January security patches are coming shortly

Topic

New Reply

The Release Notes are up. Expect details in the next couple of hours.
[See the full post at: January security patches are coming shortly]

4 users thanked author for this post.

JDeC, Elly, AJNorth, Tiernan

Reply | Quote

Replies

Software Update Services changes in content for Jan 9, 2018.

4 users thanked author for this post.

FakeNinja, AJNorth, Tiernan, woody

Reply | Quote

January 2018 Office Update Release

2 users thanked author for this post.

woody, SueW

Reply | Quote

So well, I have something to confess: i upgraded on january 3rd  despite the MSdefcon 2 (cuz I forgot to turn off automatic updates) fortunately nothing bad happened, and well, I dont know if this is useful or not, but apparently there are no updates that change the build of 1703   so it means that may mean that if you installed the january 3rd updates, you already have the build of this month

Reply | Quote

I let the update go through (KB 4056892) when it was first offered on January 3rd. All I got today was the MSRT and a Flash update. I have an Intel processor (i5 7400), and haven’t experienced any slowdown or bluescreens. My initial thought is to leave well enough alone… Should I be safe?

Reply | Quote

You should be good

2 users thanked author for this post.

woody, Mcmacladdie

Reply | Quote

Thanks for the quick reply. I figured I would be, but wanted to ask just to be absolutely sure 🙂

Reply | Quote

For those who missed previous mentions, January 3, 2018—KB4056898 (Security-only update) (applies to Windows 8.1 and Windows Server 2012 R2 Standard) is at version 2 in the Microsoft Update Catalog.

2 users thanked author for this post.

lanceboil, woody

Reply | Quote

? says:

45 minutes ago:

https://www.ghacks.net/2018/01/09/microsoft-security-updates-january-2018-release/

enjoy!

 

 

 

1 user thanked author for this post.

FakeNinja

Reply | Quote

The January 2018 Security Update Review

1 user thanked author for this post.

woody

Reply | Quote

The synchronization on WSUS, multiple independent WSUS servers, is showing yet another foul-up by Microsoft.

A number of the hotfixes released today have come in duplicated. e.g. 38 entries each for KB4011656, KB4016110 32 bit, KB4016110 64 bit, etc.

Jim

1 user thanked author for this post.

woody

Reply | Quote

YIKES!

Reply | Quote

It’s not duplicate 😀
Office 2010 kb4011610 have separate update for each language
likewise the other one

the KB article lists them too
https://support.microsoft.com/en-my/help/4011610/descriptionofthesecurityupdateforoffice2010january9-2018

1 user thanked author for this post.

woody

Reply | Quote

And Office 2007 got updates again, for the 3rd month in a row since it was officially declared unsupported in October 2017. It is ironic: I did not manage to migrate from Vista to Windows 7 in time last April, but was adamant to be on time with upgrading from Office 2007 to 2010 and succeeded in doing that. In hindsight, my rush apparently was not needed. I wish I knew back then, it would have been less stressful. It makes me wonder when they really stop patching Office 2007 and what the reason is behind still providing patches.

ASRock Beebox J3160 - Win7 Ultimate x64
Asus VivoPC VC62B - Win7 Ultimate x64
Dell Latitude E6430 - Win7 Ultimate x64, Win10 Pro 22H2 x64 (multiboot)
Dell Latitude XT3 - Win7 Ultimate x86
Asus H170 Pro Gaming - Win10 Pro 22H2 x64

2 users thanked author for this post.

AlexEiffel, woody

Reply | Quote

The KB articles for the Office 2007 patches are not up (not yet, anyway). Clicking on the “more information” links on the WU applet leads to Microsoft Support pages that have no information on them (example).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

They’re up now.

Reply | Quote

Thanks, Woody. The articles are up.

However, in order to learn anything about the issue being fixed, users are now being asked to accept a EULA!?! It used to be you could click on the KB article from the WU applet and then click on a more detailed page for additional information — without having to agree to yet another set of terms of service.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Does anyone know why there haven’t been any critical security updates for Windows these last 3 months? (Except for the kernel patch) Is this normal? I mean, 3 months is a long time!

