Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • June 2018 Patch Tuesday is upon us

    Home Forums AskWoody blog June 2018 Patch Tuesday is upon us

    Tagged: 

    This topic contains 110 replies, has 32 voices, and was last updated by  PKCano 4 hours, 6 minutes ago.

    • Author
      Posts
    • #197422 Reply

      PKCano
      AskWoody MVP

      The June Security Updates have been released for all versions of Windows, Office and various other Microsoft products. As usual, Martin Brinkman has h
      [See the full post at: June 2018 Patch Tuesday is upon us]

      8 users thanked author for this post.
    • #197424 Reply

      PKCano
      AskWoody MVP

      Group B Security-Only Patches have been updated in AKB2000003 for Windows 7, Windows 8.1 and IE11 Cumulative Update.

      10 users thanked author for this post.
    • #197426 Reply

      Microfix
      AskWoody MVP

      Note: Windows 7 SP1 Monthly Quality Rollup Update kb4282826 MAY have issues with the NIC again, for the workaround should you encounter the issue:

      https://support.microsoft.com/en-us/help/4284826/windows-7-update-kb4284826

      | 2x Group A W8.1 | Group A+ Linux Hybrid | Group A W7 | Group W XP Pro |
        No problem can be solved from the same level of consciousness that created IT - AE
      5 users thanked author for this post.
      • #197447 Reply

        leonardoco
        AskWoody Lounger

        I really can’t believe this issue is still not fixed… And again the “Third party software” is not named…

        1 user thanked author for this post.
        • #197469 Reply

          Bill C.
          AskWoody Lounger

          Microsoft believes they have fixed it.  They want you on Win10, under their control, so they “fixed” some Win7 machines to not work. I cannot believe it is truely unfixable

          Some say you should not see a conspiracy when ineptness will explain the situation, however when this affects home users, month after month, and it is not easily fixable to those who use the PC as an appliance, they may buy a new device.  So it s a win/win for MS, a user off of Win7 and by the stats, most likely onto Win10, it is one less assimilation for the MS-Borg to go.

          However, to refute my comment and advance those who say incompetence – Win10 is no picnic, and updates/upgrades are not so simple and easy that everyone LOVES Windows 10, so maybe it is ineptness.

          I do wonder what the new Spectre-type fixes will do for those without the updated microcode.

          1 user thanked author for this post.
    • #197431 Reply

      Mr. Natural
      AskWoody Lounger

      Looking at this new list of updates and the number of updates for each different OS begs the question, “I thought Windows 10 was the most secure OS ever.”

      12 users thanked author for this post.
      • #197451 Reply

        zero2dash
        AskWoody Lounger

        I’m fairly sure it’s been this way since the dang thing launched.
        Month after month, there’s more vulnerabilities advertised in every 10 version than in 7 and 8.1.
        Quite humorous indeed.

        3 users thanked author for this post.
      • #197509 Reply

        Carl D
        AskWoody Lounger

        One cannot help but wonder if there really are more security issues in Windows 10 than 7 and 8.1 or whether MS isn’t bothering to patch all of the security issues in it’s older OS’s as part of their ongoing crusade to get everyone onto Windows 10.

        I’ll take my tinfoil hat off again now (it has almost become a permanent part of my attire lately).

        1 user thanked author for this post.
        • #197510 Reply

          anonymous

          It might simply be that 7+8 are that much older and have had a lot more time to find the more serious bugs. I’m sure if you clean install the original Windows 7 7600 and check for updates, you’ll get a whole weekend’s worth of bug-fix patches to download.

          2 users thanked author for this post.
          • #197592 Reply

            Ascaris
            AskWoody MVP

            It might simply be that 7+8 are that much older and have had a lot more time to find the more serious bugs.

            I’m sure that’s the biggest part of the problem here, but it also illustrates that a piece of software that is undergoing constant change is inherently less secure than one that isn’t.  Inevitably, new features will mean new bugs, and that’s not just a Microsoft thing.  It’s software development in general.  The more code that is being introduced or changed, the more bugs that are entrained into the product, and the more bugs that must be discovered and fixed.  Some of the bugs are security issues, so any process that introduces more bugs necessarily tends to introduce more security issues.  Thorough testing can catch many of these bugs, but even thoroughly tested products end up having bugs that make it to production and aren’t discovered for years.

            What this means, in the context of Windows 10, is that the fast pace of code change and the lack of adequate testing both indicate a product likely to be riddled with unknown security issues, and we know this even without seeing the bug fix count every month, just by virtue of the big changes that keep happening with Windows.  The fix count simply serves as confirmation of the principle.

            Some security issues that make it into the wild will be be discovered by “good guys” and hopefully fixed, as the large number for this most recent set of fixes was, but some of those issues will be discovered by bad guys first, and they will use them as they wish without any of our knowledge until someone on the “white hat” side finds them and reports them to the developer.  Even then, these security issues only move from unknown to known by reporting them…it still takes the developer fixing them to complete the cycle, of course.

            One peculiarity about Windows as a Service is that instead of new features being the reason for the new versions as it was in the past, it is now the continuous parade of new versions that is the reason for the features.  MS has decided in advance when the “feature updates” will come, so they have to scramble to come up with new features to be in that feature update every six months.  They have to have some kind of thing to claim as a wonderful new feature to try to justify the hardship and annoyance the constant updates cause, and to draw attention away from the new monetization efforts, the usurpation of user control, and the large number of bugs that also ship with each new build.

             

            10 users thanked author for this post.
            • #197603 Reply

              zero2dash
              AskWoody Lounger

              Expanding on those points, it also makes me want to point out why many servers do not have a GUI and are CLI-only; without a GUI, there’s a smaller vulnerability footprint and a smaller attack vector. You add a GUI, you add more levels and layers that can be exploited and attacked.

              Then there’s Win10, which keeps adding more cruft (and attack vectors) with each new release. Oh, wait, I meant “features”, because surely, people want this cruft.

              5 users thanked author for this post.
            • #197649 Reply

              Mr. Natural
              AskWoody Lounger

              @ascaris – yes indeed and until Microsoft launches this “Windows as a service” model this will be the new norm going forward. It’s unlikely there will ever be a relatively bug free and secure Windows OS until this situation changes.

      • #197546 Reply

        Microfix
        AskWoody MVP

        The more unnecessary bloat/ cr-apps MS introduce into W10, the more vulnerabilities need plugged?

        Both W7 and W8.1 can be made lean without returning, W10 cr-apps removal can be done, only to return on the next upgrade. A frustrating merry-go-round OS 🙂

        | 2x Group A W8.1 | Group A+ Linux Hybrid | Group A W7 | Group W XP Pro |
          No problem can be solved from the same level of consciousness that created IT - AE
        5 users thanked author for this post.
      • #197588 Reply

        Noel Carboni
        AskWoody MVP

        In all seriousness, something that’s being functionally changed – vs. something else being maintained at a given level of functionality – can be expected to gather more faults.

        Put another way, new software is generally less stable than old, well-tested and patched software. Until such time that the patches start to interfere with one another at least.

        If only they were making the new, functionally changed software better in tangible ways, then it all *might* just be worthwhile to deal with…

        I know, I know, just wait ’til all the developers make those killer Store Apps that are just around the corner, THEN…

        -Noel

        3 users thanked author for this post.
        • #197668 Reply

          Jan K.
          AskWoody Lounger

          No, Microsoft clearly states…

          Windows 10 … it’s the most secure Windows ever.

