News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MS-DEFCON 4: It’s time to get the May 2019 Windows and Office patches installed

    Home Forums AskWoody blog MS-DEFCON 4: It’s time to get the May 2019 Windows and Office patches installed

    Viewing 30 reply threads
    • Author
      Posts
      • #1778395 Reply
        woody
        Da Boss

        If you’re running Windows 7, Vista, or XP — or Server 2003, 2008 or 2008 R2 — you need to get patched now. No, there aren’t any known BlueKeep explo
        [See the full post at: MS-DEFCON 4: It’s time to get the May 2019 Windows and Office patches installed]

        5 users thanked author for this post.
      • #1778973 Reply
        honx
        AskWoody Lounger

        win7: if i read this correct, i need both kb4499175 and pciclearstalecache in same folder and only execute kb44499175, correct?

        win7 and 8.1: for ie11 i only need kb4505050, i assume? is kb4498206 replaced by this or do i need to install this one as well?

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

        • #1780703 Reply
          honx
          AskWoody Lounger

          i can’t edit my post (edit button missing), so i have to reply:

          i went ahead and installed kb4499175 (win7), kb4499165 (win8.1) and kb4505050 (ie11). i skipped kb4498206 so i hope kb4505050 is cumulative so i don’t need the other one.

          on windows 7 i had pciclearstalecache in same folder as kb4499175 but i did not encounter any command window popping up. did something go wrong? how can i verify if pciclearstalecache has been installed correctly?

          afterwards i installed all checked important updates for office 2010, .net, msrt on both computers and windows defender, flash (win8.1), as usual.

          PC: Windows 7 Ultimate, 64bit, Group B
          Notebook: Windows 8.1, 64bit, Group B

          • #1782046 Reply
            Ed
            AskWoody Lounger

            @honx… the answer to your question is here…….

            May 2019 Patch Tuesday arrives

            NOTE:
            I keep adding the correct post link but for some reason the last part keeps getting omitted. Scroll down to post # 1702336.

            • This reply was modified 12 months ago by Ed.
            • This reply was modified 12 months ago by Ed.
            1 user thanked author for this post.
            • #1783082 Reply
              honx
              AskWoody Lounger

              thx pci.sys version now is what it should be (6.1.7601.24441), but file date is 19.04.2019 04:44, not 04/18/2019 is this divergence time zone related?

              PC: Windows 7 Ultimate, 64bit, Group B
              Notebook: Windows 8.1, 64bit, Group B

              • #1784294 Reply
                Ed
                AskWoody Lounger

                If your time zone is 6 hours different than EST here in the US I’d say yes as mine is time stamped exactly 6 hours earlier at 10:44 PM.

                Glad you found the post by the way, I’ve never encountered adding a link to a particular post and having the post info get cut off before. And I tried editing and re-adding the entire link to the post twice thinking I somehow screwed up a simple copy/paste process!

                Maybe a new “glitch” that hasn’t been noted yet?

                1 user thanked author for this post.
              • #1785556 Reply
                woody
                Da Boss

                Hmmm… I’m testing with a link to the preceding post….

                https://www.askwoody.com/forums/topic/ms-defcon-4-its-time-to-get-the-may-2019-windows-and-office-patches-installed/#post-1784294

                The link seems to work. Not sure what’s getting messed up.

                • This reply was modified 12 months ago by woody.
              • #1789303 Reply
                anonymous
                Guest

                Honx, it is probably not you. One of my posts was cut off like yours here (the 3rd link): https://www.askwoody.com/forums/topic/computer-stuck-in-sleep-mode/#post-1788336

                It may be if you have a space between the title and actual link, it combined them. That is not what I was trying to do.

              • #1789970 Reply
                Ed
                AskWoody Lounger

                Honx wasn’t having the problem… that was me. I copied the post link directly from the browser’s address bar and pasted it directly into the reply text box. Even if there were a space before the last part… the beginning “www.askwoody” part should have shown instead of the Title of the thread.

                FWIW… after the first failure I verified the link I’d posted was legitimate by pasting it into a new Tab in my browser and it opened right where it should have. I tried adding the link to the reply a second time and got the same result… the TITLE of the thread is all that shows in my reply.

                Gremlins maybe… but no way am I chalking this one up to senility!

          • #1785561 Reply
            woody
            Da Boss

            You’re able to edit your post for 15 minutes. After that, the Edit button disappears. It’s by design.

      • #1783913 Reply
        Speccy
        AskWoody Lounger

        Minor glitch: If you’re updating a Windows 10 Version 1709 system, the Master Patch List has an incorrect link since friday.

        UPDATED [as of June 4, ~03:50 PM UTC-6]: Link fixed (thank you Susan! 🙂

      • #1784756 Reply
        honx
        AskWoody Lounger

        thx, here is germany, so 6 hours difference should be right. 😀

        one last question about ie11 remains: was kb4505050 cumulative? or do i have to install kb4498206 as well?

