![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Heads up — Bug fix for IE coming out through Win10 cumulative updates, Win7 and 8.1
Home › Forums › AskWoody blog › Heads up — Bug fix for IE coming out through Win10 cumulative updates, Win7 and 8.1
Tagged: CVE-2018-8653
- This topic has 88 replies, 27 voices, and was last updated 2 years ago by
anonymous.
Viewing 44 reply threads-
AuthorPosts
-
-
December 19, 2018 at 12:27 pm #241184
woody
ManagerMicrosoft just posted CVE-2018-8653: Scripting Engine Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that the
[See the full post at: Heads up — Bug fix for IE coming out through Win10 cumulative updates, Win7 and 8.1]7 users thanked author for this post.
-
December 19, 2018 at 12:55 pm #241185
-
December 19, 2018 at 12:56 pm #241186
anonymous
Guest-
December 19, 2018 at 1:34 pm #241213
-
December 19, 2018 at 3:30 pm #241291
anonymous
Guest-
December 19, 2018 at 4:09 pm #241305
-
December 19, 2018 at 6:26 pm #241325
anonymous
GuestI’d just like to point out that .. in some cases, IE is activated by Windows. Case being mine. I don’t even consider using Chrome. Who would? Google has more data than the NSA and the CIA combined, just from users inputs in their search engine lol .. imagine what Chrome is allowing/preventing. Anyways. Is it possible that, just maybe, this update is critical to some people, or was. Before they were hacked. Every device on the network except the Xbox One. And I’ve not once opened IE. True enough, that just means I already had something in there from one of these other exploits we’re hearing about (Intel vulnerability, ASUS router exploit) which are fixed after the damage is done to some people. I’m all for the update but Microsoft needs to tighten up. I needed it a month ago. I needed the ASUS fw patch back before I got infected.
Edit to remove HTML
-
-
-
December 20, 2018 at 4:02 am #241401
radosuaf
AskWoody LoungerFirefox is cool. I use it :).
MSI H110 PC MATE * Intel Core i7-6700 * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * SanDisk Ultra 3D 1TB SSD * Western Digital Blue 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 20H2 64-bit
-
-
December 19, 2018 at 1:00 pm #241200
OscarCP
AskWoody PlusThanks. Now, this is probably a very naive question, as I do not use Windows 10, but can one run IE on Windows 10? I’ve understood (for no particular reason) that it was Edge the only MS browser that can be run there. And if one can, is it the same IE11 version as for Windows 8.1?
Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)
-
December 19, 2018 at 1:06 pm #241204
PKCano
Manager -
December 19, 2018 at 1:35 pm #241214
Mr. Natural
AskWoody PlusIE is in Windows Accessories on the start menu in Windows 10.
I only use IE at work for a few legacy apps. Unfortunately we do have users in the office still using IE. Chrome is on all installs and I tell folks to use it when they call me with IE issues.
Not disclosed yet so I’ll wait and see what happens with this one.
Red Ruffnsore
-
December 20, 2018 at 3:25 am #241397
mn–
AskWoody LoungerLegacy apps unfortunately including such as, some Sharepoint Online integration features … and local-only tools like RAID, NAS and even network device management for certain hardware (honestly, couldn’t they just write either a browser-agnostic tool or a proper application?)…
Really, with the odds being that IE is the only browser left on most systems that can run integrated Java applets and Java applets also being the only way to configure some of those… even on this year’s hardware models occasionally.
Or I suppose you could rig the Hyper-V host server to multiboot Linux on the bare hardware and use the custom drivers and unofficial opensource command line tool every time you need to rearrange RAID volumes for a guest VM… because even the cold-boot firmware RAID setup UI doesn’t have access to some of the settings.
(Why yes, I do have a copy of the last ESR 52.x Firefox stashed away too…)
-
-
-
December 19, 2018 at 2:21 pm #241224
anonymous
Guest-
December 19, 2018 at 2:58 pm #241284
-
December 19, 2018 at 3:06 pm #241285
anonymous
GuestIt’s a security update so it should come down either way.
One can also download it from the catalog site and manually install it but, as always, those using this method must make sure to first install the latest Servicing Stack Update (SSU). There is no new SSU with this Latest Cumulative Update (LCU) but if this is the first time you’re updating this month and you choose the manual method, be sure to first apply the associated SSU released earlier in the month. The KB article for each version of the Win10 LCU has the details.
-
December 19, 2018 at 3:10 pm #241288
-
-
-
December 19, 2018 at 2:29 pm #241250
anonymous
GuestI never use IE but some programs use it even if you have set another browser as default.
I wish there was a way to block IE being accidentally accessed through those programs. Sometimes it is as simple as clicking on “about” or “help” in the program interface and IE starts up and must be closed.
This is annoying.
firemind -
December 19, 2018 at 2:36 pm #241262
bhen
AskWoody LoungerIf you’re at risk of being tricked into using IE, you should probably let this download and install.
As someone on 1803, when I saw a folder with files show up in SoftwareDistribution on a Wednesday, I was expecting “automatic 1809 update”, not “security update for 1803”. (Yeah yeah, the 1809 update files probably land somewhere else when they arrive, right?)
-
December 19, 2018 at 2:39 pm #241267
-
December 19, 2018 at 2:44 pm #241274
DrBonzo
AskWoody PlusI wonder if this effectively makes the WIN 7 December Rollup a new patch? I was just at the support page for the Rollup and it was last updated Dec 11. That would imply that even Group A folks would need the new IE Patch. But at some point every Win 7 (and maybe Win 8.1 and 10 as well) user will need the IE 11 patch whether they browse with IE 11 or not since IE 11 is part of the OS.
-
December 19, 2018 at 2:47 pm #241280
StoopidMonkey
AskWoody Plus
-
-
December 19, 2018 at 3:14 pm #241286
anonymous
GuestI am seeing the patches show up on our WSUS servers, but NOT seeing the patches offered when running a WindowsUpdate client check connecting to Microsoft.
And FWIW the patches are listed as available in the Update Catalog.
I’m not sure why they are not showing up via WindowsUpdate client 3+ hours after they showed up on the WSUS servers. That is not the usual behavior.
However it does make me wonder if they have already been pulled from Windows/Microsoft Update web site.
Jim
-
December 19, 2018 at 3:32 pm #241293
anonymous
GuestDoes theis new IE cumulative SEC Patch(KB4483187) negate having to install KB4470199 the regular Dcember IE cumulative SEC Patch I have one of my 4 laptops already updated for the Dec 2018 patches and the other 3 are still waiting to be patched for Dec 2018. I’d like to have to install as little as possible from Microsoft if possible.
1 user thanked author for this post.
-
December 20, 2018 at 3:20 pm #241624
AJNorth
AskWoody PlusDoes the new IE cumulative SEC Patch (KB4483187) negate having to install KB4470199 the regular December IE cumulative SEC Patch
Hello,
The answer is yes; KB4471328 supersedes KB4470199 (please see https://support.microsoft.com/en-us/help/20181219/security-update-deployment-information ).
-
-
December 19, 2018 at 3:41 pm #241298
ashfan212
AskWoody Lounger -
December 19, 2018 at 3:57 pm #241301
PKCano
ManagerAKB2000003 has been updated on 12/19/2018 to include the out-of-band KB 4483187 IE11 Cumulative Update for Group B and anyone else who needs to download it.
This update replaces KB4470199 2018-12 Cumulative Security Update for IE11.
(For those of you still running XP, you will need this patch as well. Thanks to @? says)
-
December 19, 2018 at 4:00 pm #241297
anonymous
GuestPer the MSRC blog post this has been seen by Google in targeted attacks. Malware can pull a specific instance of a browser and thus even if you aren’t using IE, malware could target it. So don’t blow this off if you (or your firm) think you might be in one of these targeted attacks. I am seeing the IE patch on my 7 so they haven’t pulled them.
-
December 19, 2018 at 4:05 pm #241304
PKCano
Manager -
December 19, 2018 at 4:52 pm #241308
warrenrumak
AskWoody LoungerAttacks like this are demonstrative of why it’s important to leave UAC turned on. I know lots of smartypants-types turn UAC off because they don’t like being nagged to elevate privileges….. but the point is to ensure that processes like Internet Explorer that don’t need to be an Administrator, ever, are not running with the Administrator token by default.
1 user thanked author for this post.
