News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • January security patches are coming shortly

    Home Forums AskWoody blog January security patches are coming shortly

    This topic contains 69 replies, has 19 voices, and was last updated by  MrBrian 1 year, 7 months ago.

    • Author
      Posts
    • #157801 Reply

      woody
      Da Boss

      The Release Notes are up. Expect details in the next couple of hours.
      [See the full post at: January security patches are coming shortly]

      4 users thanked author for this post.
    • #157809 Reply

      PKCano
      Da Boss

      Software Update Services changes in content for Jan 9, 2018.

      4 users thanked author for this post.
    • #157827 Reply

      MrBrian
      AskWoody_MVP

      January 2018 Office Update Release

      2 users thanked author for this post.
    • #157818 Reply

      anonymous

      So well, I have something to confess: i upgraded on january 3rd聽 despite the MSdefcon 2 (cuz I forgot to turn off automatic updates) fortunately nothing bad happened, and well, I dont know if this is useful or not, but apparently there are no updates that change the build of 1703聽 聽so it means that may mean that if you installed the january 3rd updates, you already have the build of this month

    • #157841 Reply

      Mcmacladdie
      AskWoody Lounger

      I let the update go through (KB 4056892) when it was first offered on January 3rd. All I got today was the MSRT and a Flash update. I have an Intel processor (i5 7400), and haven’t experienced any slowdown or bluescreens. My initial thought is to leave well enough alone… Should I be safe?

      • #157853 Reply

        PKCano
        Da Boss

        You should be good

        2 users thanked author for this post.
        • #157867 Reply

          Mcmacladdie
          AskWoody Lounger

          Thanks for the quick reply. I figured I would be, but wanted to ask just to be absolutely sure 馃檪

    • #157845 Reply

      MrBrian
      AskWoody_MVP

      For those who missed previous mentions, January 3, 2018鈥擪B4056898 (Security-only update) (applies to Windows 8.1 and Windows Server 2012 R2 Standard) is at version 2 in the Microsoft Update Catalog.

      2 users thanked author for this post.
    • #157837 Reply

      anonymous

      ? says:

      45 minutes ago:

      https://www.ghacks.net/2018/01/09/microsoft-security-updates-january-2018-release/

      enjoy!

       

       

       

      1 user thanked author for this post.
    • #157851 Reply

      MrBrian
      AskWoody_MVP

      The January 2018 Security Update Review

      1 user thanked author for this post.
    • #157862 Reply

      anonymous

      The synchronization on WSUS, multiple independent WSUS servers, is showing yet another foul-up by Microsoft.

      A number of the hotfixes released today have come in duplicated. e.g. 38 entries each for KB4011656, KB4016110 32 bit, KB4016110 64 bit, etc.

      Jim

      1 user thanked author for this post.
    • #157874 Reply

      Pim
      AskWoody Plus

      And Office 2007 got updates again, for the 3rd month in a row since it was officially declared unsupported in October 2017. It is ironic: I did not manage to migrate from Vista to Windows 7 in time last April, but was adamant to be on time with upgrading from Office 2007 to 2010 and succeeded in doing that. In hindsight, my rush apparently was not needed. I wish I knew back then, it would have been less stressful. It makes me wonder when they really stop patching Office 2007 and what the reason is behind still providing patches.

      2 users thanked author for this post.
      • #158024 Reply

        Cybertooth
        AskWoody Lounger

        The KB articles for the Office 2007 patches are not up (not yet, anyway). Clicking on the “more information” links on the WU applet leads to Microsoft Support pages that have no information on them (example).

         

        • #158083 Reply

          woody
          Da Boss

          They’re up now.

          • #158296 Reply

            Cybertooth
            AskWoody Lounger

            Thanks, Woody. The articles are up.

            However, in order to learn anything about the issue being fixed, users are now being asked to accept a EULA!?! It used to be you could click on the KB article from the WU applet and then click on a more detailed page for additional information — without having to agree to yet another set of terms of service.

             

    • #157877 Reply

      FakeNinja
      AskWoody Lounger

      Does anyone know why there haven’t been any critical security updates for Windows these last 3 months? (Except for the kernel patch) Is this normal? I mean, 3 months is a long time!