        PC: Windows 7 Ultimate, 64bit, Group B
        Notebook: Windows 8.1, 64bit, Group B

        • #1784930 Reply
          PKCano
          Da Boss

          The MS pages for KB4505050 say “Cumulative”

          1 user thanked author for this post.
        • #1787729 Reply
          anonymous
          Guest

          KB4505050 is not checked in Windows Update on my system, and is Optional anyway, so I am skipping that one for now.

          • #1787896 Reply
            PKCano
            Da Boss

            Unless you are dealing with organizations whose url end in gov.uk you do not need KB4505050

            1 user thanked author for this post.
      • #1784573 Reply
        anonymous
        Guest

        Does anyone with Windows Xp with paid support have issues with the updates and Internet Explorer 11? IE 11 seems to crashed with the current updates for May 2019 released for Windows Xp. We reached out to MS support but our support period ends in 2 days and 17 hours and no one has replied in a couple days so far. Our IT manager thinks they are just waiting for the time to run out or force us to pay for another 5 years support period to get help with this. I figure I asked here to see if anyone else is having the same issues.

        1 user thanked author for this post.
        • #1785555 Reply
          woody
          Da Boss

          But IE 11 doesn’t work on XP…

          • #1786305 Reply
            anonymous
            Guest

            But IE 11 doesn’t work on XP…

            It does work with Windows XP Pro with MS extended support. MS released a modified version of IE11 for all extend support users for government and businesses. This is why I am trying to figure out if it is the May 2019 updates or may be earlier updates in April 2019, March 2019, etc that is causing the issues.

            1 user thanked author for this post.
            • #1790962 Reply
              anonymous
              Guest

              MS has time updates that disable if you are near the end of payment schedule to force you to update. I heard this from a few people that have Windows Xp Pro support. That might be your only option. Most often once you pay they will help you quickly to resolve the issue. We still have 1 year left for extend support and our Windows XP with IE11 works fine. After that, we will have to renew for another 5 years.

              • #1791587 Reply
                anonymous
                Guest

                That is what we were worried about. It seems will have to pay the $5M for each year to extend for another 5 years.

            • #1826080 Reply
              woody
              Da Boss

              I’m just now catching up. Sorry.

              Two questions:

              • What, precisely, are the symptoms of the crash?
              • Did you get it fixed?
        • #1791594 Reply
          anonymous
          Guest

          Our IT manager thinks they are just waiting for the time to run out or force us to pay for another 5 years support period to get help with this.

          Your manager is right. MS is doing this with everyone. I can bet all that I have that once you pay up MS will give you the fix. MS knows that many companies can not move to new OS and XP is their big money maker with extended support. Our business renewed our support for around $100M ($20M for each year).

          • #1792335 Reply
            Paul T
            AskWoody MVP

            Our business renewed our support for around $100M ($20M for each year)

            At that price, if several organisations got together you could poach MS staff and have them maintain Windows for you for about 10 years. 🙂

            cheers, Paul

            • #1824564 Reply
              Noel Carboni
              AskWoody_MVP

              Or hire a department to fix whatever isn’t compatible and move up to a more modern operating system. Or design new processes around new tools. Or…

              -Noel

      • #1785161 Reply
        anonymous
        Guest

        I have Windows 10 1803 Home.  I need to install the cumulative update and the .NET updates, I think.

        1. Which 1803 cumulative update should I install?  There are 3 of them from May.
        2. Should I install the .NET or the CU first?  I usually install the updates manually.
        3. Should I restart after installing each update separately?  Or can I wait to restart until I have installed both updates?

        Thanks for the help.

        • #1785540 Reply
          PKCano
          Da Boss

          KB4497398 Servicing Stack for 1803 – install first, reboot, wait 5 minutes.

          You do not have to reboot between these:
          KB4499167 2019-05 Cumulative Update
          KB4497932 Update for Adobe Flash Player
          .NET Update
          If you deal with any organization that ends in gov.uk,  you will need KB4505064 (otherwise, you do not need this)

          1 user thanked author for this post.
          • #1787036 Reply
            Tex265
            AskWoody Plus

            Whoa PK

            In a post I made under another Topic, you advised that Windows 10 Updater will automatically provide the updates you need, and the Servicing Stacks will come with the Monthly CU, and Windows will take care of the installation order.

            Also I inquired why on my 1803 Pro, I did not receive the separate .NET update KB4495616?
            No reply from anyone yet. In the Monday’s Newsletter Susan advised OK to install if you received one. Do some receive and others don’t? Should I procure from the MS Catalog?

            Windows 10 Pro x64 v1909 and Windows 7 Pro SP1 x64 (RIP)
            • #1787214 Reply
              PKCano
              Da Boss

              In a post I made under another Topic, you advised that Windows 10 Updater will automatically provide the updates you need, and the Servicing Stacks will come with the Monthly CU, and Windows will take care of the installation order.

              If you read the post you will find that the user specifies a MANUAL install,, not a Windows Update install which you are quoting about.