-
December 19, 2018 at 8:40 pm #241352
GoneToPlaid
AskWoody Plus
-
-
December 19, 2018 at 5:42 pm #241315
anonymous
GuestUpdated IE11 on a Windows 7 machine and it required a reboot and seemed to install fine via Windows Update.
Attempted to update a Windows 8.1 machine and it seemed to install, but strangely didn’t require a reboot. Checked Windows history and it indicates being installed but when I open IE11 to check the most recent IE security update it’s still showing Dec 11 KB4470199 as being installed. Uninstalled and tried again using Windows Update and still the same result. Tried a manual installation via the catalog download and it still showing the same.
Is there anyway of showing whether this update installed correctly?
-
December 19, 2018 at 5:47 pm #241320
PKCano
ManagerThe MS pages on KB4483187 Cumulative Update for IE11 say this:
After you install this security update on a computer that is running Windows Server 2012 R2 or Windows 8.1, the About Internet Explorer 11 dialog box will show KB4470199 (the December 11, 2018 security update for Internet Explorer) instead of KB4483187. Users can confirm they are protected by verifying that the version of jscript.dll is 5.8.9600.19230.
6 users thanked author for this post.
-
December 19, 2018 at 7:04 pm #241336
-
-
-
December 19, 2018 at 6:05 pm #241322
woody
ManagerThere’s a workaround published in the CVE article:
Workarounds
Restrict access to JScript.dll For 32-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\system32\jscript.dll /E /P everyone:N
For 64-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
Impact of Workaround. By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilizes jscript as the scripting engine.
How to undo the workaround. For 32-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\system32\jscript.dll /E /R everyone
For 64-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\syswow64\jscript.dll /E /R everyone
2 users thanked author for this post.
-
December 19, 2018 at 7:46 pm #241341
deuce120
AskWoody PlusWoody,
You posted workarounds that were listed in a CVE article posted on a Mircosoft website. I get alerts from Microsoft when new articles, updates, etc are posted. The crazy thing is if I click on link on the to the CVE article, CVE-2018-8653, it takes me to different article than the one your link does. The second one does not list any workarounds – stated as no known worlarounds. That link is https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653.
Goes to show that Microsoft has some serious issues and we are suppose to “trust” them.
Thanks for all the great information that you and others provide.
-
December 22, 2018 at 9:44 am #242005
PKCano
Manager-
December 22, 2018 at 10:28 am #242028
anonymous
GuestYeah, Microsoft realized that you can’t change or edit the access control list of certain files without being the owner of them in the first place, so they added the command to take ownership of the jscript.dll file. The file’s original owner is the TrustedInstaller.exe program, which runs a good portion of Windows Update.
-
-
-
December 19, 2018 at 6:37 pm #241332
-
December 19, 2018 at 7:06 pm #241338
-
December 19, 2018 at 8:32 pm #241349
-
December 19, 2018 at 8:39 pm #241344
anonymous
GuestSo is this an extreme urgent one? Don’t use IE at all, always wondered why I can’t uninstall it. Hope I can pospone it for a week or so since we’re packing up for the holidays and prepare for a long trip. Just shut down, backed up and imaged laptops we take. I am not very keen to start them again with all kinds of risks involved… :-/ Sorry for the question, but don’t know if I should be nervous about this one.
-
December 19, 2018 at 8:45 pm #241356
GoneToPlaid
AskWoody Plus-
December 19, 2018 at 9:58 pm #241358
anonymous
GuestTnx, I was afraid of that already 🙁 I have so extremely enough of Windows 10 you can’t imagine that. Ok, so the first time we fire up those laptops at our destination, they will start updating. Absolutely wonderful thought. Why on earth can’t we install stuff we don’t need, it would save such a lot of hassle. The sad thing is that some hours ago we checked for updates, none were found, while this one was released some hours before this check. Even just before Christmas Microsoft rolls out nasty surprises, so demotivating. We’ll hope the next time we switch on those laptops, the updates will be installed smoothly.
-
December 19, 2018 at 11:17 pm #241367
-
-
-
-
December 19, 2018 at 8:41 pm #241345
-
December 19, 2018 at 8:46 pm #241357
GoneToPlaid
AskWoody Plus
-
-
December 19, 2018 at 10:25 pm #241365
abbodi86
AskWoody_MVPSide notice: a flood of new KB articles about privacy in Windows 10
https://support.microsoft.com/en-us/help/4459081/general-privacy-settings-in-windows-10-microsoft-privacy
https://support.microsoft.com/en-us/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy
https://support.microsoft.com/en-us/help/4468228/windows-10-app-diagnostics-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468229/windows-10-apps-and-services-activity-on-the-privacy-dashboard-microso
https://support.microsoft.com/en-us/help/4468240/windows-10-location-service-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468247/windows-10-privacy-settings-that-apps-use-microsoft-privacy
https://support.microsoft.com/en-us/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468232/windows-10-camera-microphone-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468230/windows-10-background-apps-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468235/windows-10-eye-tracking-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468243/windows-10-motion-data-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468234/windows-10-desktop-apps-and-privacy
https://support.microsoft.com/en-us/help/4468239/location-activity-on-the-privacy-dashboard-microsoft-privacy
https://support.microsoft.com/en-us/help/4468231/browsing-history-on-the-privacy-dashboard-microsoft-privacy1 user thanked author for this post.
-
December 19, 2018 at 10:57 pm #241368
Hopper15
AskWoody LoungerSo is this an extreme urgent one? Don’t use IE at all, always wondered why I can’t uninstall it. Hope I can pospone it for a week or so since we’re packing up for the holidays and prepare for a long trip. Just shut down, backed up and imaged laptops we take. I am not very keen to start them again with all kinds of risks involved… :-/ Sorry for the question, but don’t know if I should be nervous about this one.
“Way-out-of-band patches like this one have a nasty history of blowing up” Like Woody said I would avoid it.
-
December 19, 2018 at 11:21 pm #241370
-
-
December 19, 2018 at 11:18 pm #241369
anonymous
GuestI got lost. Just to avoid a nasty surprise during Christmas, I decided to fire up my laptop in the middle of the night. It didn’t find the update. Neither did another laptop. And yes, I even dared to click this dreaded seek for updates-button, several times even. Both systems are on 1803, Semi Annual Channel, 365 days deferral of feature updates and 0 days deferral of quality updates. Could that have anything to do with it? I have a vague memory of not getting some other out of band updates in the past either, but not sure. Also I never get those extra non-security updates seperately (not that I miss them). The updates from patch Tuesday I always pick up. Same behavior on all systems which have no exotic software or drivers.
Or is this specific update/patch withdrawn already? Saw some complaints on Reddit regarding hanging black boot screens and some other weird things.
Anyway: should I as someone who defenitely never uses IE worry about this at all, actually…? I assume that I get the patch included in January’s cumulative updates, so yeah… Manually installing updates I never did in my life and I don’t feel comfortable doing that now either to be honest. I am just an average user, not an IT-expert.
-
December 20, 2018 at 1:37 am #241382
-
December 20, 2018 at 1:45 am #241384
Nibbled To Death By Ducks
AskWoody PlusAccording to Ars Technica,
“Windows users should ensure their computer installs the update as soon as possible, even if they don’t normally use IE to browse sites.”
Woody says not to patch.
The article seems to infer (it’s the last sentence) that MSFT has decreed this. It’s not clear if this is the opinion of the writer or MSFT.
Can anyone decipher this? I hate it when two security sources I trust seem to disagree.
Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
--
"A committee is the only known form of life that can have least four legs and no brain."-Robert Heinlein
-
December 20, 2018 at 4:05 am #241402
radosuaf
AskWoody LoungerDoes not show up in WU with 7 days quality updates deferral set.
MSI H110 PC MATE * Intel Core i7-6700 * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * SanDisk Ultra 3D 1TB SSD * Western Digital Blue 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 20H2 64-bit -
December 20, 2018 at 5:06 am #241406
-
December 20, 2018 at 6:28 am #241418
-
December 20, 2018 at 6:42 am #241420
numike
AskWoody LoungerMicrosoft issues emergency update to fix critical IE flaw under active exploit
-
December 20, 2018 at 7:04 am #241424
-
December 20, 2018 at 7:21 am #241432
geekdom
AskWoody PlusBeta Test
Reporting on Windows 7 x64 update– KB4483187 installed without error and the system rebooted without error.
– Firefox 65.0b5 (64-bit) in use.BetaTest {Got backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0b9 WindowsDefender TRV=2004 WuMgr -
December 20, 2018 at 7:46 am #241438
Microfix
AskWoody MVPWin8.1 Pro x64 (2 devices)
no restart required after patch installation (did one anyway, habit)
no errors in event viewer pre/ post restart.
Don’t use IE, although this is integral to OS and important.
No issues with patch.
Leaving it off W10 1803 and XP for now..
Problems controlling W!N10 updates:
https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/ -
December 20, 2018 at 8:11 am #241454
Speccy
AskWoody LoungerAs PKCano correctly pointed out, besides updating version numbers, the only major differences between KB4483187 (datetime stamped Dec 15, 2018) and KB4470199 (datetime stamped Nov 14, 2018) are in the specific vulnerability being patched – namely, the mshtml.dll HTML Viewer library (both 64/32 bit versions) and the jscript.dll (both 64/32 bit versions) and jscript9.dll (64-bit version) JScript engine libraries.
NOTE: Incidentally, that could also mean that the proposed workaround might not fully cover the vulnerability on 64-bit systems…
There are a few other minor differences (the 32-bit iedkcs32.dll, iexplore.exe and sqmapi.dll files have updated its embedded certificates) but these are, from a functional point of view, irrelevant: basically, KB4483187 is an updated version of (replacement for) KB4470199, patching the specific, Javascript-related vulnerability.
-
December 20, 2018 at 9:12 am #241479
David Beroff
AskWoody LoungerWhy did my Windows 7 Home Premium (ver 6.1, build 7601, SP1) system start crashing as soon as KB4483187 was installed? I had about 5 crashes in as many hours, while I was trying to work with overseas clients, before I was able to go in and uninstall it. I don’t ever use MSIE, and would uninstall it if I could. No other software was installed recently, and my system is usually as stable as a rock. (The last time I had crashing issues, I narrowed it down to Google’s Backup and Sync, which is now only run manually at night, rather than on startup, but today it was not running at all during any of these events.) Thank you.
2 users thanked author for this post.
-
December 20, 2018 at 9:16 am #241486
PKCano
ManagerMy guess is that there is some conflict between the javascript files that were changed in the KB4483187 update and some program you are using on your computer.
What browser are you using?
What program(s) are you using when the crash occurs?
What AV program do you run?3 users thanked author for this post.
-
December 20, 2018 at 9:39 am #241500
David Beroff
AskWoody LoungerThanks for the reply, @PKCano. Each time, I was only using Chrome and sometimes Notepad. Would Chrome even use any of MSIE’s JS? I was finally able to uninstall (and “hide”) the update, and have had zero crashes, although admittedly, it’s only been an hour so far. I’ll be more certain when I can go a week or longer. I was most-recently using Bitdefender, but it was sucking up way too many resources, which were directly interfering with my overseas work, so I had to turn that off, and haven’t yet had a chance to replace it.
1 user thanked author for this post.
-
-
-
December 20, 2018 at 9:30 am #241492
anonymous
GuestWindows 7 Pro x64 – After waiting overnight to let this settle, I installed KB4483187 requiring a re-start, all OK.
While I ususally await on Woody, in this instance it doesn’t seem the extreme risk is worth a lengthy wait on one critical security IE update. The normal wait period is usually justified by there is nothing critical, or no known exploits of a pending update fix. In this case neither is correct.
Based on my and others here, as well as other sites reported install success – I suggest you install but it is ultimately up to each individual.Risk <-> Reward
-
December 20, 2018 at 9:45 am #241507
woody
Manager-
December 20, 2018 at 2:08 pm #241588
Microfix
AskWoody MVPThe PC security industry has a long, sordid history of “Sky is falling” warnings that fail to live up to their initial billing.
Need I mention ‘Meltdown’ and nothing in the wild a year later..
Problems controlling W!N10 updates:
https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/ -
December 21, 2018 at 7:59 am #241747
mn–
AskWoody LoungerStill haven’t seen any specific reports about this one in the wild, but the local national cybersecurity authority did have an official warning up about it being used in specifically targeted attacks…
Oh well. Guess it isn’t a high priority thing as long as you aren’t a target, then? (Note, no information on target grouping seems to be publicly available. Anyone want to throw wild guesses about likely targets?)
