News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft released fixes for IE “gov.uk” HSTS bug – on a Saturday – but only for Win7 and 8.1

    Home Forums AskWoody blog Microsoft released fixes for IE “gov.uk” HSTS bug – on a Saturday – but only for Win7 and 8.1

    Tagged: 

    This topic contains 19 replies, has 12 voices, and was last updated by  anonymous 5 months ago.

    • Author
      Posts
    • #1684931 Reply

      woody
      Da Boss

      Make of this what you will. Today, Saturday, Microsoft released KB 4505050, a “Cumulative update for Internet Explorer: May 18, 2019” that applies to
      [See the full post at: Microsoft released fixes for IE “gov.uk” HSTS bug – on a Saturday – but only for Win7 and 8.1]

      5 users thanked author for this post.
    • #1685410 Reply

      ….and the wind moans softly over the wasteland that once was Quality Assurance at Redmond, while BigWigs roam the weed-strewn graveyards looking for something to re-animate…

      -From the forthcoming blockbuster movie, “QA Zombie Apocalypse: Redmond Revenants Return!”

      (Sorry, but I know a few people in the UK who are just livid…or are spending the weekend at their pub…)

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    • #1686141 Reply

      Microfix
      Da Boss

      2019-05 Update for Windows 8.1 for x64-based Systems (KB4505050)
      Update type: Optional <
      http://support.microsoft.com/help/4505050

      All seems ok post install, no Event Viewer errors here.

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      2 users thanked author for this post.
    • #1686427 Reply

      anonymous

      Who had the genius idea in the first place? There’s a HTTPS/HSTS manual available (almost 3 years old) but nowhere it says it’s mandatory. Did UK gov ask for this? Per Google policy, HSTS preload list is strictly opt-in for good reason.

    • #1687358 Reply

      anonymous

      Anyone know if this fix will be included in the June rollup??

    • #1687839 Reply

      Alex5723
      AskWoody Plus

      Anyone know if this fix will be included in the June rollup??

      Why should it ? How many of Windows 7, 8.1 users in the world live in UK or need Gov.UK and use IE11, Edge ?
      No, it shouldn’t be included in June rollup.

      • #1689404 Reply

        Seff
        AskWoody Plus

        Probably rather more of us here than use the Japanese changes that have formed the cornerstone of the past few months’ updates, or so it would seem. The whole point of the current updating arrangements is that the monthly quality update is a combined one that incorporates all the individual updates, and as such the current fix should be included in the next quality update – but not be part of the separate security-only update.

         

        1 user thanked author for this post.
      • #1689421 Reply

        PKCano
        Da Boss

        The fix is done to an IE11 CU (CUMULATIVE) update. The IE11 CU will continue to accumulate  the fixes into the June IE11 CU.

        The Monthly Rollup is also CUMULATIVE. Since the IE11 CU is an integral part of the Monthly Rollups, it follows that the fixes will be incorporated into the June Monthly Rollup as well.

        The fix is not a part of the Security-only Update. It is a part of the IE11 CU.

        7 users thanked author for this post.
        • #1692481 Reply

          anonymous

          Thank you Seff, PKCano and BobT,  it’s good to hear from people who know what they are talking about.

      • #1690921 Reply

        BobT
        AskWoody Lounger

        Most local gov departments still use IE. They find it easier to control with Group Policy, and all their internal sites, intranet and the rest were all designed for it. Plus using stuff like Microsoft Dynamics CRM and SharePoint, which plays differently on different browsers. So that’s ~500+ people working at each council affected.

        Then there’s all their customers, which are frequently old biddies or less computer literate people, who also end up using IE and similar, depending on the area, that can be into the millions.

        They also usually have ~2 extremely low paid web devs, who are working on a s***load of other projects (as well as keeping all the internal websites up), and end up working on stupid marketing campaigns, which puts off fixing internal issues such as this.

        I don’t work for a council, but have worked for similar in local govt, and see how that sort of thing happens, all the time. Fixing issues with moving to TLS 1.2 for a major payment provider takes over 1.5 years to get implemented…

    • #1691396 Reply

      anonymous

      I just checked Windows Update , and I’m based in the US, and I’ve got the setting of “Give me updates for other Microsoft products the same way I get Windows updates”.

      As @microfix shows in his post above, the patch showed up as an optional patch and, as you might expect, it was unchecked.

      Normal advice here on AskWoody is to not install any unchecked patches however, as @woody mentions, if you deal with UK government sites on anywhere near a regular basis and you use IE to do so, please ignore the usual advice and install this patch.

      @pkcano , thanks for clarifying in your post above that the patch will very likely be included in next month’s round of patches for both Group A and Group B.

    • #1692520 Reply

      Alex5723
      AskWoody Plus

      as such the current fix should be included in the next quality update

      Just NO.
      It should be Optional update separate from other updates.

      • #1692525 Reply

        PKCano
        Da Boss

        Please read the MS pages for KB4505050. It is a CUMULATIVE Update that contains KB4498206 the IE11 CU issued on Patch Tues.

        It is NOT a standalone

        update separate from other updates.

    • #1692524 Reply

      Pepsiboy
      AskWoody Lounger

      Make of this what you will. Today, Saturday, Microsoft released KB 4505050, a “Cumulative update for Internet Explorer: May 18, 2019” that applies to
      [See the full post at: Microsoft released fixes for IE “gov.uk” HSTS bug – on a Saturday – but only for Win7 and 8.1]

      Woody,

      SOOO, is this something that I (as a non-geek) should install, or leave it alone, or hide??? As far as I know, I do not freuent any og the UK overnment sites. I’m running Win7 x64 SP1 on both machines and got this Optional update on both this morning.

      Thanks, in advance for the help and advice. As always, keep up the good ork for us dummies.

      Dave

      • #1692527 Reply

        PKCano
        Da Boss

        If you are not dealing with any organizations requiring the fix, do not need to install it.
        It will be included in the June IE11 CU and the Monthly Rollup, whichever Group you belong to (A or B)

        4 users thanked author for this post.
    • #1695984 Reply

      Sailor
      AskWoody Lounger

      KB4505056 (OS Build 17763.504)
      Addresses an issue that may prevent access to some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) when using Internet Explorer 11 or Microsoft Edge.

      1 user thanked author for this post.
      b
    • #1696178 Reply

      b
      AskWoody Plus

      KB4505057 Windows 10 Insider Preview Build 18362.116 (version 1903)
      Addresses an issue that may prevent access to some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) when using Internet Explorer 11 or Microsoft Edge.

      Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

      1 user thanked author for this post.
    • #1696183 Reply

      geekdom
      AskWoody Plus

      I installed KB4505050 today with no difficulties and the system rebooted. (It’s unlikely that I will be going to gov.uk sites.)

      Group G{ot backup} TestBeta
      Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
      • #1717426 Reply

        anonymous

        I installed KB4505050 because I do need to visit some gov.uk sites (the top levels of my main departments of interest are ok, but who knows what demons may lurk at lower levels).

        *** After the reboot, the machine hung at “Preparing to configure Windows”.

        Power off. remove battery, start again.

        Now ok.

        I hope this doesn’t occur to everyone else with next month’s cumulative updates (for Group B, or for my proverbial Aunt Martha, or for my spare machine where the battery can’t easily be removed, sigh).

        HMcF

        Win 7 SP1 Pro x64, Group W mostly but I read and thank you for this exception.

    • #1703414 Reply

      Pepsiboy
      AskWoody Lounger

      If you are not dealing with any organizations requiring the fix, do not need to install it.
      It will be included in the June IE11 CU and the Monthly Rollup, whichever Group you belong to (A or B)

      PK,

      Thanks for saying what I thought was the way to go. I have hidden that update on both of our machines, so there should be no problems.

      Dave

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft released fixes for IE “gov.uk” HSTS bug – on a Saturday – but only for Win7 and 8.1

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.