              No reply from anyone yet. In the Monday’s Newsletter Susan advised OK to install if you received one. Do some receive and others don’t? Should I procure from the MS Catalog?

              You are talking about two different things here.
              If you install from Windows Update, you should install whatever .NET (and other patches)  you are offered b/c it will be what you need.
              Susan’s Master Patch List is for a business environment, where IT knows what to do and when to do it. If you have to ask, you are not in that group and should not be using the Update Catalog.

              1 user thanked author for this post.
              • #1811099 Reply
                anonymous
                Guest

                I am planning to install these 1803 Home version updates tomorrow.  But a different question came to mind as I reviewed your answer (which I greatly appreciate) and the update catalog.

                Which specific .NET update do I need to install?  I used Registry Editor to check which .NET version I am running.  RegEd shows a DWORD value of 461808, which corresponds to .NET version 4.7.2.

                KB4495616 is the only .NET update that comes up as an 1803 update in the catalog, but it specifically says it is for .NET version 4.8.  KB4495590 includes .NET version 4.7.2 but says it is for Windows 10 1809, not 1803.

                I don’t want to install the wrong update and break something on my machine.  And I don’t recall if either of these updates were pushed my way while I was blocking everything.  Unless I can get absolute certainty as to which update I need, I doubt I’ll be installing either one.

                Thanks for your help.

              • #1811100 Reply
                PKCano
                Da Boss

                If you install the .NET update through Windows Update, you do not have to worry about which update to install. Windows Update will determine which one(s) you need and install them accordingly. So, if you have hidden any, unhide it/them and let WU decide what to install.

                1 user thanked author for this post.
              • #1811107 Reply
                anonymous
                Guest

                There are none hidden in wushowhide.  Only the cumulative update was hidden, which I intend to install this weekend.

                As for the .NET updates, I don’t have any idea which one (if any) I need because there are none in wushowhide.

                Does this mean I don’t need to install a .NET update at all?

              • #1811115 Reply
                PKCano
                Da Boss

                If Windows Update is otherwise functioning normally and you are not offered it, you don’t need it.

                1 user thanked author for this post.
              • #1811444 Reply
                anonymous
                Guest

                I will install the cumulative update this weekend and skip the .NET patches for now.  Presumably, Microsoft will try to push the appropriate .NET patch to me at some point in the future if I need one.

                Thanks again for your advice.

      • #1785595 Reply
        anonymous
        Guest

        “I strongly advise against installing Win10 1903 at this point. It ain’t baked.” Sorry Woody, but I already installed it. That being said, I recently finished upgrading all my computers from Windows 7 and 8.1 to 10. And since 1903 was the latest version, I figured why not. I haven’t had any issues aside from one game not working, but I got it working after reinstalling it and DirectX 9.

        On an interesting note, I was able to use the Windows 10 Media Creation Tool and upgrade, and the activations carried over. I’m not sure if that was supposed to work, but it did. Despite the free Windows 10 upgrade ending years ago.

      • #1786449 Reply
        fl
        AskWoody Plus

        Sorry for re-posting, but I wasn’t signed in the first time. That anonymous post just previous was me.

        I’ve been having problems accessing pkcano’s page with all the links for Group B updaters. When I go to the page all the type is greyed out and the links are non-functional. I’ve tried using Firefox on both the MacOS and under Win7, disabling all tracking blockers and allowing all scripts. Same deal with Safari on the Mac, which has no add-ons or other security/privacy protection.

        The fact that I get the same thing under both the MacOS and Win7 suggest that it’s a problem with the page…?

        Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
        MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater

        • This reply was modified 12 months ago by fl.
        • #1786556 Reply
          PKCano
          Da Boss

          It’s a format problem. The print is pale gray, BUT THE LINKS STILL WORK.
          You just have to SQUINT.

          • #1787858 Reply
            fl
            AskWoody Plus

            Well don’t I feel silly.

            I coulda sworn…

            Thanks for all you do to maintain that page.

            Mac Mini v. 6.2 (2012) with Win10 Pro 64 bit v. 1809
            MacBook Pro v. 3.1 (2007) with Win7 32 bit - Group B Updater

            • This reply was modified 12 months ago by fl.
            1 user thanked author for this post.
          • #1790701 Reply
            anonymous
            Guest

            Hi PKC, We hope you get the page corrected sometime. For those having a hard time seeing the text, like me, hold your left mouse button down and drag over it as if you are going to copy it. You can then see the text. This also works on white on white some people do to hide things.

            One can also reset the font display in their browser, but that is a hassle.

      • #1790422 Reply
        L95
        AskWoody Plus

        I have Windows 7 and am in Group B.  Three of the May 2019 updates that PKCano has listed in AKB2000003 are repeats of what we already installed when Woody gave the DEFCON 3 clearance back on May 15, 2019,  namely KB4499175, pciclearstatecache,  and KB4498206.   Do we need to install those three updates again if we already installed them back in May?