Reply | Quote

Any thoughts on this by the way?
https://www.theverge.com/2018/1/9/16868290/microsoft-meltdown-spectre-firmware-updates-pc-slowdown
Maybe make a post about this, Woody?

Reply | Quote

I’ve been thinking about writing about Terry’s post (and the new version of “Protect your device“) and I’m very ambivalent about it.

Microsoft ran its performance tests, and that’s great. (Obviously they didn’t include any AMD processors.) The results are waffling in the extreme. And the conclusion serves Microsoft’s purposes. It’s the same argument I have against writing about the results of “studies” that Microsoft has funded.

What I’d like to see is an independent, third party confirmation of the results.

Performance stats are hard. You really have to clock something specific – or rely on benchmarks that may or may not make a difference. In my experience, a variance of 20% or more in speed isn’t really noticeable.

But that’s just me….

OH. And I should add…. I think the big question will be browser performance hits. “Normal” Windows users aren’t going to see any Meltdown/Spectre exploits in the near future. But they may get bit by their browser.

5 users thanked author for this post.

FakeNinja, AlexEiffel, SueW, AJNorth, BobbyB

Reply | Quote

I just got Waterfox updated to 56.0.2 in the Mac; still have to start the Windows PC and find out if the update is there too:

https://www.ghacks.net/2018/01/07/waterfox-56-0-2-security-update-released/

The updated Waterfox now has the same tweak as Firefox does to prevent some rogue software at a Web site from siphoning one’s personal information through the straw of Spectre: to degrade the clock timing internally, so the attacking software cannot get sufficiently in sync with the computer clock to have a good chance at succeeding in its evil errand. This is at the price of slower response, which I have not noticed, probably for the reason that Woody pointed out: it is too small to notice during normal usage of the browser.

I have a comment on when to update Windows, now that a ton of updates is on offer (looking at “ghacks”, they do not seem to have any “critical” updates listed there, only “important” ones, which is a bit odd), and it is this:

I cannot do anything much until my anti virus, Webroot Secure Anywhere does the Register tweaking, which they are promising it will be next week.

But, considering I never update Windows for at least two weeks after patch Tuesday, as a rule, that makes no difference to me.

As to the danger of going unpatched in the face of Meltdown and Spectre: there are no reports of it being out in the wild and  being exploited by nasty people. However, how would one know that for sure? Black hats usually do not post their exploits on social media, and they are unlikely to go and hack into the computers of white hats that can figure out pretty quickly what is going on and let their black cats out of the bag. No, black hats will much rather nobody notices what they are up to for as long as possible, so they can carry on for as long as possible exploiting their nasty, but profitable, tricks.

So, either this is not being used for ill already, or the usual reasonable precautions against phishing and social engineering, or (as far as “Meltdown” goes, anyway) the precaution of never opening mysterious emails but deleting them right away, and as far as “Spectre” goes, the precaution of never go looking for free porno and the like in dark places, may be paying off quite nicely, so far: all the crying, wailing and gnashing of teeth seems to be about BSODs, from people with non-Intel CPUs in their machines, or people that did not check if their Register had been tweaked already by their AV providers… and then found, the hardest way, that it wasn’t.

So I intend to wait another two weeks or so before doing anything about this: rest easy, friends; I intend to. And best of luck to us all.

 

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP said:
This is at the price of slower response, which I have not noticed, probably for the reason that Woody pointed out: it is too small to notice during normal usage of the browser.

What is your Win OS & CPU model ?

It is reported that Win 7/8 (esp. Win 7) & older CPUs (pre-2015) are experiencing noticeable performance hits (at least 20% slowdown, CPU spikes) after installing the microcode update &/or Meltdown kernel patch.

