Patch Tuesday problems and fixes, but there’s no cause for alarm

Topic

New Reply

Yet. Consolidated news about this month’s patches for Win10 version 1803, the CVE-2018-8174 VBScript zero-day (which isn’t bad yet), the Win10 version
[See the full post at: Patch Tuesday problems and fixes, but there’s no cause for alarm]

1 user thanked author for this post.

Mr. Natural

Reply | Quote

Replies

There’s definitely problems 🙂

https://www.reddit.com/r/windows/comments/8i9i97/kb4103718_removing_network_drivers_on_win_7/

NIC drivers randomly disappearing.

2 users thanked author for this post.

FakeNinja, columbia2011

Reply | Quote

Oh gawd, not again.

Reply | Quote

Just noticed this tonight 5/11/2018 2349 CDT: The M$ article for KB4103712 (Security-only update), as well as for the “quality” (/snicker) update, was amended today:
Now added, as “known issues”:
Symptom: “Microsoft is aware that some customers have reported that network drivers are intentionally uninstalled, then fail to reinstall after applying the May 8, 2018 update. This can result in the loss of network connectivity.” and
Workaround: “Microsoft is presently investigating and will provide a status update when the investigation is complete.”

Reply | Quote

How “lovely”. Rollup only or security-only too? Does 4099950 affect the odds in any way? And if so, any difference between having the pre-Apr 17 and the post Apr-17 versions? That thread doesn’t seem to explain that.

Reply | Quote

The latest response on my Microsoft support case is:
We are investigating all of the May updates. For Windows 7/2008R2, we’re looking into the issue where the NIC is uninstalled.  For 2012/2016, we’re looking into an issue that creates a new NIC after the update is installed.

edit to remove HTML

2 users thanked author for this post.

columbia2011, DrBonzo

Reply | Quote

I’ve just looked in the Master Patch List, and am most gratified to see that there are no issues “at the moment” with the Windows 7 patches.

It would be nice to have a defcom setting for Win 7 and 8.1 separate from the current one that, these days and perhaps for the foreseeable future, it seems mostly to reflect the load of Win 10 problems cascading monthly from MS.

But I imagine that it would not be terribly practical, probably also confusing to some, and one can always keep an eye on the Patch List, anyway.

Please, Woody and Patch Lady, do keep up the good work you do, and thanks for doing it.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

3 users thanked author for this post.

FakeNinja, HiFlyer, woody

Reply | Quote

I would love to run MS-DEFCON levels for each version of Windows, but it’d take an enormous amount of work. Ginormous.

6 users thanked author for this post.

jburk07, SueW, geekdom, HiFlyer, columbia2011, Elly

Reply | Quote

woody wrote:

I would love to run MS-DEFCON levels for each version of Windows, but it’d take an enormous amount of work. Ginormous.

I can’t tell how many versions of Windows there are any more.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

2 users thanked author for this post.

jburk07, woody

Reply | Quote

Woody, see here

Win 10 v1803, issues with intel SSD’s..

No problem can be solved from the same level of consciousness that created IT- AE

Reply | Quote

Oy. Sounds like a variation on

https://www.askwoody.com/2018/microsoft-blocking-the-win10-version-1803-update-on-some-pcs-with-intel-solid-state-drives/

1 user thanked author for this post.

Microfix

Reply | Quote

put it down to a bad day..

No problem can be solved from the same level of consciousness that created IT- AE

Reply | Quote

Excel 365 files on my laptop will not save in 1803.  I have had to roll back.

Reply | Quote

Specify the version and bit of Excel, please.

1 user thanked author for this post.

woody

Reply | Quote

I didn’t see any info on Windows 8.1 patching in your Computerworld article, Woody. Do you have any info about Windows 8.1 patching?

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

Reply | Quote

Windows 8.1 has consistently been the most stable version.

That said, I still think you should wait. There aren’t any killer security holes.

Reply | Quote

A silly question….Do employees at MS ever read any forums regarding issues with their updates, patches, cumulative updates, and feature upgrades? I have been pretty lucky so far on my Win 10 home machine, but I just read through the Windows forum link that was cited on another topic here (21 pages in like 2-3 days?). I now have severe heartburn.

Shouldn’t they care? Can someone at MS put the breaks on these updates? Business must be good at computer repair shops….

Since I bought my Win 10 Dell machine in Oct, 2016, I have spent like 200 hours of time Googling various issues/glitches that have occurred on my machine. I NEVER did this with XP, Vista, or Win 7 machines……Oy….

6 users thanked author for this post.

SueW, HiFlyer, Pepsiboy, BobbyB, Elly, columbia2011

Reply | Quote

As an anecdotal comparison, I run Manjaro (Arch) Linux which is considered by Distrowatch.com to be a finicky distro to maintain. I do have problems occasionally with getting updates to install. But almost always the issues are:

1. the script does not write over the old files/folders and the fix is to remove the specified files and folders manually for no critical applications.