-
-
-
December 20, 2018 at 10:15 am #241518
SoulAsylum
AskWoody Lounger -
December 20, 2018 at 1:59 pm #241585
Nibbled To Death By Ducks
AskWoody PlusBit The bullet, as Ars Tech article went on to say:
“As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise,” Narang said.
I went for it.
So far, no issues.
YMMV.
I hate it when reports of “In The Wild” are non-specific, but thought reports of install success were important too… ?
Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
--
"A committee is the only known form of life that can have least four legs and no brain."-Robert Heinlein
-
December 20, 2018 at 2:06 pm #241587
Nibbled To Death By Ducks
AskWoody PlusSorry…the comments from Narang about it being in the wild were from Krebs at:
https://krebsonsecurity.com/2018/12/microsoft-issues-emergency-fix-for-ie-zero-day/
My bad. 🙁
But when it’s on Krebs….<sigh>..remember when having a PC, and the Internet was fun?
Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
--
"A committee is the only known form of life that can have least four legs and no brain."-Robert Heinlein
1 user thanked author for this post.
-
December 20, 2018 at 2:13 pm #241589
anonymous
Guest-
December 20, 2018 at 2:41 pm #241608
-
-
December 21, 2018 at 9:05 am #241761
anonymous
Guest-
December 21, 2018 at 9:08 am #241768
PKCano
Manager-
December 21, 2018 at 10:37 am #241785
anonymous
GuestNow I’m really confused. Running Windows 10 Pro x64 ver 1803 – Group A, Group Policy 2
My Quality Update 10 day hold just gave me KB4471324 (12/11 update) which I was going to hide pending Defcon Rating 3. There was also mention of an SSU KB4477137, but normally SSU’s are automatically installed with/before an update installed thru Windows Update (ie: not a manual install).
This post then shows a KB4483234 for ver 1803 and you mention a new SSU.
So, should I still hide KB4471324?
Should I set my Quality Update hold to 0 days and will KB4483234 come down? Or should I leave QU at 10 days and wait it out? Will this KB supercede KB4471324?
When KB4483234 comes down, should I install it or hide it pending Defcon Rating 3?
If I allow installation via Windows Updater, do I need to manually install a SSU? And is it KB4477137 or is there a newer SSU?
-
December 21, 2018 at 10:38 am #241791
anonymous
Guest-
December 21, 2018 at 10:47 am #241796
Microfix
AskWoody MVPWhat PKCano is saying is, the links to the SSU patches are in Woody’s Blog:
For those of you with Windows 10, there are new Servicing Stack updates:
Win10 1709 Build 16229.846 KB 4477136
Win10 1803 Build 17134.471 KB 4477137
Problems controlling W!N10 updates:
https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/1 user thanked author for this post.
-
-
-
-
December 21, 2018 at 9:19 am #241771
geekdom
AskWoody PlusFurther information regarding December patches is now here:
BetaTest {Got backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win10Pro 2004.19041.746 x64 i5-9400 RAM16GB HDD Firefox85.0b9 WindowsDefender TRV=2004 WuMgr -
December 24, 2018 at 4:28 am #242287
-
-
AuthorPosts
Viewing 44 reply threads - This topic has 88 replies, 27 voices, and was last updated 2 years ago by
-
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
Kirsty on Need a Great Rules Add-in for Outlook 2019
Just nowKirsty on Extra USB Sound driver?
