• Patch Tuesday patches are out

    Home » Forums » Newsletter and Homepage topics » Patch Tuesday patches are out

    Author
    Topic
    #136370

    Of course, we’re at MS-DEFCON 2, so you shouldn’t install any of these. I count 151 separate security patches, and 48 Knowledge Base articles. Nothing
    [See the full post at: Patch Tuesday patches are out]

    5 users thanked author for this post.
    Viewing 48 reply threads
    Author
    Replies
    • #136382

      Tues, Oct 10, 2017

      Group B Security-only patches have been updated at AKB2000003

      UPDATE: There are no Security-only .NET updates (these are not a part of Group B) listed this month.

      10 users thanked author for this post.
    • #136387

      For those who use the Adobe Flash Player and manually update it, here are the direct download links for the off-line (full) installers for version 27.0.0.159, as well as the Uninstaller, all “clean” — (right-click; select Save Link As):

      NPAPI for Firefox, Safari, Opera: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe | 19.8 MB
      AX for Internet Explorer: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe | 19.3 MB
      PPAPI for Opera and Chromium-based browsers: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe | 19.7 MB
      Adobe Flash Player Uninstaller: http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe | 1.25 MB

      6 users thanked author for this post.
    • #136395

      For those who follow it, the SANS ISC have posted their chart for the October 2017 Security Updates: https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/ .

      3 users thanked author for this post.
    • #136407

      There is Word Zero-day vulnerability.

    • #136416

      And once again, the most secure OS – EVAR!!! – has the most vulnerabilities.

      And that’s not even just on mobiles ;)!

      Thanks for the update, Woody.

      3 users thanked author for this post.
      • #136447

        While this probably won’t make you feel any better, it could shed a little light on why 10 usually has more fixes.

        http://www.theregister.co.uk/2017/10/06/researchers_say_windows_10_patches_punch_holes_in_older_versions/

        That story, if true, probably warrants its own thread.

        • #136453

          While that doesn’t surprise me, Microsoft being what it is these days, I’m surprised that the article doesn’t point out very forcibly that MS are still contractually committed to providing security support for the older versions at the present time, and hiding behind the “no major updates” let-out, or the marketing push for a more secure OS with Windows 10 doesn’t really cut it. Either they are providing security support or they aren’t, picking and choosing which fixes to roll out to Windows 7 and 8.1 isn’t remotely acceptable.

          4 users thanked author for this post.
    • #136419
      1 user thanked author for this post.
    • #136429

      20 vulnerabilities to Win 7 in the course of only one month.  Wow, the miscreants must be working overtime!

      We're getting Sticker Shock everywhere now, not just car dealers.

    • #136430

      For the first time, I’m seeing Delta Updates for Win 10 1607 and 1703 along with the regular Cumulative Updates.  This is on our WSUS server.  I thought the deltas were only for non-WSUS environments.  Supposedly there are known problems if you try to install both regular and delta.  I’ve declined the deltas, but I wonder what’s going on.

       

      • #136591

        The delta updates KB4041676 and KB40491 for Windows 10 version 1607 and 1703 as well as Windows Server 2016 were all expired some time after the initial release to WSUS.  So it looks like it was a mistake that Microsoft corrected.

    • #136435

      Note for those who use Windows security-only updates: From both October 2017 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4043766) and October 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 updates for Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 (KB 4043767):

      “All updates for .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 require the D3 Compiler to be installed. We recommend that you install the included D3 Compiler before applying this update. For more information about the D3 Compiler, see KB 4019990.”

      6 users thanked author for this post.
      • #136439

        The link to the Update Catalog for KB4019990

        4 users thanked author for this post.
      • #136467

        Test: On a Windows 7 x64 virtual machine with no Windows monthly rollups installed, and .NET Framework 4.6.1 installed, Windows Update does not list the October 2017 .NET Framework monthly rollup. I’m sure this will be asked about again soon :).

        1 user thanked author for this post.
        • #136469

          …But the manual installer for the October 2017 .NET Framework monthly rollup successfully installed. Ugh! I recommend not doing this.

          4 users thanked author for this post.
        • #136664

          Hmm, on fully patched Windows 7 and Windows 2008 R2 with only 3.5.1 and 4.5.2 installed, the .NET Framework October Update KB4043766 shows as installed in WSUS, although it was never offered or installed manually.
          It is like .NET 3.5.1 and .NET Framework 4.5.2 do not need the patch. However it may well be a detection issue due to bundling of the updates for all versions together. If this is the case, it is likely that we will see a metadata update by the way of a revised update soon.
          Same thing applies for KB4043767 on Windows 8.1/2012 R2.

        • #136676

          3.5 & 4.5.2 patches have not changed, same as September rollup
          only 4.7 got new “quality” patch, thus a new rollup must be rolled 😀

          3 users thanked author for this post.
        • #136580

          Test: On a Windows 7 x64 virtual machine with no Windows monthly rollups installed, and .NET Framework 4.6.1 installed, Windows Update does not list the October 2017 .NET Framework monthly rollup. I’m sure this will be asked about again soon :). – MrBrian

          So you’re saying that users with with .NET 4.6 installed have to install the Update for the d3dcompiler_47.dll to get any future 4.6 updates, even if they don’t have or want .NET 4.7?

        • #136680

          That is what I believe. Those who installed any of the recent Windows monthly rollups already have that file. Those in Group B may not have that file though.

        • #136717

          Like i said before (not sure if my post still there or losted with Woody’s site problems)..
          starting July 2017, all .NET 4.6/4.6.1/4.6.2/4.7 updates had been reconciled into one rollup update that is based on 4.7 binaries version
          meaning, your .NET 4.6.x version is transforming into 4.7 under the hood

          so the best decision would be to install 4.7 itself 😀
          or install .NET 4.5.2, which is still separate

          2 users thanked author for this post.
        • #136718

          Correction to previous test: With .NET Framework 4.6.1 installed, the October 2017 .NET Framework monthly rollup did in fact appear in Windows Update without KB4019990 installed. I missed it in the previous test because it was listed as an Optional update, while the September 2017 .NET Framework monthly rollup was listed as an Important update. The reason that both are listed is because the October 2017 .NET Framework monthly rollup doesn’t metadata supersede (first type of supersedence) the September 2017 .NET Framework monthly rollup.

      • #136543

        When one sees “KB 4019990,” It doesn’t say anything about 8.1??

        • #136599

          Windows 8.1 doesn’t seem to be affected by the issue that requires that update.

        • #136593

          Does that mean win 8.1 users don’t need to install that update (kb 4019990)?

        • #136671

          KB4019990 is for Windows 7 only and does not concern nor apply to Windows 8.1. The D3DCompiler_47.dll file is already included in Windows 8.1 and greater.

          1 user thanked author for this post.
      • #136850

        Since I installed the D3 Compiler AFTER installing the Security Only .NET Framework update for 4.6.2 for September, will I hurt my machine by uninstalling that .NET Framework update in order for it to be installed AFTER the D3 Compiler?

        • #136852

          That shouldn’t hurt anything. But if you are not having a problem, it may not be necessary.

        • #136915

          Thank you.

    • #136446

      Well, after being “updated” by KB4041676 my Win 10 1703 Home system is unable to correctly eject a USB 3 external 2 TB WD My Book Drive which I use for system backups.  When ejection is attempted, I get the following win error message:

      “Problem Ejecting USB Mass Storage Device’

      “Windows is unable to stop the device “USB Mass Storage Device”.  Don’t remove this device while it is still in use.  Close any programs using this device and then remove it.”

      Prior to updating to the aforementioned KB, there was no problem ejecting this device.   My problem is I don’t know of any other program or app that’s using this disk, after my Reflect backup app is closed.

      Edit to remove HTML

      1 user thanked author for this post.
      • #136475

        Win 10 1703 Home system is unable to correctly eject a USB 3 external 2 TB WD My Book Drive

        What happens if you roll back the update?

    • #136470

      Has Microsoft had a change of heart, or is it another Microsoft screw up? According to the support page: https://support.microsoft.com/en-us/help/4041678/windows-7-update-kb4041678, which is the October Security Only update for Windows 7,  there are now 2 ways to get the update, as quoted below…

      This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.

      1 user thanked author for this post.
      • #136474

        There have always been two ways to get the updates that are distributed through Windows Update (like the Monthly Rollups),
        You can run Windows Update and it will download and install the patches for you.
        OR
        You can download the patches from the Microsoft Update Catalog and manually install them yourself.

        However, there are patches that are not available through Windows Update (like the Security Only Quality Updates for Win).
        If you want to install these patches, you have to download them from the Catalog and manually install them.

        5 users thanked author for this post.
        • #136478

          I think the issue is that the link in twbartender’s post is for a security only update, and yet the same link says that update will be downloaded and installed automatically from Windows Update. That’s not how it used to work; I. e., Windows Update did not download and install automatically security only updates, but rather, only the Rollups.

          2 users thanked author for this post.
      • #136476

        Very likely a mistake. I reported the issue to Microsoft via feedback for the Microsoft page you linked to.

        1 user thanked author for this post.
        • #136480

          Somebody must have done a cut/paste from the Rollup page.

        • #136601

          Speaking of c/p mistakes, if you go to https://support.microsoft.com/en-us/help/4040685/ for the IE patch the Catalog link is to last month’s 4036586.

          2 users thanked author for this post.
        • #136495

          @MrBrian

          Very likely a mistake. I reported the issue to Microsoft via feedback for the Microsoft page you linked to.

          You might also want to let Microsoft know that the October 10, 2017 “Cumulative security update for Internet Explorer”, KB4040685 also states that, “This update is available through Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically.”  It also state that it can be installed using the Microsoft Update Catalog.

          https://support.microsoft.com/en-us/help/4040685/cumulative-security-update-for-internet-explorer

          4 users thanked author for this post.
        • #136503

          The Internet Explorer cumulative updates should be available on Windows Update – see https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in.

        • #136507

          I don’t believe I’ve ever seen an IE 11 update come through Windows Update, at least not since they started doing rollups. I’m not seeing an IE 11 update for October on Windows Update.

          I was of the understanding that the rollup included updates for IE 11.

          Not arguing with you MrBrian, just with the statements in the MS link you gave above.

          1 user thanked author for this post.
        • #136508

          On second thought, you might be right for some operating systems, but perhaps Microsoft intends it that way because one can get the Internet Explorer files via the Windows monthly rollups for those operating systems. If you want to report it anyway, use “Was this information helpful?” on the bottom of the relevant Microsoft page.

          1 user thanked author for this post.
        • #136512

          The IE11 update is included in the Monthly Rollup. For those using the Security-only patches, they also need to download the IE11 CU. It is NOT offered through Windows Update.

          3 users thanked author for this post.
    • #136468

      Windows 7 64 bit all OK but Malicious Software Removal Tool now created two  files with the same size (MRT.exe and MRT-KB890830.exe). This is normal? Never seen that before.

      • #136546

        I saw the same thing on my W10 1607 machine. I removed one of them.

    • #136479

      “Adobe has told Brian Krebs that they have no security updates today.”

      I’m confused – I just updated it. From their release notes:

      “October 10, 2017

      In today’s scheduled release, we’ve updated Flash Player and the Windows AIR SDK with important bug fixes.”

      https://helpx.adobe.com/flash-player/release-note/fp_27_air_27_release_notes.html

       

      Windows 10 Home 21H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

      • #136482

        Adobe released non-security fixes for these today.

        2 users thanked author for this post.
        • #136485

          Got it, thanks. I guess I’m so used to all the Flash issues that I automatically assumed “important bug fixes” would be security-related.

          They obviously aren’t looking hard enough!

          Windows 10 Home 21H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

          2 users thanked author for this post.
    • #136491

      From Fake Crypto: Microsoft Outlook S/MIME Cleartext Disclosure (CVE-2017-11776): “We discovered a vulnerability in Outlook’s S/MIME functionality. The short version: If you used Outlook’s S/MIME encryption in the past 6 months (at least, we are still waiting for Microsoft to release detailed information and update the blog) your mails might not have been encrypted as expected. In the context of encryption this can be considered a worst-case bug.”

    • #136497

      I switched over to Group A a couple months back, do I need to download KB 4019990?

      • #136502

        Not if you installed any of the recent Windows monthly rollups.

        • #136510

          Thanks, I have the rollups from June to now (September) installed.

        • #136583

          Not if you installed any of the recent Windows monthly rollups. – MrBrian

          I installed KB4019990 on September 29th.  At first I didn’t see the October .NET rollup in Windows Update.  However, upon second glance, I see it being offered as a optional rollup.

          1 user thanked author for this post.
        • #136674

          KB4019990 is required when installing .NET 4.7 and its updates/rollups.

    • #136498

      I was watching George Pal’s 1960 movie of H.G. Wells’ The Time Machine the other day and I couldn’t help but wonder if we’ll still be patching Windows security issues in the year 802,701 A.D.?

      Not as far fetched as it may seem, in my opinion.

      Carl D.

    • #136521
      1 user thanked author for this post.
    • #136520

      Is this Patch Tuesday also the last time Microsoft is going to patch Windows 10 Version 1511?

      • #136560

        From KB4041689

        Windows 10 version 1511 will reach end of service on October 10, 2017.  Devices running this operating system will no longer receive the monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.

      • #136705

        I installed KB4041689 last night – against Woody’s advice. But I thought, last update for 1511, gonna have to do it some time, why not now? S****** up everything. Dialog boxes in file explorer b*******. Uninstalled it less than an hour after it finished. Back to normal. Why does MS do this to us?

    • #136532

      Group A,  Win 7 X64, Home Premium  Office 2010.  Downloaded everything.  So far nothing out of the ordinary happened.

    • #136529

      By ‘design’, checking for updates on the Windows 10 Settings > Update & security page, download and install is triggered automatically when updates are avaialable. Of course, this is not what the user would expect, especially when running on Pro or Enterprise…

      However, there’s a workaround. Open a PowerShell console, enter:
      (New-Object -ComObject "Microsoft.Update.AutoUpdate").DetectNow()
      and hit Enter.

      Note that the DetectNow() method immediately returns to the prompt, but you can watch progress on the Windows 10 Settings > Update & security page. See https://msdn.microsoft.com/en-us/library/windows/desktop/aa385832(v=vs.85).aspx for details about the DetectNow() method.

      2 users thanked author for this post.
      • #136562

        I also find that running wushowhide can display what’s available, without waking the Auto Update beast…

        • #136747

          Sure, it’s more convenient, but under the hood, it’s PowerShell as well and using Microsoft.Update.Session to gather the data. However, it doesn’t update the Update & security page.

          1 user thanked author for this post.
    • #136538

      The known issue for the W7 monthly:
      After installing KB4041681, package users may see an error dialog that indicates that an application exception has occurred when closing some applications.

      I am not English – can someone explain to me what package users are? Thanks!
      ~Annemarie

    • #136544

      I see on your latest Woody on Windows, u talk about Security Advisory ADV170012.  Where does Microsoft post these Security Advisories at?

    • #136575

      On the first of my two Windows 7 desktops, the .Net Framework Security and Quality  Rollup is only offered as an unchecked optional update (KB4043766). As important updates I only have KB4041681 (the usual Quality Monthly Rollup) and the usual MSRT.

      My second Windows 7 desktop has the same updates offered in the same way, plus 4 updates for Office 2010 (which is only installed on that machine).

      I am, of course, ignoring all of them for the time being.

    • #136579

      Came in this morning to see people frantic as my alpha test group was blue screening machines, following our nightly maintenance cycle, with “inaccessible boot device” error messages being displayed on machines.

      We believe it’s mostly Windows 10 systems. I’m just starting to investigate. Not every Windows 10 system that patched had a problem, so it definitely may be specific builds.

      Microsoft is really starting to p*** my off with their lack of QA and cumulative update idiocy. They’ve basically sc***ed up every single Patch Tuesday cycle this year. I thought past years were bad. I’m just really glad we have an alpha release and beta release process, with an extended window. It’s sad that we have to be so cautious when it comes to their patches. Our process worked, but it’s going to be a nightmare day or two here.

      • #136582

        Keep us posted!

        I get worried when I hear reports like this. Wonder how many others are going to get hit.

        • #136631

          The culprit is KB401691. The rumor mill is that Microsoft acknowledged that they screwed up with a release of a delta patch to WSUS. I can say that systems that patched with WSUS in my alpha group did have the problem, while other systems using a different patching methodology didn’t have the problem. I wanted to share my steps to fix the affected systems below. Others have shared the same information, but they didn’t put all the steps together for those who need it spelled out:

          If the system will allow you to get to a boot troubleshooting command prompt, great! That should be enough to proceed. However, if you can’t get to a command prompt, you will need to create a bootable flash drive from a Windows 10 system via the Control Panel applet “Create a Recovery Drive”. Or a DaRT flash drive would possibly serve the same purpose. Boot to the drive and use the menu to select the option to open a command prompt:

          Diskpart

          List volume

          Exit

          That should help you find the drive letter for the hard drive. Once you’ve found it, assuming the system drive may not be C:, substitute any references to C:\ with the correct drive letter in EVERY command below:

          Dism /image:C:\ /get-packages /format:table > results.txt

          Type results.txt

          That will give you the package names that are pending install which you can copy and paste to build the commands below:

          Dism /Image:C:\ /Remove-Package /PackageName:package_for_Rollupfix_wrapper~31bf3856ad364e35~amd64~14393.1770.1.6

          Dism /Image:C:\ /Remove-Package /PackageName:package_for_Rollupfix~31bf3856ad364e35~amd64~14393.1770.1.6

          Dism /Image:C:\ /Remove-Package /PackageName:package_for_Rollupfix~31bf3856ad364e35~amd64~14393.1715.1.10

          One or more of the “remove-package” commands may fail. Just move on to the next one if that happens until all 3 packages have been addressed. Reboot and wait for Windows to try to load. If some part of the packages couldn’t be removed, the system will try to complete the process. Be patient while it tries to complete and everything should be restored to working order.

          5 users thanked author for this post.
        • #136968

          @derzeitgeist,

           

          Thanks for this, you, sir, just saved my morning!

          I have 7 Win10 machines; one failed yesterday, two more this morning.

          Yesterday I cloned a working drive but that’s not a time-saving solution. Your steps seem to have worked on the other two, testing now. I have over eighty Win7 machines, no issues there.

          Just one small correction, your post shows a single tilde after amd64; I had to use a double tilde: “…amd64~~…”

          Again, many thanks!

           

        • #136833

          A director with Microsoft has responded to us through our account rep:

          “I did some digging as soon as I had the opportunity.

          Was the blue screen a 0x7B?

          If so, this is a known issue, because somehow they published both the cumulative update, and the delta (express) update to both WSUS and SCCM.  This should never happen.  There is no issue with the Windows 10 or 2016 Cumulative but only an issue when both the Cumulative and Delta are installed on a machine together.

          All customers should re-synchronise their WSUS / SCCM server and the Delta Updates Binaries will be expired.”

          Even though they say SCCM should have been affected, for some reason only pure WSUS-based systems seem to have been affected here. We are migrating to a SCCM SUP and the Automated Deployment Rule that I’ve been testing didn’t hose any of the potentially vulnerable systems. Since WSUS is used by either method, I’m not sure what the difference was.. all I can say is that it behaved differently with pure WSUS vs. SCCM.

          3 users thanked author for this post.
        • #136835
      • #136597

        See if it’s not the listed known issue:
        Problem: Systems with support enabled for USB Type-C Connector System Software Interface (UCSI) may experience a blue screen or stop responding with a black screen when a system shutdown is initiated.
        Workaround: If available, disable UCSI in the computer system’s BIOS. This will also disable UCSI features in the Windows operating system.

    • #136598

      From .NET Framework October 2017 Security and Quality Rollup:

      “Today, we are releasing the October 2017 Security and Quality Rollup.

      The update applies to all supported Windows versions. It includes a known issue for Windows 10 1507 (see below).

      […]

      This release contains no new security updates.”

    • #136600

      All right, Win 7 Ultimate 32 bit, just installed this month’s group B patches, 4040685 and 4041678, plus the .NET bundle, 4043766, even though it’s just recommended. So far everything seems normal.

      But I keep seeing fixes added only to the bundle. There were quite a pile of IE fixes both last month and now, group A bundle only apparently, the only thing that made it through into the security-only IE patch was last month’s search bar thing, so not a fix but actually something that messed things up for some. And now I see a fix for an USB hub memory corruption causing crashes, again listed in the bundle only. Is this the norm now? Any way to just get the fixes out of the bundle? :/

      But have a question, saw KB4038923 as a .NET hotfix released after the August patch Tuesday and apparently not included in the September or October .NET rollups (at least they don’t have this among what they list as replacing and it lists nothing as replacing it). Would there be any use in installing that separately?

      • #136629

        Group B should be getting the same Internet Explorer fixes as Group A since Group B installs the Cumulative security update for Internet Explorer every month. But in general, Group B doesn’t get some non-security fixes that Group A does.

        The issue fixed in KB4038923 was also fixed in the September 2017 .NET Framework monthly rollup, so you shouldn’t need to install KB4038923.

        1 user thanked author for this post.
        • #136684

          Thanks, so can get rid of that .NET one.
          Can tell you that those IE fixes aren’t applied with the cumulative IE (group B) patch though, or at least they don’t work. And they’re not listed in patch info there either.

    • #136617

      Crystal Reports connecting to Excel stopped working. Any ideas what patch from last night would have caused this?

      • #136622

        We need information before we can even guess the answer to your question.

        What version of Windows are you running?
        What Windows patch(s) were installed last nigh?
        What version of Office are you running?
        What Office patches were installed last night?

        • #136624

          Windows Server 2008 R2

          Office 2010

          Crystal Reports 2011

          We installed all recommended patches

          These are reports that are connecting directly to an xls file. Crystal Reports now returns a database logon error. Just wondering if anyone else is experiencing this or if it had been reported anywhere.

           

          Thank you.

        • #136636

          Follow up: the exact error is:

          Logon Failed.

          Details: DAO Error Code: 0xccb

          Source: DAO.Workspace

          Description: Unexpected error from external database driver (1).

        • #136654

          I may be able to test that tomorrow (UK time) if the patches are on the test pc at the office.

          We use Crystal XI and Excel 2010 though on Win7 Pro (32bit) and Crystal is running on a Citrix box so it may not be a valid comparison.

          It was working correctly today in the live environment as I was using it to extract and reformat some data from a spreadsheet

        • #136795

          UPDATE

          I was not able to reproduce the problem and had no problems connecting Crystal XI to an .xls spreadsheet.

          There is one large caveat however, although the test pc has been patched the Citrix box Crystal runs on hasn’t, so if there is a problem it would indicate it’s at the Crystal end rather than the Excel end.

          Also tested connections to Oracle, no problems there either

    • #136627

      We’ve got a user whose CRM integration with Outlook 2010 is broken since the update. All the CRM related items in the left hand navigation pane fail to load anything, but if he tries to open a CRM record in some other way (such as clicking on a name at the bottom of Tracked email) it opens just fine.

      Anyone else experiencing similar issues since the update? We’re still investigating on our end but wanted to check and see if anyone else was in the same boat.

      • #136648

        Please tell us which version of Windows are you using?

        • #136659

          Windows 10.

        • #136667

          Which version of Windows 10  1511 November Update, 1607 Anniversary Update, 1703 Creators Update? They all have different updates that could have different effects.

        • #136708

          PK, relax, it’s going to be ok. Thanks for your passion, but Windows isn’t your problem, it’s Microsoft’s doing.  Isn’t it amazing how many versions of Windows there are now that there is only Windows 10? Sarcasm intended. MS is actively ruining windows. Historians take note – now is the inflection point – the last dive of Mighty MS.

          1 user thanked author for this post.
      • #136854

        Hi,

        We also use CRM integration in outlook, the software provider has confirmed the following combinations have issues relating to the display of some entities (CRM 2011)…

        Win 7  Office 2010, 2013 –  KB4011178

        Win 7 Office 2010  – KB4011196

        Win 7 Office 2016  – KB4011162

        Win 10 Office2010  – KB4011089

         

        2 users thanked author for this post.
        • #136862

          Which software provider?

        • #136864

          https://www.pepperminttechnology.co.uk/

          They advise…

          If you have not yet applied the update we would advise blocking this from your Windows Server Update Services server (if appropriate) or advising users to refrain from installing it until the scope of the issue us understood or a fix is provided from Microsoft. A case has been logged with Microsoft to request further information regarding a resolution for this issue.

      • #137200

        I have been given a workaround for this (CRM 2011 display issues in outlook), which in testing seems to work fine…

        The following registry entry can be added:

        [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security]

        (replace 16.0 with your office version)

        “EnableRoamingFolderHomepages”=dword:00000001

        1 user thanked author for this post.
    • #136646
      1 user thanked author for this post.
    • #136658

      Note for those who use Windows security-only updates: From both October 2017 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4043766) and October 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 updates for Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 (KB 4043767): “All updates for .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 require the D3 Compiler to be installed. We recommend that you install the included D3 Compiler before applying this update. For more information about the D3 Compiler, see KB 4019990.”

      Currently 4043767 isn’t being offered to me.  Until it shows up in windows update, I’m not about to be overly concerned about it.  Thanks for the heads up though.  Should it appear I’ll be sure to grab the compiler.

      Incidentally, after all that fun we had with the hiding of those rollups since they began in August 2016, when I went to look for .NET history I had a look at my hidden list & lo & behold all the rollups were gone.  None of them were on the installed list.  Check it out fella.

      https://imgur.com/a/5kYmZ

      Win 8.1 (home & pro) Group B, Linux Dabbler

    • #136699

      Came in this morning to see people frantic as my alpha test group was blue screening machines, following our nightly maintenance cycle, with “inaccessible boot device” error messages being displayed on machines. We believe it’s mostly Windows 10 systems. I’m just starting to investigate. Not every Windows 10 system that patched had a problem, so it definitely may be specific builds. Microsoft is really starting to p*** my off with their lack of QA and cumulative update idiocy. They’ve basically screwed up every single Patch Tuesday cycle this year. I thought past years were bad. I’m just really glad we have an alpha release and beta release process, with an extended window. It’s sad that we have to be so cautious when it comes to their patches. Our process worked, but it’s going to be a nightmare day or two here.

      I’ve collected a few details at Windows 10 V1703: Update KB4041676 install issues. This scenario occurs only in WSUS/SCCM, if both alpha and CU has been approved for install (it should have never been released, and admins never should have approved both update types).

      Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

      https://www.borncity.com/win/

      3 users thanked author for this post.
    • #136697

      Dear Woody,

      Your work with the information about this cumulative new patching system of Microsoft is very important. Thank you very much! That being said, I wish to know if there is a way to notice if patches include telemetry updates, because MS became too “imprecise” with the way they describe the patches contents.

      I have a telemetry-free (to my knowledge and for now) Windows 7 x64 Ultimate installation that works fast and flawlessly. I almost didn’t install ONE cumulative patch because it’s more difficult to really know what they contain, and have been avoiding the “conflicting” individual patches so far, following your reports and people’s feedback.

      Of course I don’t want to be exposed to vulnerabilities, I have a lot of protective measures nevertheless (firewalls, etc.) and a caring user behavior regarding security, but I don’t want to mess my great Windows 7 flawless install because Microsoft want to transform every Windows in a telemetry-bugged-beacon.

      Thank you again and everyone reporting here,

      G.

      • #136837

        I fear that identifying telemetry-enhancing updates isn’t possible any more. There’s just too much floating around.

        Every month I publish a general, all-around series of steps to minimize telemetry – but it’s far from complete.

        2 users thanked author for this post.
    • #136719

      My employer pushed the Windows 7 Rollup (KB4041681) to my work computer this morning. There were no apparent issues, but I’m not installing that update on my home system yet.

    • #136766

      This is the Office 2007 sp3 EOL, or they extended it?

      • #136770

        Yesterday was End Of Life (EOL) for both Office 2007 and Win10-1511 – they will receive no further scheduled updates.

        1 user thanked author for this post.
    • #136822

      From Windows devices may fail to boot after installing October 10 version of KB4041676 or KB4041691 that contained a publishing issue (my bolding):

      “Microsoft is aware of a publishing issue with the October 10th, 2017 monthly security updates for Windows 10 version 1703 (KB4041676) and version 1607 (KB4041691), and Windows Server 2016 (KB4041691) for WSUS/SCCM managed devices. Customers that download updates directly from Windows Update (Home and consumer devices) or Windows Update for Business are not impacted.

      2 users thanked author for this post.
    • #136828

      I have to report a bug or is it a “feature” maybe, with the:
      2017-10 Security Monthly Quality Rollup for Windows 7 for x64-based Systems KB4041681
      2017-10 Security Only Quality Update for Windows 7 for x64-based Systems KB4041678

      I work in IT and yesterday we got bombarded with the problem that we can not import an xls file into our application, which we have been doing since forever.

      It gives an error: Unexpected error from external database driver (1).
      We dug deeper and got to the Provider=Microsoft.Jet.OLEDB.4.0;Data Source={0};Extended Properties=\”Excel 8.0;HDR=Yes;IMEX=1\” not working anymore.

      After we removed both updates everything was back to normal.

      Just an FYI to everyone with the same problem.

      Edit to remove HTML
      Please convert to plain text before copy/paste

      4 users thanked author for this post.
      • #137155

        I ran into this, with broken production automation routines that relied on Excel via Jet OLEDB. What I did to remedy this was to install the latest version of AccessDatabaseEngine, which is Office 2010 compatible I believe. After doing so I then replaced any reference to Microsoft.Jet.OLEDB.4.0 with the Microsoft.ACE.OLEDB.12.0 provider. That did the trick. At first I thought I’d have to then connect to XLSX files instead of the current XLS files, but the provider works equally as well against XLS. So only one search-and-replace routine was needed. Thank God…

        1 user thanked author for this post.
        • #137206

          Hello
          Installing the AccessDatabaseEngine and using Miscrosoft.ACE.OLEDB.12.0 provider will work out and if you keep Excel 8.0 in the connexion string, you can still use .xls files.

          After installing the AccessDataBaseEngine Try changing :

          Provider=Microsoft.Jet.OLEDB.4.0;Data Source={0};Extended Properties=\”Excel 8.0;HDR=Yes;IMEX=1\”

          to

          Provider=Microsoft.ACE.OLEDB.12.0;Data Source={0};Extended Properties=\”Excel 8.0;HDR=Yes;IMEX=1\”

          1 user thanked author for this post.
    • #136849

      Last month after the automatic patching of Windows Server 2012 R2, my domain got unassigned from the network card and I lost all possibility to connect to the SQL database for the accounting package. This month, same thing, right after the automatic patching during the night. Nobody able to work in the morning. I don’t manage this server. I don’t know Windows Server, I don’t use it.

      The trick was to simply disable the network card, then reenable it. Quickly realizing the network was public and not domain, I tried things for an hour with a consultant last time before finding that: restarted, registry tricks, manually assigning the domain to the private network…

      2 users thanked author for this post.
    • #136856

      Another article about October’s KB4041676 update:

      Windows 10 mandatory October KB4041676 update is causing machines to BSOD

       

      1 user thanked author for this post.
    • #136883

      On my Win 8.1 test VM…

      Windows Update service started, firewall reconfigured to allow updates, and the patches are going in Group A style as usual for this time of the month…

      Checking8.1

      AvailableImportant8.1

      AvailableOptional8.1

      Done8.1

      Also as usual, the updating process went smoothly and the VM booted right back up.

      No new errors or warnings have appeared in the event log.

      A quick comparison of my LogSystemInfo output before/after revealed:

      • KB4043763 and KB4041693 added, KB4038792 removed from WMIC qfe list.
      • Tasks in the WindowsUpdate section of the scheduler were re-enabled as usual.
      • A fair number of system modules, including protocol handlers updated to new build numbers.

      Fitness testing to commence next. More as I learn it.

      -Noel

      2 users thanked author for this post.
    • #136923

      I have 3.5.1 and 4.5.2 .NET  installed on my Windows 7 x64 machine, & even though I’m still Group B Security-only, I’ve been installing the .NET Framework Security and Quality Rollup when it’s offered to me in the monthly windows updates. The most recent one being the September 2017 update. Now after reading the various messages in this topic about the October 2017 .NET Security and Quality Rollup, I’ve been trying to determine if I need to install this new October .NET update, even though it didn’t show up in this months updates…

      According to what “abbodi86” wrote in message “#136676”,  “3.5 & 4.5.2 patches have not changed, same as September rollup. only 4.7 got new “quality” patch”

      The thing is when I compared the October 2017.NET Framework Security and Quality Rollup information to that of the September 2017 .NET Framework Security and Quality Rollup information: ( https://blogs.msdn.microsoft.com/dotnet/2017/10/10/net-framework-october-2017-security-and-quality-rollup/ & https://blogs.msdn.microsoft.com/dotnet/2017/09/12/net-framework-september-2017-security-and-quality-rollup/ ) there is an additional WPF Quality and Reliability Improvement in the October update that wasn’t listed in the September update.

      Considering that the October update States the following: “The update applies to all supported Windows versions”, does this additional October improvement (shown below) mean that there is a difference between the September & October 3.5 & 4.5.2 patches? And if so, should the October patch be installed on machines having 3.5.1 and 4.5.2 .NET Framework installed even if the September update was previously installed?

      The quality and reliability improvement that’s listed in the October update, but not the September update, is the following: Rendering of WPF UI Elements is disabled in Windows Services. [497334]

      • #136943

        On a Windows 7 x64 computer with .NET Frameworks 3.5.1 and 4.5.2 installed, October 2017 .NET Framework monthly rollup appears as a Recommended update. That means it can appear in either the Important or Optional tab, depending on the setting “Give me recommended updates the same way I receive important updates.”

        1 user thanked author for this post.
        • #136977

          Indeed, “Give me recommended updates the same way I receive important updates” is deselected in WU (Win 7 x64) and this optional recommended (unchecked) update is offered:

          “2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 7 and Server 2008 R2 for x64 (KB4043766)” – 61.6 MB (.NET 4.7 is not installed).

          It is unhelpful that MS titles this a “Security and Quality Rollup,” yet it is optional and there is no associated CVE (the SANS ISC lists no .NET exploits for this month, https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/ and Martin Brinkmann at gHacks lists this as a non-security update, https://www.ghacks.net/2017/10/10/microsoft-security-updates-october-2017-release/ ).

          1 user thanked author for this post.
        • #137265

          Just to verify and/or corroborate, when I have “Give me recommended updates the same way I receive important updates” SELECTED, I get the KB4043766 update listed as Important and also checked. (Win 7 x64, .NET 4.7 NOT installed)

          Can’t MS make up it’s mind? Doesn’t seem like that would be rocket science to me.

      • #136947

        For what it’s worth:

        I’m group B and also quality and security on .NET – or what I’ll just call .NET Rollups.

        But after the snafus in Sept with the Rollup (which were apparently not present in the security only updates), I decided that from now on it’s security only for everything. I’m not installing any .NET updates for October, since there are no new security only updates this month.

        And if the “quality” of my .NET experiences isn’t what MS thinks it should be, well, that’s just too bad. After all the “quality” of my Win 7 experience has already tanked anyway. If my machine make it to end of support in early 2020, fine. Otherwise I’m fully prepared to leave MS permanently.

        1 user thanked author for this post.
      • #137175

        The quality and reliability improvements made in Oct update are only applied in .Net Framework 4.6.x – 4.7. You’ll be able to get better comparison between the Sept and Oct updates for Win 7 by looking at their respective knowledge base articles below:

        Sept:
        https://support.microsoft.com/en-us/help/4041083/security-and-quality-rollup-for-the-net-framework-3-5-1-4-5-2-4-6-4-6
        Oct:
        https://support.microsoft.com/en-us/help/4043766/october-2017-security-and-quality-rollup-for-net-framework-3-5-1-4-5-2

        From those 2 links, you can see the difference in terms of the KB numbering (at the “More information” section) for the .Net Framework 4.6.x – 4.7 that changes from KB4040973 (Sept) to KB4043764 (Oct), whereas the other versions of .Net remains the same for Sept and Oct. Therefore, installing the Oct update will give you no quality imrovements over the Sept update unless you have .Net Framework 4.6.x – 4.7 installed.

    • #137177

      On my Win 7 test VM…

      Windows Update service started, firewall reconfigured to allow updates, and the patches are going in Group A style as usual for this time of the month…

      Win7CheckingForUpdates

      Win7ImportantUpdatesAvailable

      Win7OptionalUpdatesAvailable

      Win7UpdatesInstalled

      As usual, the update process went smoothly and the VM booted back up quickly and smoothly.

      The event log is clean of warnings and errors.

      The running process count settled to the usual count of 39 to support my otherwise idle desktop.

      A comparison of before/after LogSystemInfo output reveals:

      • “Unknown” status for several scheduled jobs, which previously reported “Ready”.
      • KB4041681 added and KB4038777 removed in WMI qfe list.
      • Quite a few components updated, showing new build numbers.

      I’ll update this thread with a response once I do more testing.

      -Noel

      2 users thanked author for this post.
      • #137240

        On this Friday the Thirteenth, appropriately falling in the week of Black Tuesday, I should like to express my deep thanks, appreciation and gratitude to Da Boss, along with his cadre of indispensable — and outstanding — MVPs (as well as the many thoughtful contributors) for their dedication, tireless efforts and patience (and without whom — well, I’d rather not go there…).

        I am confident that I echo many others.

        Gold-Cup-black-background-with-light-rays

        5 users thanked author for this post.
      • #137337

        As an example of just how unique each person’s system is, I just ran WU on my Win7 x64 machine with .NET 3.5.1 and 4.5.2 installed as well as Office 2010 Professional Plus, and all I was offered by WU were four security updates for Office 2010 and the monthly Win 7 rollup along with the usual MSRT (KB890830).

        1 user thanked author for this post.
    • #137437

      I have Windows 7 Home Edition 64-bit system.  I have not seen KB4043766 in my Window update listing for October.  In stead, KB3186497 Microsoft .NET Framework 4.7 for Windows 7 and Windows Server 2008 R2 — Published 6/27/17 showed up. When the Ok is given to install October updates, do I install KB3186497 or ignore it.

      • #137454

        Make sure to check both the Important tab and Optional tab for the existence of KB4043766.

        • #137482

          KB4043766 does not exist in the Important or Optional listing.   KB3186497 (the 6/27/17) update is checkmarked and exists in the Important listing.

        • #137488

          MS is pushing .NET versions later than 4.5 toward .NET 4.7, so it may be time to go ahead and install KB3186497 .NET 4.7.

          If you have been following the Group B method, you will need to install KB4019990 the D3D Compiler first. If you follow Group A (Monthly Rollups), the compiler should already be on your machine.

          Edit 3.5.2 changed to 4.5

          1 user thanked author for this post.
        • #137493

          I do follow the Group B method for installs except for the .NET framework updates.  I install .NET framework updates from Window Update.  I do not install security only .NET framework updates from the Microsoft catalog.  Would I still need to install the D3D compiler first before installing KB3186497?

        • #137505

          Yes, you should install it first. The link is above.

          2 users thanked author for this post.
    • #137479

      KB4041678 (Security-Only Update) for Windows 7

      “ICS”(Internet Connection Sharing) / SMB Funktion is broken…

      WLAN Connection and SMB(File & Printer) transmission problems.

      – Laptop(ICS Server) / Windows 7 pro x64
      – Intel WiFi WLAN-Adapter
      – 3G+ Mobilfunk-Stick / USB

      Absolute unusable…!

      1 user thanked author for this post.
    • #138050

      Adobe have issued another update for their Flash Player, version 27.0.0.170.  As they have not yet released a changelog nor Security Bulletin, it is unclear whether this is a security update; however, since this follows so closely on the heel of 27.0.0.159, it is not unlikely.

      For those who manually update it, here are the direct download links for the off-line (full) installers for version 27.0.0.170, as well as the Uninstaller, all “clean” — (right-click; select Save Link As):

      NPAPI for Firefox, Safari, Opera: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe | 19.8 MB
      AX for Internet Explorer: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe | 19.3 MB
      PPAPI for Opera and Chromium-based browsers: https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe | 19.7 MB
      Adobe Flash Player Uninstaller: http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe | 1.25 MB

      2 users thanked author for this post.
    • #138623

      For those who still require the Jave Runtime Environment (JRE), Oracle have issued an update, version 8u151: “This Critical Patch Update contains 22 new security fixes for Oracle Java SE.  20 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.”

      The full 2017.10 Critical Patch Update Advisory is at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html . Java can be manually updated through its Control Panel (if not set to do so automatically) or the off-line (full) installer may be downloaded at http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html (enterprise version; clean).

    • #140559
    • #140845

      OK so where are we regarding October updates for Windows 7 users?

      There is so much cross talk about Windows 10 and Net xxx that I can no longer find what is happening with Windows 7 x64 (and Microsoft Office 2010, especially the latest Outlook 2010 update KB4011196).

      Are these good to install?

      Is it time to monthly updates by Windows version vs all versions muddled together with primaily Windows 10 issues?

       

      • #144317

        It’s tempting to break out the Windows versions and give each of them MS-DEFCON ratings, but I’d have to have separate ratings for Win7, 8.1, 10 1511, 10 1703 and 10 1709, at a minimum. Then there’s Office and .NET and on and on.

        When we hit MS-DEFCON 3 or 4, there are full updating instructions for every version.

        1 user thanked author for this post.
    • #144275

      Issue added to Cumulative security update for Internet Explorer: October 10, 2017: “After installing this KB, Internet Explorer 11 users who use SQL Server Reporting Services (SSRS) may not be able to scroll through a drop-down menu by using the scroll bar.”

      2 users thanked author for this post.
      • #144436

        The same issue has also been added to many other recent updates for various operating systems.

        1 user thanked author for this post.
    • #146888

      ADV170012 | Vulnerability in TPM could allow Security Feature Bypass has been revised multiple times, most recently 6 days ago.

    Viewing 48 reply threads
    Reply To: Patch Tuesday patches are out

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: