News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft clarifies (?) its CVE-2019-1367 release method

    Home Forums AskWoody blog Microsoft clarifies (?) its CVE-2019-1367 release method

    This topic contains 16 replies, has 11 voices, and was last updated by  EP 2 months, 2 weeks ago.

    • Author
      Posts
    • #1964518 Reply

      woody
      Da Boss

      From the Windows Message Center: Update: Starting September 24, 2019, mitigation for this vulnerability is included as part of the 9C optional update,
      [See the full post at: Microsoft clarifies (?) its CVE-2019-1367 release method]

      2 users thanked author for this post.
    • #1964540 Reply

      Maincat
      AskWoody Plus

      I understood it, without a problem.

      1 user thanked author for this post.
    • #1964675 Reply

      Vargar
      AskWoody Lounger

      I still haven’t seen it Sync to my SCCM/WSUS console.  Anyone else have it yet?

    • #1964691 Reply

      EP
      AskWoody_MVP

      is Patch Lady Susan aware of this recent announcement?
      I guess win10 v1903 users have to wait til 9/26 to find out

      • This reply was modified 2 months, 2 weeks ago by  EP.
      • #1964731 Reply

        Susan Bradley
        AskWoody MVP

        Yup.  What a zoo, what a mess.

        Susan Bradley Patch Lady

        • #1965733 Reply

          EP
          AskWoody_MVP

          It was a confusing mess indeed, Susan.

          First Microsoft releases the out-of-band security updates on Monday September 23.
          The following day Tuesday September 24, Microsoft releases a newer set of updates, replacing most of those out-of-band updates for most Windows versions.

          The timing of the release of those updates are just ridiculous. they could have released those out-of-band updates on the weekend instead of a Monday.

          where’s that “not so transparent” Pinnochio meter when we need it?

          • This reply was modified 2 months, 2 weeks ago by  EP.
          • This reply was modified 2 months, 2 weeks ago by  EP.
          • #1965782 Reply

            Mr. Natural
            AskWoody Plus

            No one has a screen wide enough for Pinocchio’s nose in this situation. 🙂

            Red Ruffnsore reporting from the front lines.

            • #1965788 Reply

              Microfix
              Da Boss

              Might on this monitor..
              wide-monitor

              ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

              Attachments:
          • #1965787 Reply

            b
            AskWoody Plus

            First Microsoft releases the out-of-band security updates on Monday September 23.
            The following day Tuesday September 24, Microsoft releases a newer set of updates, replacing most of those out-of-band updates for most Windows versions.

            Tuesday’s updates did not replace Monday’s, which are still available.

            Windows 10 Version 1909 (Group ASAP)

    • #1964801 Reply

      stormbirdd
      AskWoody Plus

      Am I correct in understanding that there are no separate patches to treat ONLY this vulnerability, and that I must drop a roll-up pile – containing known problems and potentially unknown ones on my 3000 users to address this?

      • #1965741 Reply

        woody
        Da Boss

        Yes, there are separate patches – released on Monday, not Tuesday, mind you – but they have to be manually downloaded and installed.

        Considering there are no known in-the-wild exploits, there’s absolutely no reason (IMHO) to subject your machine to them.

    • #1965189 Reply

      Cee Arr
      AskWoody Plus

      Susan, generally I enjoy open-style zoos – no bars or cages.  MS updates etc – bah!

    • #1965742 Reply

      EP
      AskWoody_MVP

      It’s Thursday Sept. 26 – Susan can you check if any of the out-of-band updates for CVE-2019-1367 have actually been released thru WSUS? MS has not updated their support articles on those updates to reflect that they’ll be distributed thru WSUS.

      • #1965743 Reply

        PKCano
        Da Boss

        I don’t see anything in the Catalog yet or on the Win10 history page.

    • #1965751 Reply

      Mr. Natural
      AskWoody Plus

      I just now did a manual sync of WSUS and nothing yet. My guess is sometime later this afternoon which is when we normally see patches released.

      Red Ruffnsore reporting from the front lines.

      1 user thanked author for this post.
      • #1965783 Reply

        woody
        Da Boss

        I was expecting to see the third Sept cumulative update for 1903. So far, nothing.

        • #1965931 Reply

          EP
          AskWoody_MVP

          the 3rd CU for 1903 just came out around 2PM pacific time (KB4517211), along with a new SSU (KB4520390).

          unlike KB4522016 which will remain available from MS Update Catalog only, KB4517211 is available thru Windows Update, MS Update Catalog & WSUS – I think Patch Lady Susan will be disappointed that MS decided to make the newer KB4517211 update available thru WU & WSUS rather than the out-of-band update like KB4522016. seems like MS broke their promise to release the out-of-band security updates thru WSUS

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft clarifies (?) its CVE-2019-1367 release method

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.