For instance, Epic Games observed its servers’ CPU usage going from 20% to almost 60% after applying the Meltdown kernel patch. (Well, this is certainly a risk factor for literal hardware meltdowns …)

Epic Services & Stability Update (05 Jan 2018)

Meltdown: Epic Games blames bug fix for online game slowdown (The Guardian – 08 Jan 2018)

Perhaps you can try watching Youtube/Vimeo videos, & play some moderate to heavy-duty online HTML5 games (eg. at itch.io) to see if these activities result in any noticeable negative impacts (eg. browser lag, higher CPU usage, heat issues).

In addition, in 2 weeks from now (your timeline), you may wish to carry out the test again after you:

• patch your CPU with the updated microcode
• install MS’s Meltdown kernel security update (03 Jan 2018)
• install 08 Jan 2018’s MS .NET Framework security updates (prerequisite: same compliant registry required as Meltdown patch, suggesting that these updates contain some Meltdown/Spectre fix as well)

Possible Test Setups:

• Run the aforementioned browser test with & without any MS .NET application &/or runtime optimization running at the same time.
• Use MS .NET-dependent multimedia player to play local & streaming audio/video files.
• Use a MS .NET-dependent video editor to edit & transcoding video file.
• Use a MS .NET-dependent text editor to view a large text file of more than 50 MB (eg. logs, HOSTS file).

Reasoning:  Each patch supposedly has its performance impact (theoretically up to 30% each), right ? Are the impacts additive ?

Reply | Quote

Regarding the Verge article: MS is being transparent? Tell that to the owners of devices with AMD chips.

Reply | Quote

In light of today’s patches, what is the defcon level?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Well that’s quite the haul to start 2018 off with:
Win7Prox86 Off2010 grand total 124.3mb 8UD (all fully patched excluding some of the usual omissions)
Win7Prox64 Off2010 ” ” 449.4mb 9UD
Win8.1 x64 Off2010 ” ” 609.7mb 7UD
Win10Prox64 Off2016 (There’s still a slew in there from Office patch Tuesday last week mercifully any UD’s patches on hold for 30 days)
Going to be some fun installing that lot looks like as usual I shall be waiting for the “howls of protest or the nods of approval. 🙁

Reply | Quote

Just FYI I installed the January monthly security roll up when Woody mentioned he was installing it on his machine and so far everything is ok. I have an older Compaq HP laptop running Win7 SP1 with an Intel Celeron 900 processor @2.2 ghz. And the graphics card is by Intel as well I think. I’m now part of Group A after spending some time in Group B.

I have a question about a different topic – I never use IE and have Chrome set as my default browser. I haven’t kept IE updated at all – do I still need to do this even if I don’t ever use it? Hope this isn’t a dumb question – I’m not a techie, alas!

Reply | Quote

If you are installing the Rollups as part of Group A, you are already keeping IE up to date. The IE11 update is part of the Rollup.

1 user thanked author for this post.

walker

Reply | Quote

PKCano – thank you for the answer on keeping IE updated. Glad to know the monthly security roll ups include updates for IE!

 

Reply | Quote

For the 2018-01 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055269) https://www.catalog.update.microsoft.com/Search.aspx?q=4055269, which KB numbers correspond to which versions?

kb4054176 / kb4019990 for 3.5 and kb4054183 / kb4054172 for the 4.x versions?

windows6.1-kb4054176-x64_c7c6c0cfde80925e0278bdaef17663d7cdae3269.msu
windows6.1-kb4019990-x64_35cc310e81ef23439ba0ec1f11d7b71dd34adfe5.msu
ndp47-kb4054183-x64_a022ad5109b1208dff502d1be4477668b4fa258d.exe
ndp45-kb4054172-x64_7821613e8a1810a7a4f247cebb151573a4c01ec2.exe

Reply | Quote

How to get the right version of .NET Security-only patch(s) for your version(s) of .NET on Win7

Search for 4055269 in the Catalog
Instead of clicking on “Download,” click on the title of the patch (on the left).
In the box that pops up, click on “More information” (on the right).
Scroll down and note the KB number(s) for the version(s) of .NET you have installed.

Go back to the Catalog and download the ones you need (the KB number is in the file name).

3 users thanked author for this post.

walker, Elly, abbodi86

Reply | Quote

As has been mentioned before at AskWoody, for those who need to ascertain what version(s) of the .NET Framework they have installed, the .NET Detector from Raymond.CC is a very convenient (and easy) way:  https://www.raymond.cc/blog/how-to-check-what-version-of-microsoft-net-framework-is-installed-in-computer/.

Reply | Quote

anonymous #157953 said:
which KB numbers correspond to which versions?

When such a question is asked here (& elsewhere) so frequently, it is probably a sign that MS needs to make its Update Catalog more user-friendly & upfront, so that users don’t have to second-guess, ask around every month, open extra popups for cross-referencing (popups may be blocked by the browser) , or google the each & every mysterious KB number.

Summary:-

• KB 4054176: MS .NET 3.5.1 Security Only Update
• KB 4054172: MS .NET 4.5.2 Security Only Update
• KB 4054183: MS .NET 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 Security Only Update
• KB 4019990: d3dcompiler_47.dll
  = prerequisite for MS .NET 4.6.x, 4.7.x Security Only or Rollup Update (& also MS .NET 4.7.x runtime installer) on Win 7

 

Regarding the runtime installer itself, note that .NET 4.7.x replaces (supercedes) all previous .NET v4.x versions. So if an application requires .NET v4.0 or v4.5.2 or v4.6, they will all run successfully with just .NET v4.7.x installed on the system.

However, if an application requires .NET 3.5 or .NET 3.5.1, you need to have .NET 3.5.1 installed (or enabled) to cover these 2 runtime versions, because .NET 4.x is not backward-compatible with earlier versions.

1 user thanked author for this post.

SueW

Reply | Quote

.NET Framework 4.7.1 is available on Windows Update, WSUS and MU Catalog!

Reply | Quote

MrBrian wrote:

.NET Framework 4.7.1 is available on Windows Update, WSUS and MU Catalog!

I have a question about this. I’m currently running .NET 4.6.1 and will want to upgrade to .NET 4.7.1 in the near future, that is, after we get to MS-DEFCON 3.

Windows Update is currently offering me both  The .NET Framework 4.7.1 offline installer for Windows (KB4033342) as an optional update, and Security and Quality Rollup for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 (KB 4055532) as an important update. Looking at the knowledge base numbers, as well as the on-line documentation, it looks like I should install .NET 4.7.1 (KB4033342) first, and then install (KB4055532) second. Is that correct? It looks like KB4055532 is a Meltdown/Spectre fix for all versions of .NET.

Reply | Quote

That’s the same order I would use.

3 users thanked author for this post.

walker, AJNorth, alpha128

Reply | Quote

MrBrian wrote:

That’s the same order I would use.

That’s what I figured.  Thanks for the confirmation.

As of today, paint.net 4.0.20 is now available, and it requires .NET 4.7 or 4.7.1.

1 user thanked author for this post.

AJNorth

Reply | Quote

Windows 7-64Pro_SP! here. I am Group B, but use WU for the .NET and Office 2010 updating. I have not yet started my updates for January 2018 – too early. Since the .NET patches have some Meltdown/Spectre fixes, should they be applied AFTER the January Security Only patch?

I usually do the Security Only first, and then do the Office and then .NET updates figuring the .NET updates may need the Windows Security Only to be up to date.

I also believe if the Security Only bricks the machine, I have not invested time for all the others only to have to restart the process after undoing the problem.

Thanks.

Reply | Quote

I would do the Security-only and IE11 patches first (in that order, no need to reboot between), then go to WU and do whatever else you choose.

2 users thanked author for this post.

HiFlyer, Bill C.

Reply | Quote

I have a windows home server 2011 and i am not getting the kb4056894 monthly rollup and meltdown patch.  I have defender on the machine which i believe came with whs 2011 but i don’t see the updated registry key.  Would anyone have any ideas as to what I should do to get my server patched.

Reply | Quote

Windows Defender does not qualify as an anti-virus program on Win7. It is an older product than Defender on Win10, and does not run in the background.

What AV program are you using. It will need to set an Allow Regkey in the Registry to certify compatibility in order for you to be able to receive kb405689.

Also, be aware that if you have an AMD processor or graphics card, you may get a BSOD that renders your computer non-bootable after installing the update

2 users thanked author for this post.

walker, HiFlyer

Reply | Quote

I have Windows Defender which came with Windows Home Server 2011.  It’s an older HP Windows Home Server with an intel processor, upgraded to WHS 2011.  I seem to still get the other January updates but not the rollup one.  I’m not sure how or if i should try to appy the registry fix.

Reply | Quote

You can manually create the Registry key (at your own risk) using Regedit.exe
If your server is 32-bit, protection is not provided.
Microsoft gives these instructions.

Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine

Key=”HKEY_LOCAL_MACHINE”Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat”

Value Name=”cadca5fe-87d3-4b96-b7fb-a231484277cc”

Type=”REG_DWORD”

Data=”0x00000000”

 

Reply | Quote

Rather than taking the gamble of manually entering the Registry key, could one instead install Microsoft Security Essentials (which will set the Registry key), then proceed from there? (One need not even have real-time protection enabled.) Instructions for installing MSE on WHS 2011: https://homeservershow.com/forums/topic/4802-installing-mse-in-whs-2011-from-command-prompt/.

2 users thanked author for this post.

HiFlyer, woody

Reply | Quote

I’m not sure about installing MSE on 2011.  I have read that doing so creates all types of problems with the server.

Reply | Quote

Here is a .reg file for creating the registry items needed: https://download.bleepingcomputer.com/reg/QualityCompat.reg. I haven’t tested it.

Reply | Quote

Woody wrote:

There’s some confusion about the Equation Editor vulnerability. You may recall that the original hole, CVE-2017-11882, was patched in November. This new patch, for CVE-2018-0802, takes the nuclear option — it removes Equation Editor from Word. @yuhong2 advises on Twitter that the Eqn Editor EXE turns into 0 bytes, so it’s even dead with WordPad.

So I went to read up on this CVE-2018-0802 by clicking on the link provided, and MS is asking me to accept a EULA to read the description. Say whaaaat??!?

My thanks to Woody for warning that this patch obliterates the Equation Editor. My work would become impossible without something like the Equation Editor, so I will either have to pass on this update or find something to replace it. Anybody have suggestions?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

Cascadian, woody

Reply | Quote

Though I have not personally used it, a former physics professor has spoken highly of the formula editor in LibreOffice, Math: https://alternativeto.net/software/libreoffice-math/.

4 users thanked author for this post.

HiFlyer, Cascadian, Cybertooth, Elly

Reply | Quote

try miktex.org. It’s a free equation editor that supposedly will do everything LaTex will do. It runs on Windows, Macs, and Linux. At one time LaTex was THE standard for this sort of thing.

There are also a bunch of free online LaTex equation editors, and a bunch of other equation editors can be found just by googling ‘equation editor’

5 users thanked author for this post.

Cascadian, Cybertooth, Elly, geekdom, woody

Reply | Quote

I appreciate the suggestions given above, and I haven’t ever used anything beyond a few uses with the LibreOffice capability. I haven’t had to rely on anything to produce published work.

But I have a general level question. Microsoft products get press because of the entity that published it. Very little concern is given to smaller solutions, even when they produce better results. But similar functions are often the result of similar code, whether by innocent imitation, standard practices, or blatant ‘borrowing’ of code. The last one is usually taken from the little guy by the big guy.

Have the tests that found flaw in Equation Editor been applied to these substitute solutions?

I did not do the leg work, but thought the answer may interest other readers as well.

Reply | Quote

@Cybertooth and @Paul:

@Paul I don’t know the answer to your question. LaTex was – and maybe still is – the gold standard for mathematical word processing, much easier to use than anything MS has ever put out. mikTex is free and also extremely good.

@Cybertooth: Another option for you might be one of the standard mathematical packages like Maple, Mathcad, Mathematica, etc. They all have equation editors and technical word processing capabilities that can produce publication quality material. The full packages tend to be pricey, but all 3 of the above at one time sold student packages that had the same equation editor capabilities although they were more limited in what they could do mathematically. Mathcad had a free version and I think still does, that was excellent.

Upshot is that with not much work I think you’ll be able to find an excellent equation editor in whatever price range you need, and in all likelihood will be FAR superior to anything MS ever dreamed of putting out. (And no, I’m not ragging on MS, it’s just fact. The MS equation editor was fine for the intended audience – folks who needed an occasional equation.)

2 users thanked author for this post.

Cascadian, Cybertooth

Reply | Quote

PKCano wrote:

Also, be aware that if you have an AMD processor or graphics card, you may get a BSOD that renders your computer non-bootable after installing the update

In the avalanche of discussion, I must have missed the part about BSODs on machines that have an AMD graphics card. What’s the recommendation for the owner of a PC with an Intel CPU but an AMD GPU?

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

There were reports of BSOD on some PCs with Intel processors and AMD Radeon Graphics cards. Which ones are affected I do not know. Check AMD,  your OEM, Google search, etc. There is at least one report here on AskWoody in recent blog comments.

https://www.askwoody.com/forums/topic/multiple-reports-of-blue-screens-bsods-0x000000c4-when-installing-the-january-win7-monthly-rollup-kb-4056894/#post-157348

Edit to add link

2 users thanked author for this post.

Cybertooth, woody

Reply | Quote

Based on the Detectoid i sniffed on Windows 8.1, these are excluded:
AuthenticAMD Family 4 Model
AuthenticAMD Family 5 Model
AuthenticAMD Family 6 Model
AuthenticAMD Family 15 Model
AuthenticAMD Family 17 Model

2 users thanked author for this post.

HiFlyer, MrBrian

Reply | Quote

Core i7-930 with amd 5970+5870 in tri-fire config… no problems found here.

1 user thanked author for this post.

Bill C.

Reply | Quote

Jan K. said:
Core i7-930 with amd 5970+5870 in tri-fire config… no problems found here.

Thanks for your feedback. Reassuring to know that at least 1 system with an older Intel CPU & an older AMD GPU has been not killed by MS’s Meltdown kernel patch (… I assume this is what you installed).

For statistical reference:

• Intel Core i7-930 CPU: released in Feb 2010
• AMD Ati Radeon HD 5870: released in Sep 2009
• AMD Ati Radeon HD 5970: released in Nov 2009

Has the OEM or source of your Intel CPU provided a microcode update for the Meltdown-Spectre kernel bug ?

Based on your CPU & GPU specs, it seems your system is set up for serious gaming &/or intensive graphics-related tasks. Apart from no BSODs upon bootup so far, have you experienced any slowdown, CPU spikes, increased heat, &/or instability after applying the recent update (presumably only the Meltdown KB patch) ?

If not, perhaps it helps to have higher-end CPUs & GPUs, even if they are older models.

Reply | Quote

Nice to see, how old my setup is! 😀

I haven’t measured it, but nothing feels slower than usual = everything’s running very well. Temps are still kept at ~34 C… will check for “spikes” next time, I have some work to do.

Using MSE btw. and all updates except latest bunch have been applied.

I have backups up to date and since I only do full system backups (not incremental), I can always insert my Acronis restore boot disc and roll back to any stable date by choice in less than 10 minutes…

/edit:

Re. micro code for cpu… doubt that’ll ever happen. Noticed someone mentioned we’ll have to upgrade old hardware, so when Intel in a couple or three years from now releases a “safe cpu”, I’ll consider it. But as a Group L user, there certainly isn’t anything, that can make me panic.

Reply | Quote

I still haven’t received KB4056892 on my Intel Celeron notebook. The Registry key is present and I did receive the Flash Player update and MRT. What could be wrong?