2. With the optional AUR repository, the maintainer’s current key is not in the local key database. Again, manually update the key signature.

3. With the optional AUR, the download hash does not match the expected hash. Verify the hash expected for the file and update the hash when during the update.

All of these errors will generate a very specific error message that tells you what the issue is an implies the fix.

Reply | Quote

I used to be able to go weeks between reboots when running Windows, but lately it is often 3+ times a day fixing issues I didn’t realise I had until I tried something. E.g. the last two reboots – one to fix MS Store which refused to “Get” any new apps (was happy reinstalling “owned” ones, and another to fix the Settings app which decided to hang at the opening screen each time I opened it. It gives you a feeling of just how fragile everything is under the flashy exterior.

Reply | Quote

Anonymous writes: “A silly question… Do employees at MS ever read any forums regarding issues with their updates, patches, cumulative updates, and feature upgrades?” ……  “Shouldn’t they care?”

Maybe what those MS employees care most about is keeping their jobs. So spare them a thought.

As David Thoreau wrote at the beginning of “Walden Or The Life In The Woods”: “The mass of men lead lives of quiet desperation”.

So, of those MS employees using their talents and energies in busily patching Windows 10 and brewing its next incarnation, the ones that started work there with high ambitions and hopes of real, even great, accomplishments, may be leading now what sort of lives, exactly?

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

jburk07, Cascadian

Reply | Quote

Don’t know if this hurts or helps, but with at least two in the wild according to this website, and the WIN 7 patch wiping stuff again, we’re really between a rock and a hard place:

https://securityboulevard.com/2018/05/microsoft-patches-two-actively-exploited-zero-day-vulnerabilities/

Oh, my stars and little apples…glad I’m the only one on this PC, and don’t EVER use IE…

Madness.

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Windows Update? Bah! I could carve a better ecosystem out of a banana!" -Jamrach Holobom

Reply | Quote

One may choose not to use E11 oneself, as a browser, but the operating system (Windows, any version) does use it regardless of one’s choice, because Windows is “wrapped around” IE11, which I understand is the cause of the problem discussed in the article that you have provided the link to.

Reply | Quote

As noted in my article, the only known exploit for the “critical” security hole involves a Yiddish RTF file. The other security hole isn’t particularly pressing.

We’ll definitely see the first exploit out in the wild sooner or later but for now, if you aren’t in charge of a Chinese governmental group, you’re ok.

2 users thanked author for this post.

jburk07, Nibbled To Death By Ducks

Reply | Quote

What if one gets emails in Yiddish?

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

No problem. The specific attack vector is an RTF attachment in Yiddish/Hebrew sent to a Chinese governmental agency.

Which is quite a bizarre combination, eh?

2 users thanked author for this post.

OscarCP, SueW

Reply | Quote

Probably seems completely logical to a virus nerd.

Reply | Quote

I’m thinking that if you applied the recommended changes as well since last year (https://blogs.windows.com/msedgedev/2017/07/07/update-disabling-vbscript-internet-explorer-11/ and the earlier piece linked there) IE should not run VBScript on sites in Internet and Restricted zones anymore, so it’d need to be something local (or trusted), like that file. If so, using IE shouldn’t increase the risk, not using it definitely doesn’t decrease it. Not having MS Office might decrease it a fair amount though, if I understand things correctly?

— Cavalary

Reply | Quote

Oh, PS, forgot it the first time: Great reference in the name 😀

— Cavalary

Reply | Quote

Fun times, Microsoft and other OS vendors have accidentally introduced a locally exploitable DoS bug through Spectre/Meltdown related fixes by “misinterpreting” Intel’s documentation.  Here’s the MS page on it:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897

Reply | Quote

@OscarCP: Oy Vey! Gevalt!

“A silly question… Do employees at MS ever read any forums regarding issues with their updates, patches, cumulative updates, and feature upgrades?”

No, they’re too involved with playing Cricket on the campus, old boy.  Chin-chin!

 

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Windows Update? Bah! I could carve a better ecosystem out of a banana!" -Jamrach Holobom

Reply | Quote

Actually, several MS employees read AskWoody – and more than a few post here. I think that’s great.

3 users thanked author for this post.

jburk07, SueW, columbia2011

Reply | Quote

Nibbled To Death By Ducks!

I would say to your hypothetical MS employee in answer to his hypothetically snarky comment:

“No, they’re too involved with playing Cricket on the campus, old boy.  Chin-chin!”

“Bully for you, Sir! Chin-chin indeed, and let’s have another one for the road!”

“Now, when you and your mates are done playing cricket here, however looong that might take (as usual in cricket: much too long), please, don’t forget to go back to doing your pathetic jobs: crafting patches of patches and brewing the next unsavory batch of Win 10 “upgrades”  nobody asked for and nobody, except, maybe, some irredeemably daft fan boys or corrupt trade magazine bloviators, will ever thank you for. I hope they pay you way too much, because paydays probably afford you the only genuine pleasure you’ll ever get from actually doing the work you do.”

In other words: spare a thought for the poor saps that labor in meaninglessly toil, day after day, in the (metaphorically) sunless, creepy-crawlies’ infested dungeons of Redmond. Even if they were paid, each and every one, their weight in diamonds, that could never be enough compensation for their daily repeated and pointless drudgery.

Win 7 x64, SP1, Intel I-7  “sandy bridge”:

Be Group B, or die!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

@OscarCP: Very tired-missed your statement …”and am most gratified to see that there are no issues “at the moment” with the Windows 7 patches”…there are, unfortunately…KB4103718 is removing network drivers on Win 7 machines, per:

https://www.reddit.com/r/windows/comments/8i9i97/kb4103718_removing_network_drivers_on_win_7/?st=JGZRX6GR&sh=91361a81

@Woody, It’s nice to know that fact; unfortunately Chalker’s Law states that for every conscientious person toiling away at their job, there are 9 others who are busy undoing and fouling up what he/she does.

Just a chuckle from a late Sci-Fi author I met in Denver, Jack Chalker.

Again, thanks to all for doing their best to keep us all safe, and the wheels from leaving the track!

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Windows Update? Bah! I could carve a better ecosystem out of a banana!" -Jamrach Holobom

Reply | Quote

Nibbled To Death By Ducks:

Sorry, I wasn’t thinking and forgot to explain that I am Group B. So: only interested in the Security Only update, while the one you mention is the rollup and it most certainly has been found to have the problem you just described. Security Only, so far, is listed in the Master Patch List as having, of known problems, “none at this time”… I am afraid I have given the wrong impression that I was referring to Win 7 in it’s totality. My bad!

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Nibbled To Death By Ducks

Reply | Quote

KB4103723 is showing as “Not required” in our environment. Not sure what the problem is. Anybody experience the same issue?

Reply | Quote

Would this statement from Microsoft apply?

“Windows 10, version 1607, reached end of service on April 10, 2018. Devices running Windows 10 Home or Pro editions will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.”

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

Hi guys ‘n’ gals…

Well, after a quick check for updates for my WIN 7 32 bit PC last night, I saw that there were quite a few “Recommended”….about 15 or so, but decided to hide the lot.
The 3 that were “Important”…., I decided to D/L & install.
#1 was KB4099633 & #2 was KB4103718, along with the MRT tool for May.
O.K. I thought, let Windows do it’s thing.
I was wrong though.
It went through it’s “normal” routine of creating a restore point….(That was good.) but after about 50 Minutes, the
installation was stuck at 53% & would not move.
I left it for quite a while but no more movement was observed, so I shut the PC down & tried the installation…. again.
Nope. No such luck. Exactly the same result……Stuck at 53%.
I tried this 3 times with the same result, so I tried Window”s Safe Mode.
It said…”Error with installing updates…..Reverting.”
Oh goody, I thought. At least “it” recognized the error.
Well, I then re-booted the PC into normal mode & when she decided to load Windows, another screen showed up with the same message.”Error with installing updates…..Reverting.
“Well, this time it actually did remove the offending 2 updates.
I checked in “View Update History” & saw that those 2 had “Failed.”

My PC is now back to normal operation.
I do of course have weekly back-ups, thanks to ACRONIS TI.
Another stuff up from you know who.

Thank you.

Anyone else been struck with those 2 updates?

Edit to remove double spacing.

Reply | Quote

Anonymous #191670 :  Same as you, I have also received the .NET patch KB4099633. It is not one of the Win 7 .NET patches mentioned, at this time, in the Patch Lady’s Master Patch List, none of which, by the way, I have received so far.

As a general rule, I prefer to wait at least two weeks after every Patch Tuesday before updating, in case something alarming is reported in the interim concerning Windows 7, x64 patches of interest to Group B users.

I’m Group B and have Win 7 Pro, x64, SP1,  running in my PC, that has an I-7 “sandy bridge” CPU.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

KB4099633 contains the other KB numbers. Go to the support page given in Windows Update for 9633 and scroll down and you’ll see the other numbers. 9633 is smart enough (yeah, I know, pretty surprising seeing as how it’s coming from MS) to know which of the KB numbers to install on your particular computer. Alternatively, if you know what versions of .NET are on your computer you can pick and choose the appropriate KB numbers and install them manually yourself from the Update Catalog. A similar situation holds for the security only .NET patches.

Reply | Quote

Do I understand you correctly, DrBonzo, that all KB4099633 does is to install those .NET update now in the Master Patch List that are appropriate to one’s Windows 7 version so, if then there are problems, they are going to be caused by those other .NET updates and not by 9633 itself?

In other words, that installing 9633 is as safe as installing the appropriate .NET updates oneself, but it saves one the trouble of figuring out which ones to install?

