News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • May 2019 Patch Tuesday arrives

    Home Forums AskWoody blog May 2019 Patch Tuesday arrives

    This topic contains 112 replies, has 32 voices, and was last updated by  PKCano 4 months, 2 weeks ago.

    • Author
      Posts
    • #1621041 Reply

      woody
      Da Boss

      The numbers are starting to roll in. Hang on a sec while we get a clearer picture.
      [See the full post at: May 2019 Patch Tuesday arrives]

      8 users thanked author for this post.
    • #1621195 Reply

      anonymous

      Wow. If they released a patch for Windows XP, then this vulnerability must be really bad.

      1 user thanked author for this post.
      • #1634520 Reply

        Alex5723
        AskWoody Plus

        How come Windows Update MiniTool, Windows Update Management, Belarc Advisor still doesn’t show May 2019 updates for 1809 Pro 17763.437 ?

        1 user thanked author for this post.
    • #1621530 Reply

      PKCano
      Da Boss

      Direct Catalog downloads for Group B Security-only patches and IE11 Cumulative Updates have been updated on AKB2000003 on 5/14/2019.

      Please note: There was a pciclearstalecache.exe bundled with the Win7 May Security-only Update. The download link has been included in AKB2000003.
      For those of you with Win7:
      Download the pciclearstalecache file and store it in the same location as the Security-only Update (on the desktop, in a folder, etc). Do not execute the file directly. When you install the Security-only Update, it should execute the pciclearstalecache automatically in the process. You may see the brief flash of a command prompt.
      (At least, this is the way it worked when bundled with the Monthly Rollup last year.)

      16 users thanked author for this post.
      • #1621748 Reply

        Matthew
        AskWoody Plus

        What is the significance of the pciclearstalecache.exe file that it has been given separate downloads? Would we install it first or what? Thanks.

        • #1622308 Reply

          DrBonzo
          AskWoody Plus

          I don’t know what it does but it also comes with the stand alone package for kb4499175 from the update catalog, so I don’t think you actually have to download it separately.

          • #1622343 Reply

            PKCano
            Da Boss

            See the note above on how to deal with it.

            1 user thanked author for this post.
      • #1623839 Reply

        JNP
        AskWoody Plus

        PK, I am a bit confused, this happens a lot to me :).  I am in Group B and the last security only update I installed was the April 2019: KB 409310.   I see the May Security only update in AKB2000003 but I don’t see anything for the pciclearstalecache file. What am I missing? What should I do when I decide to install the May update?  Could you kindly break this down a bit more?  Thanks.

        • #1623964 Reply

          PKCano
          Da Boss

          the last security only update I installed was the April 2019: KB 409310.

          ??? The April 2019 Security-only Update for Win7 was KB4493448 (as shown in the attachment).

          I don’t see anything for the pciclearstalecache file.

          Instructions are here #1621530.

          Screen-Shot-2019-05-14-at-5.21.43-PM

          Attachments:
          3 users thanked author for this post.
          • #1623990 Reply

            JNP
            AskWoody Plus

            Thanks, I see it now.  Really, appreciate you guys keeping us up to date.

        • #1623982 Reply

          DrBonzo
          AskWoody Plus

          Maybe this will help. Go to this link:

          http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499175

          and pick the Win 7 version you need and “add” it to your basket. Then click “view basket”. On the next screen you’ll be able to download the Security Only update package, which will consist of a folder with the actual update file and the pciclearstalecach file in it. Open the folder and click on the actual patch file, and the patch will be installed, and as long as the pci… file is in the same folder, it will automatically be dealt with – you don’t have to click on it or anything! In other words, as long as the pci… file and the actual patch file are in the same folder, it’s just like installing a normal update from the Update Catalog.

          Hope this helps.

      • #1628839 Reply

        phaolo
        AskWoody Lounger

        Wait, it hadn’t to be run manually?
        The instructions for it were always changing..

        I executed it before and after installing the patch (I think it was 4099950).
        Did I screw up something? O_o

        (why isn’t this simply included in the package btw?)

        • #1628886 Reply

          DrBonzo
          AskWoody Plus

          I downloaded the Security Only patch for Win 7 yesterday from the MS Update Catalog, and the folder that landed on my desktop did indeed have the patch file AND the pciclearstalecache file in it.

          I didn’t check the Rollup patch to see if the pci… file is included with that download.

          • #1628911 Reply

            PKCano
            Da Boss

            The bundling is taken care of by WU when you update the Rollup using it.
            The instructions for installing it manually are above.

        • #1628913 Reply

          PKCano
          Da Boss

          The instructions for the pciclearstalecache are above.

          3 users thanked author for this post.
          • #1628952 Reply

            phaolo
            AskWoody Lounger

            Yeah, I meant in the past, the first time pciclearstalecache.exe appeared.
            Anyway, I’ll follow those instructions now.

      • #1629859 Reply

        phaolo
        AskWoody Lounger

        Ouch.. I didn’t see any command prompt.

        Btw the file from the catalog was called (I didn’t remove the SHA1 tho..):
        pciclearstalecache_d243a607b50db10ed50f03cff570498018c61a59.exe

        Checking the registry, then, I noticed some errors.

