News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – we have an “out of band” release

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – we have an “out of band” release

    This topic contains 31 replies, has 15 voices, and was last updated by  b 2 weeks, 6 days ago.

    • Author
      Posts
    • #1962596 Reply

      Susan Bradley
      AskWoody MVP

      https://www.zdnet.com/article/microsoft-releases-out-of-band-security-update-to-fix-ie-zero-day-defender-bug/ We get them so rarely these days it prob
      [See the full post at: Patch Lady – we have an “out of band” release]

      Susan Bradley Patch Lady

      7 users thanked author for this post.
    • #1962601 Reply

      Microfix
      Da Boss

      but we are on MS-Defcon 2.. what gives?

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

    • #1962602 Reply

      PKCano
      Da Boss

      KB4522007 has been added to AKB2000003 for Win7/8.1 for Group B (and whoever else needs it.)

      • This reply was modified 3 weeks ago by  PKCano.
      2 users thanked author for this post.
      • #1962611 Reply

        Microfix
        Da Boss

        KB4522007 has been added to AKB2000003 for Win7/8.1 for Group B (and whoever else needs it.)

        don’t you mean AKB2000003 😉

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

        1 user thanked author for this post.
      • #1962646 Reply

        L95
        AskWoody Plus

        However,  Microfix’s question pertained to the fact we’re still on Defcon  Level 2.  And so normally us people in Group B don’t apply the fixes until Woody gives the go-ahead by raising the Defcon level to 3 or higher,  even though PKCano has made them available in AKB2000003 much earlier than that time.  So should we wait until Woody raises the Defcon level to 3 or higher  before installing it?

        • #1962648 Reply

          PKCano
          Da Boss

          Here’s what Woody says:

          If you don’t use Internet Explorer, you can safely ignore all of the hoopla. If you do use IE, rap yourself on the knuckles, click on those links and go diving for the update: You’ll only get it if you manually download and install it

          2 users thanked author for this post.
    • #1962600 Reply

      anonymous

      The release notes say this is only available in the Microsoft Catalog.  I just checked Windows Update and it’s not offered to me on 1903.

      • #1962622 Reply

        EP
        AskWoody_MVP

        that’s right – KB4522016 is a Catalog only update. I’m skipping this one since I anticipate a newer patch is coming by either the end of this week or by next Mon Sept. 30

        3 users thanked author for this post.
        • #1962674 Reply

          Tex265
          AskWoody Plus

          that’s right – KB4522016 is a Catalog only update. I’m skipping this one since I anticipate a newer patch is coming by either the end of this week or by next Mon Sept. 30

          Why are you anticipating a newer patch?

          I’m Group A but do still use IE11 on Windows 7 system so acquired and installed this patch. So far, so good.

          As respects my other system with Windows 10 ver 1803, assume Edge browser is OK? As KB4522014 is cumulative and as good as installing the September CU with Defcon 2.
          How close are we to raising the Defcon as I have not seem many/any issues with the September CU?

          Windows 10 Pro x64 v1803 and Windows 7 Pro SP1 x64
    • #1962612 Reply

      geekdom
      AskWoody Plus

      This particular patch sounds like a patch-immediately-and-avoid-the-virus patch.

      Is it a good idea to apply this patch immediately?

      Group G{ot backup} TestBeta
      Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
      1 user thanked author for this post.
      • #1962624 Reply

        EP
        AskWoody_MVP

        no geekdom.
        not unless you’re using IE since these out of band updates only deal with a recent 0day problem with IE

        plus these updates will NOT be delivered thru windows update. They’re only available thru the MS Update Catalog site. (pay close attention to this statement, Susan – these “out of band” updates are “catalog only” updates)

        • This reply was modified 3 weeks ago by  EP.
        • This reply was modified 3 weeks ago by  EP.
        2 users thanked author for this post.
        • #1962635 Reply

          Charlie
          AskWoody Plus

          I don’t use IE, but it’s still part of Windows 7, 8, and 8.1.  Should I get it now or wait?  I’d rather wait unless this 0day poses a real immediate problem.

          Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L

          • #1962638 Reply

            woody
            Da Boss

            If you don’t use IE, you can safely ignore the patches.

            There’s a reason why MS made them hard to get.

            5 users thanked author for this post.
          • #1962639 Reply

            b
            AskWoody Plus

            redundant

            Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    • #1962620 Reply

      EP
      AskWoody_MVP

      skipping these patches since it deals with a recent security issue with IE

      MS may release newer patches than these by either the end of this week or perhaps on 9/30 🙂

      1 user thanked author for this post.
    • #1962627 Reply

      b
      AskWoody Plus

      For those of you that use Windows update, you will get a security patch pushed out to your machine and it will demand a reboot.

      Not available via Windows Update or WSUS. Catalog download only.

      For those of you with WSUS updating rules or quality update deferrals, this will respect those settings.

      Not applicable.

      Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

      1 user thanked author for this post.
      • #1962645 Reply

        Susan Bradley
        AskWoody MVP

        Yup my bad.  I ASSumed that these out of band worked like every other out of band update that we’ve ever had and that they would be released on Windows update.

        Susan Bradley Patch Lady

        4 users thanked author for this post.
        • #1962968 Reply

          EP
          AskWoody_MVP

          it will soon be considered moot that these out of band updates may not be available thru WSUS and windows update as Microsoft plans to release a newer set of out of band updates like the upcoming KB4517211 update for 1903 that is currently in the release preview ring. Unlike KB4522016 for 1903, KB4517211 will get delivered thru windows update and wsus as well as being manually downloaded from the ms update catalog site (just like with KB4512941 last month).

          • This reply was modified 2 weeks, 6 days ago by  EP.
          1 user thanked author for this post.
    • #1962636 Reply

      anonymous

      KB4522007, is this for Windows 7 and an IE11 Cumulative update or is it just a targeted update. So does this supersede the earlier IE 11 Sept 2019 IE 11 Cumulative sec update.

      And as usual I’ll wait for any included Telemetry vetting before I’ll install any KB going forward. And I’ve done that since the “July Security” Only updates that had that telemetry included in a surreptitiously done manner.

      I’m using Firefox for most of my everyday browsing anyways and I’m not installing Windows 7 September 2019 “Security Only” Updates and usually when I skip that I’ll skip the IE cumulative update for that month as well, since that’s cumulative anyways and can be put off until the following month’s IE 11 cumulative security update.

      It’s still DEFCON-2 anyways

      • #1962642 Reply

        PKCano
        Da Boss

        The IE11 patch is a Cumulative Update.
        It is the Rollups/SOs that contain telemetry The IE CUs don’t contain telemetry.

        2 users thanked author for this post.
    • #1962658 Reply

      Microfix
      Da Boss

      One thing that bothers me here is, IE is integral to Windows, whether one uses IE or not, for MSFT to issue an OoB update must be for a valid reason, how often does this predicament happen?
      Looking forward to this months ‘Previews’ that may/may not contain the IE patch.
      It wouldn’t be the first time I’ve installed previews either, I’ve found them to be more reliable than some of the patch tuesday offerings in the past for W7/W8.1 in situations like this.

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      1 user thanked author for this post.
      • #1962970 Reply

        EP
        AskWoody_MVP

        the upcoming preview rollups will contain this recent out of band IE security fix, Microfix.

        1 user thanked author for this post.
        • #1963416 Reply

          Microfix
          Da Boss

          It would seem that IE kb4522007 isn’t included (that I can see) in Septembers preview on Win8.1 Holding off for now..haven’t used IE for years anyway

          ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

    • #1962679 Reply

      Susan Bradley
      AskWoody MVP

      Per the folks on the pm.org list, this will be out as a pushed out to the masses update tomorrow.

      Susan Bradley Patch Lady

      3 users thanked author for this post.
    • #1962820 Reply

      Alex5723
      AskWoody Plus

      If you don’t use IE, you can safely ignore the patches.

      There’s a reason why MS made them hard to get.

      But everyone is “using” IE one way or the other as IE is embedded in Windows Explorer…

      • This reply was modified 3 weeks ago by  Alex5723.
      3 users thanked author for this post.
      • #1963286 Reply

        anonymous

        So they share some DLLs and just what IE functionality used by Windows Explorer(Win 7 Pro) needs internet access, or remote scripting services enabled via IE. If the error is in some scripting engine part of IE is that even used/enabled  in Windows Explorer.

        I’ll just keep using Firefox and My installed Security/Firewall software and avoid using IE directly until  the October patches are released and as long as the October Windows 7 Security Only patches have no telemetry they will get installed as well.

        All software can make use of the same DLLs and it’s just a matter of if that’s just some shared UI functionality that may or may not be related to IE’s scripting related functionality. So just what permissions are granted to Windows Explorer when making use of any shared DLL code needs to be known and I would think that Windows Explorer should be rather isolated from any Internet scripting pushed out from the web.

        Really MS had no business integrating any Web based Browser functionality directly into its OS in the first place as all that needs to be outside of any kernel space or any elevated permissions granted user space. That really needs to be in some sandboxed environment and no DLL code sharing allowed.

        When will Chrome Based Edge be available for Windows 7 and 8/8.1 and will MS have taken the time to make sure that it’s safer to use than IE, which was never really safe in the first place.

        • #1963316 Reply

          rc primak
          AskWoody_MVP

          I would think that Windows Explorer should be rather isolated from any Internet scripting pushed out from the web.

          Don’t depend on it!

          will MS have taken the time to make sure that it’s safer to use than IE

          History does not favor such optimism.

          -- rc primak

          1 user thanked author for this post.
        • #1963601 Reply

          b
          AskWoody Plus

          When will Chrome Based Edge be available for Windows 7 and 8/8.1

          Microsoft Edge Insider has been available for Windows 7 and 8/8.1 (and macOS) for three months.

          Choice of update channels; Canary (daily), Dev (weekly), Beta (six-weekly):

          https://www.microsoftedgeinsider.com/en-us/download

           

          and will MS have taken the time to make sure that it’s safer to use than IE, which was never really safe in the first place.

          The Microsoft Edge (Chromium-based) Insider Bounty Program welcomes individuals across the globe to seek out and submit vulnerabilities unique to the next version of Microsoft Edge based on Chromium. Qualified submissions are eligible for bounty rewards of $1,000 USD to $30,000 USD.
          Microsoft Edge Insider Bounty Program

          Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    • #1963173 Reply

      grams
      AskWoody Plus

      thanks everyone for your comments. I need to update my IE as at least one program I use makes use of it in the background but it sounds like I should wait until the mass rollout is ready sometime today or in the near future. I’ll not use that program until the general release is made sometime soon. Sound like a good plan? Will there be a link to the correct Win Cat page/KB? I see that the current Cat listing also specifies downloading Servicing stack update (SSU) (KB 4516655) and SHA-2 update (KB 4474419). Are these safe? Thanks so much!

      • #1963182 Reply

        PKCano
        Da Boss

        The two updates are prerequisites. Both are available through Windows Update.

        • #1963236 Reply

          grams
          AskWoody Plus

          The two updates are prerequisites. Both are available through Windows Update.

          thanks so much! that’s what I thought.

    • #1963331 Reply

      dportenlanger
      AskWoody Lounger

      Regardless of in or out of band, maybe it is just me, but I am failing to understand the Windows 10 1903 update settings.  I have one Pause Update setting that I enabled after updating a test machine.  Then I disabled the Pause and it is installing the same updates it already installed.  Does it not know what it already installed?

       

      Attachments:

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – we have an “out of band” release

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.