Further, that if there is a problem, it won’t be enough to remove 9633, but also the other .NET updates installed by it; or, alternatively, one could go back to a restore point created before installing 9633?

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Question 1: Yes
Question 2: Yes
Question 3: I believe that if you uninstall 9633, you will be uninstalling the KB numbers contained in 9633 and that no other uninstall will be necessary (I have never uninstalled what I would call a “package patch” such as 9633 so I can’t say with certainty what will happen). The advantage of installing the KB numbers that are in 9633 individually is that if there is a problem you will know which KB caused it. If it turns out that one of the KB numbers is not applicable to your computer, you will get a message to that effect (I have tried to install such an update before – by mistake – and that is what happened).

Hopefully this clarifies my earlier statement, but if not, let me know and I’ll give it another try.

1 user thanked author for this post.

OscarCP

Reply | Quote

MrBonzo: Thank you.

If there was a problem after one installs 9633 (after creating a recovery point just before installing this patch), one could take the system back to its state previous to the install, and that should remove 9633 and any .NET patch it did install. Just in case, one can always look in the Windows Update “your installed updates” history file (with a link in the WU page), to see if there are any .NET updates with the date of the install of 9633. Then one can click on the “installed updates” button in the same page and go to the page that lists them, right click on the names of each of those to be removed and choose “uninstall”.

But all that may not be even necessary, if your guess is correct.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Yep, I agree with everything you just said.

I’ve never had any problems with .NET patches, although from what I’ve read here at askwoody, it seems that people are having problems with them at an increasing frequency. Then again, I suppose the same can be said about a lot of MS patches, unfortunately.

1 user thanked author for this post.

OscarCP

Reply | Quote

So is it safe to install KB4099633 or not? Because of no information in Master Patch List!

Reply | Quote

Well, that’s a different question! I was just describing the contents of the 9633 patch.

The 3 KBs in the 9633 patch are listed in the Master Patch List as having no issues at this time. However, it does seem that some folks have had problems with at least one of them.

So, for myself, I’m waiting on ALL May patches before installing. I rarely, if ever, install anything before DEFCON goes to 3, and even then I sometimes wait longer.

2 users thanked author for this post.

HiFlyer, columbia2011

Reply | Quote

@OscarCP @DrBonzo @columbia2011

Recently we had an update KB 4099950. For those of you who downloaded it from the Catalog, you will recall it had a .exe file bundled with it. You probably downloaded both files and wondered what to do with the .exe.
If you had installed the update through Windows Update instead, you would not have seen that .exe file and may not have known it even existed because the Windows Update mechanism takes care of the bundled files and assures they are installed/processed in the proper order. (That’s how it’s supposed to work if MS gets it right to begin with.)

The .NET Rollup is a bundle for multiple versions of .NET, not a single update itself. If you go to the Catalog and click the “Download” button, you will see the updates for the individual versions of .NET  and are left to try to figure out which update(s) apply to which version(s) of .NET you have installed.

However, if you use Windows Update, the update mechanism will automatically install the individual patches you need. It is these individual patches you will see as installed updates, not the bundle.
The problem with using the Catalog is, that sometimes there are other updates bundled as well for certain versions of .NET or Windows. An example of this was the D3D Compiler for Win7 when .NET 4.7 first came out. Unless  the D3D Compiler was installed there was a problem for Win7. This is not necessarily obvious if you are unaware and are only looking for .NET KBs.

That is why, IMHO, it is better to install the .NET Rollup through Windows Update so it is installed properly. Because you just may not know…. (It is even recommended for Group B – see AKB2000003)

 

9 users thanked author for this post.

HiFlyer, Bill C., jburk07, walker, SueW, columbia2011, DrBonzo, OscarCP, geekdom

Reply | Quote

Even though I’m group B I do usually install the .NET Rollup and usually from WU.

Several months ago there was an issue with the Rollup that wasn’t present (to the best of my knowledge) in the Security Only patches, so I downloaded and installed from the Catalog. One of the multiple files I downloaded apparently wasn’t appropriate to my computer and when I tried to install it, I got a message to that effect.

I agree, though, that unless you know all the versions of .NET on your computer, it can get a bit confusing if you’re not installing from WU.

1 user thanked author for this post.

OscarCP

Reply | Quote

Hello DrBonzo and Oscar and PKC. While it is easy and maybe preferable to let MS update your .NET, you can do it if you desire to investigate which one(s) you have. I prefer to do “security only” and manually install.

I do not like .NETs so I only have the 3.5.1 that came with Windows 7.

For those interested in .NETs, Arron Stebner has a verification or cleanup tool. You can use it to see which version you have.

(One can also look for a registry key.   https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed)

Arron does keep it updated. The cleanup tool is a last ditch uninstall if all else fails.

https://blogs.msdn.microsoft.com/astebner/2013/11/06/net-framework-setup-verification-tool-and-cleanup-tool-now-support-net-framework-4-5-1/

Reply | Quote

The KB 4099633 update pretty much broke our exchange server.

