Heads up! 50 new security patches just pushed to the Update Catalog

[woodyDa Boss]

They’re marked: IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includ
[See the full post at: Heads up! 50 new security patches just pushed to the Update Catalog]

4 users thanked author for this post.

abbodi86, jburk07, columbia2011

[MicrofixDa Boss]

Getting October SMQR offered via WU on Win8.1..declined
posted my WU screenshot here

MS-DEFCON still at 3..

Have they nudged this months patches back due to the release of 1909 on patch tuesday 8th of this month?

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

[PKCanoDa Boss]

This DOES NOT replace the October Patch Tuesday SQMR.

1 user thanked author for this post.

Hopper15

[MicrofixDa Boss]

PKCano wrote:

This DOES NOT replace the October Patch Tuesday SQMR.

well, it hasn’t been released prior to this update being offered that I’m seeing in WU so, how could it be replaced?

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

[PKCanoDa Boss]

Sorry, wrong tense, but I was quoting (my bolding).

IMPORTANT This is a required security update that will be offered to all customers automatically. To help secure your devices, we recommend that you install this update as soon as a possible and restart your PC to fully apply the mitigations. Like all rollup updates, this update supersedes any preceding update.

Note This update does not replace the upcoming October 2019 monthly update, which is scheduled to release on October 8, 2019.

4 users thanked author for this post.

Hopper15, jburk07, Microfix, woody

[grant.gardnerAskWoody Plus]

Is it safe to assume that these updates will be incorporated into the standard patch Tuesday updates that are due out next week?

[woodyDa Boss]

Yes. Patch Tuesday this month will include previous cumulative updates (unless somebody changes their mind again).

Big questions at this point: (1) Is an attack imminent and (2) Are there any additional bugs?

Patches like this are notorious for triggering an absolute shirtstorm of bugs.

8 users thanked author for this post.

Pim, abbodi86, AlbertMcCann623, Hopper15, jburk07, Tom-R, Bluetrix, Microfix

[Tom-RAskWoody Plus]

Woody, in light of this sudden unexpected (and unexplained by MS) development, shouldn’t the DEFCON level be bumped back to 1 or 2?

[woodyDa Boss]

Good question. The concomitant question is whether we should go to MS-DEFCON 4 or 5.

At this point, I’m watching for evidence of bugs in this for-real out-of-band patch. If it looks clean, I’ll probably advise that people install it.

But it’s still too early to tell – and I still have no indication whether CVE-2019-1367 is an ongoing concern for the 95% of all Windows users who don’t use IE. The Security Advisory has been updated to show the new patches – but there’s no change in the wimpy description. Clément Lecigne hasn’t said anything, either.

2 users thanked author for this post.

jburk07, Tom-R

[anonymous]

Weekend starts here, and I am gone. Will not switch on Windows computers here before next week wednesday, so I am safe. For a change. I indeed also assume the emergencynlatched will be included in the regular patch rounds? What a mess Windows became :-/

[PKCanoDa Boss]

Yes, everything should be together in next Patch Tuesday’s updates.

[anonymous]

Ok, thanks for the info! I am anonymous again, somehow my password isn’t working again. Must reset it, one day soon…

[woodyDa Boss]

Write to me, CustomerSupport@AskWoody.com

[BluetrixAskWoody MVP]

grant.gardner wrote:

Is it safe to assume that these updates will be incorporated into the standard patch Tuesday updates that are due out next week?

For:

KB4524147 CU for 1903 (build 18362.388)
KB4524148 CU for 1809 (build 17763.775)
KB4524149 CU for 1803 (build 17134.1040)

Note This update does not replace the upcoming October 2019 monthly update, which is scheduled to release on October 8, 2019.

That’s from Microsoft

Edit to add: Like Woody said, (unless somebody changes their mind again).

Windows10 Home 1809 | Mint19 on VM

[grant.gardnerAskWoody Plus]

Bluetrix wrote:

grant.gardner wrote:

Is it safe to assume that these updates will be incorporated into the standard patch Tuesday updates that are due out next week?

For:

KB4524147 CU for 1903 (build 18362.388)
KB4524148 CU for 1809 (build 17763.775)
KB4524149 CU for 1803 (build 17134.1040)

Note This update does not replace the upcoming October 2019 monthly update, which is scheduled to release on October 8, 2019.

That’s from Microsoft

Edit to add: Like Woody said, (unless somebody changes their mind again).

We don’t use IE on any of our servers and don’t have the printing issue.  Would rather wait for the standard Patch Tuesday stuff and install later this month once its given the go ahead by “the patch lady”.  Heck, I just installed Septembers updates this week.

[PKCanoDa Boss]

KB4524135 IE update, released 10/3/2019, for IE11 has been added to AKB2000003.

Prerequsites for Win7 are SSU KB4490628 and SHA-2 coding update KB4474419

3 users thanked author for this post.

LHiggins, abbodi86, woody

[armondAskWoody Plus]

HP printer issue still exists! I can’t print anything using my HP 6978 printer after installing KB4524147. “Microsoft is not currently aware of any issues”? Interesting.

3 users thanked author for this post.

jburk07, woody, Microfix

[woodyDa Boss]

Very important observation. Thanks!

If you roll back KB 4524147, does your printer work again?

[Susan BradleyAskWoody MVP]

Did into the printer driver setting and make sure that rebooting hasn’t moved a printer from the setup you like/that works to one that doesnt.

I have a home pc that on occasion will reboot and my HP multi will move from tcp/ip setup to that web stupid printer driver thingy that never works.

Susan Bradley Patch Lady

[Alex5723AskWoody Plus]

woody wrote:

They’re marked: IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includ
[See the full post at: Heads up! 50 new security patches just pushed to the Update Catalog]

?

You meant September 23.

1 user thanked author for this post.

woody

[woodyDa Boss]

You’re absolutely right. Change made.

[IndyPilot80AskWoody Lounger]

So, unless I’m reading it wrong, it sound like if we’ve already patched for CVE-2019-1367 and we don’t have any .NET 3.5 or print spooler issues, we can safely skip this and wait until Oct 8?

[grant.gardnerAskWoody Plus]

That’s what I plan on doing.  Really dont want to add another round of server reboots into the mix.

2 users thanked author for this post.

abbodi86, IndyPilot80

[DrBonzoAskWoody Plus]

Scroll to the bottom of the following link under Revisions and it reads as though the only purpose of today’s new update is to fix the printer issue.

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1367

This is what it says:

To address a known printing issue customers might experience after installing the Security Updates or IE Cumulative updates that were released on September 23, 2019 for CVE-2019-1367, Microsoft is releasing new Security Updates, IE Cumulative Updates, and Monthly Rollup updates for all applicable installations of Internet Explorer 9, 10, or 11 on Microsoft Windows. Please see the Security Updates table for CVE-2019-1367 for the new updates. Note that these updates are available automatically via Windows Update, WSUS, or manually from the Microsoft Update Catalog. This release is separate from the October Update Tuesday release, which is scheduled for October 8, 2019

2 users thanked author for this post.

jburk07

[armondAskWoody Plus]

As far as I know and tested, HP printer issue have nothing to do with the Print Spooler service, as I did not have any printing issue with other priters I tried with any of the recent Windows 10 Cumulative Update updates.
Hopefully at least HP comes up with a solution, as I really like my HP printer and its Instant Ink free plan. Thanks so much for your time.

[cogxAskWoody Lounger]

Not just HP for us, but Ricoh printers are causing us fits now too.  In one such case, installed today’s (10/3/19) update (for Windows 8.1) and it didn’t fix the application crashing when trying to print to that particular Ricoh.  It’s not the spooler crashing, it is the application trying to print to that particular Ricoh USB connected printer (Word, Chrome, etc.)
The user’s other printer (network printer, also a copier Ricoh model) works and the Adobe PDF printer driver works.

