Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Lots and lots of patches

    Home Forums AskWoody blog Lots and lots of patches

    This topic contains 67 replies, has 20 voices, and was last updated by  Noel Carboni 3 days, 14 hours ago.

    • Author
      Posts
    • #128433 Reply

      woody
      Da Boss

      Martin Brinkmann at gHacks just posted his usual comprehensive list: Windows 7:  9 vulnerabilities of which 2 are rated critical, 7 important Windows
      [See the full post at: Lots and lots of patches]

      6 users thanked author for this post.
    • #128435 Reply

      AJNorth
      AskWoody Lounger

      The SANS ISC InfoSec Forums have revamped their MS Patch Tuesday reference system; here is an excerpt from the introduction to today’s posting:

      “When Microsoft changed its update process a few months ago, we were initially no longer able to quickly produce our usual assessment of Microsoft’s patches. Finally, I think we have a way to get at least some of it back, and this is our first take on it. Please let me know if I should change anything.”

      August 2017 post: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694

      • This reply was modified 1 week, 1 day ago by  AJNorth.
      2 users thanked author for this post.
    • #128438 Reply

      radosuaf
      AskWoody Lounger

      As usual – most secure Windows ever has most vulnerabilities.

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit + Windows 10 Mobile 1607 (Lumia 735)
      6 users thanked author for this post.
      • #128446 Reply

        anonymous

        Well keep in mind you’re comparing the number of vulnerabilities of Windows 10 to 7 and 8.1 both of which are older so they’ve had more time to have their exploits patched. People seem to forget that. I don’t think you should be comparing the number of exploits of a 2 year old piece of software to a piece of software that’s been getting updates for 8 years.

        • #128454 Reply

          Microfix
          AskWoody Lounger

          Or, the marketing slogan wasn’t quite appropriate for the continual beta OS? 🙂

          | 2 PC W8.1 Pro x64 | | 2 PC Linux Hybrids x64 | | 1 PC Windows XP Pro x86 (offline) |
            No problem can be solved from the same level of consciousness that created IT - AE
          4 users thanked author for this post.
        • #128457 Reply

          Charlie
          AskWoody Lounger

          What I and probably most people expect is that the “state of the art”, “most secure” new O.S. to have the previous six years of updates and patches built in.  Why bother with all the hassle if you’re starting out six years behind?  Doesn’t make sense to me.

          8 users thanked author for this post.
        • #128469 Reply

          Seff
          AskWoody Lounger

          Surely the point is that if you’re going to release a new OS version and claim as a major selling point over the existing versions that it is more secure, then it shouldn’t have more vulnerabilities than the existing versions it’s supposed to be a more secure replacement for!

          8 users thanked author for this post.
          • #128470 Reply

            AJNorth
            AskWoody Lounger

            True enough.

            But this is MICROSOFT, the Not Quite Ready for Prime Time Company, whose corporate motto is effectively, “We truly value our customers’ opinions. If we wish to know them, we will tell you what they are.”

            3 users thanked author for this post.
        • #128531 Reply

          radosuaf
          AskWoody Lounger

          I don’t think you should be comparing the number of exploits of a 2 year old piece of software to a piece of software that’s been getting updates for 8 years.

          Then I don’t think you should call a 2 year old piece of software “most secure Windows ever” :).

          MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit + Windows 10 Mobile 1607 (Lumia 735)
          3 users thanked author for this post.
          • #128704 Reply

            anonymous

            I agree with all of above as well as all the other pointed critical comments made about the way Win10 is being shoveled out to the general user public.

            I am going to compare what I think is M$ Win10 strategy with the like of that they had this self interest thought bubble and we will call it the GREATEST EVER O/S rocket ship, christened Win10.

            They have managed to get it up in the air and it is sorta of flying as close as they can control, straight and level in a somewhat expected direction. However, when it took off it left a few things behind on the launchpad that were not supposed to be forgotten.

            Also overlooking that it might have been a good idea to work out how they can get it to land WITHOUT going in headfirst into the ground BEFORE they pushed the launch button.

            My money is on that they have lost (trashed) the experienced personnel to be able to do this, as the lunatics (money motivated executives)  have taken over the asylum, and the inevitable is just a matter of time.

            1 user thanked author for this post.
    • #128441 Reply

      PKCano
      AskWoody MVP

      Group B Security-only patches have been updated Aug 8 on AKB2000003

      Cumulative updates for IE11 have been updated Aug 8 on Akb2000003.

      • This reply was modified 1 week, 1 day ago by  PKCano.
      • This reply was modified 1 week, 1 day ago by  PKCano.
      • This reply was modified 1 week, 1 day ago by  PKCano.
    • #128444 Reply

      anonymous

      Updated 1607 to build 1593, noticed that update history shows no updates installed. Updates are listed in control panel under uninstall updates, but only go back to September 2016, when I installed the anniversary update. Anyone else experiencing this?

      • #128571 Reply

        ch100
        AskWoody MVP

        Yes, your installation is as clean as it is supposed to be.
        The history was reset probably by the Servicing Stack Update KB4035631, while the installed updates show only the current ones, not the superseded updates.
        The superseded updates are replaced “in place” in most cases in Windows 10, while an inbox/built-in Scheduled Task runs and uninstalls the remaining superseded updates behind the scenes, which is the same action known from Windows 8/8.1 and their server equivalents 2012/2012R2. This is equivalent to running Disk Cleanup manually for Windows Update.
        You will still see in the list of installed updates all the Servicing Stack Updates installed on the machine, as they cannot be uninstalled, even if the old ones are inactivated by the more recent SSUs installed.

      • #128567 Reply

        anonymous

        Same here! Happened after I installed kb4034658.

        • #128570 Reply

          anonymous

          And now I know why… WinShowHide shows my hidden updates are all unhidden.

          So if you’ve hidden the upgrade (1703), it will appear again. Be careful!

        • #128587 Reply

          anonymous

          After this  happened, all of my hidden updates (Wushowhide) turned out to be unhidden. So if you had hidden the upgrade (1703), it will appear again. So be careful!

    • #128460 Reply

      abbodi86
      AskWoody MVP

      Which Office lists was wrong?

       

      for regular users, just 4 new updates for Office 2016 today, in addition to 9 updates from August 1

      Office 2013 still have the same 7 updates from August 1

      Office 2010/2007 got zero updates

      • #128462 Reply

        PKCano
        AskWoody MVP

        What was originally posted on MS Technet Aug 1 was wrong. See TenForums list – it was original on MS. See ours – I corrected it this morning to match MS listing NOW

        2 users thanked author for this post.
      • #128498 Reply

        anonymous

        No kidding. When I checked Windows Update I haven’t seen any security updates for Microsoft Office 2007.

        1 user thanked author for this post.
        • #128532 Reply

          lizzytish
          AskWoody Lounger

          I’ve received the August updates and the 2007 updates for Office are still listed. These were there from last month (July) and because of reports of ‘bugs’ I haven’t updated as yet. Probably will get round to them shortly or when we’re given the go ahead from Woody. Just mentioning them because some have said they haven’t seen any. Enclosing a screen capture – there are 8 specifically for 2007 and are in Important updates and ticked. My computer is set to “Check for updates but let me decide when to download and install” LT

          “Why do we Rest in Peace – why don’t we Live in Peace too?” Anon

          Office-updates

          Attachments:
          You must be logged in to view attached files.
        • #128511 Reply

          anonymous

          It’s me again. Never mind. I saw the post on non-security updates for Microsoft Office. -_-; No more updates for MS Office 2007…

      • #128573 Reply

        ch100
        AskWoody MVP

        I don’t see any new updates for Office 2016. Where are they? 🙂

        • #128585 Reply

          PKCano
          AskWoody MVP

          Updates for Office

          1 user thanked author for this post.
          • #128588 Reply

            ch100
            AskWoody MVP

            Those released on August,8 are not mainstream patches, which means they are hotfixes for limited release. They are available only for manual download in which case I think they should not even get a mention here.
            The updates released on August, 1 are the real regular updates and should be installed at some stage, for most users when MS-DEFCON changes to 3 or above.

            • This reply was modified 1 week ago by  ch100.
            3 users thanked author for this post.
            • #128590 Reply

              PKCano
              AskWoody MVP

              Corrected list for Aug 1 Office updates is here

              3 users thanked author for this post.
            • #128618 Reply

              abbodi86
              AskWoody MVP

              They probably will hit MU next week

              i actually never use/care/check MU for Office updates, i get them from Download Center as released 😀

              1 user thanked author for this post.
            • #128643 Reply

              HiFlyer
              AskWoody Lounger

              They probably will hit MU next week i actually never use/care/check MU for Office updates, i get them from Download Center as released 🙂

              MU?

            • #128651 Reply

              PKCano
              AskWoody MVP

              Microsoft Update (as opposed to Windows Update).

            • #128682 Reply

              ch100
              AskWoody MVP

              i actually never use/care/check MU for Office updates, i get them from Download Center as released

              Here is not MDL, different target audience 😀

              1 user thanked author for this post.
    • #128461 Reply

      Geo
      AskWoody Lounger

      Group A , Win 7, SP1,X64 Home Premium  installed  KB4034664.  No problems so far. I only use this computer for print, email, internet.

    • #128473 Reply

      Jan K.
      AskWoody Lounger

      I don’t understand, how the most secure browser ever can have 28 vulnerabilities while the old one has “only” 8?

      2 users thanked author for this post.
      • #128487 Reply

        anonymous

        Because it’s the most secure browser ever, done by Micro$oft.

      • #128546 Reply

        Microfix
        AskWoody Lounger

        Perhaps it’s the new inclusion of ‘new secure technology’ for the purpose of MS and not the end-user which MS is protecting? Who knows, I don’t use it so, cannot say for sure.

        | 2 PC W8.1 Pro x64 | | 2 PC Linux Hybrids x64 | | 1 PC Windows XP Pro x86 (offline) |
          No problem can be solved from the same level of consciousness that created IT - AE
    • #128478 Reply

      samak
      AskWoody Lounger

      Another month where I thank my lucky stars that I’m using Windows 7:  9 vulnerabilities of which 2 are rated critical, 7 important and no Office updates.

      If I was running Windows 10 with Edge I would have 42 vulnerabilities of which 26 are rated critical, and 16 important.

      2 critical vs 26 critical. I know which I prefer.

      Flash is already updated so I shall sit here smugly until Defcon goes up 🙂

      W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

      1 user thanked author for this post.
    • #128490 Reply

      Geo
      AskWoody Lounger

      Maybe they should sell the rights to their old OS to the employees they laid off who worked on XP & 7; since they insist on violating  KISS.  Keep it simple stupid.

      2 users thanked author for this post.
    • #128492 Reply

      MrBrian
      AskWoody MVP

      From .NET Framework August 2017 Security and Quality Rollup: “Today, we are releasing the August 2017 Security and Quality Rollup Update. This update applies to Windows 10 and Windows Server 2016.”

      From Welcome to the .NET Framework 4.7.1 Early Access!: “Today, we are happy to announce an early access build of .NET Framework 4.7.1.”

      1 user thanked author for this post.
      • #128500 Reply

        anonymous

        So the .Net Framework 4.7 thing is the reason why I haven’t seen any security/monthly quality rollup for .Net Framework lately?

        I’m not here often so I don’t hear much.

    • #128493 Reply

      MrBrian
      AskWoody MVP

      I will guess that the Windows 7 LDAP referral chasing issue exists in the Windows 7 August 2017 updates since file WLDAP32.DLL is unchanged from the July 2017 updates.

    • #128496 Reply

      MrBrian
      AskWoody MVP

      Hopefully those of you who experienced blue screen of death problems with the July 2017 updates will report your experiences with the August 2017 updates (when the time is right to install them).

      • This reply was modified 1 week, 1 day ago by  MrBrian.
      1 user thanked author for this post.
      • #128501 Reply

        lizzytish
        AskWoody Lounger

        Forgive my dumb question here, MrBrian….guess you are referring to those who finally got their
        updates successfully installed in July, as I was under the impression that those of us who were installing the Security updates only, would have to install the month’s before update before being able to install the next month’s. And so if the previous month (July) Security update created a BSOD and one had to uninstall it to recover, then one would not be able to go ahead with the following months update. Is this right – or have I misjudged ? LT

        “When you make a commitment you build hope, when you keep it you build trust.” Anon

        1 user thanked author for this post.
        • #128503 Reply

          MrBrian
          AskWoody MVP

          You’re right indeed, with regards to the security-only updates. However, maybe somebody who had BSOD issues with the July monthly rollup could report how well the August monthly rollup is working.

          2 users thanked author for this post.
          • #128508 Reply

            lizzytish
            AskWoody Lounger

            Thank you for replying so quickly! I have been mulling over reinstalling that offending update when I have a bit of quiet time….. as I would like to keep this machine updated until I have time (and money) to transition to another OS and finally bid farewell to MS! LT

            “In a world where you can be anything – be kind!” – Anon

            2 users thanked author for this post.
        • #128526 Reply

          MrBrian
          AskWoody MVP

          On second thought, those who had BSOD problems with the July security-only update might wish to (when the time is right) install the August security-only update, and then the July security-only update. The August security-only update might have newer versions of files that don’t cause the BSOD issue anymore.

          1 user thanked author for this post.
    • #128504 Reply

      MrBrian
      AskWoody MVP

      My favorite two sources for Microsoft updates articles: https://www.zerodayinitiative.com/blog/2017/8/8/the-august-2017-security-update-review and http://blog.talosintelligence.com/2017/08/ms-tuesday.html.

      • This reply was modified 1 week, 1 day ago by  MrBrian.
      3 users thanked author for this post.
    • #128516 Reply

      Noel Carboni
      AskWoody MVP

      Windows 8.1 Patch Observations

      Enabled and Started the Windows Update service on my Win 8.1 virtual machine and instructed it to check for updates… Windows Update ran for a couple of minutes then reported 3 Important updates detected (total 296.3 MB):

      ScreenGrab_W81EVM_2017_08_09_000205

      What’s funny is that even though the Windows Update panel shows a percentage rising, the actual network traffic always looks bursty, like this:

      ScreenGrab_W81EVM_2017_08_09_000459

      Updates went in smoothly, reboot was okay. No new errors or warnings are shown in the System Event Log.

      A quick check for system settings changes revealed:

      • A new scheduled task: “MicrosoftWindowsShellCreateObjectTask”
      • Scheduled task “MicrosoftWindowsTaskSchedulerIdle Maintenance” changed from Disabled to Ready.

      I plan to subject this non-critical test system to system tests over the coming days to determine if any functionality I rely upon has been impaired. So far at first glance it seems to have survived the update at least.

      -Noel

      Attachments:
      You must be logged in to view attached files.
      5 users thanked author for this post.
      • #129279 Reply

        Noel Carboni
        AskWoody MVP

        FYI, all went well with the Win 8.1 testing and because I’m at a good breakpoint with my work I chose to move my Win 8.1 hardware up to the August patches, Group A style, this morning. Benchmarks showed nominal values and so far working with it all day I’ve found nothing wrong. It’s a multi-monitor system by the way.

        -Noel

        1 user thanked author for this post.
    • #128522 Reply

      Noel Carboni
      AskWoody MVP

      Windows 7 Patch Observations:

      Enabled and started Windows Update on my Win 7 virtual machine. It ran a couple of minutes and reported 2 important and 2 optional updates available. I chose to hide the recurring optional KB2952664 “telemetry” update again.

      ScreenGrab_W7VM_2017_08_09_003712

      ScreenGrab_W7VM_2017_08_09_003845

      The updates went in smoothly, the reboot was clean, no new errors or warnings in the System Event Log.

      A check for changes:

      • BITS service was changed from DEMAND_START to AUTO_START

      Further testing is planned.

      -Noel

      Attachments:
      You must be logged in to view attached files.
      8 users thanked author for this post.
      • #128582 Reply

        anonymous

        Is that BITS change any reason for concern, perhaps in terms of what it may mean down the line?

        2 users thanked author for this post.
        • #128619 Reply

          abbodi86
          AskWoody MVP

          No, it’s system behavior when installing updates from WU, even if you disabled BITS, WU would re-enable it

          anyway, BITS status should not be a concern on Windows 7/8.1

          4 users thanked author for this post.
          • #128652 Reply

            anonymous

            Thank you.

      • #128765 Reply

        Pepsiboy
        AskWoody Lounger

        Windows 7 Patch Observations: Enabled and started Windows Update on my Win 7 virtual machine. It ran a couple of minutes and reported 2 important and 2 optional updates available. I chose to hide the recurring optional KB2952664 “telemetry” update again. ScreenGrab_W7VM_2017_08_09_003712 ScreenGrab_W7VM_2017_08_09_003845 The updates went in smoothly, the reboot was clean, no new errors or warnings in the System Event Log. A check for changes:

        • BITS service was changed from DEMAND_START to AUTO_START

        Further testing is planned. -Noel

         

        Noel,

        I got stuff like that the other day also.

        KB4034679 – Security Update
        KB4034733 – IE 11 Update
        KB4034664 – Monthly Rollup
        KB4035510 – .NET Framework Update
        KB4019990 – .NET Framework Update
        KB2952664 – Win 7 Update

        Of these, I am NOT going to get 2952664 and will hide it AGAIN. I MIGHT get 4035510, but probably will not. The others will get installed when Defcon changes to higher number.

        Sorry, no screen shots at this time.

        Any thoughts on WHY 2952664 showed up again? Any advice is appreciated.
        Thanks, in advance.

        Dave

      • #129278 Reply

        Noel Carboni
        AskWoody MVP

        FYI, all went well with the testing of the August patches here – for my needs – and I chose to move my Win 7 hardware to the latest, Group A style. So far that’s gone well also.

        -Noel

        2 users thanked author for this post.
    • #128657 Reply

      anonymous

      Hi. I have Windows 7 x64 and heard something about the .Net Framework security and monthly quality update. For Windows 7 I don’t see any update for x64 version. Is it something that would be placed into Windows Update on its own?

       

      Thanks.

    • #128703 Reply

      plodr
      AskWoody Lounger

      Thanks. I wasn’t aware that it was only a bugfix and not a security issue.

    • #128790 Reply

      MrBrian
      AskWoody MVP

      Issue and workaround documented for Windows 8.1 August 2017 monthly rollup: “NPS authentication may break, and wireless clients may fail to connect.” The same issue was documented in the Windows 8.1 July 2017 preview monthly rollup.

    • #128923 Reply

      AJNorth
      AskWoody Lounger

      In her Patch Watch column for Windows Secrets (2017.08.10), Susan Bradley has this entry for Windows 7:

      “The Windows 7 updates released this month in the form of KB4034664 include security updates for Microsoft JET Database Engine, Common Log File System Driver, Microsoft Windows Search Component, Volume Manager Driver, Internet Explorer, Windows Server, and Windows kernel-mode drivers. No non security updates were released with this update.

      At this time I am not tracking any major side effects.”

      Can one then infer that KB4034664 is simply a combination of KB4034679 & KB4034733?

      (Which is what Martin Brinkmann explicitly states in his column, “Microsoft Security Updates August 2017 release” (though both articles fail to mention KB4034733, which is obviously included in KB4034664):

      “KB4034679 — August 8, 2017 Security only update for Windows 7 SP1 and Windows Server 2008 R2 SP1

      Security updates to Windows Server, Microsoft JET Database Engine, Windows kernel-mode drivers, Common Log File System Driver, Microsoft Windows Search Component, and Volume Manager Driver.

      KB4034664 — August 8, 2017 Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1

      Same as KB4034679”

      https://www.ghacks.net/2017/08/08/microsoft-security-updates-august-2017-release/ .)

      • #128943 Reply

        MrBrian
        AskWoody MVP

        August 2017 Windows 7 or 8.1 monthly Windows rollup = August 2017 Windows 7 or 8.1 Windows security-only update + August 2017 Internet Explorer cumulative update + other files.

        1 user thanked author for this post.
      • #129105 Reply

        Volume Z
        AskWoody Lounger

        Whenever no Preview Rollup precedes the respective Monthly Rollup, no new reliability (non-security) component gets added to the Security Monthly Quality Rollup.

        August 2017 Monthly Rollup = July 2017 Monthly Rollup + August 2017 Security Only Quality Update + August 2017 Cumulative Security Update for IE11.

        1 user thanked author for this post.
    • #129064 Reply

      anonymous

      I have been noticing something unusual about this month’s Windows 7 x64 updates:

      I have Win 7 Pro, and on Tuesday I got a Preview Rollout (which I hid, in case I might need it later), and the “Malicious Software” eliminator, that I installed, as it seems innocuous enough.

      And, so far, that has been that. It is late Friday night, close to four days have gone by, and nothing else has showed up here from MS since Tuesday. I have run Windows Update, twice, two days apart, the last time today, an hour ago, and each time it has come up with “Windows is up to date; no updates are available” for my machine.

      Occasionally, in he past, it has been one or two days later that I got a “Tuesday” update, but this time it seems to be taking unusually long, thus my posting this message here.

      I do know that there are updates, Windows Update not withstanding, and already have downloaded manually, directly from MS, the security one for Windows 7 and the Cumulative one for Explorer 11, both now sitting on my desktop until I figure out that it is OK to install them. So I am not worried about not being able to update and, by so doing, cover the latest holes discovered in the OS. Not so much worried, as puzzled.

      Is anyone else having the same experience?
      Thanks.

      • #129106 Reply

        Volume Z
        AskWoody Lounger

        Mind posting a screengrab of the “Preview Rollout” hidden last Tuesday?

        2 users thanked author for this post.
    • #129088 Reply

      MrBrian
      AskWoody MVP
    • #129150 Reply

      anonymous

      Volume Z has asked for a “screen grab” of the “Preview Rollout” update I did receive on Tuesday and then hid, in case it might be needed later. (I was just following my usual practice with things dubious, but not obviously evil.)

      Not sure what VZ means by that.

      In any case: it was the “Preview Quality Rollout for .NET Framework.”

      Hard to see what that may have to do with my lack of updates received (and still the case as I write this, Saturday afternoon), but one never knows, does one?

      1 user thanked author for this post.
      • #129154 Reply

        PKCano
        AskWoody MVP

        By “screen grab” he meant screen shot (picture) of the Rollup,
        He was probably trying to determine the full name of the patch, which includes the month, the .NET versions, and the KB number.

        FYI: Preview patches are generally unchecked optional updates which will not be installed (since they are unchecked and in the “Optional updates” list) and do not need to be hidden for that reason.

        1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Lots and lots of patches

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.