        • Since years I use SoftwareRestrictionPolicies to limit cmd.exe to be used only with admin rights, due to the fear of ransomware.
          It never created problem with patches, but now I saw an entry about it:
          Access to C:\Windows\system32\cmd.exe has been restricted [..] 
        • Also:
          The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).
          The winlogon notification subscriber <TrustedInstaller> failed a critical notification event.

        Is there a more detailed log somewhere?
        (I’ve found windowsupdate.log, but I can’t understand anything lol)

        Should I reinstall the patches? :\

        • This reply was modified 4 months, 3 weeks ago by  woody.
        • #1630101 Reply

          PKCano
          Da Boss

          If you do not have fixed IP addresses in a network situation that get lost, or problems with network connections, you are probably OK to leave things as they are.

          • #1630498 Reply

            phaolo
            AskWoody Lounger

            Gosh.. fingers crossed. For now all looks normal.
            Btw why couldn’t we just run pciclearstalecache.exe manually?
            That’s what the patch does at the start, no?
            (also, why doesn’t it simply stop, if it cannot find the file?)

          • #1692091 Reply

            walker
            AskWoody Lounger

            @pkcano:  I am Group A, so I wonder if this one applies to me (??).  I’m Windows 7, Home Premium (I think).  This is the KB4499406 NET Framework update.

            Nothing sophisticated on this Windows 7.   Perhaps a redundant question on my part for which I apologize (Just fearing I may make a mistake).

            Apologies for the additional question.  Thank you.

            • #1692287 Reply

              PKCano
              Da Boss

              Yes, if it is checked, install KB4499406 NET Framework update.

            • #1692526 Reply

              walker
              AskWoody Lounger

              @pkcano:  Thank you again, so very, very much for verifying that this is a safe one.  As always thank you for taking the time to reply to my question.  I appreciate your assistance, more than words can ever say.  Thank you for your invaluable help.

      • #1702336 Reply

        Ed
        AskWoody Lounger

        @pkcano… “When you install the Security-only Update, it should execute the pciclearstalecache automatically in the process. You may see the brief flash of a command prompt.

        To verify the patching process actually completed successfully, after restarting the computer when the update completes the “pci.sys” file located in the Windows\System32\Drivers folder will change.

        Before the update is ran the file version is 6.1.7601.24056 with a date stamp of 2/10/2018. After a successful installation the file version will be 6.1.7601.24441 with a date stamp of 4/18/2019.

        1 user thanked author for this post.
        • #1713387 Reply

          Elly
          AskWoody MVP

          Thank you for confirming that there is a change, and what others may look for, specifically, when the updating is successfully completed.

          I remembered being able to look for a similar change, last year, but had difficulty bringing up the specific reference.

          Those that do not see a change may not have downloaded both files and placed them in the same folder, thus not installing correctly.

          The ‘pci.sys’ file is something that Everything search will find much quicker than the Windows Search, or trying to navigate to it, with Windows Explorer, from my experience.

          I do wish that some others could confirm this date change, as well.

           

          Win 7 Home, 64 bit, Group B

          1 user thanked author for this post.
          Ed
          • #1713638 Reply

            DrBonzo
            AskWoody Plus

            I can confirm – sort of. Here’s what happened to me on a handful of Win 7 machines, all of which were up to date with Group B through April patches. Each had a file version 6.1.7601.24056 before the May Security Only. I downloaded the SO file from the Update Catalog and it came in a folder that also had the pci….exe file in it. The pci…exe file did NOT execute when I installed the SO (not only did I not see the command line ‘flash’ but the file version did not change). I assumed per PKCano that it did not execute because it did not need to execute. Nonetheless I then executed the pci…exe file separately and got the 6.1.7601.24441 file version. Everything has been working fine on all the machines for almost 3 days now.

            1 user thanked author for this post.
          • #1725633 Reply

            Ed
            AskWoody Lounger

            I know you asked for “Others” to confirm this Elly and theoretically that would omit myself, BUT. I’ve completed the update process on all 16 computers now with 12 of them being 64 bit and the other 4 being 32 bit and got the exact same result from each of them.

            To be specific… on each computer I started by verifying the “pci.sys” file was dated 2/10/2018 and then created a folder on the Desktop & named the new folder Patches (the folder’s name doesn’t matter). I then downloaded KB4499175, KB4498206 and the pciclearstalecache files from the catalog using the links on the Group B page here at Woody’s and saved all three files to the newly created Patches folder.

            I then made sure the Windows Update service was NOT running and double clicked on KB4499175 to launch the installation, and closed the opened folder once it started. When the installation finished I had the options to Restart or Cancel… I chose Cancel. I then went back to Services again and STOPPED the Windows Update service. Then I opened the Patches folder again and double clicked on KB4498206 to launch the installation, and closed the opened folder once it started. When the installation finished I had the options to Restart or Cancel again… this time I chose Restart.

            Not once during the installations on any of 16 of the computers did I see a “blink”, a “command prompt box” or anything unusual take place during the installation processes. After the computers restarted I checked the “pci.sys” file again and every one is now dated 4/18/2019.

            1 user thanked author for this post.
            • #1728796 Reply

              Elly
              AskWoody MVP

              Alright! Other computers works as ‘others’ as far as I’m concerned!

              It is helpful to have the exact steps for your success detailed, for those who have been uncertain about it working… so thank you, @ed.