          But otoh in same blog, they also state…

          New features are now delivered through automatic updates, helping you to stay current and your system to feel fresh, so you’re free to do.

          Which, with english *not* being my native language, I’m finding is… erhm… un-understandable?

          Source: https://blogs.windows.com/windowsexperience/2015/07/24/security-in-windows-10/

          • #197670 Reply

            samak
            AskWoody Lounger

            From reading many of MS’s announcements, I don’t think English is their native language either.

            W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

            2 users thanked author for this post.
            • #197672 Reply

              HiFlyer
              AskWoody Lounger

              197670

              Telugu is the primary language in the state of Telangana, India.

              ’nuff said

    • #197439 Reply

      anonymous

      1803 keeps relisting in WUShowhide and each time I hide it-it reappears….odd.

      • #197441 Reply

        PKCano
        AskWoody MVP

        Try this:
        Verify that 1803 is hidden in wushowhide.
        Go to Services and Stop (not disable) the Windows Update Service .
        Shut down (not restart/reboot) the computer.
        Restart the computer.
        Wait an hour then look again – DO NOT manually search for updates. the 1803 update MAY be gone.

        1 user thanked author for this post.
        • #197454 Reply

          anonymous

          Don’t worry-I’ll try tonight when I get home. And also I don’t manually check on Windows Update-I stick to WUShowhide to hide my updates. Anyway I’ll do that tonight and then clarify if it’s gone or so. I can even do it right before bed or tomorrow morning too.

          I won’t let 1803 brainwash my baby.

      • #197444 Reply

        BobbyB
        AskWoody Lounger

        You could try WUMT, details and links here I am still sure quite what they are trying with Win10 1803. I am still on Win10 1709 and there was an attempt to “drag” me up to Win10 1803 but mercifully still kept at Bay.

    • #197455 Reply

      anonymous

      Oh boy, more Spectre mitigations. This time disabled by default. But it says delete the registry keys (if present) to disable this latest one, and set to 8 (so 1000) to enable. However, disabling the previous Meltdown/Spectre fixes require setting it to 3 (so 11). But if you delete it, it’ll enable the others. Wonder if it’s certain that if it’s set to 3, they’re all disabled. And what happens if you have it set to 11 (so 1011 – enable this, disable the others – not that I’d want to try it). Also, what’s that bit set to 0 in all scenarios? And why does the mask key still need to be set to 3 even just to enable this one, if as I understood it that told it which bits to read? Shouldn’t that be set to 11 now? Or even 15?

      — Cavalary

      2 users thanked author for this post.
    • #197470 Reply

      OscarCP
      AskWoody Lounger

      I have Windows 7 Pro, x64, I-7 “sandy bridge”, and have asked this question three times already in a previous forum without getting an answer (probably it is so because of the desperate rush to learn all about the evil new patches?).

      But this is about the incoming patches too, so I guess it also belongs here:

      Do I need to worry about SMBv1?

      Besides: people have been talking a lot about this creating problems with “networks”…

      Are they referring to company LANs, the Internet, or what? Neither of this, nor the above is made clear there.

      For more information, I update Group-B style, have a single WiFi/Ethernet router I use to connect to the Internet my one an only Windows PC, at home. (And also my Mac.)

      Off topic, but maybe not by much:

      By the way, and as a service to all those dual users that might also need to know this: my Mac (macOS Sierra) just got updated with a patch I got from Apple. today:

      https://www.bleepingcomputer.com/news/apple/apple-releases-security-updates-for-macos-ios-safari-more/

      A patch that looks a lot like it is meant for the Spectre/Meltdown pair was also received and installed by me on the first of this month. There is an article by C. Cimpanu in bleeping computer on this very topic:

      https://www.bleepingcomputer.com/news/apple/apple-releases-security-updates-for-macos-ios-safari-more/

      And if that is not enough for you, dual users:

      https://www.bleepingcomputer.com/news/security/mac-security-tool-bugs-allow-malware-to-appear-as-apple-software/

       

      • This reply was modified 5 days, 4 hours ago by  OscarCP.
      • #197474 Reply

        anonymous
        • #197484 Reply

          OscarCP
          AskWoody Lounger

          Thanks, by I am the sort that REALLY needs plain, simple and concise answers, not referral to documents whose applicability and relevance to my case might be (and who knows even then!) obvious to professional system administrators, no home users on foot, like me.

          So, still waiting here for an answer in plain English, concise and to the point. Oh Dear!

           

          • #197491 Reply

            anonymous

            I have a relevant conversation going with Ascaris on the “MS-DEFCON 2: Get auto update turned off — and watch out for SMBv1 blocking complications this month” thread which might be helpful to you too.

            2 users thanked author for this post.
            • #197652 Reply

              OscarCP
              AskWoody Lounger

              I am Group B, have Win 7 Pro, SP1, x64 with “sandy bridge CPU, and had already asked this question three times, but with no luck — at least as far as getting the direct and pithy answer I said was all I was after:

              “Do I need to worry about SMBv1?”

              Practically all I had found at Woody’s on June’s patching, up to that point, were postings from people describing their issues running 1000’s of machines with Windows 10. Not exactly what happened to be the case with me, or all of us, the Win 7 (and also 8.1) plain citizens with our poky old home PCs out there. Finally, elsewhere, Ascaris ( #197526 ), as usual, had the splendid grace to answer with a simple and clear statement that, boiled down slightly, meant: “Not a problem for Win 7 or 8.1, at least for now. Maybe never, as MS seems not to care that much anymore about those “heritage” systems.” (He did not write “heritage”, that’s me, but is also the plain truth.)

              See? It wasn’t that hard!

              And: Good news everyone, fellow home users soldering on with Win 7 and 8.1, ye teeming citizens of Woodyland! As far as SMBv1 goes,  it’s “Move on, nothing, to see here!”

               

               

              1 user thanked author for this post.
            • #197658 Reply

              Kirsty
              AskWoody MVP

              For reference, there have been numerous problems with SMBv1 in recent months:

              https://www.askwoody.com/forums/topic-tag/smbv1/
              https://www.askwoody.com/forums/topic-tag/smb/
              https://www.askwoody.com/forums/topic-tag/smb-vulnerability/

              3 users thanked author for this post.
            • #197674 Reply

              OscarCP
              AskWoody Lounger

              Thanks, Kirsty. You certainly have put some real work into those numerous postings on related issues.

              For my part, after some consideration of all that I’ve been reading on this, so far, I am planning to treat this SMBv1 thing as a Meh sort of problem. On a pair with “some day I am going to die.” Which is true enough, but not really something that I believe one should start putting some seriously substantial effort to deal with  right away without having encountered first a a clear and present reason.

              When I lose that final game of chess to Mr. Bones, when I finally get there, then I’ll be there. Until then: Another game? Which hand?

              Cheers.

               

      • #197549 Reply

        DrBonzo
        AskWoody Lounger

        Watch out for the last link in OscarCP’s post immediately above. I picked up a Trojan there!! MSE removes it but only after a full scan.

        Edit: This message didn’t end up where I thought it would. The post is #197470 from oscarCP above.

        • This reply was modified 4 days, 19 hours ago by  DrBonzo.
        • #197553 Reply

          Microfix
          AskWoody MVP

          Nothing on VirusTotal probably a false positive by MSE or you had something already on your system.

          https://www.virustotal.com/#/url/2b66fc4dd5161134e6396b279a4fb4adf838b90daa556efc3ace7a89a70fd067/detection

          | 2x Group A W8.1 | Group A+ Linux Hybrid | Group A W7 | Group W XP Pro |
            No problem can be solved from the same level of consciousness that created IT - AE
          3 users thanked author for this post.
          • #197575 Reply

            DrBonzo
            AskWoody Lounger

            Possible I was already infected, although I do a full scan every day and they always come back clean.

            As I started to scroll down the page in the link I got a window that said I needed to call an 800 support number. I forced a shutdown, then updated the definitions and ran a full scan and there it was, a Support Scam Trojan. MSE successfully removed it and then I ran another full scan and everything was clean.

            Is it possible the website was infected for only a brief period of time?

            • #197589 Reply

              Noel Carboni
              AskWoody MVP

              It is possible you got drive-by malware from an ad.

              Ads rotate.

              -Noel

              6 users thanked author for this post.
            • #197595 Reply

              Microfix
              AskWoody MVP

              Things are in a sad state when one visits a reputable website only to be infected by malware ads. Hence the NEED for an adblocker on a web browser nowadays.

              | 2x Group A W8.1 | Group A+ Linux Hybrid | Group A W7 | Group W XP Pro |
                No problem can be solved from the same level of consciousness that created IT - AE
              8 users thanked author for this post.
        • #197655 Reply

          OscarCP
          AskWoody Lounger

          Oh, that’s not good. Thanks for the heads up, DrBonzo — and very sorry for getting you and probably several others unnecessarily worried.

          So, I might have got that one too, although I have not seen any signs so far, and scans with the Webroot “SecureAnywhere” anti malware application has not picked up anything, yet.

          But what others have posted after you on this issue seems somewhat reassuring.

           

          2 users thanked author for this post.
    • #197485 Reply

      Geo
      AskWoody Lounger

      Group A,  Win 7×64, AMD, Home Premium, home user.  Took the June monthly roll-up KB4284826 and MSRT.  No problems.

      5 users thanked author for this post.
      • #197505 Reply

        fernlady
        AskWoody Lounger

        Lets hope I am as lucky when Woody gives the go ahead.

        Windows 7 Home x64 AMD Group A

        2 users thanked author for this post.
      • #197578 Reply

        anonymous

        Updates went fine on my Win 7 (x64), Intel CPU, Home Premium and on my Win 10/ 1803.

        1 user thanked author for this post.
        • #198008 Reply

          HiFlyer
          AskWoody Lounger

          Updates went fine on my Win 7 (x64), Intel CPU, Home Premium and on my Win 10/ 1803.

          Which updates?

           

    • #197487 Reply

      Mr. Natural
      AskWoody Lounger

      1803 update KB4284835 installed on my Alienware 17 R3. No nic issues.

    • #197508 Reply

      anonymous

      For our WSUS environment with > 2000 clients none of the Internet Explorer 10 or 11 Cumulative Security Updates are showing as needed.  I believe that this is a metadata / detection error with all of the these updates.

      Interestingly the update for Internet Explorer 9 for our handful of Win 2008 (R1) works fine and is showing as needed by all of the clients with that OS.

      If Microsoft had this as a batting average, it would be sent down to the minors.
      Jim

      3 users thanked author for this post.
      • #197607 Reply

        anonymous

        I think it might be using last month’s detection metadata because I’m getting 2 out of 1750 computers showing up as needing the update. Both those computers are showing as needing older updates.

    • #197511 Reply

      anonymous

      I installed KB4284880 on my E5-2697 v2 server with no previous issue. The system rebooted to a Intel ME “recovery mode” error that requires me to press F1 to reboot the system.

      Is their something in this update that would modify any UEFI/BIOS portions or firmware?

      • #197576 Reply

        anonymous

        I have just installed the “May” security only update on my Windows 7 64 bit Arandale laptop.

        I have had ME problems with this rig before and again after I installed the ME exploit last year.

        After a couple of reboots it stopped regularly beeping at me and the PowerManagement settings stopped oscillating every 3 seconds.

        Just when I wondered if maybe I should rollback the update it settled down from this nonsense and higher than normal CPU use.

        Some of these latest updates seem to upset some of the basic system structure depending on the target system.

    • #197523 Reply

      anonymous

      We all like guinea pigs but what are they doing here?
      Learning, hopefully.

    • #197556 Reply

      PerthMike
      AskWoody Lounger

      Thanks, by I am the sort that REALLY needs plain, simple and concise answers, not referral to documents whose applicability and relevance to my case might be (and who knows even then!) obvious to professional system administrators, no home users on foot, like me. So, still waiting here for an answer in plain English, concise and to the point. Oh Dear!

      On your home network, do you connect to any non-Microsoft Windows-based file shares (such as a network attached storage device)? If so, you will need to check with the manufacturer of that box if they are SMBv2 capable/compliant. Or do you have a network attached scanner that sends files to your PC? Same thing, if the device can’t deal with SMBv2 shares, then you will have an issue.

      Otherwise, if you just have a single PC, or two Windows PCs talking to each other (like a second home theatre PC’s share) you should be fine.

      No matter where you go, there you are.

    • #197561 Reply

      PerthMike
      AskWoody Lounger

      I just noticed that Microsoft has already re-issued the 2018-06 Cumulative Windows 10 updates for all flavours. They first came down the pipe (on my WSUS server) on the overnight scan, but just appeared a second time, 12 hours later, with new revision versions, and the original versions have been deprecated/expired.

      Only Windows 10 seems to be affected (4284880, 4284835, 4284819, 4284874).

      No matter where you go, there you are.

      3 users thanked author for this post.
    • #197562 Reply

      anonymous

      W7 64-Bit Home Premium.
      2018-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4284826)
      Installation date: ‎13/‎06/‎2018 08:10
      Installation status: Successful
      Running ¦ OK !

      5 users thanked author for this post.
    • #197591 Reply

      Microfix
      AskWoody MVP

      Windows 7: 9 vulnerabilities of which 2 are rated critical and 7 important.
      Windows 8.1: 8 vulnerabilities of which 2 are rated critical and 6 important.

      Seen this so, yesterday and today in a spirit of adventure, I set about installing the June 2018 patches for both our W7 and W8.1.

      Both Operating Systems are Askwoody Group A
      Checks conducted on a Haswell PC on separate SSD drives (no dual boot).
      MSRT is disabled from downloading from WU on both OSes.
      Both OSes using Realtek PCIe GBE NIC and OEM drivers only.

      W7 x64 Pro SP1: Patched to May 2018
      Kb4284826 – Security Monthly Quality Rollup
      No NIC issue at all.

      W8.1 x64 Pro: Patched to May 2018
      Kb4284815 – Security Monthly Quality Rollup

      After a couple of restarts and a hard boot of each, ran Disk Clean to remove patch installation data then checked log files to find no obvious errors thereafter.

      SFC /verifyonly showed ‘no errors’ on both operating system after update 🙂

      Early indications look good for this month..for W7 and W8.1 (YMMV)

      | 2x Group A W8.1 | Group A+ Linux Hybrid | Group A W7 | Group W XP Pro |
        No problem can be solved from the same level of consciousness that created IT - AE
      6 users thanked author for this post.
      • #197609 Reply

        Noel Carboni
        AskWoody MVP

        Hi Microfix, thanks for sharing your experience. Glad it went well.

        Is there any chance you regularly do benchmarks, and can compare before and after measurements?

        Thanks.

        -Noel

        • #197774 Reply

          Microfix
          AskWoody MVP

          @Noel, thanks. Not one for doing benchmarks, used to do that for computer gaming set-ups years ago but, have had a console for games ever since so never needed.

          | 2x Group A W8.1 | Group A+ Linux Hybrid | Group A W7 | Group W XP Pro |
            No problem can be solved from the same level of consciousness that created IT - AE
      • #197628 Reply

        anonymous

        Non tech here, asking for education; why is the Malicious Software Removal Tool disabled?  Is there problems with MSRT that we all should avoid downloading?  Thank you.

      • #197630 Reply

        EP
        AskWoody Lounger

        well Microfix since your Win7/8.1 machines are using Realtek PCIe GBE NIC hardware, get the newest Realtek PCIe LAN drivers from Realtek’s web site since Realtek has just released new drivers this June (v7.118 for Windows 7 and v8.064 for Windows 8.1).

        Using outdated Realtek PCIe GBE drivers is not a good idea and Windows Update may offer newer Realtek PCIe GBE drivers if the drivers that WU find on any supported PC are well outdated. To avoid this, obtain and install the newest drivers directly from Realtek.

        • This reply was modified 4 days, 9 hours ago by  EP.
        • This reply was modified 4 days, 9 hours ago by  EP.
        1 user thanked author for this post.
        • #197660 Reply

          samak
          AskWoody Lounger

          As long as you avoid any driver offerings from MS and your PC is working well, is there any need to update the drivers? It ain’t broke and I’m not keen to update!

          W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

          1 user thanked author for this post.
          • #197663 Reply

            Mr. Natural
            AskWoody Lounger

            Usually a very good idea to avoid driver updates offered by Windows Update.

            1 user thanked author for this post.
            • #197669 Reply

              samak
              AskWoody Lounger

              Thanks. The general question remains: if your PC is working well, is there any need to update the drivers at all?

              W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

            • #197671 Reply

              Mr. Natural
              AskWoody Lounger

              Probably not. “If it ain’t broke” is always a good approach to take.

              3 users thanked author for this post.
          • #197775 Reply

            Microfix
            AskWoody MVP

            Both OSes using Realtek PCIe GBE NIC and OEM drivers only.

            😉

            | 2x Group A W8.1 | Group A+ Linux Hybrid | Group A W7 | Group W XP Pro |
              No problem can be solved from the same level of consciousness that created IT - AE
    • #197599 Reply

      anonymous

      Did anyone notice the more and more extreme throttling is implementing while downloading updates? I checked Task Monitor to see why there is a lot of network activity going on for about the last half hour. It’s the dreaded Servicehost: Delivery Optimation with download speeds around 1 to 8 Mbps, mostly in the lower regions. Checked my internet speed and that really is still 250 Mbps. So now we don’t have only slow installs, but also painfully slow downloads. Which makes the whole weekly update process even more tiring. :-((((

      1 user thanked author for this post.
      • #197611 Reply

        Noel Carboni
        AskWoody MVP

        Just a reminder: Delivery Optimization can serve other people files from your system too. It can be disabled, but it’s on in Windows 10 by default.

        ScreenGrab_W10VM_2018_06_13_102845

        -Noel

        Attachments:
        You must be logged in to view attached files.
        3 users thanked author for this post.
        • #197643 Reply

          anonymous

          Excuse my ignorance but I didn’t know about this. So, MS wants to save money at their users’ expense. I wonder if at some point in the future a MitM attack would occur. In other words, how secure is this P2P updates delivery method? The more I know about W10, the more I want to never install it.

          3 users thanked author for this post.
        • #197679 Reply

          anonymous

          As I understand it the “download from other people” part is still enabled no matter which options you select in the user interface. To download just from microsoft you have to do some regedits.

          1 user thanked author for this post.
      • #197641 Reply

        BobbyB
        AskWoody Lounger

        @anonymous as @Noel Carboni has graciously illustrated, you can Turn off Delivery Optimisation. I think Susan Mentioned it as well and I read somewhere, some time back its efficacious to disable it from a Networking Perspective, slow downs High Bandwidth utilisation etc. While I believe it may well save on Size of Downloads, it often does it at the expense of speed as I believe WUD will look around the network and or the “Interweb” for other machines slowing everything down. I hit the problem a bit back when One of the Networks I was working on slowed to a crawl, disabled it on the Win10 Machines and “et Viola” Business as usual, not a spectacular improvement but quite noticeable. Memory serves me it was a Mixed bag inc. Win1607 or 1511? 10mbps or maybe a 100mbps and I was tweaking the NIC duplex settings at the time. But that’s whole other issue in the wacky complicated world of Networking. Another reason to avoid 1803 if you possibly can.

        1 user thanked author for this post.
    • #197623 Reply

      jescott418
      AskWoody Lounger

      Every time Microsoft sells a new Windows to users it claims better security. Yet I too also see a trend where Windows 10 has as least as much vulnerabilities every month as any other recent Windows. But then again Microsoft claimed Edge was a brand new browser too and we all know that ain’t true either. You can’t just take out some code add a little new and call it brand new.

      1 user thanked author for this post.
    • #197638 Reply

      anonymous

      Guinea Pig No. 20735 – A – 7 reporting for duty, Sir….

      Successful install of 6-2018 Group B Secur-only patch KB4284867-x64 , and IE 11 6-2018 patch kb4230450-x64 , this morn. Wed. 6-13. (The 13th, no less!)

      For details of my Win7 SP 1 X64 machine w/ Intel Haswell, and otherinfo re my PC, install prep/strategy etc., see Ask Woody older post:

      https://www.askwoody.com/forums/topic/patch-lady-kb4103718-known-issues/#post-194577

      After each install, logoff, then reboot, then logon & surf: Both times, Tbird gets my ATT/Yahoo email, and Seamonkey brings up DrudgeReport and Ask Woody (cache cleared prior to each try) . For my SOHO setup, use only direct cable, no wireless; on my Realtek PCIe GBE Family Controller, using 2010 and 2013 Realtek drivers.

      As of now, I have not enabled any of the registry hacks/ mitigations described in
      M$ “help” article for this patch, as to IBPB nor SBB; nor for prior mitigations M$ mentions as to Spectre and Meltdown.

      Side comment: Members and lurkers, what has been your practice so far as to enabling the mitigations? My hunch is that the busn. network mgrs. may have been doing it, and the SOHO like me, or only-personal users, may not have been; presumably waiting until zero-days pop up. Comments?

      As always: Profuse congratulations and praise, to Woody Leonhard for starting this invaluable resource in the first place, and building it! And to Patch Lady Susan Bradley, Noel Carboni, PKCano, Ascaris, Mr. Jim Phelps and all the Senior Posters and other posters, who make this blog Such A Valuable Resource for us humble souls!

      Oh, and PS: WHY now? A: Dealing with moderate health issues coming up; move of my residence coming up; translation: Not a lot of time right now to hemmorhage time on M$ and its (fill in your own adjectives) software.

      And also as always: Your Mileage May Vary. Best to all!

      3 users thanked author for this post.
    • #197678 Reply

      PKCano
      AskWoody MVP

      I just updated one of the Win10 1703 computers I support. I was offered the 2018-06 CU KB4284874 to Build 15063.1155, IE11/Edge Flash, MSRT and several Office 2010 updates. All installed and rebooted with no problem. No offer of 18030.

      HP Elite 800 i5 Kaby Lake, 8G BRAM. 500GB SSD.

    • #197688 Reply

      cesmart4125
      AskWoody Lounger

      Hello Woody!

      I’ve got two items on my mind.  Malwarebytes AdwCleaner 7.20 just found two pieces of Malware in CCleaner.  6/13/2018 7:02 PM EDST

      The second concerns system health.  In the “good ol’ days” Windows Secrets had articles on checking system health.  These included information on programs to use such as Performance Test and Disk CheckUp.  Would it be possible to have an article on this topic in AskWoody.

      Oh, and I recently wrote an article on women in the Civil War complete with links to YouTube sites.  If you or your wife were to read about three pages, you would be able to astound and amaze your neighbors with your knowledge of the Civil War, more properly called “The War.”  And remember our army is not the US Army, but rather the army of the CSA.  If you’d like me to send you a copy, just let me know.

      Look forward to hearing from you.  Best wishes in your endeavors.

      Charles

      • #197701 Reply

        geekdom
        AskWoody Lounger

        Malwarebytes AdwCleaner 7.20 just found two pieces of Malware in CCleaner. 6/13/2018 7:02 PM EDST The second concerns system health. In the “good ol’ days” Windows Secrets had articles on checking system health. These included information on programs to use such as Performance Test and Disk CheckUp. Would it be possible to have an article on this topic in AskWoody. Oh, and I recently wrote an article on women in the Civil War complete with links to YouTube sites.

        You have three topics there. Please consider starting three separate threads as this thread is about June Patch Tuesday.

        Group G{ot backup} Win7|64-bit|SP1

    • #197690 Reply

      cesmart4125
      AskWoody Lounger

      Woody, PK Cano, and company,

      I put my above message here because I’m unable to figure out how to put Woody in the “To” box for direct messages.

      And, yes, I do indeed have an article on women in the Civil War.  If you’d like me to post it, just tell me where, and I’ll do so.

      Charles

      • #197702 Reply

        PKCano
        AskWoody MVP
      • #197725 Reply

        Kirsty
        AskWoody MVP

        There has been an issue with the DM system for a little while, in selecting @woody as the recipient, using New Message.

        However, if you click on Directory instead, and search for Woody, click on Send Message to the right of his yellow gravatar link towards the bottom of that list 🙂
        (Don’t use the Admin account at the top of that list, as the other account will reach him quicker.)

        4 users thanked author for this post.
    • #197703 Reply

      aerosmith598
      AskWoody Lounger

      i just have a yes or no question regarding windows 7 patch from yesterday, june 12, it says it offers a stop error, which is a blue screen, is every user experiencing that? i havent downloaded it yet . do i absolutely need it? im running windows 7 home premium with no issues. thanks for your help.

      • #197704 Reply

        PKCano
        AskWoody MVP

        Which patch are you referring to. Can you give a KB number?

        Patch Tuesday was just yesterday. You can wait a while and see if we get reports of problems. There hasn’t been enough time to know if people are having problems yet.

        • #197709 Reply

          aerosmith598
          AskWoody Lounger

          sure i apologize- its kb4284826… apparently it fixes the spectre meltdown? which like most i have no idea what that is or that it exists.  Just i always go to microsofts page to read the known issues and the first is  a stop error on certain machines, which i know is a blue screen, which i obviously want to avoid.

          • #197711 Reply

            aerosmith598
            AskWoody Lounger

            i would ‘hide’ it, but then i dont know if my system will become unstable, im basically asking if i fully ignore it this month will i be alright?

          • #197714 Reply

            PKCano
            AskWoody MVP

            You will need to install that patch eventually.

            But it will not hurt anything if you WAIT to install it for another two weeks. In that time, if people are having problems, they will report here. If not, Woody will give the go-ahead to patch safely and link to an article in ComputerWorld giving the instructions. The DEFCON number is the big number at the top of the page. Watch for it to change to 3 or above and read the article.

            • #197715 Reply

              aerosmith598
              AskWoody Lounger

              ok great, probably dumb on my part but i was thinking if i didnt install it right away my computer would crash or get infected, i always download the patches about a week to 10 days after they are released, honestly when i do my computer takes forever to restart which i try to avoid as much as possible, so im good if i hold off till like the middle of next week?

            • #197717 Reply

              PKCano
              AskWoody MVP

              Or the week arter that. I don’t believe there are any Meltdown/Spectre exploits in the wild yet.

            • #197718 Reply

              aerosmith598
              AskWoody Lounger

              I really do appreciate the help, im not just saying that, thanks again.

      • #197705 Reply

        geekdom
        AskWoody Lounger

        I installed  2018-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4284826) yesterday and have not experienced Blue Screen of Death.

        Group G{ot backup} Win7|64-bit|SP1

        3 users thanked author for this post.
        • #197720 Reply

          OscarCP
          AskWoody Lounger

          Several good reports here that are encouraging! To me, in particular, the ones about security only and E11 for Win 7, my OS. But I rather wait a couple of weeks before installing anything and watch to see what else might surface that has not done so right away, in case what does surface is trouble.

          At the moment, I’m not aware of any urgent reason for me, at least, to update in a hurry, because, say, the word is out that some evil malware spawn is out to destroy the world and might be coming for me first, the way it was back in February. At least that anyone knows so far…

           

    • #197740 Reply

      ViperJohn
      AskWoody Lounger

      Had Win7 64 bit system with appropriate Intel Microcode Updates and FULLY WORKING Meltdown and Spectre mitigations per Gibson’s Inspectre BEFORE installing Win7 Security Only Update KB4284867.

      After installing KB4284867 any and all Spectre mitigations are completely disabled per Gibson’s Inspectre.  Inspectre actually acts exactly like it does when the appropriate Spectre enabling Intel Microcodes are not installed at all after the KB4284867 install.

      Setting registry “FeatureSettingsOverride” to 0 or 8 makes no difference in result after KB4284867 install where either would work before KB4284867 install (just gotta love bitmaps). The only way to restore Spectre mitigations to working status is uninstall KB4284867.

      This could be a bug in the Gibson’s Inspectre in combo with the June Windows updates but I doubt it cause after you install KB4284867 it’s like the Microcode Updates needed to enable Spectre mitigation are no longer installed when they if fact are.

      I tried to find the old PowerShell test routines to try them and couldn’t BUT I also couldn’t get them to work at all before either.

      • #197747 Reply

        ViperJohn
        AskWoody Lounger

        Okay just installed KB4284874 June Cumulative Update for Win 10 v1703 and got EXACTLY the same results and actions in regard to Spectre mitigations as listed above for Win 7 and KB4284867.

        At this point it could be a Gibson Inspectre detection issue after the updates are installed or Microsoft has managed to hose the Spectre mitigations completely all around.  No real way to know at this point but uninstalling the updates returns the Spectre mitigations back to working status every time.

         

        • #197749 Reply

          Kirsty
          AskWoody MVP

          it could be a Gibson Inspectre detection issue

          InSpectre is still at Release 8, now 2 months’ old. Not sure if/when it is likely to be updated…

    • #197748 Reply

      ViperJohn
      AskWoody Lounger

      Or the week arter that. I don’t believe there are any Meltdown/Spectre exploits in the wild yet.

      It’s only a matter of time though PK.

      • #197766 Reply

        aerosmith598
        AskWoody Lounger

        i ended up downloading them/updating, their were only 2 updates for june so i figured  why not. So far nothing changed, no stop error no blue screen thats a plus. Thanks again for the advice, but i didnt wanna leave it un- updated for 2 weeks and have something with my luck get in my system that id need to worry about later.

        1 user thanked author for this post.
    • #197753 Reply

      anonymous

      After creating system partition backups, I took the plunge for the 4 combinations W7 Home Premium and W8.1 Pro in both 32 bit and 64 bit variants by installing both the security only and Internet Explorer (IE) updates (and the W8.1 Flash for IE updates) i.e. Group B-ish.

      The IE updates which historically have given me most problems in various versions of Windows through the years, show me no problems this month.

      The W8.1 file explorer problems due to corrupted Registry settings which for me re-emerge every few months did not re-appear this month.

      The W8.1 32 bit Sandboxie problem introduced by the April W8.1 32 bit update and fixed/worked around by Sandboxie Beta 5.25.1 remains fixed/worked around after the June updates.

      Windows Firewall Notifier (WFN) version 2 Beta 3 continues to function (I had to replace the earlier WFN 1.9.0 following the May (.NET?) updates) and after a few hours use there have been no unrecognised outgoing “svchost.exe” internet accesses this month (unlike after the May (.NET?) updates).

      So “so far, so good”!

      HTH. Garbo.

      BTW: I’m just a home PC user with a small Microsoft footprint i.e. I normally use Panda AV not MSE/Windows Defender, Firefox/Vivaldi not IE, Thunderbird not Outlook, Softmaker Office not MS Office, VLC Media Player not Windows Media Player etc., so my active interaction with these updates may be less than some other people’s 🙂

      • #197906 Reply

        anonymous

        It is also good to read your BTW in the other direction as well, Garbo. In your case Microsoft is keeping its hands to itself and not creating conflicts in those alternative applications either. More good news.

    • #197788 Reply

      Dismas
      AskWoody Lounger

      Hello,

      I don’t know what’s going on with the cumulative update KB4284880 and the Flash update KB4287903 but they are needed by none of my LTSB 1607 SCCM clients (4) and I get the  error “The update is not applicable to your computer” when trying to install them manually via the catalog.

    • #197791 Reply

      radosuaf
      AskWoody Lounger

      Patching my Lumia ended up with a sad face pic and I have to reflash my phone, which means starting fresh with W8.1 and installing all the upgrades one by one. Oh well, a few hours lost…

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1803 64-bit + Windows 10 Mobile 1709 (Lumia 640 LTE)
    • #197954 Reply

      Dismas
      AskWoody Lounger

      Hello, I don’t know what’s going on with the cumulative update KB4284880 and the Flash update KB4287903 but they are needed by none of my LTSB 1607 SCCM clients (4) and I get the error “The update is not applicable to your computer” when trying to install them manually via the catalog.

      OK I figured it out : I missed KB4132216…

      1 user thanked author for this post.
    • #198001 Reply

      anonymous

      Hello all, glad I found this website.  I have gotten BSOD on Wednesday, June 13, 2018 at about 3 AM CST, another one at the same time on Thursday, June 14, 2018, and another one today, same deal, Friday, June 15, 2018.  Each time the BSOD shows “BAD POOL.”  My Windows 7 system is trying to install the 2018-06 Security Monthly Quality Rollup for Windows 7 for X64-based System (KB4284826) 222.6 MB.  From the Safe Mode screen, the last driver that is loading is CLASSPNP.SYS.  Not sure if this is related to the BSOD.  In Safe Mode, it says “Failure configuring Windows updates.  Preventing changes.”  Then when it regularly boots it says, “Preparing to configure Windows.  Do not turn off your computer.”  Any suggestions on what I can do?

      • #198009 Reply

        PKCano
        AskWoody MVP

        The support page for KB 4284826 gives a “Known issue” that was introduced in the March Rollup and still has not been fixed by Microsoft. This is due to a lack of support for SIMD/SSE2. If you can turn it on in the BIOS, it may fix the issue you are having.

        1 user thanked author for this post.
        • #198025 Reply

          anonymous

          Woody, thank you.

          When I visit that link it says: “A stop error occurs on computers that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2).”  Workaround: “Microsoft is working on a resolution and will provide an update in an upcoming release.”

          When I check my CPU using CPU-Z 1.85.0 May 2018, it tell me my Intel Core i7 4790K has MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, EM64T, VT-x, AES, AVX, AVX2, and FMA3.  I see SSE2 but I don’t see SIMD mentioned.  Could this be the problem?

        • #198048 Reply

          anonymous

          PKCano, thank you!

    • #198051 Reply

      Noel Carboni
      AskWoody MVP

      Here is my experience with the June 2018 patches for Windows 8.1 on my hardware system, which I could revert (even through restoral of a backup) as needed…

      The offered updates:

      ScreenGrab_NoelC4_2018_06_15_070857

      Of the above, I hid three that I do not want now or ever:

      • Update for Windows 8.1 for x64-based systems (KB2976978)
      • Microsoft – HIDClass – 10/27/2015 12:00:00 AM – 9.9.108.0
      • Surface – Keyboard – 2/8/2018 12:00:00 AM – 1.0.104.0

      The one ending 6978 is the compatibility metrics add-on Microsoft keeps trying to push over and over. The other two showed up out of the blue. I have no human interface device problems whatsoever, and it’s not a Surface (it’s a Dell workstation).

      The others went in without a hitch.

      After the required reboot, I had to undo the following things that the update process did:

      • Re-disabled scheduled task “Microsoft\\Windows\\.NET Framework\\.NET Framework NGEN v4.0.30319 64 Critical”.
      • Re-disabled scheduled task “Microsoft\\Windows\\.NET Framework\\.NET Framework NGEN v4.0.30319 Critical”.
      • Re-disabled scheduled task “Microsoft\\Windows\\WindowsUpdate\\Scheduled Start”.
      • Re-disabled scheduled task “Microsoft\\Windows\\WindowsUpdate\\Scheduled Start With Network”.
      • Service BITS (Background Intelligent Transfer Service) had been changed to “AUTO_START (DELAYED)” from my preferred “DEMAND_START” setting.
      • Shell Service Object “SkyDrive network states cache SSO” was reinstalled for both 32 and 64 bit Explorer; I prefer it to be disabled (via Autoruns).
      • Browser Helper Object “Office Document Cache Handler” was reinstated for both 32 and 64 bit Internet Explorer; I prefer it to be disabled (via Autoruns).
      • The MRT (Malicious Software Removal Tool) had once again deleted file “C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll”, which I had to restore from a backup.
      • Removed the root namespaces Microsoft seems to think I really, really need under “This PC” in Explorer, but which I really, really, really don’t.

      Before the updates, this system was supremely stable and performance was very good. Uptime was 50 days before these updates went in.

      After the above restorals of my preferred settings, per the PassMark benchmark, overall system performance measures about 2% slower than nominal. Arguably the most important metric, max I/O throughput, measures only about 1% slower than before at about 1591 MB/Sec. vs. 1609 MB/Sec. I will watch for confirmation of these slowdowns in scheduled I/O intensive scheduled jobs.

      Fitness for purpose testing will continue for some days, but initial tests imply that the patched OS is running stably and can support my ongoing engineering and business management work.

      Edit: It’s been stable for 24 hours now, and facilitated quite heavy work for me all day yesterday and this morning. However, I noticed that a nightly software build job that took 47 minutes consistently before the update now takes 51 minutes. This performance hit is not insignificant, even with Spectre and Meltdown mitigations disabled.

      -Noel

      • This reply was modified 2 days, 10 hours ago by  Noel Carboni.
      • This reply was modified 1 day, 14 hours ago by  Noel Carboni.
      Attachments:
      You must be logged in to view attached files.
    • #198055 Reply

      Carl D
      AskWoody Lounger

      The support page for KB 4284826 gives a “Known issue” that was introduced in the March Rollup and still has not been fixed by Microsoft. This is due to a lack of support for SIMD/SSE2. If you can turn it on in the BIOS, it may fix the issue you are having.

      MS doesn’t seem to be in too much of a hurry to fix this, do they?

      Second (or third?) month in a row now where I’m not game enough to patch Windows 7 on my 32bit 2006 vintage HP laptop.

      Maybe that’s part of the ongoing plan by MS to kill off Windows 7… get rid of the remaining 32bit versions by making them unpatchable then move on to the 64bit version? Well, I’ll give them one more month to fix this. If they don’t then out comes the Windows 7 SSD and in goes the Linux Mint one – for good this time.

      1 user thanked author for this post.
    • #198085 Reply

      Larry53715
      AskWoody Lounger

      Couple of questions, I installed KB4103718 on my 7-64 bit desktop with no issues.  If I did not have issues with the NIC with this update, is it safe to assume that if I install KB4284826 that I also will not run into any NIC issues.  I will still wait until we go to Defcon 3 to install.

      I also have a laptop which does not get much use and I have as yet to install KB4103718 on it.  I am guess that whenever I get to installing WU updates that I will only see the current month listed.  Do I need to manually install the May update or will installing the most current update be sufficient.  Most of these seem to be nearly the same size, except the most recent updates are usually slightly larger in size.

       

      Thanks

      • #198089 Reply

        PKCano
        AskWoody MVP

        is it safe to assume

        NO! With MS it is not safe to assume. But by the time we go to DEFCON-3. we should have reports whether there are still NIC problems or not.

        I am guess that whenever I get to installing WU updates that I will only see the current month listed.

        The Rollups are cumulative, so each month contains all the prior Rollups plus the current month’s fixes. You should not see more than the current month’s Rollup.

        1 user thanked author for this post.
      • #198109 Reply

        aerosmith598
        AskWoody Lounger

        I have a windows 7 desktop that i installed KB4284826 on and its been fine, nothing crashed no blue stop errors. I dont know if in the future a problem will arise, im just saying so far, its been fine, hope that helps. The last update that i installed that caused my screen to go blue/stop error was in april/may, i uninstalled them all and hid them all, they were known to do that, which i stupidly should have read before i did it. Anyways, in the june updates their were only 2,. which signals that they are phasing out slowly Windows 7 updates, as i always get atleast 5 or 6 updates, maybe this month their just weren’t that many? Hope this helps someone

    • #198104 Reply

      bsfinkel
      AskWoody Lounger

      Here is my experience on an HP Windows 8.1 laptop.  I installed KB4284878, which was the only one I saw on Windows Update (besides the update to Flash Player).  I have seen reference to KB4284815, but I am not sure what it is.  (Is it a piece of KB4284878?) The patch installation went without problems, then I rebooted and backed up the machine.  This was Tuesday afternoon (I install the security patches as soon as they appear in Windows Update).  Thursday night I took the laptop to a meeting to run GoToMeeting.  Most of the processes that auto-start were crashing.  Every minute I was getting a banner stating that I had not run Windows Update in over 30 days.  I went to WU, and I waited over five minutes while it searched for updates.  While it was still searching, I rebooted.  Then I again went to WU, and I got the immediate error code 80072F8F.  The GoToMeeting start application was crashing, and I could not use Firefox to go to GTM, as Firefox complained about a bad security certificate.  When I used IE to do a Google search for that WU error code, IE told me that the Google certificate had problems.  So I shut down the machine.  When I searched this morning for that error code (on my Windows 7 desktop), I saw references to a bad clock setting.  I powered-on the laptop, and I noticed that the clock was wrong.  Using NTP to change the clock did not do anything, so I manually changed the date and time.  Then NTP worked to set the exact time.  Then I rebooted, and the strange Windows Update messages every minute vanished.  I do not remember if the system clock was a few days ahead or behind of local time.  I have no idea how the system clock had the wrong time. I do not know if the patching I did not Tuesday was the cause.  I use that laptop about four times each month.

      • #198115 Reply

        PKCano
        AskWoody MVP

        If your system does not retain the time on the system clock, the probable cause is that the CMOS battery (a coin-type battery on the motherboard) is dead and needs to be replaced.

        You DID NOT get KB4284878 in Windows Update. It is the Win8.1 June Security-Only update and is not available through Windows Update. It has to be manually downloaded from the Microsoft Catalog.
        The June patch issued through Windows Update is the Security Monthly Quality ROLLUP KB4284815.

        I don’t know what you installed on the computer, but I recommend you try to uninstall it. Perhaps it was an incompatible driver for some hardware. Or you can look in the update history and try to determine what was installed, then uninstall it.

        • #198465 Reply

          bsfinkel
          AskWoody Lounger

          You are correct; I did install KB4284815, not KB4284878.  After I powered-down the laptop Thursday evening around 7PM, I had the laptop off until about 1PM this afternoon (Sunday).  The system clock had the correct time, so I do not know if the CMOS battery is running low on power.  So, I do have a definitive answer as to why the system clock did not have the correct time 48 hours after I patched, rebooted, and backed up.  Now, if Windows Update had told me that my system clock might be wrong instead of the cryptic “error 80072F8F”, I would have been able to diagnose and fix the problem promptly.

    • #198224 Reply

      DrBonzo
      AskWoody Lounger

      FYI the Win 7 Rollup and Security Only updates for June have been updated on the MS support site on June 15.

      There are NO issues now reported for the Security Only (i.e., no NIC problem and no stop error/SIMD/SSE2).

      There is no stop error/SIMD/SSE2 error listed for the Rollup, but the NIC issue IS still listed.

      It appears that some earlier months were also updated on June 15, so you might want to check these out if you haven’t yet patched through May.

      3 users thanked author for this post.
    • #198271 Reply

      RDRguy
      AskWoody Lounger

      @pkcano @kirsty @viperjohn @retiredgeek @SusanBradley

      All, I’ve updated one of my Win7 64Bit systems with the original release Jun 2018 Security Only (KB4284867) & IE11 Cumulative (KB4230450) updates on Jun 12th and all seemed well until today.

      I finally experimented with Microsoft’s newly updated Speculation Control Validation PowerShell Script version 1.0.8 to see how my previously hacked i7-990x BIOS CPU Microcode update fares with Spectre Variant 4.

      Microsoft Speculation Control Validation PowerShell Script version:

      1.0.8 (Current version)
      Added support for querying Speculative Store Bypass Disable (SSBD) setting

      https://gallery.technet.microsoft.com/scriptcenter/Speculation-Control-e36f0050

      However, since updating the Win7 (Ultimate – x64) system with the Jun 2018 Security Only (KB4284867) & IE11 Cumulative (KB4230450) updates, the PowerShell scrip fails during the “Import-Module” command. This now also occurs with the previous 1.0.7 script version which just last week ran successfully. Same results when running either PowerShell 64 Bit or 32 Bit on the 64 Bit system.

      Original as downloaded from Microsoft, PowerShell Script failure indication:

      Speculation-Control-PowerShell-Script-v1.0.7-v1.0.8-Results-original-SpeculationControl.psd1-script-4

      Essentially during script import, PowerShell complains about:

      “… module cannot be imported because its manifest contains one or more members that are not valid … Remove the members that are not valid (‘RootModule’), then try to import the module again.”

      When running both versions of the script on the same Win7 (Ultimate – x64) system without the Jun 2018 Security Only update, both script versions import and run as expected.

      It would seem that the Jun 2018 Security Only update includes an undocumented change to Win7’s PowerShell in which it no longer recognizes the ‘RootModule’ member nomenclature.

      I’ve found that by changing the ‘RootModule’ member nomenclature to ‘ModuleToProcess’ nomenclature, all is well again and both script versions run successfully on the system updated with the Jun 2018 Security Only (KB4284867) update.

      Script modification edits shown below:

      Speculation-Control-PowerShell-Script-v1.0.8-original-modified-3

      After script version 1.0.7 modification, results are:

      Speculation-Control-PowerShell-Script-v1.0.7-Results-modified-script-3

      After script version 1.0.8 modification, results are:

      Speculation-Control-PowerShell-Script-v1.0.8-Results-modified-script-3

      Not sure if this new PowerShell characteristic / feature also applies to the Jun 2018 Win7 Roll-up, Win8.1 Security Only / Roll-up or Win10 or 32Bit versions of Win7 but it sure looks like another bug put into the Win7 security update cycle for us Win10 “obstructionists”.

      Now, just how many of us Win7 users are out there using PowerShell scripts and just how many of our scripts use the ‘RootModule’ member nomenclature that now fail? Luckily, I’ve only got a few.

      Lastly, the latest updated CPUID 206C2 version “0x1E” CPU Microcode does not contain the required SSBD CPU Microcode update for Spectre Variant 4 so it looks like I’m waiting for either HP or Dell to release an updated BIOS for their XEON x5600 series systems.

      Win7 Group B (Ultimate & Pro) [x64 & x86]
      MSOffice Pro Plus 2010 SP2 (x86 Perpetual)
      MSOffice Pro Plus 2013 SP1 (x64 Perpetual)
      RDRguy

      EDIT—————-
      Running GRC’s Inspectre version #8 works the same for me on Win7 Ultimate SP1 64Bit pre & post Jun 2018 Security Only update (KB4284867) so maybe there’s a new Win10 problem as noted above by @viperjohn in post #197747.

      However, I do expect Steve to update his marvelous tool to add Spectre Variant 3a & 4 protection detection capability once he gets a chance to do so.

      • This reply was modified 1 day, 16 hours ago by  RDRguy.
      • This reply was modified 1 day, 16 hours ago by  RDRguy.
      • This reply was modified 1 day, 16 hours ago by  RDRguy.
      • This reply was modified 1 day, 15 hours ago by  RDRguy.
      Attachments:
      You must be logged in to view attached files.
      2 users thanked author for this post.
      • #198295 Reply

        Noel Carboni
        AskWoody MVP

        You seem pretty into the details, RDRGuy…

        Out of curiosity what’s your take on the performance impacts of these mitigations?

        My experience based on some of my scheduled jobs last night is that even with the mitigations disabled there’s still a not insigificant performance hit since last December…

        For example, an intensive software build job that had been taking about 47 minutes is now taking 51 minutes, about an 8% decrease in overall performance.

        The price difference in top-end workstations to get an extra 8% throughput is not insignificant!

        What price security?

        -Noel

      • #198301 Reply

        mazzinia
        AskWoody Lounger

        There are now microcode fixes also for older cpus (5200/5400 onward)?

        Due to the current situation, I’ve stopped at march + fix vs security hole of the first spectre patches.

    • #198302 Reply

      mazzinia
      AskWoody Lounger

      I keep testing how these “new” monthly updates behave on a test win8.1 embedded pro behave… and up to now seems that really 8.1 has not been butchered, weirdly.

      But I got this weird situation upon the reboot of vmware and logging into the 8.1 vm :
      A command prompt like window named dwm.exe with the following inside :

      SYMSRV: dwmcore.pdb from http://msdl.microsoft.com/download/symbols: 4009984 by
      tes – copied
      DBGHELP: dwmcore – private symbols
      C:\Windows\Tweaks\AeroGlass\symbols\dwmcore.pdb\1AB1FFC6AB984DD0849810D6
      CCFD7FC22\dwmcore.pdb
      DBGHELP: .\uDWM.pdb – file not found
      DBGHELP: .\dll\uDWM.pdb – file not found
      DBGHELP: .\symbols\dll\uDWM.pdb – file not found
      DBGHELP: udwm – public symbols
      C:\Windows\Tweaks\AeroGlass\symbols\uDWM.pdb\153457D628204D88A67A6F9D60D
      D064E2\uDWM.pdb

      1 user thanked author for this post.
    • #198461 Reply

      ViperJohn
      AskWoody Lounger

      BIG HEADS UP FOLKS

      The June 2018 Cumulative KB4284874 for Win10 v1703 from the Windows  Update Catalog contains and installs the dreaded Windows 10 Update Assistant V2.

      It installs in the ?:\Windows\UpdateAssistantV2 folder which should be deleted before the horror show in the folder can execute.

      If memory serves the sole purpose this delightful piece of MS designed MalWare is to undo and /or reset every single User set or altered Service / PC Setting / Group Policy impediment to a forced version upgrade.

    • #198466 Reply

      bsfinkel
      AskWoody Lounger

      I have another patch question – What are the “Preview of Quality Rollup” patches?  I saw two 2018-05 for Windows 7 the Tuesday after May Patch Tuesday, and, per AskWoody, I did not install them.  When will these be officially released?  Will there be 2016-6 Preview of Quality Rollup” patches released this coming Tuesday (a week after Patch Tuesday)?  I know that security-related patched are released on the second Tuesday of each month, but what exactly are the patches released the following Tuesday?

      • #198467 Reply

        PKCano
        AskWoody MVP

        Monthly Rollup patches contain three parts: security, non-security, and IE 11cumulative. They are released on the second Tues (Patch Tues). Rollups are CHECKED Important updates.

        The following week, the Preview for the next month is released. It contains that month’s Rollup PLUS the non-security updates for the next month. It is an UNCHECKED Optional update. It is there for Admins and IT Dept’s to test before updating next month. It is not intended to be installed by the consumer, hence UNCHECKED Optional.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: June 2018 Patch Tuesday is upon us

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.