Emails within our company seem to work, but emails in and out of our firewall are not going through.

Our OWA does not work outside of the firewall, and unable to get any web access on the server.

All started on the 11th when it was auto installed. I thought it was the firewall, so I replaced it. This did not fix it. I uninstalled the update, which seemed to fix the issue.

I forgot to flag the update to not reinstalling, and it has now installed again. When I went to go uninstall it again, It appears to be missing from the update list. It shows it in the update history with a new time stamp, but I can’t seem to find the update in the install history to uninstall it.

1 user thanked author for this post.

columbia2011

Reply | Quote

KB4099633 is a Rollup which may contain updates for several versions of .NET.
Check theese links for the update you have installed – you probably won’t see Rollup KB number, but the individual version patch KB number in the installed updates.

Reply | Quote

Thank you.

That was very helpful.

For others having the same issue, I used this CMD command to check and uninstall the update(s)

wusa /uninstall /kb:xxxxxxx /norestart

(Change xxxxxxx to the KB number)
It will look for the update and start the uninstall it, if it finds it, and not restart after complete.

It didn’t find the KB4099633, so I tried the following:
KB4096495
KB4096418
KB4095874
KB4019990

It only found and uninstalled the last 2. Then I had to restart the server, wait until it’s fully booted, and then our firewall for it to work.

Thanks again

Edit to remove HTML.

1 user thanked author for this post.

columbia2011

Reply | Quote

What is version of cumulative update installed on your Exchange server? It’s interesting to know before install Windows updates on our productive infrastructure.

Reply | Quote

And the Microsoft clamp on feedback settings is still in place in the revised 1803.

Reply | Quote

@OscarCP: No sweat, “Even Jove nods…”…and I’m about to nod off completely after all this. I figure I spend at least 30% of my time at the PC doing noting but playing whack-a-mole…and MSFT hasn’t even acknowledged the NIC issue with KB4103718 yet…probably have to wait a few weeks…

Gosh, I remember when building computers was FUN.

Ooops, gave away my age group…

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Windows Update? Bah! I could carve a better ecosystem out of a banana!" -Jamrach Holobom

Reply | Quote

Just a heads up. Has anyone here seen these two recent articles?

Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked

and from CERT:

Vulnerability Note VU#631579

Hardware debug exception documentation may result in unexpected behavior

 

2 users thanked author for this post.

Elly, OscarCP

Reply | Quote

@GoneToPlaid –

Yep, it’s already been noted by an anonymous poster on May 10th in post #191605 above. Thanks for the second look and additional references, however! 🙂

His/Her post noted that Windows and other OS’s are vulnerable, but the post only has a link to MS’s security portal which tells those with Windows how to get patched.

Reply | Quote

…and  we Win 7 people can’t patch because it’ll bork our NIC drivers.

I heard, many months ago, the Russians ordered 1500+ typewriters and stacks of carbon paper to be delivered to the Kremlin.

I often think of going back to tree bark and scratching Runes on them, or Ogham characters, and hiring runners.

Should be a fun weekend project.

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Windows Update? Bah! I could carve a better ecosystem out of a banana!" -Jamrach Holobom

Reply | Quote

And sometimes, reading about what is going on in the world in general and with MS updates in particular gives me such a skin rash that I feel like scratching myself against the bark of a tree, horse style.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Microsoft is aware about issues with NIC drivers after installing May Monthly Rollup KB4103718. A mess with Microsoft continues! How much will Microsoft develop problems from scratch! Since January 2018 there is no confidence in updates!
https://support.microsoft.com/mk-mk/help/4103718/windows-7-update-kb4103718

1 user thanked author for this post.

woody

Reply | Quote

We are seeing a different issue with the monthly roll up patch.  Users with 7.1 now are having grainy resolutions issues with Remote apps.  Uninstall the patch corrects it, but not a viable long term solution.  Anyone else have resolution issues with remote apps after the patch?

Reply | Quote

You’re saying Win7 SP1, I think, so you’re probably talking about the Monthly Rollup KB 4103718, right?

What remote apps? How are you accessing them? In there a server in the loop?

Reply | Quote

Yes 7 SP1 and 4103718 is causing the issues with remote apps being very grainy.  Users are logging into RDWebAccess and connecting to the Remote Desktop Session Host through a Gateway server.  The RDSH is serving up the Remote Apps.  Uninstalling the monthly roll up returns the Remote App to the proper resolution.  All Remote Apps are impacted.

1 user thanked author for this post.

woody

Reply | Quote

Any chance it’s a driver issue? (Are you seeing the same thing with different machines, running different video drivers? Do you have the latest drivers installed?)

Reply | Quote

We have 100’s of machines that have reported it.  We found 8.1 seems to have the same issue with the May monthly rollup or security only.  We have a incident in with Microsoft, but have not progressed much. 
Different video cards/drivers etc. have no impact.  If we get anywhere I will update…

1 user thanked author for this post.

woody

Reply | Quote

I have W7 and W8.1 in both 32 bit and 64 bit variants and I have installed the Security Only update and IE update via the Windows Catalogue, and the .NET Rollup update via Windows Update for all 4 combinations. The only observable issues so far are:

1) Windows Firewall Notifier (WFN) 1.9.0 no longer gave notifications when a program tried to make outgoing internet access when there was neither an explicit “allow” or “block” rule present in the Windows Firewall. (WFN behaves in a similar manner to the paid for version of Windows Firewall Control, setting the Windows Firewall to block by default, and in the absence of an explicit rule giving a notification to allow the user to setup an explicit firewall rule with a few mouse clicks. I’ve used it without problem for about 4 years!)

I replaced WFN 1.9.0 with the much more recent WFN 2 Beta 3 from March 2018 and this does give notifications and allows explicit rules to be set (although for WFN 1.9.0 users the GUI looks a little different e.g. go to “Firewall Settings” and select “Block and prompt” for “Outbound” and then “Apply” to switch on notifications). WFN 2 Beta 3 seems to work OK so I’ll stick with it and see how things go. (I’m only using the basic version without the map database. I have not looked at what the map stuff is for.)

2) Some Windows Service uses “svchost.exe” to try to make outbound communication with 3 addresses 62.252.168.65, 23.43.32.148 and 62.252.168.56 which I did not have blocked (or allowed) previously. Not knowing what these are (possibly .NET telemetry following the Rollup update?) I have blocked them without any obvious side-effects.

HTH. Garbo.

PS: The W8.1 file explorer bugs which seem to re-appear every few months did not re-appear this month. The W8.1 32 bit Sandboxie problem triggered by the April W8.1 updates and fixed by Sandboxie Beta 5.25.1 remains fixed after the May W8.1 updates.

 

3 users thanked author for this post.

HiFlyer, woody, Elly

Reply | Quote

And for completeness, the unrecognised attempted outgoing access to the 3 addresses listed in 2) above, occurred within a day or 2 of the updates being installed, and then maybe 2 or 3 days after this (3, 4 or 5 days after the updates – I cannot be more specific) there was a further unrecognised outgoing access attempt to address 93.184.220.29 which I have added to the blocking list in 2).

It may be coincidence, but in W8.1 this occurred after I updated my copy of the program MyFamilyTree and opened it for the 1st time after its update. I know recent versions of MyFamilyTree use .NET 4.7 (because it was why I installed .NET 4.7 in the 1st place), so maybe this supports my guess that these outgoing attempts are related to the .NET Rollup update. (Alternatively I may be seeing a pattern which is not there?)

This extra outgoing access attempt occurred in W7 also, but I do not remember if it followed any particular activity there (that was a couple of days ago – my mind was elsewhere).

HTH. Garbo.

2 users thanked author for this post.

Elly, columbia2011

Reply | Quote

After being quiet for a week or so, yesterday there was a new batch of unrecognised Windows service “svchost.exe” outgoing to the internet requests (see my earlier point 2) above) which my hardened Windows Firewall blocked and Windows Firewall Notifier (see 1) above) notified me about. My full list of remote addresses for TCP communication to both or either remote ports 80 and 443 is now:

62.252.168.65, 23.43.32.148, 62.252.168.56, 93.184.220.29, 23.43.32.168, 62.252.168.32, 104.31.74.124, 104.31.75.124, 172.217.19.206, 172.217.17.78, 216.58.212.110, 216.58.213.78, 66.225.197.197, 216.58.213.110

Some of these occurred on one W7 PC, some on another W8.1 PC, but I did not keep track of which was which. Rather than use WFN to create a new rule for each new address I now just manually add the new address/port to the existing Windows Firewall rule originally created using WFN, use the Windows Firewall “export list” to get a text copy of the outgoing list for reference and include the new address(es)/port(s) in the list on the other PC when I next use it.

I don’t know if any of this is significant or just irritating (to me at least), but blocking these outgoing access attempts does not appear to be causing any problems so far.

BTW: After 10 days or so WFN 2 Beta 3 (see 1) above) is behaving as well as the earlier long standing version 1.9.0.

HTH. Garbo.

2 users thanked author for this post.

Elly, columbia2011

Reply | Quote

For completeness, in case anyone has had a similar issue to mine described in 2) above with unexplained, unrecognised “svchost.exe” outgoing accesses to unknown IP addresses, I finally got around to investigating this further and I describe my findings in a later thread here https://www.askwoody.com/forums/topic/windows-7-pc-gets-very-sluggish/#post-231928 . This relates to the Cryptographic Service (CryptSvc).

Windows Firewall Notifier (WFN) 2 Beta 3 continues to perform as well as the earlier version 1.9 in general. I had to use manual methods to setup a firewall rule to work around this particular CryptSvc problem, but this is due to the underlying interaction of rules in the Windows Firewall and Windows services and not a problem with WFN. (I believe some 3rd party firewalls have basically given up on this and just allow outgoing svchost.exe access for anything?)

There are more inter-dependencies between services in W8.1 than W7, which make it more difficult to setup limited outgoing access rules in W8.1 than W7 and with W10 everything is so tangled up it is difficult to have any outgoing access limitations by service at all. Maybe from about May 2017 this CryptSvc service/firewall entanglement of a later version of Windows was “backported” to earlier versions of Windows?

HTH. Garbo.

 

Reply | Quote

I swapped my usual HDD in the old 32 bit PC with an old HDD containing W10 1709 which I update and look at out of curiosity every few months. I updated to the latest cumulative update KB4103727 (and Flash KB4103729) downloaded from the Windows Catalogue (Windows Update does not work reliably on this PC anymore – possibly as a result of my firewall blocking outgoing access by some non-obvious service indirectly related to Windows Update?).

This went well and after taking my usual measures running some scripts to regain control of the PC again (in case the update reset anything important) I checked for my Windows Firewall Notifier (WFN) observation 1) above on this W10 1709 PC, by deleting an “allow” rule for a program and then requesting an update in the program. As in 1) above I found that although the outgoing access was blocked (no expected update response, just an unable to access message) WFN did not give the expected notification. As in 1) above I replaced WFN 1.9.0 with WFN 2 Beta 3, enabled notifications, repeated the update request inside the program and this time I received the expected notification. So whatever changed with respect to WFN 1.9.0 in May 2018 for W7 and W8.1 also changed in W10, but WFN 2 Beta 3 fixes things.

A short time later (I think after a re-boot) I received a notification that some Windows Service wanted to use “svchost.exe” to try to make outbound communication to one of the addresses in my latest list above. So whatever caused these new outgoing access attempts in W7 and W8.1 as described in 2) above, also appears to affect W10 1709 on this PC after its May 2018 update. I created a new Windows Firewall “block” rule for “svchost.exe” for all of the remote addresses as described above. I ran the W10 PC for a further hour or so (cleaning up, updating a few 3rd party programs, defragmenting …) and there were no further unrecognised outgoing access attempts, so it appears as if the list above also covers things for W10 (so far at least).

I have seen no more unrecognised outgoing attempts in W7 since the start of the week (5 days ago). I have not been using W8.1.

So in summary my W7 and W8.1. observations 1) and 2) above also appear to affect w10 1709 after its KB4103727 cumalative update.

HTH. Garbo.

1 user thanked author for this post.

Elly

Reply | Quote

I don’t see mention of the May Servicing Stack for 1709 KB4131372 and wonder if you downloaded it from the Catalog and installed it before the May CU KB4103727 as well?

Reply | Quote

No I only downloaded and installed KB4103729 the Flash update 1st because it does not need a reboot, immediately followed by KB4103729.

Given that I’m not using W10 regularly I do not follow what is happening with W10 on a regular basis. I ran and updated Belarc Advisor with its latest security update list before the W10 update to tell me what security updates I needed and it just reported these two. After the updates I ran Belarc Advisor again and it reported no further updates needed.

Reading the one sentence description on the MS site are you suggesting that installing KB4131372 might improve my W10 Windows Update experience so avoiding the need to use the Catalogue?

I’m a Group B Catalogue user for W7 and W8.1. With a regular 2 or 3 updates a month appearing on a known day this is manageable. If I was using W10 on a regular basis it would be difficult to keep track of all of the updates appearing at random times.

I see Martin Brinkmann at gHacks reported yet another 1709 update KB4103714 a few days ago – see https://www.ghacks.net/2018/05/22/kb4103714-cumulative-update-for-windows-10-version-1709/, but this appears to be non-security stuff. I guess that the Belarc list has not been updated to include this yet or maybe being non-security Belarc would not include it at all.

Martin mentions a servicing stack update KB4132650 needing to be installed before KB4103714. KB4132650 is dated 21st May whereas KB4131372 is 7th May. It has a similar vague to meaningless one sentence description.

Or are these servicing stack updates the mechanism by which MS trick users (in a GWX-like manner) to install the new 1803 version of W10? So far I have always used the media creation tool mechanism to install a new version of W10 when I want to do it and never the Windows Update in the current version of W10. (I keep the Windows Update service disabled most of the time and always make a system partition copy/clone before any W7, W8.1 or W10 windows update.)

Garbo.

 

Reply | Quote

The servicing stack update is an update to the updating mechanism itself. If you use Windows Update on Win10 you may or may not see it as it is automatically installed with the CU if present. And it definitely improves the updating experience.

On Win 7 and 8.1, the servicing stack is a stand-alone update. It will not appear in the queue until/unless there are no more pending installs. This is one of the reasons @MrBrian recommended hiding updates in the “important updates” list that you don’t intend to install. You may miss a servicing stack update for months if the pending updates are in the queue. (for example, Group B needs to hide the Rollups).

Group B is complicated, and is getting more difficult all the time with MS’s hotfixes, re-patches, and other mess-ups (can’t use the proper words for the latter here).

1 user thanked author for this post.

walker

Reply | Quote

Thanks for the information.

After making another copy of the system partition to go back to if I messed things up, I manually downloaded the 2 versions of the servicing stack update KB4131372 and the newer KB4132650. I installed the newer KB4132650 without problem. I then tried installing the earlier KB4131372 expecting this to fail (because a newer version is already installed) and it failed. So far so good.

I re-enabled things to allow the W10 Windows Update (WU), this time temporarily enabling a Windows Firewall “allow” rule which allows “svchost.exe” outgoing access for any program or service i.e. not limited to the Windows Update service “wuauserv” and this time WU ran OK. I had forgotten to re-enable this temporary rule a few hours earlier 🙁

I had expected/hoped that it would indicate Martin B’s non-security CU KB4103714, but instead it just presented KB4134661 with the unusual words “status: awaiting download”. In my limited experience of W10 it normally starts downloading immediately before the user has a chance to decide anything. So I disabled the WU service and disabled the temporary “unlimited svchost.exe” allow rule while I investigated KB4134661.

KB4134661 has the 1 line description “This Windows update provides a notification of an improved privacy experience on upgrade to the Windows 10 April 2018 release”. This immediately brought back memories of GWX (“come into my web” said the spider to the fly). Entice the unsuspecting victim with an “enhanced experience” before hooking them.

As this is all an experiment (not my day-to-day PC and I made the backup beforehand), I manually installed Martin B’s non-security CU KB4103714 (which took a long time to complete). This appears to have gone OK. I’ve cleaned up using the Cleanup tool and now the command window instruction “dism /Cleanup-Image /StartComponentCleanup /online” works (it did nothing previously) and the system partition is nearly 1GB smaller than before this update. Although W10 still takes much longer to start up on this PC than W7 or W8.1 (and it is doing stuff, there is continuous disk activity, not breaks of inactivity), once things have settled down it appears similar in responsiveness to W7 (and maybe slightly more responsive than W8.1). This is not how I remember it!

I made another system partition copy as a futher backup. I again tried running WU as described above and again it offers KB4134661 with the unusual words “status: awaiting download”. I left it in this state overnight and by morning nothing had changed, although the WU service “wuauserv” was no longer running (I had not stopped it).

I forced the issue by manually downloading and installing KB4134661 and again tried running WU half-expecting to see some indication of W10 1803 download starting, but it just indicated that there are no updates! So either my suspicions about KB4134661 are unfounded or it may have installed some sort ot timed instruction which would download and install W10 1803 in the background at a later time.

I uninstalled KB4134661. I again ran WU and was again offerred it.

So in conclusion:

a) Servicing stack update KB4132650 appears to replace KB4131372, but does not break or improve WU on my PC.

b) WU works if I temporarily allow “svchost.exe” unlimited outgoing access for all programs and services not just the WU “wuauserv” service (and I do not allow this most of the time).

c) I had missed 6 months of non-security updates, but by (manually) installing KB4103714 things seem better than before.

d) Although W10 remains my 3rd place choice MS OS after W7 and W8.1, I have a better opinion of it now than I had 24 hours ago.

Thanks again. Garbo.

1 user thanked author for this post.

columbia2011

Reply | Quote

BTW your gut feeling about KB4134661 was correct. You don’t want it. Hide it with wushowhide (every time it shows up)

1 user thanked author for this post.

walker

Reply | Quote

@columbia, Woody, et al:

That link pulls up a page with Cyrillic/Greek characters, which gave me a bit of a start; here’s the link that goes to the English-us version:

https://support.microsoft.com/en-us/help/4103718/windows-7-update-kb4103718

 

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Windows Update? Bah! I could carve a better ecosystem out of a banana!" -Jamrach Holobom

3 users thanked author for this post.

woody, Elly, columbia2011

Reply | Quote

Win 7 32-bit group B reporting in, after something odd happened last evening and I had to reboot anyway since my computer suddenly got unusually slow, installed 4099633 (.NET bundle), 4103768 (IE) and 4103712 (security-only bundle), no ill effects noticed so far. Did not uninstall and reinstall 4099950 even though I had installed it before the April 17 change (and forgot whether I did so from catalog or WU… probably catalog though).

1 user thanked author for this post.

OscarCP

Reply | Quote

Don’t know where to post this, so…

@sb & Woody crew
There’s a typo in the Master Patch List:

Windows 7
05/08/2018       4013768       Internet Explorer      Security only(B)

Should be 4103768

2 users thanked author for this post.

walker, woody

Reply | Quote

MS is so funny sending me a Preview rollup of  .Net Kb4103472 this morning which I hid.

Edition Windows 11 Pro
Version 22H2
Installed on ‎10/‎19/‎2022
OS build 22621.2283

Reply | Quote