Reply | Quote

.NET Framework January 2018 Security and Quality Rollup

Reply | Quote

Speaking of Graphics Cards, I have a Zotac GeForce GTX 560 Ti based on the Nvidia chip. Internet reseach says Nvidia makes its chips, elsewhere it says they are made for them.

Anyone know if AMD is involved.

I have an Intel Core i7 CPU and have received the checked January monthly update. Not sure if MS is checking system for all chips or just CPU?

Reply | Quote

Given that the discrete PC graphics card world (not workstation) is an nVidia/AMD choice, I am sure AMD has nothing to do with any nVidia hardware.

That is not to say that a sub-component manufacturer X does not supply both AMD-based and nVidia-based card manufacturers with appropriately specced sub-components.

I have not seen any reports attributed solely to an nVidia graphics card.

Reply | Quote

I like to make a point about about the regkey: it’s not a failsafe as Microsoft wants it to be. I have a laptop using old versions of Avast for Antivirus and Comodo for Firewall. That means I have 2 AV vendors, 2 solutions. Avast added the regkey with a microupdate without making me upgrade to a new version. On the other hand, Comodo washed their hands and say I should update to the lastest version or take the risk. So, even if you get the regkey, you may end up with BSODs because of other software or kernel mode drivers installed in your system.

Reply | Quote

The other side of that coin is, that the LACK of the Regkey does NOT prevent the manual installation of the update. I downloaded and manually installed updates on Win7, Win8.1 and Win10 1709 with no Regkey set.

And, there is nothing to keep you from setting the Regkey yourself.

Reply | Quote

Trying again. I appreciate the help with the previous answers but I know which versions of .Net I have but need assistance with the specific question.

For the 2018-01 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055269) https://www.catalog.update.microsoft.com/Search.aspx?q=4055269, which KB numbers correspond to which versions?

kb4054176 / kb4019990 for 3.5 and kb4054183 / kb4054172 for the 4.x versions?

windows6.1-kb4054176-x64_c7c6c0cfde80925e0278bdaef17663d7cdae3269.msu
windows6.1-kb4019990-x64_35cc310e81ef23439ba0ec1f11d7b71dd34adfe5.msu
ndp47-kb4054183-x64_a022ad5109b1208dff502d1be4477668b4fa258d.exe
ndp45-kb4054172-x64_7821613e8a1810a7a4f247cebb151573a4c01ec2.exe

Reply https://www.askwoody.com/forums/topic/january-security-patches-are-coming-shortly/#post-157959 does not work on my end because http://support.microsoft.com/kb/4055269 does not load (something support.Microsoft wants apparently is blocking it from loading). If anyone might not mind taking the same amount of time answering kb4054176 / kb4019990 for 3.5 and kb4054183 / kb4054172 for the 4.x versions it would be appreciated.

Reply | Quote

• The following articles contain additional information about this security update as it relates to individual product versions.
  • 4054176 Description of the Security Only update for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4054176)
  • 4054172 Description of the Security Only update for .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 (KB 4054172)
  • 4054183 Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and .NET Framework 4.6 for Windows Server 2008 SP2 (KB 4054183)

Reply | Quote

What browser are you using? With which add-ons.
The link works for me in IE11 w/ AdBlocPlus on Win7
and
Firefox 57.0.4 with AdBloc Plus, NoScript, and Disconnect on both Win7 and MacOS High Sierra.

Reply | Quote

All Microsoft ‘Links’ show page without any information

Reply | Quote

This the site I like and which I believe will answer your question as you scroll down through it. And, in the future, click on the very top purple letters ‘.NET Blog’ to get a list of blogs for every month.
https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/

Reply | Quote

Is there any explanation why “Monthly Rollups” and “Security-only updates” (KB4056894, KB4056897, KB4056895, KB4056898) are not mentioned among other patches in the

Description of Software Update Services and Windows Server Update Services changes in content for 2018 ?

Reply | Quote

They are now listed on the Win7 Update History and Win8.1 Update History pages.

Reply | Quote

There have been many instances of updates missing from that list in the past 6 months.

Reply | Quote