18 minutes agoNuyorker on Mouse settings NOT preserved after reboot
1 hour, 7 minutes agocybercrone on What Linux is and why it has persisted
1 hour, 25 minutes agoanonymous on Adobe Flash Not working for School test
1 hour, 40 minutes agoOscarCP on What Linux is and why it has persisted
1 hour, 48 minutes agoWSArthurR on What Linux is and why it has persisted
2 hours, 10 minutes agoOscarCP on Apple to block sideloading iOS apps on M1
2 hours, 29 minutes agocybercrone on What Linux is and why it has persisted
2 hours, 38 minutes agoDaveH52 on Doesn’t like external FAT32 HDD
2 hours, 42 minutes agodmitriy1980 on Hard Drive at 100% usage
3 hours, 6 minutes agoAscaris on What Linux is and why it has persisted
3 hours, 15 minutes agoNathan Parker on Apple to block sideloading iOS apps on M1
3 hours, 31 minutes agoanonymous on Susan recommending version 2004
3 hours, 35 minutes agoMHCLV941 on What Linux is and why it has persisted
3 hours, 35 minutes agoOscarCP on Minor Lounge Button Tweaks
3 hours, 57 minutes agoMoonshine on Image Backup / Portable Hard Drive
4 hours, 2 minutes agohms on Susan recommending version 2004
4 hours, 15 minutes agoPKCano on Win 10 2004 still not ready for my device
4 hours, 16 minutes agoPepsiboy on Giving you the choice
4 hours, 18 minutes agoOscarCP on What Linux is and why it has persisted
4 hours, 27 minutes agoturbo930-44 on Win 10 2004 still not ready for my device
4 hours, 30 minutes agosatrow on Hard Drive at 100% usage
4 hours, 47 minutes agoanonymous on PNY Flash Drive Problem
4 hours, 54 minutes agoPKCano on Susan recommending version 2004
4 hours, 58 minutes agoPKCano on Susan recommending version 2004
5 hours, 7 minutes agoanonymous on Find the cable modem that’s just right for your ISP
5 hours, 15 minutes agoAlexEiffel on What Linux is and why it has persisted
5 hours, 18 minutes agoPKCano on Windows 10 2004/20H2 Not Being Offered Due to Conexant HD Audio Issue
5 hours, 24 minutes agoanonymous on Windows 10 2004/20H2 Not Being Offered Due to Conexant HD Audio Issue
5 hours, 26 minutes ago
Recent Topics
-
Extra USB Sound driver?
18 minutes ago
-
PNY Flash Drive Problem
6 hours, 51 minutes ago
-
Windows 10 bug crashes your PC when you access this location
10 hours, 35 minutes ago
-
Doesn’t like external FAT32 HDD
2 hours, 43 minutes ago
-
Why won’t Task Scheduler launch Office product
7 hours, 39 minutes ago
-
Susan recommending version 2004
4 hours, 15 minutes ago
-
Replace Images for Text in Word
12 hours, 37 minutes ago
-
Windows 10 internet connection freezes
11 hours, 11 minutes ago
-
Windows Defender In Win 10 Concern
6 hours, 34 minutes ago
-
Laptop with home and work networks
13 hours, 20 minutes ago
-
Top 40+ iOS 14 Tips and Tricks
18 hours, 30 minutes ago
-
What Linux is and why it has persisted
1 hour, 26 minutes ago
-
Find the cable modem that’s just right for your ISP
5 hours, 15 minutes ago
-
Four GB of RAM vanishes … but then reappears
10 hours, 33 minutes ago
-
Wow! Even more Office updates!
8 hours, 35 minutes ago
-
Hard Drive at 100% usage
3 hours, 6 minutes ago
-
Checking e-mail attachments with VirusTotal
1 day, 8 hours ago
-
Giving you the choice
4 hours, 18 minutes ago
-
outlook 365 emails not queueing
14 hours, 55 minutes ago
-
Need a Great Rules Add-in for Outlook 2019
29 seconds ago
-
Mouse settings NOT preserved after reboot
1 hour, 7 minutes ago
-
Apple News Wrap Up: January 17, 2021
1 day, 12 hours ago
-
Tasks for the weekend – January 16, 2021
1 day, 18 hours ago
-
Use Word to Create Awesome Signs
2 days, 2 hours ago
-
Zero day Windows 10 bug
1 day, 5 hours ago
-
KB4598242 fails to install, in rollback loop 2021-01 cum upate
1 day, 8 hours ago
-
Updates paused but not?
1 day, 10 hours ago
-
Security update for Secure Boot DBX can be skipped (KB4535680)
1 day, 13 hours ago
-
Copying Folder Names Into Excel
1 day, 7 hours ago
-
The iPhone Companion
2 days, 17 hours ago
Search for Topics
Recent blog posts
- What Linux is and why it has persisted
- Find the cable modem that’s just right for your ISP
- Four GB of RAM vanishes … but then reappears
- Wow! Even more Office updates!
- Giving you the choice
- Tasks for the weekend – January 16, 2021
- Zero day Windows 10 bug
- Security update for Secure Boot DBX can be skipped (KB4535680)
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.