KB4089187 update for Windows 7, SP1. Following the usual bread crumbs trail I ended up in what was supposed to be its own page in the MS Catalog, after clicking on the link to it in the 23rd March, KB4089187 MS explanatory page.

But that landed me on one for the IE11 Security Update KB4096040. The date there was 23rd March, so it must be the correct update.

So: the number of the update to the update is quite different from that of the original one that — most curiously — is still the one given in the MS explanatory page.

More about this here: https://borncity.com/win/2018/03/24/internet-explorer-update-kb4096040-march-23-2018/

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

5 users thanked author for this post.

cesmart4125, HiFlyer, woody, MrBrian

Reply | Quote

KB 4088875 disappeared from WU about 1-2 weeks ago and hasn’t returned. Meanwhile i now have KB4088881 in the optional section. My computer has started has been fine through all of this but in the last two days it has done some strange things. I’m going to be looking for some help here tomorrow to try to find out what gives.

Have a good night…..

Win 10 Pro v.20h2

1 user thanked author for this post.

Elly

Reply | Quote

“By the by… for those of you who are manually installing the cumulative updates for Win10 1703 or 1607, there’s now an explicit warning in the associated KB article”

The same warning has also been added to March 13, 2018—KB4088776 (OS Build 16299.309).

I don’t understand why Microsoft didn’t state that the same warning applies to updates installed via Window Update in v1607 and v1703, since these versions supposedly don’t bundle an SSU with a CU.

2 users thanked author for this post.

abbodi86, woody

Reply | Quote

I always have this update rule:
servicing stack update should always be installed/integrated first and alone in a separate session

up until Windows 10 RTM, most cumulative updates metadata were explicitly require certain version of SSU to be installed before they got offered
but they started to neglect that later

1 user thanked author for this post.

MrBrian

Reply | Quote

From Cumulative security update for Internet Explorer: March 23, 2018: “The fixes that are included in this cumulative update for Internet Explorer 4096040 are also included in the March 2018 Preview of Monthly Rollup. Installing the Preview of Monthly Rollup installs the fixes that are in this update.”

4 users thanked author for this post.

cesmart4125, abbodi86, woody

Reply | Quote

? says:

i was bored so i just uninstalled KB4089187 and installed KB4096040 on Win 7 Pro 32 bit machine. IE 11 works either way on this particular box… same box that KB4088878 would not come back from reboot with out DISM help.

Reply | Quote

This might not help anyone today, but just in case: consider that the alien Gouauld have taken control of MicroSuck. It is time to resurrect Richard Dean Anderson and the StarGate 1 team to get to the bottom of this.

If of course they are still available due to wear and tear on their psyches.

 

jimzdoats

Reply | Quote

” I think of it as Mother Microsoft’s way of telling you that you really shouldn’t be using IE. Excuse my snark.” – LOL.

Well Mommie Dearest put the peanut butter and jelly on the outside of the sandwich this time. Possibly as some kind of punishment. I update IE only because it is

I am Group B, with Windows 7, x86. I got a WiFi problem (internet access kept dropping) as soon as I installed KB4096040. I had to remove it. The problem did not go away with the uninstall. Something got changed that was not reset with the uninstall. I had to re-image from last month’s full image backup. The WiFi was back to full working order after that. Microsoft must not have Netgear products onsite for testing updates (me being snarky, not naive).

I did an online search to see if the problem was wide spread, but found nothing. Maybe because the update to the update has not been widely installed as yet or the issue is isolated to Netgear WiFi.

3 users thanked author for this post.

JDeC, HiFlyer, MrBrian

Reply | Quote

Man, that Satya Nadella sure runs a great company, don’t he?

Excuse my snark as well.

Reply | Quote

Microsoft has just updated the support documents (on 26 March) for KB4088875 (March 2018 Security-only Update) and KB4088878 (March 2018 Security Quality Rollup). A “Prerequisites” section has been added. It said :

If the version of PCI.SYS file is less than 6.1.7601.21744, please follow the step-by-step instructions outlined below before applying this update to physical or virtual machine:

(1) Take a backup of the following registry key and subkeys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI

(2) Copy the following VBScript (VBS), paste it in Notepad editor, save the file with “.vbs” extension, and run that “.vbs” File:

I have checked my Windows 7 systems and the version of the PCI.SYS file located in C:\Windows\System32\drivers is 6.1.7601.17514, which I believe is older than 6.1.7601.21744.

I take this to mean that if the things in the Prerequisites section are not done then I should not install either KB4088875 or KB4088878 on my Windows 7 systems. Microsoft has not said what will happen if I install the March updates without doing those things, however.

Do you guys think my interpretation is correct?

Hope for the best. Prepare for the worst.

Reply | Quote

I believe that your interpretation is correct. However, an older version of the article linked to the same script at https://support.microsoft.com/en-us/help/3125574/convenience-rollup-update-for-windows-7-sp1-and-windows-server-2008-r2, which states that the fix can also be applied after installation.

This is also being discussed at https://www.askwoody.com/forums/topic/march-2018-patch-tuesday/#post-178170.

1 user thanked author for this post.

woody

Reply | Quote

I keep wondering if Microsoft could possibly make this more complex….

Reply | Quote

That is insanity. We’re now fast approaching april with still no resolution to any of the issues in the updates (not in the preview either), a lot of us aren’t even being offered the rollup. While others are seeing the update but it’s unticked so won’t be installed automatically. What on earth is microsoft playing at? That’s a rhetorical question because i’m not convinced even they know.

1 user thanked author for this post.

OscarCP

Reply | Quote

Wow, what a mess. Shouldn’t MS provide the updated PCI.sys instead? (I also have that older version.) Not quite sure what that script does but it seems risky. And without running it, would this mean that people are blocked from installing further updates? It’s all a mess.

1 user thanked author for this post.

Cybertooth

Reply | Quote

For the first time in March 2018, Microsoft is including pci.sys in a Windows 7 monthly rollup. The version included is 6.1.7601.24056. Evidence: file lists provided in relevant KB articles at https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history.

It seems that Microsoft’s blacklisting of KB4088875 isn’t based upon the version of pci.sys present. I had an older version of pci.sys on my computer, but yet I was offered KB4088875 in Windows Update.

Reply | Quote

@MrBrian: when did you get the KB4088875 offered in WU? Last Sunday? Would this imply MS is re-issuing?

 

~Annemarie

Reply | Quote

On March 25, but on that computer KB4088875 has been offered ever since it was released. It hasn’t been reissued by Microsoft, as noted by this post.

Reply | Quote

Was referring more to those of us on Group B, thinking that there should be a rereleased security-only update that does the work on its own, or at least a separate one that does it, to install at the same time.

— Cavalary

Reply | Quote

Who’s on First ???    🙂

1 user thanked author for this post.

HiFlyer

Reply | Quote

In my 21+ years as a systems admin I don’t ever recall becoming confused about the status of which operating system updates I need installed to insure future updates install properly. In some instances we’re told to be sure the January delta update is installed despite the issues presented with that update. And in other instances Microsoft says to remove that and install the March delta update. And apparently going forward we are all to install the April delta update whenever that comes out and everything will be peachy keen after that. Isn’t it time that Microsoft be held accountable for this update nonsense?

Red Ruffnsore

1 user thanked author for this post.

Cybertooth

Reply | Quote

Well, the Windows 2000 days are over and things have changed. We let Windows Update pull the updates for our Windows Server 2012 R2 fleet and all is good. Sure, we hide a few well-known nonsense updates, but that’s it. Same for Windows Server 2016 and Windows 10 clients, except that hiding updates takes a different approach.

Reply | Quote

I’m becoming concerned about not receiving some of the patches the rest of you are receiving for Win 7.  In particular, kb 408875, kb 4088878, and kb 4089187 have not appeared this month.

Every month, I’ve downloaded all security patches and any patches labelled as important.  However, I wait until shortly before the following month’s patches come out or Woody gives the all clear.  I do not download previews.

Thanks in advance for your advice or information.

Win 7 Pro SP1, Office Pro SP2, Intel core 2 duo 1.80 GHz, 4 GB RAM

 

 

Reply | Quote

How would I delete the second frog?  Before I submitted my response, the indications were that I had only one attachment.

Also, I should mention that I’m considering an Apple laptop for my next computer.  MS has made updating ridiculous –I’ve got to make a living, not spend all my time updating my computer.

2 users thanked author for this post.

OscarCP, Cybertooth

Reply | Quote

I’ve had an iMAC for 6 months. Great machine. One update roughly once every 6 weeks or so and it installs without any drama. A bit different than Windows but still pretty easy to get used to. AND, it will save your sanity!

You won’t see KB 4088878 or KB4089187 offered in Windows Update because they are basically security only for Win 7 and IE 11, respectively. I was offered KB 4088875 (March Rollup which contains the 2 above security patches plus probably some feature updates) for about a couple days and then it disappeared from Windows Update presumably because of problems with it. I wouldn’t worry about not seeing it in Windows Update yet because there’s no way you want to install now anyway. Give it a week or 2 more.

1 user thanked author for this post.

JDeC

Reply | Quote

Further to DrBonzo’s reply:

Because these updates are not offered by Windows Update, to get either the Windows 7 security only update or the IE11 update, one can follow these steps:

(1) Copy the KB number to the search field of a search engine (Google, etc.) and hit return.

(2) At or near the top of the list of search hits, you’ll see a link to Microsoft https://support.microsoft.com/en-us/help/KBnumber

(3) In that page there is an explanation of what the update is for and also, further down, a link to a page in the MS updates Catalogue.

(4) Clicking on that links puts one in the Catalogue page from where one can download the update for the several versions of, in this case, Windows 7, including yours.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

cesmart4125

Reply | Quote

Hello cesmart4125,

You only had one attachment, but it was apparently placed twice within the message. I went ahead and fixed it.

I had KB408875 show up in Windows Update. I hid it. There were some problems reported with it… and people were reporting theirs had disappeared. I unhid it, and it vanished, and hasn’t shown up since. Some people have it show up unchecked. Group A needs to wait for Woody to give the all clear…

You can find the Security Only updates, KB 4088878 or KB4089187, at the Knowledge Base Article 2000003, courtesy of PKCano. However, wait for the Defcon Level to change, unless you are volunteering to test for the rest of us!

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

cesmart4125

Reply | Quote

Win 7 SP1 Pro 64 bit X86 Group “B”, WU set no “notify but don’t download”

This “patch rot” is slowly driving me mad. The following list showed up this AM, all “Important”:

KB4088875 (the Win 7 IP address killer)

KB4091290 (never got the KB4075211 in the first place, why do I need this?

KB2952664 (Telemetry snoop ware)

KB4088881 (I never install previews-the real stuff is scary enough)

For the love of Mike, won’t MS just pull KB4088875, fix it, reissue it, and THEN we’ll have somewhere to go from there?

I’ll just wait for Woody to give the all clear…I actually have parts of a life that don’t revolve around Redmond.

Unbelievable.  And to think some of our nation’s defense systems have to deal with this Malarkey…

BTW, thanks to Woody, The Patch Lady and Mr. Brian for keeping us all abreast of this nonsense and steering us in the right direction!

P.S. If anyone can suggest a easy way of sifting through the WU “History” to find a particular item quickly, I’d appreciate it.

 

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

So who all ran the recommended script that is a prerequisite in both the security only and monthly rollup ?

And if you did not, what are the consequences?

Reply | Quote

I ran the script on Sunday, just before installing KB4088875 on two computers. The script didn’t change anything on either of my computers, but your results may differ.

I haven’t researched this issue, but I would guess that failure to run the script beforehand might result in system changes that aren’t undone when uninstalling KB4088875.

Reply | Quote

BTW: in the update catalogue (https://www.catalog.update.microsoft.com/Search.aspx?q=4088875) the updates still have the timestamp March 14th. So it looks as absolutely nothing has been done to these patches yet (yet= March 27th, 13.51 CET)

Reply | Quote

KB4088881 test install report:

Well no luck this time. The same 2 issues reported by me from Jan. 2018 are yet here.

Please refer to my late post concerning these issues below:

https://www.askwoody.com/forums/topic/buggy-windows-7-monthly-rollup-kb-4088875-no-acknowledgment-from-microsoft/#post-175909

1. The chaotic ErrorID9020 – The Desktop Window Manager has encountered a fatal error (0x8898009b) is back in full;

2. The same chaotic leftovers of the already closed windows in win7 taskbar  is also yet alive.

On the other hand Win7sp1x64Ultimate wasn’t visibly affected by any of 5 problems beyond AV registry key acknowledged by M$ itself.

Anyhow KB4088881 is removed & put to hidden list, although Internet Explorer 11 update v11.0.57 KB4096040 installed separately and seems acceptable.

Rgds,

 

1 user thanked author for this post.

Elly

Reply | Quote

Guess users of Windows 7 and Sever 2008 R2 are now sacked – the ne patches has nasty ‘known issues’ – and the old January 7 February (Meltdown) patches comes with a nasty surprise.

It seems, something went terribly wrong: January/February 2018 Meltdown patches from Microsoft opens even a bigger hole. No more exploit is necessary to access the memory from user processes (and even write it).

See Windows 7 Jan./Feb. 2018 patches opens Total Meltdown vulnerability

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

1 user thanked author for this post.

grayslady

Reply | Quote

Elly, Susan, Woody, MrBrian,
Yesterday I installed the IE update KB 4089187 (and KB 890830) on my Group B Windows 7 Pro x64.

No problems so far, although it took almost half an hour(!) for the system to integrate the update. I was tempted to force a restart, but I just let it do its thing and eventually it did install successfully.

Cheers

2 users thanked author for this post.

Elly, MrBrian

Reply | Quote

im having issues.

after the welcome screen i only get a black screen with cursor. pulled eventvwr logs via boot cd and it seems explorer is crashing. same blackscreen even in safe mode. only safe mode with command prompt works.

i already tried system restore (fails), startup repair (cant repair) and sfc scannow (no integrity violations).

i suspect kb4088825 and nvidia 630m (360.95) incompatibility. only that kb was installed recently per system restore point. i cant uninstall it via command line since its a servicing stack and i dont know which msu to edit since there are many!

windows live chat not helpful at all. the tech just wants me to reinstall windows and insists the laptop isnt compatible with win10. grrr

any help would be appreciated

Reply | Quote

i reported this yesterday to ms support chat. it was kb4088825 and now its kb4088891!

it was installed auto by windows. i regret enabling windows to auto update!

Reply | Quote