News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft clarifies (?) its CVE-2019-1367 release method

    Home Forums AskWoody blog Microsoft clarifies (?) its CVE-2019-1367 release method

    Viewing 7 reply threads
    • Author
      Posts
      • #1964518 Reply
        woody
        Da Boss

        From the Windows Message Center: Update: Starting September 24, 2019, mitigation for this vulnerability is included as part of the 9C optional update,
        [See the full post at: Microsoft clarifies (?) its CVE-2019-1367 release method]

        2 users thanked author for this post.
      • #1964540 Reply
        Maincat
        AskWoody Lounger

        I understood it, without a problem.

        1 user thanked author for this post.
      • #1964675 Reply
        Vargar
        AskWoody Lounger

        I still haven’t seen it Sync to my SCCM/WSUS console.  Anyone else have it yet?

      • #1964691 Reply
        EP
        AskWoody_MVP

        is Patch Lady Susan aware of this recent announcement?
        I guess win10 v1903 users have to wait til 9/26 to find out

        • This reply was modified 1 year, 2 months ago by EP.
        • #1964731 Reply
          Susan Bradley
          Da Boss

          Yup.  What a zoo, what a mess.

          Susan Bradley Patch Lady

          • #1965733 Reply
            EP
            AskWoody_MVP

            It was a confusing mess indeed, Susan.

            First Microsoft releases the out-of-band security updates on Monday September 23.
            The following day Tuesday September 24, Microsoft releases a newer set of updates, replacing most of those out-of-band updates for most Windows versions.

            The timing of the release of those updates are just ridiculous. they could have released those out-of-band updates on the weekend instead of a Monday.

            where’s that “not so transparent” Pinnochio meter when we need it?

            • This reply was modified 1 year, 2 months ago by EP.
            • This reply was modified 1 year, 2 months ago by EP.
            • #1965782 Reply
              Mr. Natural
              AskWoody Plus

              No one has a screen wide enough for Pinocchio’s nose in this situation. 🙂

              Red Ruffnsore

              • #1965788 Reply
                Microfix
                AskWoody MVP

                Might on this monitor..
                wide-monitor

                No problem can be solved from the same level of consciousness that created IT - AE
                Attachments:
            • #1965787 Reply
              b
              AskWoody Plus

              First Microsoft releases the out-of-band security updates on Monday September 23.
              The following day Tuesday September 24, Microsoft releases a newer set of updates, replacing most of those out-of-band updates for most Windows versions.

              Tuesday’s updates did not replace Monday’s, which are still available.

      • #1964801 Reply
        stormbirdd
        AskWoody Plus

        Am I correct in understanding that there are no separate patches to treat ONLY this vulnerability, and that I must drop a roll-up pile – containing known problems and potentially unknown ones on my 3000 users to address this?

        • #1965741 Reply
          woody
          Da Boss

          Yes, there are separate patches – released on Monday, not Tuesday, mind you – but they have to be manually downloaded and installed.

          Considering there are no known in-the-wild exploits, there’s absolutely no reason (IMHO) to subject your machine to them.

      • #1965189 Reply
        Cee Arr
        AskWoody Plus

        Susan, generally I enjoy open-style zoos – no bars or cages.  MS updates etc – bah!

      • #1965742 Reply
        EP
        AskWoody_MVP

        It’s Thursday Sept. 26 – Susan can you check if any of the out-of-band updates for CVE-2019-1367 have actually been released thru WSUS? MS has not updated their support articles on those updates to reflect that they’ll be distributed thru WSUS.

        • #1965743 Reply
          PKCano
          Da Boss

          I don’t see anything in the Catalog yet or on the Win10 history page.

      • #1965751 Reply
        Mr. Natural
        AskWoody Plus

        I just now did a manual sync of WSUS and nothing yet. My guess is sometime later this afternoon which is when we normally see patches released.

        Red Ruffnsore

        1 user thanked author for this post.
        • #1965783 Reply
          woody
          Da Boss

          I was expecting to see the third Sept cumulative update for 1903. So far, nothing.

          • #1965931 Reply
            EP
            AskWoody_MVP

            the 3rd CU for 1903 just came out around 2PM pacific time (KB4517211), along with a new SSU (KB4520390).

            unlike KB4522016 which will remain available from MS Update Catalog only, KB4517211 is available thru Windows Update, MS Update Catalog & WSUS – I think Patch Lady Susan will be disappointed that MS decided to make the newer KB4517211 update available thru WU & WSUS rather than the out-of-band update like KB4522016. seems like MS broke their promise to release the out-of-band security updates thru WSUS

    Viewing 7 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft clarifies (?) its CVE-2019-1367 release method

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.