    • #157889 Reply

      FakeNinja
      AskWoody Lounger

      Any thoughts on this by the way?
      https://www.theverge.com/2018/1/9/16868290/microsoft-meltdown-spectre-firmware-updates-pc-slowdown
      Maybe make a post about this, Woody?

      • #157898 Reply

        woody
        Da Boss

        I’ve been thinking about writing about Terry’s post (and the new version of “Protect your device“) and I’m very ambivalent about it.

        Microsoft ran its performance tests, and that’s great. (Obviously they didn’t include any AMD processors.) The results are waffling in the extreme. And the conclusion serves Microsoft’s purposes. It’s the same argument I have against writing about the results of “studies” that Microsoft has funded.

        What I’d like to see is an independent, third party confirmation of the results.

        Performance stats are hard. You really have to clock something specific – or rely on benchmarks that may or may not make a difference. In my experience, a variance of 20% or more in speed isn’t really noticeable.

        But that’s just me….

        OH. And I should add…. I think the big question will be browser performance hits. “Normal” Windows users aren’t going to see any Meltdown/Spectre exploits in the near future. But they may get bit by their browser.

        5 users thanked author for this post.
        • #157941 Reply

          OscarCP
          AskWoody Plus

          I just got Waterfox updated to 56.0.2 in the Mac; still have to start the Windows PC and find out if the update is there too:

          https://www.ghacks.net/2018/01/07/waterfox-56-0-2-security-update-released/

          The updated Waterfox now has the same tweak as Firefox does to prevent some rogue software at a Web site from siphoning one’s personal information through the straw of Spectre: to degrade the clock timing internally, so the attacking software cannot get sufficiently in sync with the computer clock to have a good chance at succeeding in its evil errand. This is at the price of slower response, which I have not noticed, probably for the reason that Woody pointed out: it is too small to notice during normal usage of the browser.

          I have a comment on when to update Windows, now that a ton of updates is on offer (looking at “ghacks”, they do not seem to have any “critical” updates listed there, only “important” ones, which is a bit odd), and it is this:

          I cannot do anything much until my anti virus, Webroot Secure Anywhere does the Register tweaking, which they are promising it will be next week.

          But, considering I never update Windows for at least two weeks after patch Tuesday, as a rule, that makes no difference to me.

          As to the danger of going unpatched in the face of Meltdown and Spectre: there are no reports of it being out in the wild and聽 being exploited by nasty people. However, how would one know that for sure? Black hats usually do not post their exploits on social media, and they are unlikely to go and hack into the computers of white hats that can figure out pretty quickly what is going on and let their black cats out of the bag. No, black hats will much rather nobody notices what they are up to for as long as possible, so they can carry on for as long as possible exploiting their nasty, but profitable, tricks.

          So, either this is not being used for ill already, or the usual reasonable precautions against phishing and social engineering, or (as far as “Meltdown” goes, anyway) the precaution of never opening mysterious emails but deleting them right away, and as far as “Spectre” goes, the precaution of never go looking for free porno and the like in dark places, may be paying off quite nicely, so far: all the crying, wailing and gnashing of teeth seems to be about BSODs, from people with non-Intel CPUs in their machines, or people that did not check if their Register had been tweaked already by their AV providers… and then found, the hardest way, that it wasn’t.

          So I intend to wait another two weeks or so before doing anything about this: rest easy, friends; I intend to. And best of luck to us all.

           

           

           

          • #158290 Reply

            anonymous

            OscarCP said:
            This is at the price of slower response, which I have not noticed, probably for the reason that Woody pointed out: it is too small to notice during normal usage of the browser.

            What is your Win OS & CPU model ?

            It is reported that Win 7/8 (esp. Win 7) & older CPUs (pre-2015) are experiencing noticeable performance hits (at least 20% slowdown, CPU spikes) after installing the microcode update &/or Meltdown kernel patch.

            For instance, Epic Games observed its servers’ CPU usage going from 20% to almost 60% after applying the Meltdown kernel patch. (Well, this is certainly a risk factor for literal hardware meltdowns …)

            Epic Services & Stability Update (05 Jan 2018)

            Meltdown: Epic Games blames bug fix for online game slowdown (The Guardian – 08 Jan 2018)

            Perhaps you can try watching Youtube/Vimeo videos, & play some moderate to heavy-duty online HTML5 games (eg. at itch.io) to see if these activities result in any noticeable negative impacts (eg. browser lag, higher CPU usage, heat issues).

            In addition, in 2 weeks from now (your timeline), you may wish to carry out the test again after you:

            • patch your CPU with the updated microcode
            • install MS’s Meltdown kernel security update (03 Jan 2018)
            • install 08 Jan 2018’s MS .NET Framework security updates (prerequisite: same compliant registry required as Meltdown patch, suggesting that these updates contain some Meltdown/Spectre fix as well)

            Possible Test Setups:

            • Run the aforementioned browser test with & without any MS .NET application &/or runtime optimization running at the same time.
            • Use MS .NET-dependent multimedia player to play local & streaming audio/video files.
            • Use a MS .NET-dependent video editor to edit & transcoding video file.
            • Use a MS .NET-dependent text editor to view a large text file of more than 50 MB (eg. logs, HOSTS file).

            Reasoning:聽 Each patch supposedly has its performance impact (theoretically up to 30% each), right ? Are the impacts additive ?

      • #157914 Reply

        DrBonzo
        AskWoody Lounger

        Regarding the Verge article: MS is being transparent? Tell that to the owners of devices with AMD chips.

    • #157909 Reply

      geekdom
      AskWoody Plus

      In light of today’s patches, what is the defcon level?

      Group G{ot backup} Win7Pro 路 x64 路 SP1 路 i3-3220 路 TestBeta 路 Microsoft Security Essentials
    • #157923 Reply

      BobbyB
      AskWoody Lounger

      Well that’s quite the haul to start 2018 off with:
      Win7Prox86 Off2010 grand total 124.3mb 8UD (all fully patched excluding some of the usual omissions)
      Win7Prox64 Off2010 ” ” 449.4mb 9UD
      Win8.1 x64 Off2010 ” ” 609.7mb 7UD
      Win10Prox64 Off2016 (There’s still a slew in there from Office patch Tuesday last week mercifully any UD’s patches on hold for 30 days)
      Going to be some fun installing that lot looks like as usual I shall be waiting for the “howls of protest or the nods of approval. 馃檨

    • #157939 Reply

      anonymous

      Just FYI I installed the January monthly security roll up when Woody mentioned he was installing it on his machine and so far everything is ok. I have an older Compaq HP laptop running Win7 SP1 with an Intel Celeron 900 processor @2.2 ghz. And the graphics card is by Intel as well I think. I鈥檓 now part of Group A after spending some time in Group B.

      I have a question about a different topic – I never use IE and have Chrome set as my default browser. I haven鈥檛 kept IE updated at all – do I still need to do this even if I don鈥檛 ever use it? Hope this isn鈥檛 a dumb question – I鈥檓 not a techie, alas!

      • #157944 Reply

        PKCano
        Da Boss

        If you are installing the Rollups as part of Group A, you are already keeping IE up to date. The IE11 update is part of the Rollup.

        1 user thanked author for this post.
    • #157951 Reply

      anonymous

      PKCano – thank you for the answer on keeping IE updated. Glad to know the monthly security roll ups include updates for IE!

       

    • #157953 Reply

      anonymous

      For the 2018-01 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055269) https://www.catalog.update.microsoft.com/Search.aspx?q=4055269, which KB numbers correspond to which versions?

      kb4054176 / kb4019990 for 3.5 and kb4054183 / kb4054172 for the 4.x versions?

      windows6.1-kb4054176-x64_c7c6c0cfde80925e0278bdaef17663d7cdae3269.msu
      windows6.1-kb4019990-x64_35cc310e81ef23439ba0ec1f11d7b71dd34adfe5.msu
      ndp47-kb4054183-x64_a022ad5109b1208dff502d1be4477668b4fa258d.exe
      ndp45-kb4054172-x64_7821613e8a1810a7a4f247cebb151573a4c01ec2.exe

      • #157959 Reply

        PKCano
        Da Boss

        How to get the right version of .NET Security-only patch(s) for your version(s) of .NET on Win7

        Search for 4055269 in the Catalog
        Instead of clicking on “Download,” click on the title of the patch (on the left).
        In the box that pops up, click on “More information” (on the right).
        Scroll down and note the KB number(s) for the version(s) of .NET you have installed.

        Go back to the Catalog and download the ones you need (the KB number is in the file name).

        3 users thanked author for this post.
      • #158301 Reply

        anonymous

        anonymous #157953 said:
        which KB numbers correspond to which versions?

        When such a question is asked here (& elsewhere) so frequently, it is probably a sign that MS needs to make its Update Catalog more user-friendly & upfront, so that users don’t have to second-guess, ask around every month, open extra popups for cross-referencing (popups may be blocked by the browser) , or google the each & every mysterious KB number.

        Summary:-

        • KB 4054176: MS .NET 3.5.1 Security Only Update
        • KB 4054172: MS .NET 4.5.2 Security Only Update
        • KB 4054183: MS .NET 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 Security Only Update
        • KB 4019990: d3dcompiler_47.dll
          = prerequisite for MS .NET 4.6.x, 4.7.x Security Only or Rollup Update (& also MS .NET 4.7.x runtime installer) on Win 7

         

        Regarding the runtime installer itself, note that .NET 4.7.x replaces (supercedes) all previous .NET v4.x versions. So if an application requires .NET v4.0 or v4.5.2 or v4.6, they will all run successfully with just .NET v4.7.x installed on the system.

        However, if an application requires .NET 3.5 or .NET 3.5.1, you need to have .NET 3.5.1 installed (or enabled) to cover these 2 runtime versions, because .NET 4.x is not backward-compatible with earlier versions.

        1 user thanked author for this post.
    • #157960 Reply

      MrBrian
      AskWoody_MVP
      • #157993 Reply

        alpha128
        AskWoody Lounger

        .NET Framework 4.7.1 is available on Windows Update, WSUS and MU Catalog!

        I have a question about this. I’m currently running .NET 4.6.1 and will want to upgrade to .NET 4.7.1 in the near future, that is, after we get to MS-DEFCON 3.

        Windows Update is currently offering me bothThe .NET Framework 4.7.1 offline installer for Windows (KB4033342) as an optional update, and Security and Quality Rollup for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 (KB 4055532) as an important update. Looking at the knowledge base numbers, as well as the on-line documentation, it looks like I should install .NET 4.7.1 (KB4033342) first, and then install (KB4055532) second. Is that correct? It looks like KB4055532 is a Meltdown/Spectre fix for all versions of .NET.

        • #157996 Reply

          MrBrian
          AskWoody_MVP

          That’s the same order I would use.

          3 users thanked author for this post.
          • #157997 Reply

            alpha128
            AskWoody Lounger

            That鈥檚 the same order I would use.

            That’s what I figured.聽 Thanks for the confirmation.

            As of today, paint.net 4.0.20 is now available, and it requires .NET 4.7 or 4.7.1.

            1 user thanked author for this post.
          • #158041 Reply

            Bill C.
            AskWoody Plus

            Windows 7-64Pro_SP! here. I am Group B, but use WU for the .NET and Office 2010 updating. I have not yet started my updates for January 2018 – too early. Since the .NET patches have some Meltdown/Spectre fixes, should they be applied AFTER the January Security Only patch?

            I usually do the Security Only first, and then do the Office and then .NET updates figuring the .NET updates may need the Windows Security Only to be up to date.

            I also believe if the Security Only bricks the machine, I have not invested time for all the others only to have to restart the process after undoing the problem.

            Thanks.

            • #158070 Reply

              PKCano
              Da Boss

              I would do the Security-only and IE11 patches first (in that order, no need to reboot between), then go to WU and do whatever else you choose.

              2 users thanked author for this post.
    • #157962 Reply

      anonymous

      I have a windows home server 2011 and i am not getting the kb4056894 monthly rollup and meltdown patch.聽 I have defender on the machine which i believe came with whs 2011 but i don’t see the updated registry key.聽 Would anyone have any ideas as to what I should do to get my server patched.

      • #157969 Reply

        PKCano
        Da Boss

        Windows Defender does not qualify as an anti-virus program on Win7. It is an older product than Defender on Win10, and does not run in the background.

        What AV program are you using. It will need to set an Allow Regkey in the Registry to certify compatibility in order for you to be able to receive kb405689.

        Also, be aware that if you have an AMD processor or graphics card, you may get a BSOD that renders your computer non-bootable after installing the update

        2 users thanked author for this post.
        • #157973 Reply

          anonymous

          I have Windows Defender which came with Windows Home Server 2011.聽 It’s an older HP Windows Home Server with an intel processor, upgraded to WHS 2011.聽 I seem to still get the other January updates but not the rollup one.聽 I’m not sure how or if i should try to appy the registry fix.

      • #157982 Reply

        PKCano
        Da Boss

        You can manually create the Registry key (at your own risk) using Regedit.exe
        If your server is 32-bit, protection is not provided.
        Microsoft gives these instructions.

        Contact your Anti-Virus AV to confirm that their software is compatible and have set the following REGKEY on the machine

        Key=”HKEY_LOCAL_MACHINE”Subkey=”SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat

        Value Name=”cadca5fe-87d3-4b96-b7fb-a231484277cc”

        Type=”REG_DWORD鈥

        Data=”0x00000000鈥

         

    • #158019 Reply

      Cybertooth
      AskWoody Lounger

      Woody wrote:

      There鈥檚 some confusion about the Equation Editor vulnerability. You may recall that the original hole, CVE-2017-11882, was patched in November. This new patch, for CVE-2018-0802, takes the nuclear option 鈥 it removes Equation Editor from Word. @yuhong2 advises on Twitter that the Eqn Editor EXE turns into 0 bytes, so it鈥檚 even dead with WordPad.

      So I went to read up on this CVE-2018-0802 by clicking on the link provided, and MS is asking me to accept a EULA to read the description. Say whaaaat??!?

      My thanks to Woody for warning that this patch obliterates the Equation Editor. My work would become impossible without something like the Equation Editor, so I will either have to pass on this update or find something to replace it. Anybody have suggestions?

       

      2 users thanked author for this post.
      • #158036 Reply

        AJNorth
        AskWoody Plus

        Though I have not personally used it, a former physics professor has spoken highly of the formula editor in LibreOffice, Math: https://alternativeto.net/software/libreoffice-math/.

        4 users thanked author for this post.
      • #158044 Reply

        DrBonzo
        AskWoody Lounger

        try miktex.org. It’s a free equation editor that supposedly will do everything LaTex will do. It runs on Windows, Macs, and Linux. At one time LaTex was THE standard for this sort of thing.

        There are also a bunch of free online LaTex equation editors, and a bunch of other equation editors can be found just by googling ‘equation editor’

        5 users thanked author for this post.
      • #158215 Reply

        Cascadian
        AskWoody Lounger

        I appreciate the suggestions given above, and I haven’t ever used anything beyond a few uses with the LibreOffice capability. I haven’t had to rely on anything to produce published work.

        But I have a general level question. Microsoft products get press because of the entity that published it. Very little concern is given to smaller solutions, even when they produce better results. But similar functions are often the result of similar code, whether by innocent imitation, standard practices, or blatant ‘borrowing’ of code. The last one is usually taken from the little guy by the big guy.

        Have the tests that found flaw in Equation Editor been applied to these substitute solutions?

        I did not do the leg work, but thought the answer may interest other readers as well.

      • #158292 Reply

        DrBonzo
        AskWoody Lounger

        @cybertooth and @paul:

        @paul I don’t know the answer to your question. LaTex was – and maybe still is – the gold standard for mathematical word processing, much easier to use than anything MS has ever put out. mikTex is free and also extremely good.

        @cybertooth: Another option for you might be one of the standard mathematical packages like Maple, Mathcad, Mathematica, etc. They all have equation editors and technical word processing capabilities that can produce publication quality material. The full packages tend to be pricey, but all 3 of the above at one time sold student packages that had the same equation editor capabilities although they were more limited in what they could do mathematically. Mathcad had a free version and I think still does, that was excellent.

        Upshot is that with not much work I think you’ll be able to find an excellent equation editor in whatever price range you need, and in all likelihood will be FAR superior to anything MS ever dreamed of putting out. (And no, I’m not ragging on MS, it’s just fact. The MS equation editor was fine for the intended audience – folks who needed an occasional equation.)

        2 users thanked author for this post.
    • #158020 Reply

      Cybertooth
      AskWoody Lounger

      Also, be aware that if you have an AMD processor or graphics card, you may get a BSOD that renders your computer non-bootable after installing the update

      In the avalanche of discussion, I must have missed the part about BSODs on machines that have an AMD graphics card. What’s the recommendation for the owner of a PC with an Intel CPU but an AMD GPU?

      • #158071 Reply

        PKCano
        Da Boss

        There were reports of BSOD on some PCs with Intel processors and AMD Radeon Graphics cards. Which ones are affected I do not know. Check AMD,聽 your OEM, Google search, etc. There is at least one report here on AskWoody in recent blog comments.

        Multiple reports of blue screens (BSODs) 0X000000C4 when installing the January Win7 Monthly Rollup KB 4056894

        Edit to add link

        2 users thanked author for this post.
        • #158092 Reply

          abbodi86
          AskWoody_MVP

          Based on the Detectoid i sniffed on Windows 8.1, these are excluded:
          AuthenticAMD Family 4 Model
          AuthenticAMD Family 5 Model
          AuthenticAMD Family 6 Model
          AuthenticAMD Family 15 Model
          AuthenticAMD Family 17 Model

          2 users thanked author for this post.
      • #158217 Reply

        Jan K.
        AskWoody Lounger

        Core i7-930 with amd 5970+5870 in tri-fire config… no problems found here.

        1 user thanked author for this post.
        • #158316 Reply

          anonymous

          Jan K. said:
          Core i7-930 with amd 5970+5870 in tri-fire config鈥 no problems found here.

          Thanks for your feedback. Reassuring to know that at least 1 system with an older Intel CPU & an older AMD GPU has been not killed by MS’s Meltdown kernel patch (… I assume this is what you installed).

          For statistical reference:

          • Intel Core i7-930 CPU: released in Feb 2010
          • AMD Ati Radeon HD 5870: released in Sep 2009
          • AMD Ati Radeon HD 5970: released in Nov 2009

          Has the OEM or source of your Intel CPU provided a microcode update for the Meltdown-Spectre kernel bug ?

          Based on your CPU & GPU specs, it seems your system is set up for serious gaming &/or intensive graphics-related tasks. Apart from no BSODs upon bootup so far, have you experienced any slowdown, CPU spikes, increased heat, &/or instability after applying the recent update (presumably only the Meltdown KB patch) ?

          If not, perhaps it helps to have higher-end CPUs & GPUs, even if they are older models.

          • #158479 Reply

            Jan K.
            AskWoody Lounger

            Nice to see, how old my setup is! 馃榾

            I haven’t measured it, but nothing feels slower than usual = everything’s running very well. Temps are still kept at ~34 C… will check for “spikes” next time, I have some work to do.

            Using MSE btw. and all updates except latest bunch have been applied.

            I have backups up to date and since I only do full system backups (not incremental), I can always insert my Acronis restore boot disc and roll back to any stable date by choice in less than 10 minutes…

            /edit:

            Re. micro code for cpu… doubt that’ll ever happen. Noticed someone mentioned we’ll have to upgrade old hardware, so when Intel in a couple or three years from now releases a “safe cpu”, I’ll consider it. But as a Group L user, there certainly isn’t anything, that can make me panic.

    • #158056 Reply

      anonymous

      I still haven’t received KB4056892 on my Intel Celeron notebook. The Registry key is present and I did receive the Flash Player update and MRT. What could be wrong?

    • #158100 Reply

      MrBrian
      AskWoody_MVP
    • #158102 Reply

      anonymous

      Speaking of Graphics Cards, I have a Zotac GeForce GTX 560 Ti based on the Nvidia chip. Internet reseach says Nvidia makes its chips, elsewhere it says they are made for them.

      Anyone know if AMD is involved.

      I have an Intel Core i7 CPU and have received the checked January monthly update. Not sure if MS is checking system for all chips or just CPU?

      • #158224 Reply

        Bill C.
        AskWoody Plus

        Given that the discrete PC graphics card world (not workstation) is an nVidia/AMD choice, I am sure AMD has nothing to do with any nVidia hardware.

        That is not to say that a sub-component manufacturer X does not supply both AMD-based and nVidia-based card manufacturers with appropriately specced sub-components.

        I have not seen any reports attributed solely to an nVidia graphics card.

    • #158258 Reply

      anonymous

      I like to make a point about about the regkey: it’s not a failsafe as Microsoft wants it to be. I have a laptop using old versions of Avast for Antivirus and Comodo for Firewall. That means I have 2 AV vendors, 2 solutions. Avast added the regkey with a microupdate without making me upgrade to a new version. On the other hand, Comodo washed their hands and say I should update to the lastest version or take the risk. So, even if you get the regkey, you may end up with BSODs because of other software or kernel mode drivers installed in your system.

      • #158264 Reply

        PKCano
        Da Boss

        The other side of that coin is, that the LACK of the Regkey does NOT prevent the manual installation of the update. I downloaded and manually installed updates on Win7, Win8.1 and Win10 1709 with no Regkey set.

        And, there is nothing to keep you from setting the Regkey yourself.

    • #158277 Reply

      anonymous

      Trying again. I appreciate the help with the previous answers but I know which versions of .Net I have but need assistance with the specific question.

      For the 2018-01 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055269) https://www.catalog.update.microsoft.com/Search.aspx?q=4055269, which KB numbers correspond to which versions?

      kb4054176 / kb4019990 for 3.5 and kb4054183 / kb4054172 for the 4.x versions?

      windows6.1-kb4054176-x64_c7c6c0cfde80925e0278bdaef17663d7cdae3269.msu
      windows6.1-kb4019990-x64_35cc310e81ef23439ba0ec1f11d7b71dd34adfe5.msu
      ndp47-kb4054183-x64_a022ad5109b1208dff502d1be4477668b4fa258d.exe
      ndp45-kb4054172-x64_7821613e8a1810a7a4f247cebb151573a4c01ec2.exe

      Reply https://www.askwoody.com/forums/topic/january-security-patches-are-coming-shortly/#post-157959 does not work on my end because http://support.microsoft.com/kb/4055269 does not load (something support.Microsoft wants apparently is blocking it from loading). If anyone might not mind taking the same amount of time answering kb4054176 / kb4019990 for 3.5 and kb4054183 / kb4054172 for the 4.x versions it would be appreciated.

      • #158282 Reply

        PKCano
        Da Boss
        • The following articles contain additional information about this security聽update as it relates to individual product versions.
          • 4054176聽Description of the Security Only update for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4054176)
          • 4054172聽Description of the Security Only update for .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 (KB 4054172)
          • 4054183聽Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and .NET Framework 4.6 for Windows Server 2008 SP2 (KB 4054183)
      • #158285 Reply

        PKCano
        Da Boss

        What browser are you using? With which add-ons.
        The link works for me in IE11 w/ AdBlocPlus on Win7
        and
        Firefox 57.0.4 with AdBloc Plus, NoScript, and Disconnect on both Win7 and MacOS High Sierra.

      • #158288 Reply

        MrBrian
        AskWoody_MVP
      • #158295 Reply

        DrBonzo
        AskWoody Lounger

        This the site I like and which I believe will answer your question as you scroll down through it. And, in the future, click on the very top purple letters ‘.NET Blog’ to get a list of blogs for every month.
        https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/

    • #158503 Reply

      misuser8
      AskWoody Lounger

      Is there any explanation why “Monthly Rollups” and “Security-only updates” (KB4056894, KB4056897, KB4056895, KB4056898) are not mentioned among other patches in the

      Description of Software Update Services and Windows Server Update Services changes in content for 2018 ?

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: January security patches are coming shortly

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.