News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft re-releases buggy July .NET Security Only patches

    Home Forums AskWoody blog Microsoft re-releases buggy July .NET Security Only patches

    Viewing 7 reply threads
    • Author
      Posts
      • #2304070 Reply
        woody
        Da Boss

        Microsoft just announced that it has re-issued the buggy July .NET Security Only patches identified as CVE–2020-1147, and covering a gazillion differ
        [See the full post at: Microsoft re-releases buggy July .NET Security Only patches]

        2 users thanked author for this post.
      • #2304071 Reply
        GoneToPlaid
        AskWoody Plus

        Please re-read the logic of your post.

        • #2304122 Reply
          Paul T
          AskWoody MVP

          Nothing wrong with a bit of tongue in cheek commentary.  🙂

          cheers, Paul

          1 user thanked author for this post.
      • #2304147 Reply
        Alex5723
        AskWoody Plus

        From Microsoft.

        Summary
        =======

        The following CVEs have undergone a major revision increment:

        * CVE-2019-1181
        * CVE-2019-1182
        * CVE-2020-1147

        Revision Information:
        =====================

        * CVE-2019-1181

        – CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerability
        https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1181

        – Version 2.0
        – Reason for Revision: Revised the Security Updates table to add Microsoft Remote
        Desktop for Android, Microsoft Remote Desktop for Mac, and Microsoft Remote Desktop
        for Mac IoS because these apps are affected by this vulnerability. Microsoft
        recommends that customers running any of these apps install the latest security
        update to be fully protected from this vulnerability. Please see the FAQ section
        for information on how to get these updates.
        – Originally posted: August 13, 2020
        – Updated: October 13, 2020
        – Aggregate CVE Severity Rating: Critical

        * CVE-2019-1182

        – CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability
        https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1182

        – Version 2.0
        – Reason for Revision: Revised the Security Updates table to add Microsoft Remote
        Desktop for Android, Microsoft Remote Desktop for Mac, and Microsoft Remote Desktop
        for Mac IoS because these apps are affected by this vulnerability. Microsoft
        recommends that customers running any of these apps install the latest security
        update to be fully protected from this vulnerability. Please see the FAQ section
        for information on how to get these updates.
        – Originally posted: August 13, 2020
        – Updated: October 13, 2020
        – Aggregate CVE Severity Rating: Critical

        * CVE-2020-1147

        – CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio Remote Code
        Execution Vulnerability
        https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1147

        – Version 2.0
        – Reason for Revision: To comprehensively address CVE-2020-1147, Microsoft has released
        the following: October Security Updates for all affected versions of .NET Framework
        installed on Windows 10; October 2020 Monthly Rollup updates AND updated versions of
        the Security Only updates released in July 2020 for all affected versions of .NET
        Framework installed on Windows 8.1, Windows Server 2012 R2, Windows Server 2012,
        Windows 7, Windows Server 2008 R2, and Windows Server 2008. Microsoft strongly
        recommends that customers install the updates to be fully protected from the
        vulnerability. Customers who install the Security Only updates should ensure that
        they re-install the updates after October 13. Customers whose systems are configured
        to receive automatic updates do not need to take any further action.
        – Originally posted: July 14, 2020
        – Updated: October 13, 2020
        – Aggregate CVE Severity Rating: Critical

        **************************************************************************************

        1 user thanked author for this post.
      • #2304188 Reply
        anonymous
        Guest

        Microsoft re-releases buggy July .NET Security Only patches”

        So if the .net patch from July is buggy, why the recommendation to install it?

        • #2304198 Reply
          PKCano
          Da Boss

          This is NOT the .Net Security & Quality Rollup issued through Windows Update.
          It is a Security-only Rollup that is downloadable from the Microsoft Catalog only.

          The recommendation is NOT to install the buggy July patch.
          The recommendation is to install the FIXED patch re-released on Oct. 13 Patch Tuesday to correct the bugs in the July update.

          • #2304201 Reply
            JCpharm
            AskWoody Lounger

            Is this the  KB (4578974) .NET patch?

            • This reply was modified 1 week, 6 days ago by JCpharm.
            • #2304204 Reply
              PKCano
              Da Boss

              The buggy .NET Security-only Rollups were KB4566466 for Win7 and KB4566468 for Win8.1 released in July.

              They have been FIXED and re-released on Oct Patch Tuesday.

              • This reply was modified 1 week, 6 days ago by PKCano.
              1 user thanked author for this post.
      • #2304229 Reply
        CraigS26
        AskWoody Plus

        Is this the KB (4578974) .NET patch?

        Ref Buggy July Patch fix ….Yes for my 1909. Search showed 7/14/20 Orig Publish and latest Oct 13 ’20.

        W10-64 1909 Pro / Hm-Stdnt Ofce '16 C2R / HP Envy Desktop-Ethernet/ 12 GB / 256G SSD + 1 TB HDD / i5 Coffee Lake/ GP=2 + FtrU=365 + QU=0

        • This reply was modified 1 week, 6 days ago by CraigS26.
      • #2304292 Reply
        Thompson_DK
        AskWoody Plus

        Install  .NET patches or NOT install????

        In Ms Bradley’s 12 Oct 2020 article “How to block the Windows 10 October 2020 Update, version 20H2, from installing”

        Under step 3, she said “If you’re on version 1909 or 2004, don’t click that link. If you want to avoid installing Windows 10 version 20H2, don’t click the Download and install link. And always remember — you don’t want to click Check for updates, as this will offer up optional .NET updates on your system that you don’t want installed.”

        On Oct 13, 2020 Woody posted this note: “Microsoft re-releases buggy July .NET Security Only patches” where he said “Anyway, if you see a .NET patch from July suddenly appear in October, you need to install it, and now you know why.”

        Please advise what the .NET patch means to the average user and when should they be installed
        —————————————
        Win Pro 2004 OS Build 19041.508

        • #2304293 Reply
          PKCano
          Da Boss

          The .NET patches in question were Security-only for Win7 and Win8.1 that were downloadable only from the MS Catalog. If you have not been downloading SOs and manually installing them, you have nothing to worry about.

          However, if this was your case, for Win7 see #2304011
          If you need the info about Win8.1 .NET SO patches re-released from July, let me know ans I will give you the necessary links.

          The .NET patches for Win10 are Previews, not the Patch Tuesday Security .NET CUs. We don’t recommend installing Previews, so that is what Susan was referring to.

          1 user thanked author for this post.
          • #2304301 Reply
            anonymous
            Guest

            In the title, or immediately below the title in a subtitle/other entry one must always include the OSs affected 7, and/or 8/8.1 and/or  10/versions. But “Security Only” does give a hint that it’s 7/8/8.1 sort of issue, if I’m correct.

            I’m Windows 10 Home(1909), take it all eventually, Edition after all the Pause Updates clicks  expire.

             

            1 user thanked author for this post.
            • #2304313 Reply
              PKCano
              Da Boss

              You are right about including the version numbers.

              BUT, Win10 does not have Security-only patches of any kind. So you would not be seeing anything like that.

              Win7/8.1 Security-only patches are never released through Windows Update. They are MS Catalog download only and manual install. So even Win7/8.1 users would not receive them unknowingly.

              1 user thanked author for this post.
      • #2304470 Reply
        J9438
        AskWoody Plus

        Win 10 2004: I am Paused and have a “Resume Update” button. Will the re-release show below that if needed  or if I Resume Update will that get both the re release buggy patch AND the new Oct patches? Or do I need to go to Update Catalog and download the re release. Thanks

        • #2304471 Reply
          PKCano
          Da Boss

          The re-released .NET Security-only patches are for WIn7 and Win8.1 only. They are not even issued through Windows Update for these two versions. They are manual download/install only.

          They are NOT for Win10. Win10 does not have Security-only anything.

          1 user thanked author for this post.
      • #2305589 Reply
        PerthMike
        AskWoody Lounger

        The re-released .NET Security-only patches are for WIn7 and Win8.1 only. They are not even issued through Windows Update for these two versions. They are manual download/install only.

        They are NOT for Win10. Win10 does not have Security-only anything.

        Also for Windows 8/2012 Server.

        No matter where you go, there you are.

    Viewing 7 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft re-releases buggy July .NET Security Only patches

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.