I know we scream about a lot of buggy patches, but the truth is, with the ~450 computers I directly support, and the three thousand more where I work, we rarely run into the “known issues” from various MS patches.  The last one I can recall was a bad MS AV update.
Every year or two a screwy Word or Excel patch will get us.  But, now they have really gone and done it, breaking printing is like the number one cardinal sin where I work.  Printing is all anyone cares about.

[woodyDa Boss]

It could be that this out-of-band patch was re-issued to fix both the printer and .NET 3.5 installation bugs. But more importantly, it’s a for-real out-of-band update, with appropriate distribution.

It’s also been ten days since MS initially dropped the CVE. Is it possible that this is a real threat? If so, why haven’t we heard anything about it? At least MS is giving it more attention.

2 users thanked author for this post.

jburk07, WildBill

[WildBillAskWoody Plus]

Can confirm it’s a real out-of-band update, since KB4521456 replaced KB4516067 on my Win8.1 machine. Main Question: Besides possibly fixing the breaking .NET 3.5 problem & the breaking printers problem (no printer attached on my laptop), does it properly fix CVE-2019-1367? That’s the $64,000,000 question! You just bumped us to MS-DEFCON 3 yesterday; been slow in patching, but I’d hate to patch today & find we’re still getting messed up. As Patch Lady said in Monday’s Plus Newsletter, Issue 16.35.0:

Bottom line: Microsoft handled these updates poorly. At this time, the IE exploits appear to be highly targeted and narrowly applied. But the company hasn’t clearly spelled out the extent of the threat — except indirectly by making the fix relatively difficult to get.

Windows 8.1, 64-bit, back in Group A... & leaning toward Windows 10 V1909. As long as it's a Lot Less Buggy!
Wild Bill Rides Again...

1 user thanked author for this post.

jburk07

[CADesertRatAskWoody Plus]

It’s been an interesting morning, I have 4 computers (W10 Pro 1809) which all started out with the same updates until WU this morning. See my results in another post. MS is changing updates FAST.

MS-DEFCON 3: Get your September patches installed — but stick to the mainstream patches

 

Don't take yourself so seriously, no one else does 🙂
4 Win 10 Pro currently 1809 (3 Desktops, 1 Laptop).

[Mr. NaturalAskWoody Plus]

This is crazy. Everyone grab the popcorn. You can bet your sweet bippy I won’t be pushing any of these right away.

Red Ruffnsore reporting from the front lines.

1 user thanked author for this post.

Microfix

[bbearrenAskWoody MVP]

I got KB4524147 earlier today.  Nothing unusual, as usual for me.

Create a fresh drive image before making system changes, in case you need to start over!

"The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Jack Sparrow

"When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns

"Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

1 user thanked author for this post.

DriftyDonN

[BarryAskWoody Plus]

bbearren wrote:

I got KB4524147 earlier today.  Nothing unusual, as usual for me.

Downloading it now. I might add it did not give the option to defer. As soon as i hit check for update it started downloading.

 

Barry (Seeker)
Windows 10 Home V 1903

1 user thanked author for this post.

Tom-R

[woodyDa Boss]

Are you on Win10 1809?

1 user thanked author for this post.

Microfix

[BarryAskWoody Plus]

No. 1903 as it says in my signature.

Barry (Seeker)
Windows 10 Home V 1903

[woodyDa Boss]

Oops. I should’ve looked at your signature.

Yeah, that would be in keeping with the new updating method – in fact, unless you’ve clicked “Defer updates,” today’s cumulative update would’ve installed whether you clicked Check for updates or not.

1 user thanked author for this post.

Tom-R

[MicrofixDa Boss]

satirical view/
so in essence these patches seem to suggest the following:
IE zeroday is now fixed, we think!..but
RPC may or may not work so..
If your printer works, the patch will bork it
If your printer didn’t work before this patch, it’s still borked.
If you don’t have a printer think yourself lucky punk.
And to top it all off…there’s skeletal documentation about these patches

Aha! no IE zeroday patch printer works..oh dear, rock and a hard place. /satirical view
popcorn time on linux..

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

[GeoAskWoody Plus]

Group A, Win 7X64  .Just received   KB4524157 from WU.

• This reply was modified 1 month, 1 week ago by  Geo.

[KPAskWoody Plus]

Win 7 – 32 bit (KB4524157)

I say back to DefCon 1 or 2 for this.

 

DefCon 3 for the September  Patches. Unfortunately it means you have to manually download the patches from the Microsoft Update Catalog.

 

• This reply was modified 1 month, 1 week ago by  KP.
• This reply was modified 1 month, 1 week ago by  KP.

Attachments:

You must be logged in to access attached files.

[jburk07AskWoody Plus]

@kp –
When I hid KB4524157, the September patches reappeared in Windows Update, so you could do that instead of downloading them from the catalog.

Group A Win7 x64 Home Premium SP1 Ivy Bridge

• This reply was modified 1 month, 1 week ago by  jburk07.

1 user thanked author for this post.

Pim

[KPAskWoody Plus]

At that point in time, I had not installed the September patches so I download KB4516065 from the Microsoft Update Catalogue and manually installed. Sounds like there are still some problems with KB4524157.

[EPAskWoody_MVP]

what kind of printer problems, KP? be really specific about them.

I did not find any printer problems with the KB4524517 update on all my Win7 computers as I can reliably print to my family’s networked HP envy 7855 series printer through a WiFi internet connection.

[KPAskWoody Plus]

I have not installed KB4524157 yet so no printer problem.

[Mr. NaturalAskWoody Plus]

So is this the new norm now? Put them out on Microsoft Download Catalog first so that the “seekers” can beta test before releasing to Windows Update. Then let the Windows Update “seekers” have at it for the second round of beta testing.

Perhaps not a bad idea the way this whole A.I. thing is going.  🙁

Red Ruffnsore reporting from the front lines.

3 users thanked author for this post.

jburk07, CADesertRat, PKCano

[anonymous]

Too Much KB overload and I have skipped the Telemetry “Security Only” months and really I’m only interested in the 2019 Oct W7 Security Only(If No telemetry is included) and the Oct IE cumulative security only updates for Windows 7.

It’s just too much to worry about all of the out of band IE updates with IE getting its usual cumulative security patching each month anyways.

I’m using only Firefox for browsing until the Oct 2019 IE cumulative updates get DEFCON 3/higher rated, and actually Firefox is a lot better for browsing than IE regardless of any IE Zero Days.

[Hopper15AskWoody Lounger]

Thanks for the heads up Woody.

[TAskWoody Plus]

I’m so confused by this – if this is a monthly rollup then does that mean it includes all the junk those of us who are security only wish to avoid? I’m now conditioned to avoid anything rollup in the title and checking the file information for this update shows it does contain files like diagtrack and such. Therefore, where is the security only version? I want that one, i’m not about to start installing rollups.

[PKCanoDa Boss]

The fix is in the IE11 CU which Group B installs.
Since Group A doesn’t have separate patches, and theri IE11 fix is part of the Rollup, Group A gets a Rollup (yes, it is a Rollup)
AKB200003 has been updated with the IE11 patch, but Woody has not blessed it yet.

WAIT.

1 user thanked author for this post.

T

[TAskWoody Plus]

Ahh, this makes sense. Thank you.

Yes, i never rush into updating for just this reason and i’m with woody and susan on this, as things stand right now it’s best to hold off until microsoft can decide whether it is actively being exploited and stick to it.

[ashfan212AskWoody Lounger]

Windows 7 x64 Home Premium Group A

KB4524157 is described as a monthly rollup. Therefore, all of its enhancements will be contained (presumably) in next Tuesday’s scheduled October monthly rollup.

Accordingly, I cannot conceive why today’s monthly rollup can be deemed “important” and mandatory when its replacement will be available in 5 days.

I assume that the consensus advice would be to ignore this rollup update.

[anonymous]

I installed KB4524147 to two desktops, both with the recommended patches from the Master Patch list installed.  One desktop is on 1903 and the other is on 1909.  No problems on either machine, and start menu’s work ok on both machines.

[abbodi86AskWoody_MVP]

IE vulnerability did not make them push the patches before, but a printing issue does?

2 users thanked author for this post.

woody, PKCano

[woodyDa Boss]

You got that one… 🙂

1 user thanked author for this post.

WildBill

[SpeccyAskWoody Lounger]

Could the “printing issue” be just the tip of a(n apparently unrelated?) deeper iceberg (?):
“In addition to the BD Alaris PC Unit infusion pump, the researchers found (…) cameras, printers, routers, Wi-Fi mesh access points (…) that are all vulnerable to Urgent/11 bugs.”

• Windows 10 IoT (formerly Windows Embedded) – “Tomorrow’s IoT Today” (no recent Catalog updates)
• Shodan search for “Windows” (~1.5M results)

(URGENT/11 is a “suite” of 11 security vulnerabilities in the implementation of the network protocols that make up the IPnet TCP/IP stack – publicly disclosed back in July and recently making the news. Maybe that’s just an unrelated coincidence?…)

[rozmansiAskWoody Lounger]

The KB4524135 and KB4524156 installed on our Windows Server 2012R2 over the night and all JScript legacy ASP websites broke: heap corruption, unknown variable values, garbage in error responses. Event log was full of “Error: File /index.asp Unexpected error. A trappable error (C0000005) occurred in an external object. The script cannot continue running..” messages. Clicking refresh on any website gave a couple of successful responses, followed by a 500 Internal Server Error, and again some sucessful responses…

VBScript pages were unaffected.

Uninstalling both updates made websites stable again.

JScript.dll broken?

1 user thanked author for this post.

woody

[Susan BradleyAskWoody MVP]

Can you try installing just the IE and not the cumulative?  I’m honestly not seeing this in my installs.

Susan Bradley Patch Lady

1 user thanked author for this post.

woody

[woodyDa Boss]

See this response, just below:

https://www.askwoody.com/forums/topic/heads-up-50-new-security-patches-just-pushed-to-the-update-catalog/#post-1974481

[anonymous]

After KB4524147 I get a warning in Event Viewer every time I open Google Chrome (Event ID 10016 – DistributedCOM).

1 user thanked author for this post.

woody

[glnzAskWoody Plus]

Win 7 Pro 64-bit, Group A.  (Already installed the large patches from September.)

So – should I or shouldn’t I?

• This reply was modified 1 month, 1 week ago by  glnz.

[PKCanoDa Boss]

Should: Wait for Woody and Susan to assess the patches.

Shouldn’t: Rush into patching (almost ever).

3 users thanked author for this post.

woody, alphacharlie, glnz

[glnzAskWoody Plus]

PKCano:  Wisdom.

[anonymous]

KB4524147 and KB4524148 also causes the exact same spoolsv jscript error!  I have customers that never installed  KB4517211 last week but today installed KB4524147 and 48 through automatic updates, which is supposed to fix the printer problem.  They did not have the printer problem before and now after installing up the new update, they HAVE the problem.  I have 2 entire offices down because of these 2 updates.

1 user thanked author for this post.

woody

[EPAskWoody_MVP]

what printers do you have?

I’m not experiencing the printing problems with these recent updates like KB4524147 & KB4524148.
btw, I have an HP envy 4500 and an HP envy photo 7855 series printers and they both work okay whether using a local usb cable connection or a wifi networked connection. one of them had a driver issue that required uninstalling and reinstalling the printer drivers to actually fix a printing problem.

• This reply was modified 1 month, 1 week ago by  EP.

[MicrofixDa Boss]

Our Canon printer works fine on Win8.1 Pro x64 (USB) after installing SMQR kb4524156..I wonder if certain proprietary driver files are at play here. .it just seems a mixed bag of issues

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

1 user thanked author for this post.

woody

[woodyDa Boss]

.. which is precisely why this is such a pain! I can’t point my finger to any particular driver, or even manufacturer.

[MicrofixDa Boss]

Recently (August) we had the VBScript patch fiasco when the interns had the reigns and was eventually fixed (or so we were led to believe)..I wonder if something has been overlooked? Perhaps printer issues are the outcome and the issue lays within the relationship between the IE zeroday patch and VBScript patch which affects MS JScript in dotNET depending on what version is installed. (I ain’t no expert her BTW, just looking at facts.)

These are two things we know that have changed recently.

Ref this Jscript Wiki

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

[SpeccyAskWoody Lounger]

Just a wild guess… Xerox printers, perhaps?

Following my previous post, after reading Armis technical whitepaper [see for e.g. page 7: “modern examples of remotely triggerable TCP/IP bugs can still be found in the most widely used OSs”], their recent update of the original post and their recommendations (currently offline) published back in August I can’t help thinking that Microsoft might be also simultaneously implementing some sort of preventive countermeasures on Windows, against “something” bad out there (undisclosed vulnerabilities, malware or targeted attacks come to mind) that may be somewhat related with scripting and how (through it) Windows interacts with network connected devices (printers, routers, switches, etc).

But I digress… Hopefully I’m totally wrong and this “Urgent/11” thing is totally off-topic and has absolutely nothing to do with the current patching “bug madness”. It may be just a totally unrelated coincidence.

[anonymous]

I just had a PC with the HP won’t print issue. It installed KB4524148 last night. I uninstalled it, still no print. It was installed as a Web Services printer like most recent HP devices. I installed the UPD configured to an IPv4 IP and it worked. I suspect it is something in the web services it borks. This seems consistent with other reports that the UPD fixes it.

[glnzAskWoody Plus]

This is weird – I saw KB4524157 in Windows Update for my WIn 7 Pro 64-bit machine just now (Friday Oct 4 10pm ET).  Said the last search for updates was about 6:50am.

I didn’t install it but instead ran Check for Updates, and it disappeared!!!!!

Did MS pull it ?????

2 users thanked author for this post.

jburk07, bassmanzam

[DrBonzoAskWoody Plus]

I don’t know if they pulled it since it still shows up in MS Support and also the MS Catalog.

I do know that on three Win 7 machines sometime on Friday evening the 2019-10 Rollup was no longer offered in Windows Update and had been replaced with the 2019-09 Rollup.

1 user thanked author for this post.

jburk07

[anonymous]

Yesterday this update on my wife laptop was download automatically. Today on my laptop and desktop appears the button to dioad it if i want…

[Synoptic12AskWoody Lounger]

 

Upon installing Microsoft update (KB4524157 ) in Windows 7 64-bit, “Aero” was terminated. I was unable to repair the issue using the troubleshooter. Furthermore, Windows 7 would not shut down after ‘shutting down’, only remaining with the desktop theme. A manual shutdown was necessary.

* I uninstalled the aforesaid update and the system reverted back to normal. To alleviate further issues, I now have ‘System Restore’ enabled to avoid any further complications.

• Sorry for the bad photos.

1 user thanked author for this post.

jburk07

[davelrAskWoody Plus]

woody wrote:

Very important observation. Thanks!

If you roll back KB 4524147, does your printer work again?

I’m having the print problems on one of our systems. Document would go to spooler but hang. Eventually printer would print a timeout error page. Pulling KB4524147 didn’t change. Pulling KB4522016 in addition did allow documents to print, but after significant (1-2 Min) delay before spooler would release document from buffer. No start menu problems however.

[Author]

Posts