MS-DEFCON 2: New “checked” KB3146706 leads me to turn the rating up

Topic

New Reply

Microsoft has just changed KB3146706 into an important, checked, security update. As you may recall, people in China were having problems with the pat
[See the full post at: MS-DEFCON 2: New “checked” KB3146706 leads me to turn the rating up]

Reply | Quote

Replies

This appears to be the same KB3146706 published last month for OLE issues, but may have been changed for some other hidden reason. MS can no longer be trusted for just about anything. Be wary…

Reply | Quote

It is probably the wisest thing to do at the moment. The risk of installing KB3146706 and causing problems is small for most users, but the recovery if something gets broken is not worth the trouble.
I think those users with EMET installed should pay most attention.

Reply | Quote

Yep, exactly.

Reply | Quote

I installed this and other updates today on an HTPC based on an Asus E45M1-M Pro motherboard with a Radeon 6450, running Windows 7 Pro with Windows Media Centre. Afterwards the default sound device switched to the Realtek Optical device and reverting manually to the Radeon didn’t work; I had to do a system restore.

The system was working before I did the update and not afterwards. That may have been coincidental (sample size of 1 after all) but I have my doubts.

Wasn’t aware of this MS DEFCON rating and think it’s useful and a deserved and terrible indictment of Microsoft. I’m switching to Linux Mint for most things and will run Windows 7 in a virtual machine when I need to.

Reply | Quote

Wait, these problems are coming from a ‘security’ update… Way to go Microsoft, now we can’t even trust security patches.

Reply | Quote

I installed it on 4/14 while trying to deal with the WU/MSSE update hell. (Shotgun approach, before the right patch was identified.) So far, no problems, so I’m not planning on an uninstall.

Reply | Quote

Precisely.

Reply | Quote

Any guess what might’ve caused the problem? Most of the patches out today are minor Office fixes – but there are a few, including KB 3146706 and the ol’ GWX patch that deserve a special call-out.

Reply | Quote

I installed it, too, since it was a security update for 8.1. So far, so good…

Reply | Quote

What a mess!!! Microsoft Update upstream for WSUS was down for about 12 hours for Windows 2012 R2 version. It was OK for Windows 2008 R2 and Windows Server 2016 Technology Preview 5. This is more than likely related to the failed patch last month KB3148812 which has now been pulled.
KB3115033 Update for Skype for Business released only few hours ago was retired. I used to think that Office Updates are safer than Windows Updates, but this appears to have changed and not for the better. At least Microsoft acted reasonably quickly in this matter, before the damage would spread.
A lot of turbulence ahead as it seems while we are preparing to see the release of the Windows 10 Anniversary Edition.

Reply | Quote

Also we have 2 sets of KB3150513 for Windows 7 each, for 32-bit and 64-bit, 4 updates in total. There is no documentation available yet. The only description is the well-known:
“Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information.”

Reply | Quote

Was the EMET problem a red herring?
It is not listed in the known issues even though the EMET forum says it is an issue. Confusing. Why would MS tick a security update if it has not been resolved with the EMET Team ? After all, EMET is a security product. Maybe this KB has nothing to do with security – I am beginning to doubt their sincerity.

Reply | Quote

You read my mind. See https://www.askwoody.com/2016/does-the-new-version-of-kb-3146706-cure-the-emet-clobbering-predilections-of-its-predecessor/

Reply | Quote

Hi Woody,

I’ve installed this update on april 14th.

Is it wise to uninstall this update and install the ‘new’ one?

I’m not experiencing any issues by the way.

Please let me know your recommendation.

Thanks.

Reply | Quote

Any news on KB 3115031, the Outlook 2013 patch for Skype for Business?

Reply | Quote

Nope, just let it be. It’s much too early to be installing new patches – all sorts of pain awaits.

Reply | Quote

Hided and it will be hided till the end of time (or at least the end of Support of Vista in 2017)

Reply | Quote

Update for Skype for Business 2015 is still pulled, forever it seems.
All the other Office 2013 patches are still available, unchecked by default and Important, at least where we can see their status, i.e not on Windows 10.

Reply | Quote

Leave it as is if you don’t have problems and it is likely that most users will not see any problems, except for less usual configurations. It is the official patch for last month and fully supported. The “new” one seems to be only a cosmetic change and more details added to the documentation while some issues that were reported seem to have been skipped.

Reply | Quote

Hi Woody, I did not install any of last month’s updates. I see you change defcon from 3 to 2. Are there any “safe” updates to install or even security patches are now suspicious?

Thanks.

Reply | Quote

Oh god I didn’t even download last weeks yet. Windows update anxiety 🙁

Reply | Quote

Unlax. There’s another bunch coming next week. No reason to get worried about it.

Reply | Quote

I don’t know of any April security patches that are being actively exploited for “regular” users. I wouldn’t worry about it.

Reply | Quote

@Woody,

I’m in the same place as Franco…other than the April.NET patch which I installed yesterday, I still have the other April security patches in the queue.

Do you have all of April’s “security” patches back on hold here or just KB3146706?

I’m set up for Important Updates only, so I don’t see the big first Tuesday of the month barrage of updates that other users see.

The waters have gotten a bit muddy here. There are times when reading posts and/or comments I’m not sure if we’re talking Important, Recommended, W8.1-W7 issues.
So,when you moved to DefCon 2 the other day, it wasn’t clear if it was because of the KB3146706 issue, the new first Tuesday updates, a combination of both 6706 and the first Tuesday updates, or all of the April updates.

My “guess’ is the April Security updates are a go except for KB3146706 but everything else is on hold including May’s first Tuesday Recommended updates?

Hopefully, you see where the confusion lies here?

Reply | Quote

I moved to MS-DEFCON 2 because I felt uncomfortable with the whole mess. I don’t know of any April security patches that have to be applied immediately – so, if you haven’t installed them yet, I say wait it out until this month’s mess comes in, compounds itself with the existing mess, and we have a chance to sort it all out later this month.

Make messy sense?

If there were a wild April exploit running rampant through Windows right now, I’d change my tune. But I haven’t seen one.

If you’re protecting nuclear launch codes or a billion-dollar organization, it’s another story, of course.

Reply | Quote

I should clarify that a bit. I’ve seen many more people hurt by applying patches too quickly, as opposed to sitting back and waiting for the dust to settle. There certainly are gaping security holes that need to be patched immediately, but those are few and far between – and frequently involve IE.

Everybody needs to apply the security patches sooner or later. Many studies have shown that systems get bit by exploits that use holes that have already been patched. But in most cases, the patches are years old. By waiting for a month, or two – particularly waiting to see if Microsoft fixes problems with their patches – most people, most of the time, come out ahead.

Can I prove it? No. But that’s what I’ve seen in the past couple of decades.

Reply | Quote

Not a computer geek or IT person. Having trouble attempting to install updates on one computer – (have 3 Windows 7 – one laptop and two desktops). have some security updates for December forward on one and attempts to update keep cancelling/failed/ some updates not installed, etc.(Have tried updating by date of release, etc.) How does one get both KB3138612 and KB3145739 and install at same time(Per one post. Found KB3138612 installed and KB3145739 waiting to be installed. Attempted to install KB314… No luck. Uninstalled KB3138612 based on information to install both at same time but now it is not in those waiting for update. How to download and install both at same time. Have limited time so have constantly given up on update attempts on computer that has updates back to December. Any advice on best method. Will not be able to attempt until evening as am at office and have only April updates waiting on this one and KB3138612 and KB3145739 not installed. Sorry if rambling.

Reply | Quote

Hi Woody, thanks for your insight and guidance on all things Windows 7, it is appreciated. I stumbled upon this site a few months back and now check in for the lowdown on updates.

I have windows 7 professional 64-bit & have recently installed the security updates apart from KB3146706 when you moved to MS-DEFCON 2 but left the non security updates alone however process wuauclt.exe runs all the time and shows updates to install (I have it set to check for updates but let me choose whether to download and install them).

This is the status on 3 machines and its not the end of the world but a bit of an irritation I guess. Because its suggested these are probably telemetry anyway should I hide them completely or leave them ‘hanging’?

I hope this isn’t repeating a previous query. I have downloaded and enabled some software that may be useful to you and others called Spybot Anti Beacon (https://www.safer-networking.org/spybot-anti-beacon/) which is customisable and apparently stops a lot of telemetry and talking back to Microsoft…

If you have any thoughts as to whether this may make it prudent to install the non security updates I’d be grateful… or to hide, or leave ‘hanging’. I guess I’m like many on here and am waiting for more of the same to come and wondering what to do then while they accumulate.

Thanks Brett

Reply | Quote

I don’t recommend Spybot Anti Beacon because it solves a problem that isn’t yet known to exist. Nothing inherently wrong with it.

Leave the other updates hanging. Don’t even look at them. When the time’s right, the MS-DEFCON level will change.

Reply | Quote

Thanks Woody

Reply | Quote

Absolutely true, Woody!
I had a bad experience many years ago when a well known vulnerability was exploited widely and that was the case for the well-known at that time Code Red/Nimda. The patch in that case, in the Windows XP time, had been available many months before, but nobody was paying attention. It is exactly as Woody says. Common sense and reasonable understanding of Windows and the industry should protect anyone including most businesses without over-reacting to perceived immediate threats, obviously with the exception of “protecting nuclear launch codes or a billion-dollar organization” where the approach should and certainly is different.

Reply | Quote

Is there any drawback to set the WU to never check? Would the definitions for the Window defender still done automatically?

I am worried about the Black Tuesday and how it could potentially once again cause long search for update as it had occurred for April Black Tuesday. If I recall correctly, the problems started up the night before or morning of Tuesday, before the M/S even shoved the patches down the chute. It made me wonder if M/S did some adjustment for WU beforehand for many reasons. So, would set the WU to never check avoid the adjustment of WU and hopefully keep manual search short?

Thank you and have a great day 🙂 .

Reply | Quote

I don’t know of any drawback, providing you check from time to time, and install patches when you’re ready. Windows Defender updates itself automatically.

Reply | Quote

W7 Home Premium SP1:
As of today I am no longer being offered the optional update KB3138378 “Update for Journal.dll binary in Windows” “This update improves the reliability of Journal.dll by removing unused code.”
Maybe it will be superseded in May’s updates?

Reply | Quote