        • #1790497 Reply
          PKCano
          Da Boss

          The DEFCON-4 rating is for installing MAY patches. We usually hold off installing the monthly updates until Woody raises the DEFCON number to at least 3. So this was the go-ahead for those patches.

          You do not need to install them twice.

          2 users thanked author for this post.
          • #1810001 Reply
            L95
            AskWoody Plus

            Thanks for your response.  I realize that you usually hold off installing the monthly updates until Woody raises the DEFCON number to at least 3.   But for people who have Windows 7 or XP, Woody raised it to at least 3 on two occasions,  once on May 15th and then again on June 4th ,  and so that’s why I asked.   Thanks again for your response.

      • #1790632 Reply
        Northwest Rick
        AskWoody Plus

        Woody, you are a very entertaining writer:

        “All of the complaints I hear are from those ‘seekers’ who went to the download site and installed 1903 with malice and forethought. A triumph of hope over experience.”

        I literally went through multiple LOL cycles on reading that.

        Of course, my reaction might have been different had I wandered into that trap myself!

        The second sentence is often applied to subsequent marriages. That’s why for me, it was one and done, I didn’t wander into that trap either. How I managed to muster the requisite sense at 30 I haven’t a clue. But 40 years later, I know it was exactly the right strategy.

        2 users thanked author for this post.
        • #1790758 Reply
          anonymous
          Guest

          NorthwestRick, Hear! Hear! A nice comment. I too feel Woody has some very artistic and knowledgeable writhing phrases. I feel many need to know history or old movies(??) to understand some of his lines. I love them.

          Woody, if you have not done it, I am waiting to hear about a bad patch month and people will experiance ….. “the gnashing of teeth”.

          Thank you and your MVPs for being here.

      • #1791330 Reply
        redknight
        AskWoody Plus

        For Win 7 x64 is KB4054530 (.NET 4.7.2) safe to install? I leave it checked every month ever since it came out in 07/2018.  Some months ago a friend installed it on a laptop and she lost all internet connectivity so I uninstalled it for her.  I haven’t installed it on any of my Win 7 machines. Is there any need to upgrade to 4.7.2?  I have 4.6.1.

        • #1791355 Reply
          PKCano
          Da Boss

          I have not installed .NET 4.7.2 on any of my Win7 machines either. Unless you are using a program that requires .NET 4.7.2, there is no need to install it.

          3 users thanked author for this post.
        • #1791688 Reply
          anonymous
          Guest

          Redknight, From what I have read, the newer .Nets have more telemetry. Like PKC said unless you need 4.7.2 don’t get it. For that matter do you need 4.6.1? You may, because of MS Office. .NET 3.5.1 comes with Windows 7, so for me I only update 3.5.1 and use the Security Only version when it is available for that patch month.

          If you get the .NET updates through WU or better still the Security Only -for each of your installed versions- you are more secure.

          I suggest people research if the .NETs they have over 3.5.1 for Windows 7, are actually needed. Like some programs on your computer, you may not even need them if you do not have a program that requires it. If not, then uninstall them. You will close a point of entry to your computer.

          For those interested in .NETs, Arron Stebner has a verification or cleanup tool. You can use it to see which version you have.

          Arron does keep it updated. The cleanup tool is a last ditch uninstall if all else fails.

          .NET Framework setup verification tool and cleanup tool now support .NET Framework 4.5.1

      • #1791589 Reply
        anonymous
        Guest

        I have Windows 10 1709 with quality updates deferral set to 15 days and I still have not received the may cumulative update. Do you know why? I don’t want to click Check for updates…

        • #1791614 Reply
          PKCano
          Da Boss

          To even begin to answer that question, we would have to have the hardware specs of your computer, what your other settings are (assuming Pro version since you have deferrals),  and information about the other software you are running, especially the AntiVirus

          • #1791738 Reply
            anonymous
            Guest

            Yes Pro edition. My antivirus is just Defender. It looks like 1709 pro is end-of-service. And I have set feature updates to 365 days. I’m going to set it to 180 days now…

      • #1791777 Reply
        James Bond 007
        AskWoody Lounger

        Group B, Windows 7 and 8.1 x64.

        I have since patched ALL my systems running Windows 7 and Windows 8.1 to May 2019 patch level all the way from December 2018 level.

        For my Windows 7 systems I installed the security-only patches in the order listed in this post : https://www.askwoody.com/forums/topic/ms-defcon-3-get-windows-xp-win7-and-associated-servers-patched/#post-1633208

        I also installed KB4505050 instead of KB4498206.

        No problems so far. Unless another urgent security problem appears, I probably will not patch my systems again for a few months, having decided some time ago that it is only necessary to patch once every 4-6 months.

        Hope for the best. Prepare for the worst.

      • #1792221 Reply
        PerthMike
        AskWoody Plus

        Discovered a rather odd update on our WSUS server for this month.

        KB4498206 – 2019-05 Cumulative Update for Internet Explorer 11 for Windows 2012 for x64-based computers

        This struck me as odd as I knew that Windows Server 2012 (non R2) never received an Internet Explorer 11 version.

        I was quite shocked upon Googling 2012 and IE11, I found an article from Microsoft that very quietly announced that as of April 2019, Microsoft WAS indeed putting out a new Internet Explorer 11 edition to work on Windows 2012. At the same time, they quietly mentioned that support for the IE10 version would end sometime this year.

        https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Bringing-Internet-Explorer-11-to-Windows-Server-2012-and-Windows/ba-p/325297

        If this has been mentioned before, sorry, but I think this actually is worth highlighting.

        We are stuck with Windows 2012 Datacenter, because our version of VMware ESXI came with that specific version licence at the time.

        The worry is that there is probably a very small installation base, so getting timely reports of bad/buggy updates will be difficult.

        This might warrant a self-contained post, as I could not even find any reports in tech media about this (other than a single article from January on Ghacks, but that was three months before the browser was actually released).

        No matter where you go, there you are.

        • This reply was modified 12 months ago by PerthMike.
        1 user thanked author for this post.
      • #1792579 Reply
        CBA
        AskWoody Plus

        W10 Pro 64 1809.  Questions related to the May 2019 WU updates:

        1. Pause Updates: I have this “on” currently. When I flip the switch to “off”, WU will start checking-downloading whatever is available, however, as I have Quality Updates deferred for 30 days, I, presumably, won’t get KB4494441 (for another 30 days).

        If so, should I download and install KB4494441 (or KB4497934) manually? I don’t want to change deferral to “0” as I don’t know what happens with the WU settings afterwards (like greying out deferral change possibilities).

        2. WU Settings UI after updates: any hints what to expect? Are there major changes coming already with KB4494441, to the UI and/or to the GP settings?

        3. O&O ShutUp10: I use this program aggressively, with most items switched to “green” (disabled). Under the WU section, the 2 items “Automatic Windows Updates” are not disabled.

        But, is the aggressive use of ShutUp10 influencing the pending updates, like “strafing” me for “bad” behavior?

        Thanks.

      • #1792854 Reply
        Mele20
        AskWoody Lounger

        KB4497398 Servicing Stack for 1803 – install first, reboot, wait 5 minutes.

        You do not have to reboot between these:
        KB4499167 2019-05 Cumulative Update
        KB4497932 Update for Adobe Flash Player
        .NET Update
        If you deal with any organization that ends in gov.uk,  you will need KB4505064 (otherwise, you do not need this)

        Why do you need to reboot and wait 5 minutes after getting the servicing stack update before installing the cumulative update for that month?

        • #1792879 Reply
          PKCano
          Da Boss

          The installation of the Servicing Stack needs to complete. Open Task Manager and watch TrustedInstaller and TIWorker.

      • #1793862 Reply
        dwelge
        AskWoody Plus

        I have a lot of older Cumulative Updates from the past showing up in my WSUS console with a May stamp date.  Should I run them all? For example kb4103722, this shows up in an older post from Sept.

        • This reply was modified 12 months ago by dwelge.
        • This reply was modified 12 months ago by PKCano.
        • This reply was modified 12 months ago by PKCano.
      • #1794236 Reply
        Linda2019
        AskWoody Plus

        I wanted to share an unusual experience I had with my Windows 7sp1 PC (64 bit) and OneDrive.  For weeks it stayed stuck on signing in.  When I tried to right-click the cloud notification icon it would just grey out.  I checked the status of the icon and it said “OneDrive is Closing”.  I tried resetting OneDrive, uninstalling it and reinstalling it. I did the Windows 7 troubleshooter for internet connection problems.  I ran and SFC scan and did a CheckDisk.  Nothing came up as an error.

        When I did reinstall, the app worked fine for the duration I was on the computer.  Yet when I signed back on the next day, it was still stuck at signing in.

        I uninstalled April and May updates.  Tried to reinstall OneDrive again – still no good.  I checked the Microsoft support site to see if anyone else had these problems and I found I was not alone.  Even with the same time frame of onset of problems.  So I tried to reinstall the May updates and  then reinstalled OneDrive again, and it started working again.  Just wanted to share.

      • #1794470 Reply
        NetDef
        AskWoody_MVP

        Article today, saw the tweet yesterday.

        The RDP exploit NDA’s are going to drop soon.

        It only takes ONE vulnerable machine on your network to infect everything else behind your firewall.  By piggybacking payloads that can target newer OS’s, access to the first machine remotely could trigger a multipronged attack on your servers, other workstations — even if they are patch for this specific vulnerability.  (Of course – the same is also true for that one employee that clicks the link in a phishing email . . . .)

        More analysis at ArsTechnica: https://arstechnica.com/information-technology/2019/06/new-bluekeep-exploit-shows-the-wormable-danger-is-very-very-real/

        Please get patched!

        ~ Group "Weekend" ~

      • #1794784 Reply
        Latka
        AskWoody Plus

        External HDMI monitor port broken by KB4494441 Cumulative Update 2019-05

        Per Woody’s MS-DEFCON 4, installed updates for Windows Home x64 vers. 1809.  After restart, system was at build 17763.503, but the external HDMI monitor stopped working.

        After uninstalling and hiding KB4494441, system was at build 17763.437 and the HDMI monitor works just fine again.

        (System:  Lenovo Ideapad Flex 6-14IKB 2-in-1 laptop (EM81) with Dell P2418D external monitor)

        • This reply was modified 11 months, 4 weeks ago by Latka.
        1 user thanked author for this post.
      • #1796784 Reply
        CBA
        AskWoody Plus

        In spite of concerns voiced in #1792579 I went ahead and un-paused my W10 1809 and, to my surprise, WU installed all pending updates, KB4494441 included.  After a forced reboot I did a 2nd reboot .. per the Patch Lady’s recommendations.  It all looked good, except:

        The win-version was stuck on April.  After a check updates, KB4494441 popped up once more and a 2nd install-reboot was forced.  Thereafter the the correct version 17763.503 showed.  As far as I can determine, this is not an uncommon thing.  What gives?

        Possibly unrelated, but, I noticed under “View configured update policies” that I have opted for the Windows Insider Program .. even though I know I have not.  What gives?

        • #1796792 Reply
          Alex5723
          AskWoody Plus

          After a check updates, KB4494441 popped up once more and a 2nd install-reboot was forced.  Thereafter the the correct version 17763.503 showed

          I have installed KB4494441 only once with no reboot and got version 17763.503.

          • #1796798 Reply
            CBA
            AskWoody Plus

            After a brief online search I found that a 2nd install of KB4494441 is not uncommon.  I’m not sure why or what triggers it.

            If I hadn’t checked winver I wouldn’t have noticed.  If this means KB4494441 didn’t install the 1st time (view updates showed installed) or just that the version wasn’t updated .. dunno.  Maybe someone in the know .. knows!

            • This reply was modified 11 months, 4 weeks ago by CBA.
            • #1796801 Reply
              PKCano
              Da Boss

              Perhaps the first reboot installs the Servicing Stack (there was a new one for 1809 which has to be installed exclusively) and the second install/reboot actually installs the CU. I’m just guessing MS hasn’t got updates to act right sometimes.

      • #1801085 Reply
        KevinTMC
        AskWoody Plus

        I’m being offered KB4494452 for my machine running Windows 10 1709. This is one of the patches listed at the bottom of the Master Patch List under “MDS”; I’m not sure whether it’s being recommended that we install this now or wait.

        Also, for 1803 and 1809, this section says “KB Microcode not yet available”; should we be actively on the lookout for the release of similar patches for machines running 1803 and 1809?

        (I never did install the microcode patches from last year, as the sense around here was that the risk was illusory and the patches problematic. Not sure to what degree this is a continuation of that same story or something new.)

        ---
        Home machines: Windows 7 Home (Group B)
        Work machines: Windows 10 Enterprise (1809)

        • #1801350 Reply
          PKCano
          Da Boss

          According to my notes, KB4494452 is an Intel microcode patch. I would not recommend installing it. There is no exploit in the wild at this time to necessitate it.

          2 users thanked author for this post.
          • #1804067 Reply
            OscarCP
            AskWoody Plus

            A week ago, I installed the usual Group B updates for May without problems, and I just found here, reading the previous entries, about KB4494452, a patch that I hadn’t heard of before — or been offered already through Windows Update for consideration.  So I looked in the MDS section of the Master Patch List, and all it says there, for Windows 7, is: “Registry AMD / Intel + BIOS”. No mention to the KB in that entry.

            Does that mean something like: “check this Registry record, and if it does not show the update has been installed, ask your manufacturer for it?” That would be my best guess, right now.

            By the way, I do not want to install this update in the BIOS at this time. But I would like to understand this better.

            Windows 7 Pro, SP1, x64, Group  B + M&L

            Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

          • #1811102 Reply
            walker
            AskWoody Lounger

            @PKCano: This is not relevant to the post you made, however I could not locate anything that would address my question.

            I installed the May updates when they were available, and had no problems with them. I have now checked for “updates”, and there is nothing showing any June updates.  There are only two items, and they are the Windows Malicious Software Removal Tool which I don’t use, and the other one is the Windows Defender update, showing Definition 1.295.207.0 showing a date of June 6, 2019 (which I don’t use either).

            Is there any reason that I am not seeing any June updates at all?  These were the only two in the Important List, both checked.  Nothing in the Optionals  (only 2 items) checked.

            This is the first time I have ever seen no “new” updates for the current month.  If anyone would know a possible reason it could only be you as you are so knowledgeable, and possess an outstanding wealth of expertise.  Thank you once again for all of your help.  I am Win 7, Home Premium, Group A, and no sophisticated programs.  I am baffled by this situation.  Once again Thank You, very, very much.

             

            • #1811106 Reply
              PKCano
              Da Boss

              @walker
              Today is June 7th.

              Patch Tuesday is the second Tuesday of the month. June patches aren’t released until June 11th – that’s next Tuesday. And we don’t install them right when they are released either. So, be patient. You haven’t seen them because they aren’t here yet!

              • #1825184 Reply
                walker
                AskWoody Lounger

                @PKCano:   Please accept my apology for the question about “June Updates”.   I am very embarrassed that I overlooked the “Patch Tuesday”, and bothered you with another question.  Thank you for setting me straight on that…..  As always, I sincerely appreciate the time you take to help so many members, and the fact that your expertise is admired, and amazing.

                Thank you so very, very much!

          • #1837865 Reply
            CBA
            AskWoody Plus

            I was just offered KB4465065 (Intel MicroCode) through WU.  Should I install it on my new Intel Core i7-8700 (W10-64 1809 build .503) computer?

            • #1838054 Reply
              PKCano
              Da Boss

              I have not been installing any of the Intel microcode patches on any of my computers. There is no exploit in the wild as yet to justify the installation.

              • #1838055 Reply
                CBA
                AskWoody Plus

                Okay, thanks!  Not sure you agree, but, according to Tenforums, this update concerns a code already installed as a .dll file in System32 (mcupdate_GenuineIntel.dll).

                The WU update would just update this file.  It may well not be that simple, however, I have that file with a file date of 09/18/2018.

      • #1803730 Reply
        GoneToPlaid
        AskWoody Plus

        Oh really. I installed the May security only u0date for Windows. That took just fine with no issues. Then today I downloaded and installed the May cumulative update for IE11. After installing that, I was immediately presented with corrupted Recycle Bin errors, even though there was nothing in my Recycle Bin for all hard drives.

         

      • #1806872 Reply
        gborn
        AskWoody_MVP

        Woody: If you’re running Windows 7, Vista, or XP — or Server 2003, 2008 or 2008 R2 — you need to get patched now. No, there aren’t any known BlueKeep explo

        FYI: Just in case you need a quick & dirty solution to check, if systems are vulnerable, I’ve created a small ‘how to’ that explains how to search the control panel for updates, how to use a small patch program I wrote and how to do a network scan. Maybe it is helpful for some people.

        How To: BlueKeep-Check for Windows

        Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author

        https://www.borncity.com/win/

        1 user thanked author for this post.
      • #1809808 Reply
        anonymous
        Guest

        ? says:

        thank you, gborn for the excellent article. i looked at my HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer>fDenyTSConnections key(s) and it is set to 1 (deny). actually on some machines (Win7 Pro) registry search it is in CurrentControlSet 1 and CurrentControlSet 2 (on the whoops “recovered” machine). the RDP in Services is set to run manually and according to Steve Gibson port 3389 is closed off

        fDenyTSConnections from:

        Methods to Enable and Disable Remote Desktop Locally

        happy computing!

      • #1811089 Reply
        anonymous
        Guest

        ? says:

        i know. i know, i’ll go play outside (after i batten down these hatches)

        https://docs.microsoft.com/en-us/windows/desktop/termserv/disabling-terminal-services-features

        clipboard? printer? when does a helpful “feature,” become an adversary?

        • #1811097 Reply
          jabeattyauditor
          AskWoody Lounger

          when does a helpful “feature,” become an adversary?

          When the bad guys are looking for a convenient method to exfiltrate your data…

      • #1812521 Reply
        Lori
        AskWoody Plus

        I wanted to ask about Office Updates on Windows 8.1 with CTR. I haven’t installed any Office updates in 2019. Either by the time the Defcon rating is ok to install monthly updates, or I “catch” the official ok and do my system image (my fault!); quite often the new non-security Office updates for the next month are already out. As the new updates aren’t approved yet; and I can’t pick and choose Office updates with CTR, as I do on my Windows 7 pc… I don’t update Office at all. Are Office updates ever so critical that I can’t wait on them? Is there a way to update Office without using CTR? Thanks.

        Windows 8.1|64-bit|Home Ed|Office Home and Student 2013 (standalone)|Current Office version is 15.0.5041.1001.

        • #1812523 Reply
          PKCano
          Da Boss

          Office C2R updates are up to Microsoft.
          However, there is a Semi-Annual Channel for them that will reduce the frequency so you are not hit with updates monthly (or more frequently). Susan Bradley has talked about it on AskWoody, but you may also find the information somewhere in the program’s settings, or here on the Microsoft website.

          1 user thanked author for this post.
          • #1812731 Reply
            Lori
            AskWoody Plus

            Thanks! I have Home and Student 2013 (non-subscription), not Office 365. When I bought it, it didn’t use CTR; but back then, I let things auto-update and CTR installed. Now, I keep updates disabled. The MS Catalog has individual security updates, but says they’re for MSI products only. (I don’t care about “improvements”.)

            My apologies! I’d read the semi-annual channel update info, but forgot it as it didn’t directly apply to me. But I see your point. If others only update semi-annually; unless I see something urgent here, I’m ok updating my product a few times a year too.

      • #1838013 Reply
        Alex5723
        AskWoody Plus

        I was just offered KB4465065

        I was just offered KB4465065 for 1809 Pro today as well (its 02.2019 patch). Installed with no problems so far.

        Spectre Variant 3a (CVE-2018-3640: “Rogue System Register Read (RSRE)”)
        Spectre Variant 4 (CVE-2018-3639: “Speculative Store Bypass (SSB)”)
        L1TF (CVE-2018-3620, CVE-2018-3646: “L1 Terminal Fault”)

        • #1838044 Reply
          CBA
          AskWoody Plus

          I did hide it for now.  But, according to Tenforums, this is an update of a code already installed, so running the WU update would just update the mcupdate_GenuineIntel.dll file in System32.

          I’m mostly worried about a CPU slowdown .. as widely reported.  But, that may be fake news.

      • #1838165 Reply
        Alex5723
        AskWoody Plus

        mcupdate_GenuineIntel.dll

        I also had previous versions of mcupdate_GenuineIntel.dll but files doesn’t have the same file sizes.

        Attachments:
        • #1838244 Reply
          CBA
          AskWoody Plus

          I still have the 1,544 KB file dated 9/15/2018 in System32 as I haven’t updated.  But, frankly, I’m not 100% sure this is indeed related to the KB4465065.

          All PKC said above was that he hasn’t installed any Intel microcode patches on his computers.  I have to look into this before I unhide this KB.

          • #1838256 Reply
            PKCano
            Da Boss

            My mcupdate_GenuineIntel.dll dated 9/15/2018 in System32 as well.

          • #1838710 Reply
            Alex5723
            AskWoody Plus

            I’m not 100% sure this is indeed related to the KB4465065

            It should be. KB4465065 was the only update installed today, June 12, on my 1809 pro.

            What I don’t understand is what has triggered this 2.2019 update after 4 months ( Intel i7-8570H) .

            • #1838749 Reply
              PKCano
              Da Boss

              KB4465065 is an Intel microcode patch. It has been updated and reissued multiple times with the same KB number. What you have is not the Feb version of the patch, but the 6/11 version. Please see the Microsoft Update Catalog for information.

              • This reply was modified 11 months, 3 weeks ago by PKCano.
              1 user thanked author for this post.
              • #1838752 Reply
                CBA
                AskWoody Plus

                Is the KB4465065 patch reverse-able (removable) or is it a BIOS flash update?

              • #1838754 Reply
                PKCano
                Da Boss

                It is not a BIOS Flash update.
                It is a Windows software update.

              • #1838758 Reply
                CBA
                AskWoody Plus

                So, if I uninstall KB4465065 I’m back to where I was before updating?!  No lasting “damage”?  Haven’t installed it, but, want to know regardless.

                • This reply was modified 11 months, 3 weeks ago by CBA.
      • #1838164 Reply
        anonymous
        Guest

        Win10 Home v1803 x64

        Dell XPS15 laptop

        Because of a deadline, I did not take a disk image as planned 2 days ago.

        It is mid-morning and the deadline was achieved.  OK, now for the housekeeping.

        Switched on, connected the USB drive and started Macrium.  Set the backup running.  Checked.  Walked away.  20 minutes later – why do I have the log-in screen?

        Yep, Windows rebooted mid-backup despite “Active hours” set to 0800 to 1700hrs.   KB4346084 was the guilty update.

        It could have been worse… But grrrrr!

        1 user thanked author for this post.
      • #1838760 Reply
        Alex5723
        AskWoody Plus

        What you have is not the Feb version of the patch, but the 6/11 version.

        Thanks. My 1809 is deferred to SAC/120/21 so why didn’t Microsoft honor my settings ?

        • #1838765 Reply
          PKCano
          Da Boss

          KB4465065 is an Intel microcode patch.
          KB4465065 is neither a Feature update nor a Quality update.
          Microsoft DID honor those settings.

          • #1838806 Reply
            Alex5723
            AskWoody Plus

            Microsoft DID honor those settings

            So, Microsoft has several types of updates :
            Feature updates
            Quality updates
            Other Microsoft products updates
            Other 3rd party updates distributed by Microsoft that can’t be deferred.
            🙂

            • #1838839 Reply
              PKCano
              Da Boss

              I use these Windows Update settings. So far, I have avoided KB4465065, KB4023057, drivers, forced updates and forced upgrades with the Win10 Pro.

              Don’t know how that’s going to work with 1903, considering the ongoing debate about those settings disappearing from the GUI. I upgraded one of my 1809 VMs to 1903 and can verify the deferral settings are no longer in the GUI (disappeared). I blew the 1903 VM away (not going there yet) and restored the 1809.
              I’m waiting to see what Microsoft does. Was it unintentional on their part and they will restore the settings? Only time will tell.

    Viewing 30 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MS-DEFCON 4: It’s time to get the May 2019 Windows and Office patches installed

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel