News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • May 2019 Patch Tuesday arrives

    Home Forums AskWoody blog May 2019 Patch Tuesday arrives

    This topic contains 44 replies, has 17 voices, and was last updated by  anonymous 2 days, 16 hours ago.

    • Author
      Posts
    • #1621041 Reply

      woody
      Da Boss

      The numbers are starting to roll in. Hang on a sec while we get a clearer picture.
      [See the full post at: May 2019 Patch Tuesday arrives]

      8 users thanked author for this post.
    • #1621195 Reply

      anonymous

      Wow. If they released a patch for Windows XP, then this vulnerability must be really bad.

      1 user thanked author for this post.
    • #1621464 Reply

      anonymous

      According to the info, having Remote Desktop off prevents this from being exploited anyway, and I gather so does blocking port 3389, or for that matter inbound connections entirely, via firewall, right?
      — Cavalary

    • #1621887 Reply

      anonymous

      I am running Windows 10 1803 on my home computer.  I noticed there is an unusual patch (Cumulative Update for .NET Framework 4.8; KB4495616) this month.

      Should I treat this like a normal monthly cumulative update (i.e. wait for the all clear before installing it)?  Or should it be installed sooner?  I guess I’m not sure what it is for.

      • #1622819 Reply

        EP
        AskWoody_MVP

        best to wait until woody & susan give the all clear to install any net .NET patches

        1 user thanked author for this post.
        • #1623059 Reply

          anonymous

          I have not patched .net on my Laptops since Sept of 2016. So most of my patching involves the Windows 7 OS security only patches and the IE11 cumulative security updates. I have patched for some other required patches to the Windows updating/patchng  subsystem and such that are required to be able to install the other patches but that’s about it.

          Is there some kind of .net cumulative/roll-up sort of patch that can get me caught up, one that does not have any spyware/telemetry gathering baked in.

    • #1622097 Reply

      BobbyB
      Subscriber

      Win10x64 1903 Home got KB4497936 (need’s SSU KB4500109) .net KB4495620, Adobe KB4497932.
      takes it from Winver 18362.86 to 18362.113. No problems or nothing broken so far.

      2 users thanked author for this post.
    • #1623182 Reply

      Microfix
      Da Boss

      KB 4494441 [that’s the Win10 1809 patch] had to be installed twice so be sure to run Windows Update twice. I was not amused.

      Unlike Krebs, I only had to install once from WU on steady old Win8.1 x64 😛

      KB4499151 May 2019 SMQR: error code 0x0
      KB4497932 May 2019 Abode Flash Player: error code 0x0
      no errors in event viewer post reboot.

      Confidence is high: I removed replaced WinSxS assemblies and
      WinSxS temp files, oops, no going back!! 😉

      ********** Peng/Wins x86/x64 **********

      - µfix

      1 user thanked author for this post.
    • #1623279 Reply

      Cybertooth
      Subscriber

      In his post, Woody wrote that…

      Big news is the “wormable” security hole in RDP, CVE-2019-0708. From Simon Pope on the MSRC Technet blog

      It’s odd that XP and Windows 7 would be affected by this vuln, but not Vista which came out in-between those two.

      Could this be an oversight on their part?

       

      2 users thanked author for this post.
      • #1626889 Reply

        anonymous

        Server 2008 is affected. So Vista has to be affected too as they share the same codebase.

        1 user thanked author for this post.
    • #1624317 Reply

      OscarCP
      AskWoody Plus

      “Giving the patches time to stew for a bit” as Woody has said, looks to me as the best approach right now. These vulnerabilities probably have been around for a while already and nothing bad has happened, at least that has made any loud noises we have heard. Chances are that now has become known these vulnerabilities exist and measures are being taken to deal with them will deter those who want to exploit them from doing so right away. In the meantime, people will find out what problems, if any, the patches against those vulnerabilities may themselves cause, and give the word, when that is fixed, that is OK to patch.

      Group B Windows 7 Pro, SP1 x64 & macOS+Linux Mint.

    • #1625743 Reply

      Alex5723
      AskWoody Plus

      wonder what the Google-DEFCON is then

      Microarchitectural Data Sampling (MDS) attacks affects ALL modern Intel CPUs. My Intel i7-8850H looks like Swiss cheese.

      Both Microsoft (Intel) and Canonical issued micro-code updates).

      You can download MDS tool for Windows, Linux.

      https://mdsattacks.com/ (scroll down for the tool)

      1 user thanked author for this post.
    • #1627354 Reply

      anonymous

      W7 Starter 32 & W7 64. Updated. OK !

    • #1628950 Reply

      anonymous

      If you’re Group B and download (1) KB4499175 (Security Only for Win 7) and then (2) then download in same download folder the ‘pciclearstalecache’, are you saying that after you click on and install the KB4499175 it will then automatically install the pciclearstalecache patch (that you’ve downloaded but not clicked on to install)?  Thanks in advance for clarifying.

      • #1628959 Reply

        PKCano
        Da Boss

        The instructions for the installation are here. Follow those instructions. They explain what is needed.

        2 users thanked author for this post.
        • #1628998 Reply

          anonymous

          Thanks, PK.  I just installed the May Security only patch (KB4499175</span>) and the IE security patch KB4498206, but I still see that ‘pciclearstalecache’ file in my download folder and when running windows update it shows both KB4499175 and IE KB4498206 patches installed but nothing about the pci patch listed under installed updates in windows update history.

          How do we confirm (check?) if that pciclearstalecache file was installed during installation of KB4499175?  Thanks  in advance for clarifying.

    • #1631656 Reply

      anonymous

      1) Download the pciclearstalecache file and store it in the same location as the Security-only Update (on the desktop, in a folder, etc).

      2) Do not execute the file directly.

      3) When you install the Security-only Update, it should execute the pciclearstalecache automatically in the process.

      OK, I have to comment on this after spending the entire evening going over these steps carefully and following them exactly in this order.

      As another person stated, upon restart I did not see any flash of a command prompt and I sat at my computer for the entire process so as not to miss anything should it pop up.

      I have been in Group B for years  patching both my own Win 7 desktop (and my three Win 8.1 laptops and desktop) as well as my elderly parents two  Win 7 computers.

    • #1633586 Reply

      anonymous

      On this page https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708, it offers KB4499164 and KB4499175. Do we need to install both?
      On W7 PC that checks the updates directly to Microsoft, it offered KB4499164 only. After installed KB4499164, every time I checked, never offered KB4499175 (but I could download from Catalog and installed manually).

      However, in my WSUS, both KB shows as “Needed” for W7 PC.

      Thoughts, experts? Thank you!

    • #1678497 Reply

      Janie8
      Subscriber

      Many thanks PKCano for your reply.

      Looked in the same location as KB4499175 and there is no pciclearstalecache in any of the folders.

      Do you think I should download it again and put it in the same location as KB4499175 c:\Windows\SoftwardDistribution\Download or leave it as it won’t execute?

    • #1707014 Reply

      EP
      AskWoody_MVP

      It looks like MS released new updates on May 19 & 20 to deal with the uk.gov sites not working correctly (affects nearly all versions of Windows); unusual for MS to be releasing them on the weekend

    • #1718623 Reply

      EP
      AskWoody_MVP

      And Microsoft has released even NEWER updates but only for the 1803 & 1809 versions of Windows 10 this Tuesday May 21.

      KB4497934 for 1809 (build 17763.529):
      https://support.microsoft.com/en-us/help/4497934/windows-10-update-kb4497934

      KB4499183 for 1803 (build 17134.799):
      https://support.microsoft.com/en-us/help/4499183/windows-10-update-kb4499183

      Important quotes from those articles about these new updates:

      Starting with update KB4497934, we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are available for eligible devices will appear in a separate module on the Windows Update page (Settings > Update & Security > Windows Update). If you would like to get an available update right away, select Download and install now.

      Starting with update KB4499183, we are introducing functionality that allows you to decide when to install a feature update. You control when you get a feature update while simultaneously keeping your devices up to date. Feature updates that are available for eligible devices will appear in a separate module on the Windows Update page (Settings > Update & Security > Windows Update). If you would like to get an available update right away, select Download and install now.

      2 users thanked author for this post.
    • #1720502 Reply

      anonymous

       

      Win 10 Pro x64.  Upgraded from 1709 to 1803 from media offline, then reconnected and enabled WU service, applied SSU KB4497398 and May cumulative KB4499167 updates for 1803.  Disabled Update Orchestrator scheduled tasks that were re-installed by 1803  upgrade.  The 1803 upgrade also reinstalls Flash player as part of Edge package, removed Flash player via registry and DISM procedure.  Ran WUSH utility, blocked KB4023057, then ran Check for Updates.  KB4505064 HSTS fix was queued up although not presented by WUSH, acceptable.  The 1809 upgrade was queued up even though it had not been presented by WUSH, apparently a forced upgrade installation — blocked it by turning off WU service and changing settings, restarted and then re-ran Check for Updates to get May’s Office updates.

      1803 feels somewhat more sluggish than 1709.  Machine stable for 3 days on 1803.

      Edit to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.

      • #1736024 Reply

        anonymous

        Followup:  1803 performance such as app loading seems improved, possibly because Prefetch has completed?

        With 1803, HomeGroup is removed, and now Network (ex-“Network Neighborhood”) again displays computers/shares on local net, a convenience for users.   SMB was previously removed, so WS-Discovery and UPnP in 1803 (vs 1709 and earlier) are now functioning correctly to create the network browse list.

        Many privacy setting need to be checked and reset in 1803.

    • #1622099 Reply

      woody
      Da Boss

      Not wrong. But I prefer to see what kinds of problems kick up before somebody releases an attack into the wild.

      UPDATE: Remember that MS17-010, the WannaCry patch, appeared six weeks before there was a credible WannaCry threat. I don’t doubt that this will be exploited. But at this point I’m concerned that there may be gotchas, including the Krebbs report of having to install the patch twice.

    • #1622102 Reply

      PKCano
      Da Boss

      Extended support POS-Ready XP just received it’s last update in April 2019.

    • #1622308 Reply

      DrBonzo
      Subscriber

      I don’t know what it does but it also comes with the stand alone package for kb4499175 from the update catalog, so I don’t think you actually have to download it separately.

    • #1623839 Reply

      JNP
      AskWoody Plus

      PK, I am a bit confused, this happens a lot to me :).  I am in Group B and the last security only update I installed was the April 2019: KB 409310.   I see the May Security only update in AKB2000003 but I don’t see anything for the pciclearstalecache file. What am I missing? What should I do when I decide to install the May update?  Could you kindly break this down a bit more?  Thanks.

    • #1628839 Reply

      phaolo
      Subscriber

      Wait, it hadn’t to be run manually?
      The instructions for it were always changing..

      I executed it before and after installing the patch (I think it was 4099950).
      Did I screw up something? O_o

      (why isn’t this simply included in the package btw?)

    • #1627105 Reply

      woody
      Da Boss

      This specific “wormable” security hole does not exist on Win8 or 8.1.

      The cumulative update (and security-only update) for 8.1 does not patch this hole.

      2 users thanked author for this post.
    • #1628211 Reply

      honx
      Subscriber

      same here. i remember march 2018, me rolling back to december 2017 because of these problems in january through to march 2018 patches. i’m not gonna repeat that. so despite defcon 3 for windows 7, i stay put. i wait until there is malware exploiting this hole. btw. is my computer at risk in case of this new security hole, if i don’t use remote desktop at all? remote desktop services startup type is set to manual, so it isn’t even running…

      PC: Windows 7 Ultimate, 64bit, Group B
      Notebook: Windows 8.1, 64bit, Group B

    • #1628886 Reply

      DrBonzo
      Subscriber

      I downloaded the Security Only patch for Win 7 yesterday from the MS Update Catalog, and the folder that landed on my desktop did indeed have the patch file AND the pciclearstalecache file in it.

      I didn’t check the Rollup patch to see if the pci… file is included with that download.

    • #1628913 Reply

      PKCano
      Da Boss

      The instructions for the pciclearstalecache are above.

      3 users thanked author for this post.
    • #1628911 Reply

      PKCano
      Da Boss

      The bundling is taken care of by WU when you update the Rollup using it.
      The instructions for installing it manually are above.

    • #1629052 Reply

      anonymous

      Ok. Must admit I’m bit confused and appreciate all your great insights and knowledge.  If I understand this right, you can’t confirm it (e.g. if that new pci file is  installed) but as long as you download and install the May Win 7 Security only patch KB4499175 that patch will include this pci patch (inside the Win7 security only patch), so in reality you don’t need to download the pci patch too?  Thanks, PK.  Apologies for the confusion.

    • #1629105 Reply

      anonymous

      Sorry, PK.  Thanks for the patience.  To better clarify, I had already downloaded those three files from your AKB2000003 webpage (which I have had bookmarked going back past few years- thanks to your great efforts), but only installed today both May’s Win 7 security only and IE.  Thus step 3 would be to install the PCI file that I’ve already downloaded?….this seems obvious, but appreciate you confirming this?  Thanks very much. 🙂

      EDIT to remove HTML. Please use the “Text” tab in the entry box when you copy/paste.

    • #1629142 Reply

      PKCano
      Da Boss

      Please quote for me here what is says about the pciclearstalecache file in these instructions.

      1 user thanked author for this post.
    • #1630498 Reply

      phaolo
      Subscriber

      Gosh.. fingers crossed. For now all looks normal.
      Btw why couldn’t we just run pciclearstalecache.exe manually?
      That’s what the patch does at the start, no?
      (also, why doesn’t it simply stop, if it cannot find the file?)

    • #1630765 Reply

      Steve S.
      AskWoody Plus

      Some interesting reading I’ve done today about the ZombieLoad/RIDL/Fallout/MDS  situation — or maybe it’s FUD temporarily?  😉

      Some links in this post I made:

      Hyper-Threading & ZombieLoad CPU exploit

      Win7 Pro x64 (Group B), Win10 Pro x64 1809, Linux Mint + a cat with 'tortitude'.

    • #1637558 Reply

      EP
      AskWoody_MVP

      Windows 8.0, 8.1 & 10 not affected

    • #1642526 Reply

      PKCano
      Da Boss

      Set the quality deferral to 0 if you want KB4494441 – it’s only been 2 days and you’re deferring it to 21.

    • #1654795 Reply

      EP
      AskWoody_MVP

      weren’t you the one who said a few weeks ago your X-FI card did not work with the KB4495667 update for v1809?
      and now it works with the newest update like KB4494441?

    • #1659039 Reply

      b
      AskWoody Plus

      What’s shown as “workaround” there is the cause, not a cure.

      It’s now listed as a known issue in May updates for Windows 7/8.1/10 (all versions).

      Bleeping Computer seems to have the best summary, along with examples of a few county/town sites affected: Some GOV.UK Sites Unreachable Due to HSTS Changes in Windows Updates

      (Includes a link to “not recommended” registry fixes for Windows 7 and 8.1, but not Windows 10.)

      The issue only affects Internet Explorer and Edge (original) though, not other browsers including Edge (Chromium).

      Knuckle dragger Cannon fodder Chump Daft glutton Idiot Sucker More intrepid Crazy/ignorant Toxic drinker Saluted blockhead "Unwashed mass" (Group ASAP) Win10 v.1903

      1 user thanked author for this post.
    • #1660947 Reply

      anonymous

      Worst is the way that it forces HSTS on internal sites in the RFC1918 address ranges.

      Nobody should have the right to dictate that https be used on all internal websites like this.

      This caused us grief at work today. Fixing Linux boxes to support https is easy, but sorting out monsters like scarepoint is a nightmare.

       

       

    • #1692287 Reply

      PKCano
      Da Boss

      Yes, if it is checked, install KB4499406 NET Framework update.

    • #1713387 Reply

      Elly
      AskWoody MVP

      Thank you for confirming that there is a change, and what others may look for, specifically, when the updating is successfully completed.

      I remembered being able to look for a similar change, last year, but had difficulty bringing up the specific reference.

      Those that do not see a change may not have downloaded both files and placed them in the same folder, thus not installing correctly.

      The ‘pci.sys’ file is something that Everything search will find much quicker than the Windows Search, or trying to navigate to it, with Windows Explorer, from my experience.

      I do wish that some others could confirm this date change, as well.

       

      Win 7 Home, 64 bit, Group B

      1 user thanked author for this post.
      Ed

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: May 2019 Patch Tuesday arrives

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel