News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – we have an “out of band” release

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – we have an “out of band” release

    Viewing 12 reply threads
    • Author
      Posts
      • #1962596 Reply
        Susan Bradley
        AskWoody MVP

        https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/ We get them so rarely these days it prob
        [See the full post at: Patch Lady – we have an “out of band” release]

        Susan Bradley Patch Lady

        7 users thanked author for this post.
      • #1962601 Reply
        Microfix
        AskWoody MVP

        but we are on MS-Defcon 2.. what gives?

        No problem can be solved from the same level of consciousness that created IT -AE
      • #1962602 Reply
        PKCano
        Da Boss

        KB4522007 has been added to AKB2000003 for Win7/8.1 for Group B (and whoever else needs it.)

        • This reply was modified 10 months, 3 weeks ago by PKCano.
        2 users thanked author for this post.
        • #1962611 Reply
          Microfix
          AskWoody MVP

          KB4522007 has been added to AKB2000003 for Win7/8.1 for Group B (and whoever else needs it.)

          don’t you mean AKB2000003 😉

          No problem can be solved from the same level of consciousness that created IT -AE
          1 user thanked author for this post.
        • #1962646 Reply
          L95
          AskWoody Plus

          However,  Microfix’s question pertained to the fact we’re still on Defcon  Level 2.  And so normally us people in Group B don’t apply the fixes until Woody gives the go-ahead by raising the Defcon level to 3 or higher,  even though PKCano has made them available in AKB2000003 much earlier than that time.  So should we wait until Woody raises the Defcon level to 3 or higher  before installing it?

          • #1962648 Reply
            PKCano
            Da Boss

            Here’s what Woody says:

            If you don’t use Internet Explorer, you can safely ignore all of the hoopla. If you do use IE, rap yourself on the knuckles, click on those links and go diving for the update: You’ll only get it if you manually download and install it

            2 users thanked author for this post.
      • #1962600 Reply
        anonymous
        Guest

        The release notes say this is only available in the Microsoft Catalog.  I just checked Windows Update and it’s not offered to me on 1903.

        • #1962622 Reply
          EP
          AskWoody_MVP

          that’s right – KB4522016 is a Catalog only update. I’m skipping this one since I anticipate a newer patch is coming by either the end of this week or by next Mon Sept. 30

          3 users thanked author for this post.
          • #1962674 Reply
            Tex265
            AskWoody Plus

            that’s right – KB4522016 is a Catalog only update. I’m skipping this one since I anticipate a newer patch is coming by either the end of this week or by next Mon Sept. 30

            Why are you anticipating a newer patch?

            I’m Group A but do still use IE11 on Windows 7 system so acquired and installed this patch. So far, so good.

            As respects my other system with Windows 10 ver 1803, assume Edge browser is OK? As KB4522014 is cumulative and as good as installing the September CU with Defcon 2.
            How close are we to raising the Defcon as I have not seem many/any issues with the September CU?

            Windows 10 Pro x64 v1909 and Windows 7 Pro SP1 x64 (RIP)
      • #1962612 Reply
        geekdom
        AskWoody Plus

        This particular patch sounds like a patch-immediately-and-avoid-the-virus patch.

        Is it a good idea to apply this patch immediately?

        G{ot backup} TestBeta
        offline▸ Win10Pro 1909.18363.959 x64 i3-3220 RAM8GB HDD Firefox79.0 Windows{Image/Defender/Firewall}
        online▸ Win10Pro 1909.18363.959 x64 i5-9400 RAM16GB HDD Firefox80.0b6 Windows{Image/Defender/Firewall}
        1 user thanked author for this post.
        • #1962624 Reply
          EP
          AskWoody_MVP

          no geekdom.
          not unless you’re using IE since these out of band updates only deal with a recent 0day problem with IE

          plus these updates will NOT be delivered thru windows update. They’re only available thru the MS Update Catalog site. (pay close attention to this statement, Susan – these “out of band” updates are “catalog only” updates)

          • This reply was modified 10 months, 3 weeks ago by EP.
          • This reply was modified 10 months, 3 weeks ago by EP.
          2 users thanked author for this post.
          • #1962635 Reply
            Charlie
            AskWoody Plus

            I don’t use IE, but it’s still part of Windows 7, 8, and 8.1.  Should I get it now or wait?  I’d rather wait unless this 0day poses a real immediate problem.

            Win 7, Sandy Bridge 3.3GHz, Linux Mint 19.1, Klaatu barada nikto

      • #1962620 Reply
        EP
        AskWoody_MVP

        skipping these patches since it deals with a recent security issue with IE

        MS may release newer patches than these by either the end of this week or perhaps on 9/30 🙂

        1 user thanked author for this post.
      • #1962627 Reply
        b
        AskWoody Plus

        For those of you that use Windows update, you will get a security patch pushed out to your machine and it will demand a reboot.

        Not available via Windows Update or WSUS. Catalog download only.

        For those of you with WSUS updating rules or quality update deferrals, this will respect those settings.

        Not applicable.

        1 user thanked author for this post.
        • #1962645 Reply
          Susan Bradley
          AskWoody MVP

          Yup my bad.  I ASSumed that these out of band worked like every other out of band update that we’ve ever had and that they would be released on Windows update.

          Susan Bradley Patch Lady

          4 users thanked author for this post.
          • #1962968 Reply
            EP
            AskWoody_MVP

            it will soon be considered moot that these out of band updates may not be available thru WSUS and windows update as Microsoft plans to release a newer set of out of band updates like the upcoming KB4517211 update for 1903 that is currently in the release preview ring. Unlike KB4522016 for 1903, KB4517211 will get delivered thru windows update and wsus as well as being manually downloaded from the ms update catalog site (just like with KB4512941 last month).

            • This reply was modified 10 months, 3 weeks ago by EP.
            1 user thanked author for this post.
      • #1962636 Reply
        anonymous
        Guest

        KB4522007, is this for Windows 7 and an IE11 Cumulative update or is it just a targeted update. So does this supersede the earlier IE 11 Sept 2019 IE 11 Cumulative sec update.

        And as usual I’ll wait for any included Telemetry vetting before I’ll install any KB going forward. And I’ve done that since the “July Security” Only updates that had that telemetry included in a surreptitiously done manner.

        I’m using Firefox for most of my everyday browsing anyways and I’m not installing Windows 7 September 2019 “Security Only” Updates and usually when I skip that I’ll skip the IE cumulative update for that month as well, since that’s cumulative anyways and can be put off until the following month’s IE 11 cumulative security update.

        It’s still DEFCON-2 anyways

        • #1962642 Reply
          PKCano
          Da Boss

          The IE11 patch is a Cumulative Update.
          It is the Rollups/SOs that contain telemetry The IE CUs don’t contain telemetry.

          2 users thanked author for this post.
      • #1962658 Reply
        Microfix
        AskWoody MVP

        One thing that bothers me here is, IE is integral to Windows, whether one uses IE or not, for MSFT to issue an OoB update must be for a valid reason, how often does this predicament happen?
        Looking forward to this months ‘Previews’ that may/may not contain the IE patch.
        It wouldn’t be the first time I’ve installed previews either, I’ve found them to be more reliable than some of the patch tuesday offerings in the past for W7/W8.1 in situations like this.

        No problem can be solved from the same level of consciousness that created IT -AE
        1 user thanked author for this post.
        • #1962970 Reply
          EP
          AskWoody_MVP

          the upcoming preview rollups will contain this recent out of band IE security fix, Microfix.

          1 user thanked author for this post.
          • #1963416 Reply
            Microfix
            AskWoody MVP

            It would seem that IE kb4522007 isn’t included (that I can see) in Septembers preview on Win8.1 Holding off for now..haven’t used IE for years anyway

            No problem can be solved from the same level of consciousness that created IT -AE
      • #1962679 Reply
        Susan Bradley
        AskWoody MVP

        Per the folks on the pm.org list, this will be out as a pushed out to the masses update tomorrow.

        Susan Bradley Patch Lady

        3 users thanked author for this post.
      • #1962820 Reply
        Alex5723
        AskWoody Plus

        If you don’t use IE, you can safely ignore the patches.

        There’s a reason why MS made them hard to get.

        But everyone is “using” IE one way or the other as IE is embedded in Windows Explorer…

        • This reply was modified 10 months, 3 weeks ago by Alex5723.
        3 users thanked author for this post.
        • #1963286 Reply
          anonymous
          Guest

          So they share some DLLs and just what IE functionality used by Windows Explorer(Win 7 Pro) needs internet access, or remote scripting services enabled via IE. If the error is in some scripting engine part of IE is that even used/enabled  in Windows Explorer.

          I’ll just keep using Firefox and My installed Security/Firewall software and avoid using IE directly until  the October patches are released and as long as the October Windows 7 Security Only patches have no telemetry they will get installed as well.

          All software can make use of the same DLLs and it’s just a matter of if that’s just some shared UI functionality that may or may not be related to IE’s scripting related functionality. So just what permissions are granted to Windows Explorer when making use of any shared DLL code needs to be known and I would think that Windows Explorer should be rather isolated from any Internet scripting pushed out from the web.

          Really MS had no business integrating any Web based Browser functionality directly into its OS in the first place as all that needs to be outside of any kernel space or any elevated permissions granted user space. That really needs to be in some sandboxed environment and no DLL code sharing allowed.

          When will Chrome Based Edge be available for Windows 7 and 8/8.1 and will MS have taken the time to make sure that it’s safer to use than IE, which was never really safe in the first place.

          • #1963316 Reply
            rc primak
            AskWoody_MVP

            I would think that Windows Explorer should be rather isolated from any Internet scripting pushed out from the web.

            Don’t depend on it!

            will MS have taken the time to make sure that it’s safer to use than IE

            History does not favor such optimism.

            -- rc primak

            1 user thanked author for this post.
          • #1963601 Reply
            b
            AskWoody Plus

            When will Chrome Based Edge be available for Windows 7 and 8/8.1

            Microsoft Edge Insider has been available for Windows 7 and 8/8.1 (and macOS) for three months.

            Choice of update channels; Canary (daily), Dev (weekly), Beta (six-weekly):

            https://www.microsoftedgeinsider.com/en-us/download

             

            and will MS have taken the time to make sure that it’s safer to use than IE, which was never really safe in the first place.

            The Microsoft Edge (Chromium-based) Insider Bounty Program welcomes individuals across the globe to seek out and submit vulnerabilities unique to the next version of Microsoft Edge based on Chromium. Qualified submissions are eligible for bounty rewards of $1,000 USD to $30,000 USD.
            Microsoft Edge Insider Bounty Program

      • #1963173 Reply
        grams
        AskWoody Plus

        thanks everyone for your comments. I need to update my IE as at least one program I use makes use of it in the background but it sounds like I should wait until the mass rollout is ready sometime today or in the near future. I’ll not use that program until the general release is made sometime soon. Sound like a good plan? Will there be a link to the correct Win Cat page/KB? I see that the current Cat listing also specifies downloading Servicing stack update (SSU) (KB 4516655) and SHA-2 update (KB 4474419). Are these safe? Thanks so much!

        • #1963182 Reply
          PKCano
          Da Boss

          The two updates are prerequisites. Both are available through Windows Update.

          • #1963236 Reply
            grams
            AskWoody Plus

            The two updates are prerequisites. Both are available through Windows Update.

            thanks so much! that’s what I thought.

      • #1963331 Reply
        dportenlanger
        AskWoody Lounger

        Regardless of in or out of band, maybe it is just me, but I am failing to understand the Windows 10 1903 update settings.  I have one Pause Update setting that I enabled after updating a test machine.  Then I disabled the Pause and it is installing the same updates it already installed.  Does it not know what it already installed?

         

        Attachments:
    Viewing 12 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – we have an “out of band” release

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.