Patch Alert: Where we stand with the August 2019 patches

Topic

New Reply

Overview in Computerworld Woody on Windows.
[See the full post at: Patch Alert: Where we stand with the August 2019 patches]

5 users thanked author for this post.

Chessie, geekdom, SueW, AJNorth, fernlady

Reply | Quote

Replies

woody

now 1903 users get the non-security update KB4512941 – just shown up today Aug. 30 after 10am pacific time on MS Update Catalog

http://www.catalog.update.microsoft.com/Search.aspx?q=4512941

Edit: only the 32bit/x86 version of the KB4512941 update is currently available in the Update Catalog; 64bit versions coming a little later

3 users thanked author for this post.

woody, geekdom, Microfix

Reply | Quote

Just in time for my Computerworld article – which takes MS to task for its laggardly ways.

Reply | Quote

64-bit is now there as well just turned up. Embrace yourselves!

1 user thanked author for this post.

geekdom

Reply | Quote

yup along with the new KB4515530 servicing stack update for v1903
http://www.catalog.update.microsoft.com/Search.aspx?q=4515530

1 user thanked author for this post.

geekdom

Reply | Quote

And .NET updates as well apparently

https://support.microsoft.com/en-gb/help/4511555/august-30-2019-kb4511555

And on that bombshell…

2 users thanked author for this post.

woody, geekdom

Reply | Quote

Black Friday at last

3 users thanked author for this post.

lanceboil, woody, Microfix

Reply | Quote

you’ve been waiting for this all week
https://support.microsoft.com/en-us/help/4512941/windows-10-update-kb4512941

Windows - commercial by definition and now function...

Reply | Quote

[Alex5723]

Microfix wrote:

you’ve been waiting for this all week
https://support.microsoft.com/en-us/help/4512941/windows-10-update-kb4512941

And here is something unusual :

Known issues in this update

Microsoft is not currently aware of any issues with this update.

Finally a bug free Windows 10 version. /s

• This reply was modified 5 years, 8 months ago by Alex5723.

Reply | Quote

Don’t count on it. I installed the update, then had to restore from a backup because it would cause Cortana to eat up 20% of the CPU and the search function no longer worked.

1 user thanked author for this post.

geekdom

Reply | Quote

Another anonymous here, confirming a problem with a Cortana process that sucks up an entire core and doesn’t finish, with search not working (the box pops up, you can type into it, but then nothing).  Uninstalling KB4512941 seems to have fixed things.  Aside:  that’s a download-and-install-now patch, but wushowhide.diagcab didn’t see it.

Reply | Quote

First anonymous. I’m glad to know I wasn’t the only one having this problem. Does nobody at Microsoft test these updates before shipping them out? You’re lucky that you were able to uninstall it. It would not let me uninstall it no matter what I did. I had to restore my system from a backup. If not for that, then I would have had to reinstall the entire OS.

Reply | Quote

Yet another anonymous.

Of course they test them. Just not with every possible brand of PC or combination of components and software. In times when complexity increases, I suspect cost-cutting reduces levels of testing compared to 5 years ago, 10 years ago, 20 years ago, etc.

Reply | Quote

Honestly.. this is the mess they deserve for forcing the hardware to adhere to the OS development cycle.

In the “old” way of doing things, the OS had a relatively static set of minimum requirements for some number of years that OEM vendors could test against. New hardware came out, and could be tested against that baseline to make sure it ran properly.

Now the OS is in the driver seat, and the hardware requirements are a moving target that no one can actually test to, because the software is moving too fast to properly design for. They’ve thrown the cart so far ahead of the horse, the cart is careening down a mountain toward a cliff, and the poor horse is just tumbling behind it on four broken legs.

Reply | Quote

anonymous wrote:

Yet another anonymous.

Of course they test them. Just not with every possible brand of PC or combination of components and software. In times when complexity increases, I suspect cost-cutting reduces levels of testing compared to 5 years ago, 10 years ago, 20 years ago, etc.

This bug has nothing to do with hardware or 3rd party software. Cortana and search are build-in functions of Windows OS.

Reply | Quote

You must realize…YOU are Microsoft’s tester…their own either don’t exist, have learned nothing since highschool!

Reply | Quote

Yo, anonymous! (You guys really should sign up for an account.)

Günter Born has a workaround.

The problem is caused by a corrupt cache in

c:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\cache\

The solution is to replace that folder with an old, correctly functioning version. Born has links.

2 users thanked author for this post.

Elly, geekdom

Reply | Quote

Got this from tenforums and it worked for me:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search]
“BingSearchEnabled“=dword:00000001

Reply | Quote

However, that registry entry enables Bing search, which a great many of folks around here don’t care for or don’t care to use., especially when they’re just looking around their PC, not out on the Web, and don’t even want search results from the Web.

1 user thanked author for this post.

Elly

Reply | Quote

KB4512941 for 1903 just dropped.

Once again,  Microsoft’s “latest and greatest” Windows 10 gets to be the last one. And since we’re in for next month’s updates in just ten days, I gotta wonder, is there a point for this kind release cycle? Most users who are on 1903 and just go with default automatic update settings have been scratching their heads over two weeks, wondering why their VB apps stopped working.

Microsoft seriously works hard to make being on their latest Windows 10 unrewarding for users.

3 users thanked author for this post.

Charlie, lanceboil, woody

Reply | Quote

Woody’s Computerworld article is now available:

https://www.computerworld.com/article/3216425/microsoft-patch-alert-full-of-sound-and-fury-signifying-nothing.html

1 user thanked author for this post.

abbodi86

Reply | Quote

Woody, as well as those commenting here: Thanks for the heads up!

Now, about this, from the “Computerworld” article:

” Microsoft somehow managed to mess up Visual Basic (an old custom programming language)”

I know of some groups within a big aerospace organization in Europe that are still using DOS scripts, because these still work for them. Maybe those people are not the only ones? I would guess probably not.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

@Woody Sorry, there’s a typo in your CW article.

There’s an entry “1” in the first dotted list. MS patching integers now?

Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity.

1 user thanked author for this post.

woody

Reply | Quote

HA! Yep, Windows 1….

Actually, it should’ve been 8.1.

1 user thanked author for this post.

Elly

Reply | Quote

Folks running applications in any of those languages would, on occasion, receive “invalid procedure call error” messages when using apps that had been working for decades.

“On occasion” makes this precisely correct.
I’ve had no issues with 1903 and its August patches. No warranty implied, YMMV.
Even /r isn’t screaming [blue] murder about 1903 and August patches, and that’s typically one of the first places that will do so.

Reply | Quote

For those of us still interested in the wonderful Windows 7:

According to AW Topic 2000003, the Aug 2019 KB 4517297 Security Only update (Released 8/16) fixes VB6, VBA,VBScript for Win 7.  Still so?  Didn’t see any mention of it in Woody’s CW article.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

Still so.

Reply | Quote

? says:

don’t forget the KB3133977 (hurt) bit-locker patch? and KB4474419-v2 plus KB4490628 plus pciclearstalecache plus the August SO plus the August IE and…

ps thank you for helping thefamilyitguy, made for some very interesting reading and you didn’t even break a sweat!

2 users thanked author for this post.

Lars220, PKCano

Reply | Quote

Here’s a data point for the Wonderful World of Windows 7.
Win 7 Starter 32 bit (guinnea pig machine)

Installed KB4474419 (latest SHA-2 patch), 4512486 (Security Only), 4517297 (VB fix), and 4511872 (IE 11), in that order, with a restart after each. Before any of these, made sure 3133977 was installed.

No problems, all went in smoothly and relatively quickly. The only unusual things were a double shutdown/restart (that happened automatically) for the SO patch, and Windows Media Player was not broken (!! Snark, Snark, because it usually does break and requires a reset).

Based on that I might move on to a few 64 bit machines over the long weekend (or maybe not)

4 users thanked author for this post.

jburk07, Charlie, SueW, Lars220

Reply | Quote

What is 3133977?

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

Here is the MS information page about KB3133977.

1 user thanked author for this post.

Charlie

Reply | Quote

So it looks like KB3133977 is required in all cases before doing the Group B Security Only Win 7 August updates?  As DrBonzo stated: “Before any of these, made sure 3133977 was installed”.  This would seem to indicate that KB3133977 is the starting point before doing anything else.  Am I understanding this correctly?

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

I, for one, can’t say with absolute uncertainty that 3133977 MUST be installed, but it seems very likely from reading the MS support pages that if it isn’t installed AND your machine does an EFI boot, then you likely will have issues.

In my case, every WIN 7 machine I’ve patched already had 3133977 installed, and everything worked out fine.

3 users thanked author for this post.

Myst, SueW, Charlie

Reply | Quote

I did a couple more Win 7 machines last night, both x64, Pro SP1. Same scenario, procedure, and results as above with a Win 7 Starter machine.

With all the hoopla this month, I was expecting a rough ride, but so far the patch installs have been almost boring. For a variety of reasons – none of which are technical – I’m updating before Woody moves to DEFCON 3, so this is testament to Woody’s sage advice of waiting a while before patching.

3 users thanked author for this post.

jburk07, dgreen, SueW

Reply | Quote

KB4517297 is listed by MS as just an Update, not a Security update.

https://support.microsoft.com/en-us/help/4517297/windows-7-update-kb4517297

and   https://www.catalog.update.microsoft.com/Search.aspx?q=KB4517297

but it is noted that if you install this, you don’t need to install the Security Only update for August.

I’ve updated four Windows 7 computers with this and the IE Security only Cumulative update, 4511872. I updated on Monday, 26th, and have had no issues with any of the computers.

Got coffee?

2 users thanked author for this post.

SueW, Lars220

Reply | Quote

[CraigS26]

EP wrote:

yup along with the new KB4515530 servicing stack update for v1903
http://www.catalog.update.microsoft.com/Search.aspx?q=4515530

Nothing in Check for Updates yet.

I’m 95.46% sure that the June 27 Service Stack was installed Automatically WITH the Cumulative Update. Is THAT a correct assumption OR are we supposed to Install this one manually B4 the new Updates? Thanks!

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

• This reply was modified 5 years, 8 months ago by CraigS26.

Reply | Quote

If you use Windows Update to install the CU, the corresponding Servicing Stack should be applied automatically with the CU.

If you install the CU manually, that’s another story. You would need to install the Servicing Stack manually first.

1 user thanked author for this post.

CraigS26

Reply | Quote

The next “Patch Tuesday” is September 10, 2019. What happens if August Microsoft patches are insufficiently robust to warrant MS-DEFCON 3 by the time September Patch Tuesday arrives?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Past precedent is that we would, in those circumstances, be advised to give all or some of the August updates a miss with a view to seeing if the problems were resolved in the September updates.

3 users thanked author for this post.

dgreen, Alex5723, woody

Reply | Quote

[geekdom]

BlueKeep is at the gate. Any early installation of this month’s patches required additional patches to correct errors in the first patches.

If September looks like August, patching is unlikely.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

• This reply was modified 5 years, 8 months ago by geekdom.

Reply | Quote

[CraigS26]

PKCano wrote:

If you use Windows Update to install the CU, the corresponding Servicing Stack should be applied automatically with the CU.

If you install the CU manually, that’s another story. You would need to install the Servicing Stack manually first.

Thanks & Understood – and KB 4515530 Svc Stack DID Install automatically again. It Appears in Control Panel Update History — BUT NOT in Settings Update History, although the June Svc Stack Update DID Appear via Settings. W10 now 18362.329.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / Macrium Pd vX / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU = 0

• This reply was modified 5 years, 8 months ago by CraigS26.

Reply | Quote

Turned on my WIN7 x64 machine this morning and Windows Update stated:

Most recent check for updates: NEVER

Updates were installed: NEVER

So I checked for updates and it returned (10) Important. Of those, 4 are current [August] and I’ve been holding off installing until we get the all-clear from Susan. Now the other 6 are OLD patches. Why are they being pushed out (again?)?

KB3068708 6/9/2015
KB3138612 3/8/2016
KB3150513 5/11/2016
KB3161102 9/13/2016
KB3170735 7/12/2016
KB3172605 9/13/2016

Anybody know what’s going on with the Softies?

 

Reply | Quote

Hide KB3068708 and KB3150513  – they are related to telemetry.

The other four are OK to let install. They are probably there due to metadata/supercedence changes. If you let them install, Windows Update will handle them correctly. They will do nothing if not needed/superceded, but it will satisfy Windows Update so they won’t be offered again.

Reply | Quote

Thank Boss, for doing the heavy lifting. You never fail!

Reply | Quote

Your list has patches from before bundling occurred, Oct. 2016. My guess is that you had them hidden if you read Woody’s on what to avoid.

3068708 is telemetry; you probably don’t want to install it.

3138612 supercedes 3135445 from the previous month; I had 3135445 hidden (probably because I read problems with it)  but I did install 3138612

KB3150513 has something to do with enabling upgrade to Windows 10

https://www.computerworld.com/article/3065380/mystery-solved-kb-3150513-is-another-windows-10-update-enabling-patch.html

*KB3161102 the date you have is not correct. It was issued in July, not September https://www.askwoody.com/2016/windows-journal-enters-the-last-lap-with-kb-3161102/

KB3170735 also has to do with Windows Journal; from what I read, it alerts you to future developments in Windows Journal. I was not offered this

KB3172605 replaces a buggy patch; might be optional. I only have one computer with bluetooth and I don’t install optional patches so it is not in my notes for installed patches.

Got coffee?

Reply | Quote

Thanks plodr, you are correct. They were hidden. For some reason Update decided to reveal them to confuse me. Have a cup of Peete’s on me.

Reply | Quote

“We found out that the August Security-only Win7 patch does NOT contain the telemetry subsystem so evident in the July Security-only patch.”

So I have already installed the Windows 7 Security Only Aug 2019 update and the IE 11 cumulative update for Aug as well on my laptops. But I will forever skip the and July Security only Win 7 updates and maybe just maybe some later month’s patching may just overwrite the same DLLs/Kernel code that where patched in the July 2019 security only update. And at the rate that MS has to fix things that DLL turnover to newer re-compiled versions is probably rapid enough that some July 2019 issues may get fixed by pure happenstance later on. MS’s build libraries for Windows 7/other OSs probably have seen plenty of DLL/other component turnover over the years and things having to get refactored so often.

I hope that MS keeps the Update servers turned on for Windows 7 for a good while after Jan 2020 because I plan on re-imaging my Windows 7 laptops from their recovery DVDs and getting a good clean fresh install going forward. And that’s with one Windows 7 Pro laptop, that actually came with a Windows 8 Pro license, getting Windows 8 installed and upgraded to 8.1 with all the security updates as well.

But Windows 10 is still a Beta train-wreck in progress and MS is probably not supprised why so many still want to avoid Windows 10 as long as possible.

I hope that they vetted that KB4517297 patch that fixes the VBA scripting issue in KB4512486 for spyware as well and they probably have. I’ve only installed KB4517297 as that contains all the the earlier Aug 2019 patch fixes plus the VBA Issues as well for Windows 7.

Reply | Quote

Ok, Win 7 Ultimate 32-bit Group B, hadn’t installed the July patch, now installed that too, so it was the new version of 4474419 from Windows Update, reboot, then 4507456 (July SO), 4511872 (August IE), 4517297 (patched August SO), so without the initial buggy August SO, since it says just the patched one is needed, rebooting again after installing all 3 one after the other from Catalog.

Double reboot after installing the 3 patches, which was expected, also expected was to have that compatibility appraiser task show up, and the upload info one get modified and enabled, after reboot, so deleted both. But another thing I noticed since then is “WinHTTP Web Proxy Auto-Discovery Service” start every 30 min, and stop after 16-17 min, so actually running the majority of the time. Disabled it, since I’m not behind a proxy, but what’s that about?

— Cavalary

Reply | Quote

I would invite you to take a look at AKB2000012 about neutralizing telemetry introduced by the July SO.

Reply | Quote

Did, but not seeing anything about that Web Proxy service there.

Reply | Quote

Just for the heck of it, I installed the Aug. updates on Windows 10 1809 this morning. I also went ahead just to see what would happen, and installed KB 4486153  .Net 4.8. My Brother MFC-9130CW printer /scanner would no longer scan without bring up an error. I checked and my hardware and software  was up to date. I uninstalled the .Net 4.8 and it’s working just fine. The advice not to install the .Net update was good advice. If you do install it, check your devices to see if they still work. If you do have problems, uninstalling will fix them. I also did my Windows 7 and all went well there also. ( Did not install the optional .Net update ) I imaged both PC’s before doing this experiment.

1 user thanked author for this post.

geekdom

Reply | Quote

All these (bug-ridden) updates…and Microsoft is claiming that “Windows 10” is nearly ready for production deployment?  This is insane!

Is there ANYONE AT MICROSOFT who will start telling us the TRUTH about these bugs buried within bug fixes, and establish the STABILITY CRITERIA that Windows 10 must demonstrate before we can TRUST Windows 10 enough to actually start DEPLOYING IT IN CRITICAL ENVIRONMENTS (Hospitals, Safety Services, Revenue-production…)?  Or, will they just repeat their prior trick and start telling us that “WINDOWS 11” is imminent, and we should wait????

I have nearly ZERO confidence at this time that Microsoft is any longer capable of shipping a reliable, bug-free operating system that we can safely adopt, without dedicating our lives to endless patches that patch prior patched editions!  When does it END?

Reply | Quote

Win 7 x64, Office 2010 x64, Group A

Hi PKCano,

Although I am Group A I prefer to install patches individually. Can you let me know the proper order to install the following patches…

3133977 – found in hidden updates. Is it needed?

4474419 v2 – SHA-2

4512506 – August rollup

Office 2010 patches

One last question….4517297 – Do I need it since I have Office 2010?  Looks like it’s a defer in Master Patch List.

Thank you!

Reply | Quote

3133977 – found in hidden updates. It is ineeded
4474419 v2 – SHA-2
4512506 – August rollup

Deal with the Office patches per Susan Bradley’s advice.

Reminder – we’re still on DEFCON 2

1 user thanked author for this post.

bassmanzam

Reply | Quote

Thanks PKCano!

What about 4517297 VB fix?

Reply | Quote

If you have a VB problem after adding 4512506 August rollup, adding the SO 4517297 should provide a fix. But if you don NOT have a program that needs the VB fix, you could wait for the Sept updates, as the fix will be included.

1 user thanked author for this post.

bassmanzam

Reply | Quote

UPDATE: Please see these posts concerning KB3133977

post #1941971 and this blog post.

Reply | Quote

Hi PKCano, thanks for the update.

I started my updates yesterday around 12pm EST.  I installed 3133977 followed by 4474419 with a reboot for each and waiting 15 to 30 min. I decided to wait until today to do the rest.

I did not find out about the ASUS motherboard issue until 10pm EST. I have an old 2012 Dell Inspiron. Can I assume since I have booted up 3 times that I won’t get hit by the ASUS bug?

Am I safe to install the August monthly rollup 4512506 and the Office 2010 patches?

Thanks again PKCano for all that you do. You go above and beyond!

Reply | Quote

Dell usually has Intel or AMD chips, and I don’t think they fudged Safe Boot.

1 user thanked author for this post.

bassmanzam

Reply | Quote

Am I good to go with the rollup and Office patches?

Reply | Quote

Go for it! If the update is slow, give it time to finish.

1 user thanked author for this post.

bassmanzam

Reply | Quote

Win 7 x64, Office 2010 x64, Group A

Finished installing the Aug Monthly Rollup, 4512506 followed by all the Office 2010 patches.
Rebooted after each install and waited 15 to 30 min for the hd light to go out.

I want to thank PKCano for all the help in dealing with the August Group A patches!

Also, a shout out to Woody and all the MVPs for keeping us on track on this rollercoaster ride to Win 7 EOL !!

2 users thanked author for this post.

Myst, jburk07

Reply | Quote

Any changes regarding .NET 4.8 updates?  On my Windows 7 computer it came from WU unchecked.  Was wondering if it is safe to install.

Reply | Quote

Do you already have 4.8 installed?

--Joe

Reply | Quote

I would not recommend installing .NET 4.8 on Win7 (KB4503548) or Win8.1  (KB4486105) unless you are running programs that absolutely need .NET 4.8

Reply | Quote