Only one season for Windows and Office patching

Topic

New Reply

---

PATCH WATCH

Only one season for Windows and Office patching

By Susan Bradley September is the start of another school year for many children, but Windows patching is a never-ending lesson in new vulnerabilities. This month is fairly typical for the number and variety of updates. But an Edge patch proves that no software is perfect.

---

The full text of this column is posted at windowssecrets.com/patch-watch/only-one-season-for-windows-and-office-patching/ (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

Reply | Quote

Replies

On Windows 7 Pro I am also seeing Security update 3083992 – Update to improve AppLocker certificate handling. The description says:

The update improves certain publisher rule scenarios for AppLocker. After applying this defense-in-depth update, AppLocker will no longer use the current user’s certificate store for publisher rules.

and the FAQ says:

What does the update do?
The update corrects how AppLocker handles certificates to prevent bypassing publisher rules.

This sounds like a good thing but there is no mention in either the knowledgebase article or the security advisory of any possible side-effects of installing this update. Do I assume that it is safe to install?

Thanks,
patermann

Reply | Quote

Thanks as ever Susan for the informative article and advice.

Like patermann, I am being offered 3083992.

I note your advice about 3087039 relating to a graphics component that may prevent games from running. Interestingly, that warning is not evident on the information page for that update but it is on the information page for 3086255 which I am also being offered although you haven’t mentioned that update. I am holding both updates pending clarification and further advice, not least as I am a keen gamer and have no intention of installing any update that may prejudice my gaming.

You advise holding 3092627 pending further advice. This seems to be a hotfix for any issues encountered with the earlier 3076895 which I installed last month without any problems. I am holding it in accordance with your current advice.

Lastly, I am also being offered 3083324 which appears to be the latest in a series of Windows Update system updates and may also be Windows 10 marketing nagware. It was offered initially as an optional patch according to an article by Woody Leonhard. As such, I am holding it for now.

https://www.askwoody.com/2015/dont-check-box-stealthy-win7-patch-kb-3083324-arrives-warning-documentation/

Again, many thanks!

EDIT: This is in relation to Windows 7.

Reply | Quote

I installed all the updates except KB3083992, and KB3086255 and as others have mentioned, I didn’t see them mentioned on Patch Watch.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

We noticed KB 3083992 on a Win7 machine but did not have time to investigate it. Based on the description, it’s not a fix for a vulnerability, but a security enhancement. We’ll see if we can get more information on it, but we don’t think it’s critical to install it immediately.

Reply | Quote

I’ve also gotten offered the above mentioned patches, as well as about 10 others not listed. Seems these are the ones from last month you suggested we give a pass to.

The current approach to patching seems a little odd. After all these years of carefully choosing which patches to install and which to wait or avoid, Win10 takes away that choice. That has simply been accepted, yet at the same time the old advice is being used for everything prior. And other columnists are observing that you want to be fully patched before making some kinds of upgrades.

So there is now 2 competing approaches running concurrently and one cannot be taken forward. If you have systems running several OS’s, do you really want to be using multiple approaches to maintain them? Perhaps Patch Watch needs to shift some into focusing on problematic patches, like the game issue and urgent fixes and let go of all the other detail. Or maybe summarize, like saying there’s a batch of Office fixes for X. I’m rarely finding the list is complete anymore anyway or the numbers vary from whats listed by OS sometimes. And it must be a ton of work trying to list everything that we’re all just going to install anyway.

Thoughts?

Reply | Quote

Thoughts?

I setup a Home Network of 3 NAS, Home Entertainment including Boxee, 2 Routers in different configurations and a workstation PC which I NAMED. That was started on W 7 through W 8 and W 8.1.

When I started as on the Insider Program in the first Build of W 10, the OS assumed the NAME of my Home Network was My Organizational Name, what I assume is like a virtual Domain??? This then does not seem much different than being behind a domain and/or connected to WSUS. I prefer altering the Registry over the Group Policy method so with a bit of Registry dexterity, I have Windows Update as locked down as I have had it, since W 7. With the use of KB3073930 – Show or hide updates troubleshooter package now.diagcab, I can see MOST of what is available on WU, MOST of the time. If I am checking for updates I am usually ready for Downloads and I still have the time control available anyway.

As an Insider. I can change to the Fast Ring and with in a few minutes to about 4 hours and Clicking Check for Updates, down will come the next Build(Flight). Again the time control is there. I grab the “Install.esd” convert it to an ISO and Upgrade from the ISO.

The point I am trying to demonstrate is that I have found away to stay in full control and meet my own timing, NOT TO AVOID UPDATES! I want the updates, just on my schedule not Gabe Aul’s. I should also say I have not Upgraded my Main or Test W 8.1 partitions yet.

42034-Windows-10.0-Pro-TH2-SR0-10532-2015.09.10-Capture

Best Regards,

Crysta

--------------------------------------

1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable

2xMonitors Asus DVI, Sony 55" UHD TV HDMI

1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.

-----------------

Reply | Quote