              Win 7 Home, 64 bit, Group B

    • #1621464 Reply

      anonymous

      According to the info, having Remote Desktop off prevents this from being exploited anyway, and I gather so does blocking port 3389, or for that matter inbound connections entirely, via firewall, right?
      — Cavalary

      • #1622178 Reply

        woody
        Da Boss

        Excellent question. Short answer: I’m not sure. Let’s see how this plays out.

    • #1621881 Reply

      Alex5723
      AskWoody Plus

      The numbers are starting to roll in. Hang on a sec while we get a clearer picture.
      [See the full post at: May 2019 Patch Tuesday arrives]

      Martin Brinkmann has full details on May 2019 updates

      https://www.ghacks.net/2019/05/14/microsoft-windows-security-updates-may-2019-overview/

      2 users thanked author for this post.
    • #1621888 Reply

      b
      AskWoody Plus

      Big news is the “wormable” security hole in RDP, CVE-2019-0708. From Simon Pope on the MSRC Technet blogt:

      Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.

      Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.

      Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.

      Interesting that in that “quote” you skipped over the “patch A.S.A.P.” bit:

      Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.

      You feel the Director of Incident Response, Microsoft Security Response Center got that wrong?

      Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

      3 users thanked author for this post.
      • #1622095 Reply

        Alex5723
        AskWoody Plus

        we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows

        These out-of-support versions of Windows don’t have Windows updates running anymore, for years.

      • #1622099 Reply

        woody
        Da Boss

        Not wrong. But I prefer to see what kinds of problems kick up before somebody releases an attack into the wild.

        UPDATE: Remember that MS17-010, the WannaCry patch, appeared six weeks before there was a credible WannaCry threat. I don’t doubt that this will be exploited. But at this point I’m concerned that there may be gotchas, including the Krebbs report of having to install the patch twice.

        • #1626161 Reply

          b
          AskWoody Plus

          Not wrong. But I prefer to see what kinds of problems kick up before somebody releases an attack into the wild.

          You won’t be updating your test Windows 7 system yet? Someone needs to!

          UPDATE: Remember that MS17-010, the WannaCry patch, appeared six weeks before there was a credible WannaCry threat.

          By which time hundreds of thousands of Windows 7 computers were infected with ransomware.

          Let’s hope the attackers remember to include a kill switch which can be inadvertently discovered again or it could be even worse.

          Although there are many millions fewer Windows 7 systems now than there were two years ago during WannaCry.

          I don’t doubt that this will be exploited. But at this point I’m concerned that there may be gotchas, including the Krebs report of having to install the patch twice.

          Windows 10 patches for 1809 and 1903 may install twice, but Windows 10 isn’t affected by the “RDS worm”. So that Krebs report is unconnected with a forthcoming exploit.

          Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

          1 user thanked author for this post.
    • #1621887 Reply

      anonymous

      I am running Windows 10 1803 on my home computer.  I noticed there is an unusual patch (Cumulative Update for .NET Framework 4.8; KB4495616) this month.

      Should I treat this like a normal monthly cumulative update (i.e. wait for the all clear before installing it)?  Or should it be installed sooner?  I guess I’m not sure what it is for.

      • #1622819 Reply

        EP
        AskWoody_MVP

        best to wait until woody & susan give the all clear to install any net .NET patches

        1 user thanked author for this post.
        • #1623059 Reply

          anonymous

          I have not patched .net on my Laptops since Sept of 2016. So most of my patching involves the Windows 7 OS security only patches and the IE11 cumulative security updates. I have patched for some other required patches to the Windows updating/patchng  subsystem and such that are required to be able to install the other patches but that’s about it.

          Is there some kind of .net cumulative/roll-up sort of patch that can get me caught up, one that does not have any spyware/telemetry gathering baked in.

          • #1623162 Reply

            PKCano
            Da Boss

            Group B patching recommends updating .NET through what is offered in Windows Updates. Refer to AKB2000003, which is the guideline for Group B patching.

            1 user thanked author for this post.
    • #1622097 Reply

      BobbyB
      AskWoody Lounger

      Win10x64 1903 Home got KB4497936 (need’s SSU KB4500109) .net KB4495620, Adobe KB4497932.
      takes it from Winver 18362.86 to 18362.113. No problems or nothing broken so far.

      2 users thanked author for this post.
    • #1622311 Reply

      AceOfAces
      AskWoody Lounger

      Well, another Intel security bug was found. https://www.chromium.org/Home/chromium-security/mds

      Looks like it’s another Spectre type of attack (if I read the info I found correctly so far, it attacks the buffers to retrieve sensitive data. Still reading.) and Microsoft added them in to all May 2019 patches (I can confirm it in 1903’s patch notes). Intel is rolling out microcode as well.

      And just when you thought this would be over soon…

      Quick Edit: Quick clarification: This is a cocktail of 4 bugs in the processors:

      CVE-2018-12126

      Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

      CVE-2018-12127

      Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

      CVE-2018-12130

      Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

      CVE-2019-11091

      Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

      The first three are considered Medium in severity. The last one is low.

      • This reply was modified 4 months, 4 weeks ago by  woody.
      3 users thanked author for this post.
      • #1622981 Reply

        woody
        Da Boss

        I’m thinking about posting that on the main blog – but I wanted to give the May patches time to stew a bit.

        Short version: Ho hum.

        • #1623259 Reply

          b
          AskWoody Plus

          Also affects Chromebook performance:

          Microarchitectural Data Sampling on Chrome OS

           

          Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

          2 users thanked author for this post.
          • #1623387 Reply

            Microfix
            Da Boss

            wonder what the Google-DEFCON is then.. 😛

            ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

        • #1630765 Reply

          Steve S.
          AskWoody Plus

          Some interesting reading I’ve done today about the ZombieLoad/RIDL/Fallout/MDS  situation — or maybe it’s FUD temporarily?  😉

          Some links in this post I made:

          Hyper-Threading & ZombieLoad CPU exploit

          Win7 Pro x64 (Group B), Win10 Pro x64 1809, Linux Mint + a cat with 'tortitude'.

    • #1623182 Reply

      Microfix
      Da Boss

      KB 4494441 [that’s the Win10 1809 patch] had to be installed twice so be sure to run Windows Update twice. I was not amused.

      Unlike Krebs, I only had to install once from WU on steady old Win8.1 x64 😛

      KB4499151 May 2019 SMQR: error code 0x0
      KB4497932 May 2019 Abode Flash Player: error code 0x0
      no errors in event viewer post reboot.

      Confidence is high: I removed replaced WinSxS assemblies and
      WinSxS temp files, oops, no going back!! 😉

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      1 user thanked author for this post.
    • #1623253 Reply

      CADesertRat
      AskWoody Plus

      I had 2 W10 Pro computers that still had 1803 on them and this morning 1 of them updated before 10 am PST and got 1809 17763.475, the other one updated after 10 am PST and got 1809 17763.503.

      Don't take yourself so seriously, no one else does 🙂
      4 Win 10 Pro currently 1809 (3 Desktops, 1 Laptop).

      1 user thanked author for this post.
    • #1623279 Reply

      Cybertooth
      AskWoody Lounger

      In his post, Woody wrote that…

      Big news is the “wormable” security hole in RDP, CVE-2019-0708. From Simon Pope on the MSRC Technet blog

      It’s odd that XP and Windows 7 would be affected by this vuln, but not Vista which came out in-between those two.

      Could this be an oversight on their part?

       

      2 users thanked author for this post.
      • #1625001 Reply

        woody
        Da Boss

        Excellent question. I have no idea.

        1 user thanked author for this post.
      • #1626889 Reply

        anonymous

        Server 2008 is affected. So Vista has to be affected too as they share the same codebase.

        1 user thanked author for this post.
    • #1623454 Reply

      Tex265
      AskWoody Plus

      May is also the month that Windows 10 versions 1809 and 1803 are suppose to receive the new Windows Updater released to 1903 last month.  The separate Feature delay and Monthly Update delay.

      Anybody know how this will be implemented?   As there was mention about it being later in May, separate KB update?

      Windows 10 Pro x64 v1803 and Windows 7 Pro SP1 x64
    • #1623526 Reply

      ajcoll5
      AskWoody Lounger

      But wait. That’s not all. There’s also a big hole in .NET versions 2.1 and 2.2. CVE-2019-0982. It’s a Denial of Service vulnerability.

      To clarify, that’s .NET Core 2.1 and .NET Core 2.2 — not .NET Framework.

      2 users thanked author for this post.
    • #1623944 Reply

      abbodi86
      AskWoody_MVP

      What a .NET mess

      1 user thanked author for this post.
    • #1624009 Reply

      JNP
      AskWoody Plus

      Thanks, this is great!  One stop shopping for both files.  Many thanks.

    • #1624317 Reply

      OscarCP
      AskWoody Plus

      “Giving the patches time to stew for a bit” as Woody has said, looks to me as the best approach right now. These vulnerabilities probably have been around for a while already and nothing bad has happened, at least that has made any loud noises we have heard. Chances are that now has become known these vulnerabilities exist and measures are being taken to deal with them will deter those who want to exploit them from doing so right away. In the meantime, people will find out what problems, if any, the patches against those vulnerabilities may themselves cause, and give the word, when that is fixed, that is OK to patch.

      Group B Windows 7 Pro, SP1 x64 & macOS+Linux Mint.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

    • #1624552 Reply

      Mele20
      AskWoody Lounger

      What about Windows 8.0 Pro?  I use it every day and it has always been very steady with no problems after I fixed the start menu mess and a few other things.  If they are providing a patch for XP then why not a patch for 8.0?  I see Microsoft has a patch for 8.1 so why not for 8?

      I’m probably ok since I’ve always had Remote Connection disabled.

      • #1625687 Reply

        b
        AskWoody Plus

        Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.
        Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

        2 users thanked author for this post.
      • #1637558 Reply

        EP
        AskWoody_MVP

        Windows 8.0, 8.1 & 10 not affected

    • #1624773 Reply

      T
      AskWoody Plus

      You would think for once microsoft would offer the remote desktop patch as a standalone update given the seriousness of it because now we have to accept the whole lot to patch this hole yet risk the update messing up something else. Which is particularly likely this month with these new MDS vulnerabilities being patched and what on earth is that going to do to performance? It’s just too early to install, a lot of us have been burned in the past doing that.

      2 users thanked author for this post.
      • #1628211 Reply

        honx
        AskWoody Lounger

        same here. i remember march 2018, me rolling back to december 2017 because of these problems in january through to march 2018 patches. i’m not gonna repeat that. so despite defcon 3 for windows 7, i stay put. i wait until there is malware exploiting this hole. btw. is my computer at risk in case of this new security hole, if i don’t use remote desktop at all? remote desktop services startup type is set to manual, so it isn’t even running…

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

    • #1624789 Reply

      E Pericoloso Sporgersi
      AskWoody Plus

      I seem to have well-behaved and pretty standard computer hardware (see * below).
      On Tuesday May 14th, 16:00 Seattle time, I ran [Check for updates] and was offered 3 “Quality updates” for my Windows 10/64 Home:
      KB4494441
      KB4497932
      KB4499405
      (Yes, yes, I do have a previous full disk image, just in case.)

      Well, the grass is still thriving and just as green as on the other side. IOW, I found no problems, no issues and I now run Windows 10 Home version 1809 OS build 17763.503 (installed 15 May 2019 01:00, Antwerp time  ).

      Fish are jumping and the cotton is high …

      *
      Motherboard Clevo P17SM-A
      Intel(R) Core(TM) i7-4810MQ CPU
      BIOS American Megatrends Inc. 4.6.5, 28/07/2015
      32 GB RAM
      Windows 10/64 Home
      Samsung SSD 840 EVO 500 GB mSATA
      HDD 1 TB
      Intel(R) HD Graphics 4600
      NVIDIA GeForce GTX 970M
      Realtek PCIe GBE Family Controller
      Telenet broadband @ 192 Mbps
      7 USB 3.0 external HDDs 17 TB total
      1 eSATA external HDD 1 TB for system disk images

      • This reply was modified 4 months, 4 weeks ago by  woody.
      3 users thanked author for this post.
    • #1625743 Reply

      Alex5723
      AskWoody Plus

      wonder what the Google-DEFCON is then

      Microarchitectural Data Sampling (MDS) attacks affects ALL modern Intel CPUs. My Intel i7-8850H looks like Swiss cheese.

      Both Microsoft (Intel) and Canonical issued micro-code updates).

      You can download MDS tool for Windows, Linux.

      https://mdsattacks.com/ (scroll down for the tool)

      1 user thanked author for this post.
    • #1626622 Reply

      Mele20
      AskWoody Lounger

      Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.
      Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

      So, 8.1 is affected but 8 is not?  Microsoft has a patch for 8.1.

      • #1627105 Reply

        woody
        Da Boss

        This specific “wormable” security hole does not exist on Win8 or 8.1.

        The cumulative update (and security-only update) for 8.1 does not patch this hole.

        2 users thanked author for this post.
    • #1626669 Reply

      Alex5723
      AskWoody Plus

      Customers running Windows 8 and Windows 10 are not affected by this vulnerability,

      Are you refering to the ‘wormhole’ or Microarchitectural Data Sampling (MDS) ?

      Attachments:
    • #1627354 Reply

      anonymous

      W7 Starter 32 & W7 64. Updated. OK !

    • #1628017 Reply

      James Bond 007
      AskWoody Lounger

      So Microsoft has taken the step of releasing security updates for Windows XP and Windows Server 2003? Sounds like problematic vulnerabilities.

      It seems to me that I will finally be patching my Windows 7 / Windows 8.1 systems this month, just not now.

      That “wormable” vulnerability in particular sounds like a really serious one for Windows 7 / 2008 R2, but without knowing about any problems the security-only update may cause, I won’t patch at this time. 4 months I have gone by (January 2019 – April 2019) without patching, what is another few weeks? I don’t use Remote Desktop myself and disable it after installing Windows, and so I don’t think I am affected by it.

      Anyway, since Windows 8.1 is not affected by this vulnerability, if I want to feel safer I can use Windows 8.1 and/or MacOS Sierra / High Sierra for web surfing at this time.

      Hope for the best. Prepare for the worst.

    • #1628872 Reply

      magic
      AskWoody Lounger

      Bravo! Top job Microsoft. Security patches by the truckload (fine), and also an HSTS change you sneaked in with no notice which just made a number of websites inaccessible to those installing the patches … less than a week before an election.

      🤦‍♂️

      1 user thanked author for this post.
      • #1628957 Reply

        woody
        Da Boss

        HSTS change you sneaked in with no notice which just made a number of websites inaccessible

        Details, please. Which patch, what sites.. and are you talking about changes to HTTP Strict Transport Security?

        (Are you talking about the Win 8.1 change to add uk.gov to the HSTS top level domains for IE and Edge?)

        • #1659684 Reply

          magic
          AskWoody Lounger

          Sorry missed the reply.

          After some testing, any of the May 2019 cumulative patches for Windows 8.1 and 10 with HSTS. The one affecting my client is KB4499167.  For Windows 7 specifically KB4498206, which also included in the rollups KB4499164 and KB4499175 for Windows 7.

          “gov.uk” is the main site for the UK government. It’s used for online applications for car tax, passports, driving licenses. That sort of very important stuff which requires a secure connection, and has been HTTPS for years.

          Then you get a level down to local government, where there’s 400+ local councils. They have placename.gov.uk domains, which this just broke as we got no warning that HSTS was being enforced. I’m an infrastructure tech for for a local council with 250,000 residents. A bunch of internal systems (that don’t require HTTPS) stopped working after I got the patches to test on Wednesday morning.

          For us it prevents access to the publicly accessible democracy data and the planning system among others. Both of these are maintained by external systems providers so it’s not a five minute job to add a certificate.  The main website is fine for us, other councils don’t even have HTTPS enabled on those. I got a tweet before from someone advising that reading.gov.uk and doncaster.gov.uk are inaccessible.

          I can cancel or delay the patch to our internal clients, but we’ve got zero control over the patching on customers machines. Yes, we can advise them to use Chrome, Firefox etc, but it still going to generate a significant load on customer services.

          • This reply was modified 4 months, 4 weeks ago by  woody.
          2 users thanked author for this post.
          woody, b
        • #1660075 Reply

          Alex5723
          AskWoody Plus

          Details, please. Which patch, what sites.. and are you talking about changes to HTTP Strict Transport Security?

          Latest Windows 10 updates break access to some UK Government websites

          “After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) may not be accessible through Internet Explorer 11 or Microsoft Edge.”

          https://www.ghacks.net/2019/05/17/latest-windows-10-updates-break-access-to-some-uk-government-websites/

          • #1660306 Reply

            b
            AskWoody Plus

            That article addresses it as a Windows 10-only issue.

            But it applies equally to Windows 7 and Windows 8.1.

            Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

            1 user thanked author for this post.
          • #1660947 Reply

            anonymous

            Worst is the way that it forces HSTS on internal sites in the RFC1918 address ranges.

            Nobody should have the right to dictate that https be used on all internal websites like this.

            This caused us grief at work today. Fixing Linux boxes to support https is easy, but sorting out monsters like scarepoint is a nightmare.

             

             

      • #1657987 Reply

        woody
        Da Boss

        This from CK’s Technology News

        Some  gov.uk do not supporting HTTP Strict Transport Security (HSTS)  which results in a website breakage.

        Workaround:
        Add “gov.uk” into the HSTS TLD in IE/Edge. A fix comes next patch day.

        Thx @alqamar

        • #1659039 Reply

          b
          AskWoody Plus

          What’s shown as “workaround” there is the cause, not a cure.

          It’s now listed as a known issue in May updates for Windows 7/8.1/10 (all versions).

          Bleeping Computer seems to have the best summary, along with examples of a few county/town sites affected: Some GOV.UK Sites Unreachable Due to HSTS Changes in Windows Updates

          (Includes a link to “not recommended” registry fixes for Windows 7 and 8.1, but not Windows 10.)

          The issue only affects Internet Explorer and Edge (original) though, not other browsers including Edge (Chromium).

          Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

          1 user thanked author for this post.
    • #1628891 Reply

      PKCano
      Da Boss

      HTTP Strice Transport Security. Problem could have been the browser as well

      • #1628921 Reply

        magic
        AskWoody Lounger

        Well yeah. It prevents access in IE and Edge, so it is the browser.

    • #1628950 Reply

      anonymous

      If you’re Group B and download (1) KB4499175 (Security Only for Win 7) and then (2) then download in same download folder the ‘pciclearstalecache’, are you saying that after you click on and install the KB4499175 it will then automatically install the pciclearstalecache patch (that you’ve downloaded but not clicked on to install)?  Thanks in advance for clarifying.

      • #1628959 Reply

        PKCano
        Da Boss

        The instructions for the installation are here. Follow those instructions. They explain what is needed.

        2 users thanked author for this post.
        • #1628998 Reply

          anonymous

          Thanks, PK.  I just installed the May Security only patch (KB4499175</span>) and the IE security patch KB4498206, but I still see that ‘pciclearstalecache’ file in my download folder and when running windows update it shows both KB4499175 and IE KB4498206 patches installed but nothing about the pci patch listed under installed updates in windows update history.

          How do we confirm (check?) if that pciclearstalecache file was installed during installation of KB4499175?  Thanks  in advance for clarifying.

          • #1629007 Reply

            PKCano
            Da Boss

            See #1628840 for the proof.

            • #1629052 Reply

              anonymous

              Ok. Must admit I’m bit confused and appreciate all your great insights and knowledge.  If I understand this right, you can’t confirm it (e.g. if that new pci file is  installed) but as long as you download and install the May Win 7 Security only patch KB4499175 that patch will include this pci patch (inside the Win7 security only patch), so in reality you don’t need to download the pci patch too?  Thanks, PK.  Apologies for the confusion.

            • #1629054 Reply

              PKCano
              Da Boss

              Please read the instructions provided. The pci file is NOT in the update. There are two (2) files. Follow the link to AKB2000003 – see the two files. Download the two (2) files as instructed. Install them as instructed. The instructions above are very clear. There is even a screenshot a few posts below. Look at the picture. See the red arrow point at the second file.

              1 user thanked author for this post.
            • #1629105 Reply

              anonymous

              Sorry, PK.  Thanks for the patience.  To better clarify, I had already downloaded those three files from your AKB2000003 webpage (which I have had bookmarked going back past few years- thanks to your great efforts), but only installed today both May’s Win 7 security only and IE.  Thus step 3 would be to install the PCI file that I’ve already downloaded?….this seems obvious, but appreciate you confirming this?  Thanks very much. 🙂

              EDIT to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.

            • #1629142 Reply

              PKCano
              Da Boss

              Please quote for me here what is says about the pciclearstalecache file in these instructions.

              1 user thanked author for this post.
            • #1630769 Reply

              Elly
              AskWoody MVP

              Hey, PKCano,

              I’m just restating your instructions, but giving them three steps… maybe that will help those still having problems understanding them.

              1) Download the pciclearstalecache file and store it in the same location as the Security-only Update (on the desktop, in a folder, etc).

              2) Do not execute the file directly.

              3) When you install the Security-only Update, it should execute the pciclearstalecache automatically in the process.

              PS- Folks- you do have to actually read the instructions and follow them. If you continue to have problems, it might be best to move to Group A, and let Windows Update handle this for you.

              Win 7 Home, 64 bit, Group B

    • #1631656 Reply

      anonymous

      1) Download the pciclearstalecache file and store it in the same location as the Security-only Update (on the desktop, in a folder, etc).

      2) Do not execute the file directly.

      3) When you install the Security-only Update, it should execute the pciclearstalecache automatically in the process.

      OK, I have to comment on this after spending the entire evening going over these steps carefully and following them exactly in this order.

      As another person stated, upon restart I did not see any flash of a command prompt and I sat at my computer for the entire process so as not to miss anything should it pop up.

      I have been in Group B for years  patching both my own Win 7 desktop (and my three Win 8.1 laptops and desktop) as well as my elderly parents two  Win 7 computers.

      • #1635634 Reply

        PKCano
        Da Boss

        It says you MAY see a flash of a command prompt, NOT you WILL see one.
        And the instructions do not say on reboot. It would be on execution of the SO IF you see it.

        3 users thanked author for this post.
    • #1633586 Reply

      anonymous

      On this page https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708, it offers KB4499164 and KB4499175. Do we need to install both?
      On W7 PC that checks the updates directly to Microsoft, it offered KB4499164 only. After installed KB4499164, every time I checked, never offered KB4499175 (but I could download from Catalog and installed manually).

      However, in my WSUS, both KB shows as “Needed” for W7 PC.

      Thoughts, experts? Thank you!

    • #1635219 Reply

      anonymous

      Didn’t want to wait anyway, so yesterday I installed these three updates on my Group B system without problems afterwards:
      IE KB 4498206
      SO KB 4499175
      .NET KB 4499406

    • #1642365 Reply

      Alex5723
      AskWoody Plus

      try clearing the windows update cache (by deleting the SoftwareDistribution folder) and removing any Windows Update Deferral settings and running those tools again

      Just checked again with Belarc Advisor which has updated its DB.
      Now I get the ‘missing’ May 2019 updates :

      APSB19-26 Important Adobe Flash Player security update for Flash Player 32.0.0.171 ActiveX 64-bit
      APSB19-26 Important Adobe Flash Player security update for Flash Player 32.0.0.171 ActiveX 32-bit
      Q4497932 Critical Microsoft security update (KB4497932)
      Q4499405 Important Microsoft security update (KB4499405)
      Q4499728 Critical Microsoft security update (KB4499728)

      No KB4494441.

      My 1809 Pro is set to SAC/120/21.

      • #1642526 Reply

        PKCano
        Da Boss

        Set the quality deferral to 0 if you want KB4494441 – it’s only been 2 days and you’re deferring it to 21.

    • #1642534 Reply

      Alex5723
      AskWoody Plus

      if you want KB4494441

      I’ll wait, but shouldn’t it be on the list as part of May updates ?

      • #1642707 Reply

        PKCano
        Da Boss

        Your settings are telling it not to show up for 21 days.

        1 user thanked author for this post.
    • #1652693 Reply

      radosuaf
      AskWoody Lounger

      Windows fully updated – X-Fi works this time :).

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1809 64-bit
      • #1654795 Reply

        EP
        AskWoody_MVP

        weren’t you the one who said a few weeks ago your X-FI card did not work with the KB4495667 update for v1809?
        and now it works with the newest update like KB4494441?

    • #1654823 Reply

      EP
      AskWoody_MVP

      ah woody. that KB4023057 update is back again (newly revised) as Born recently mentioned it:
      https://borncity.com/win/2019/05/17/windows-10-reliability-update-kb4023057-05-162019/

    • #1678482 Reply

      Janie8
      AskWoody Lounger

      Group B Windows 7 Home Premium 64 bit

      I followed the instructions for pciclearstalecache and saved it in downloads. Downloaded the security only update (KB4499175) and expected the pciclearstalecache to be executed automatically but it didn’t happen, it was still in downloads. Restarted the computer and thought it might execute at that point but it was still in downloads.

      Clicked on run and it disappeared then searched for it in Windows Explorer. There is one dated 15.04.2018 but the .exe is still there. What do I do next?

      Any help would be greatly appreciated.

      • #1678485 Reply

        PKCano
        Da Boss

        The pciclearstalecache file should be in the same location(folder) as KB4499175. You install the Security-only update as usual, and if the .exe file needs to run, it will do so automatically during the SO install. You may or may not see the command prompt box flash. It the .exe does not need to run, it will not do so. So other than downloading it to the same location as the SO, you do not need to deal with it.

        • This reply was modified 4 months, 4 weeks ago by  woody.
        1 user thanked author for this post.
    • #1678497 Reply

      Janie8
      AskWoody Lounger

      Many thanks PKCano for your reply.

      Looked in the same location as KB4499175 and there is no pciclearstalecache in any of the folders.

      Do you think I should download it again and put it in the same location as KB4499175 c:\Windows\SoftwardDistribution\Download or leave it as it won’t execute?

      • #1678870 Reply

        PKCano
        Da Boss

        You should not be putting anything in c:\Windows\SoftwardDistribution\Download.

        If you have already installed KB4499175 the point is moot.
        If you have not installed KB4499175, then when you download pciclearstalecache, you should save it to the same folder/location that KB4499175 is in. You have to download two files. Then install KB4499175 as described.

        • This reply was modified 4 months, 4 weeks ago by  woody.
        1 user thanked author for this post.
    • #1707014 Reply

      EP
      AskWoody_MVP

      It looks like MS released new updates on May 19 & 20 to deal with the uk.gov sites not working correctly (affects nearly all versions of Windows); unusual for MS to be releasing them on the weekend

    • #1718623 Reply

      EP
      AskWoody_MVP

      And Microsoft has released even NEWER updates but only for the 1803 & 1809 versions of Windows 10 this Tuesday May 21.

      KB4497934 for 1809 (build 17763.529):
      https://support.microsoft.com/en-us/help/4497934/windows-10-update-kb4497934

      KB4499183 for 1803 (build 17134.799):
      https://support.microsoft.com/en-us/help/4499183/windows-10-update-kb4499183

      Important quotes from those articles about these new updates:

      Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are available for eligible devices will appear in a separate module on the Windows Update page (Settings > Update & Security > Windows Update). If you would like to get an available update right away, select Download and install now.

      Starting with update KB4499183, we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are available for eligible devices will appear in a separate module on the Windows Update page (Settings > Update & Security > Windows Update). If you would like to get an available update right away, select Download and install now.

      2 users thanked author for this post.
    • #1720502 Reply

      anonymous

       

      Win 10 Pro x64.  Upgraded from 1709 to 1803 from media offline, then reconnected and enabled WU service, applied SSU KB4497398 and May cumulative KB4499167 updates for 1803.  Disabled Update Orchestrator scheduled tasks that were re-installed by 1803  upgrade.  The 1803 upgrade also reinstalls Flash player as part of Edge package, removed Flash player via registry and DISM procedure.  Ran WUSH utility, blocked KB4023057, then ran Check for Updates.  KB4505064 HSTS fix was queued up although not presented by WUSH, acceptable.  The 1809 upgrade was queued up even though it had not been presented by WUSH, apparently a forced upgrade installation — blocked it by turning off WU service and changing settings, restarted and then re-ran Check for Updates to get May’s Office updates.

      1803 feels somewhat more sluggish than 1709.  Machine stable for 3 days on 1803.

      Edit to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.

      • #1753854 Reply

        anonymous

        Followup: 1803 performance such as app loading seems improved, possibly because Prefetch has completed?

        With 1803, HomeGroup is removed, and now Network (ex-“Network Neighborhood”) again displays computers/shares on local net, a convenience for users. SMB was previously removed, so WS-Discovery and UPnP in 1803 (vs 1709 and earlier) are now functioning correctly to create the network browse list.

        Many privacy setting need to be checked and reset in 1803

    • #1752073 Reply

      sldc88
      AskWoody Lounger

      I installed the May updates today. The pciclearstalecache is still where I downloaded it along with the security only patch (in Destktop). What does this mean? Can I delete from the Desktop? Thank you in advance for any help.

       

      Win7 SP1 groupB

    • #1752933 Reply

      Alex5723
      AskWoody Plus

      May 2019 Patch is not over yet.

      Microsoft releases Windows 10 builds 16299.1182, 15063.1839

      ..Today’s updates are for the Windows 10 Fall Creators Update and Creators Update, also known as versions 1709 (KB4499147) and 1703 (KB4499162), respectively.

      These are not Patch Tuesday updates, so they’re optional. You can get them through Windows Update, but they won’t install automatically.

      Also, both versions are not supported for Home and Pro SKUs of the OS. You’ll only get these updates if you’re on Windows 10 Enterprise or Education…

      https://www.neowin.net/news/microsoft-releases-windows-10-builds-162991182-150631839—heres-whats-new

    • #1782919 Reply

      honx
      AskWoody Lounger

      @pkcano… “When you install the Security-only Update, it should execute the pciclearstalecache automatically in the process. You may see the brief flash of a command prompt.

      To verify the patching process actually completed successfully, after restarting the computer when the update completes the “pci.sys” file located in the Windows\System32\Drivers folder will change.

      Before the update is ran the file version is 6.1.7601.24056 with a date stamp of 2/10/2018. After a successful installation the file version will be 6.1.7601.24441 with a date stamp of 4/18/2019.

      thx, pci.sys has changed, file version now is 6.1.7601.24441 as expected, but file date is 19.04.2019 04:44, not 04/18/2019

      PC: Windows 7 Ultimate, 64bit, Group B
      Notebook: Windows 8.1, 64bit, Group B

    • #1794131 Reply

      sldc88
      AskWoody Lounger

      I updated according to the instuctions given by PKCano. Afterwards, I checked for the pci.sys file version and it is 6.1.7601.17514. Does this mean the update wasn´t succesful? Does this that there is a problem?

       

       

      Windows 7 Home Premium 64bit, Group B

      • #1794137 Reply

        PKCano
        Da Boss

        Evidently it was not needed in your case.

        1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: May 2019 Patch Tuesday arrives

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel