Patch Watch: Green light for most patches; yellow for Win10 version 1809

Topic

New Reply

Patch Lady Susan Bradley’s latest take on patching. Out this morning to all AskWoody Plus members, in AskWoody Plus Newsletter 16.3.0.
[See the full post at: Patch Watch: Green light for most patches; yellow for Win10 version 1809]

2 users thanked author for this post.

Elly, PhotM

Reply | Quote

Replies

EDIT: On 1/26 I installed IE 11 separately OVER the IE 11 Patch in the Jan Security Mo Rollup inst’d 1/22 ( forgot it was in Rollups) and had problems as a result.

No reason to read the error since it was on me and not helpful.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

Reply | Quote

If you are installing the 2019-01 Security Quality Monthly ROLLUP for Win7, there is no need to install the standalone IE11 Cumulative Update because it is already included in the ROLLUP.

2 users thanked author for this post.

Elly, CraigS26

Reply | Quote

Yesterday I unfortunately saw a Computer World article (turns out it was 2016) that stated MS won’t bundle IE patches in W7-8 Cum Updates  – and I believed it at the moment – and it’s hard Googling to find an easy-to-read-List of what’s in the Rollups.

That it IS in Rollups makes it simple. Thanks again.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

Reply | Quote

Thanks Woody, but the newsletter is nowhere to be found on Askwoody.com (I did not subscribe for emails).

And how to handle this:
Patch Watch AND MS-DEFCON,
or
Patch Watch OR MS-DEFCON
to keep up with the latest?
:S

1 user thanked author for this post.

Microfix

Reply | Quote

Access to the Newsletter and Alerts should be available to Plus members through the “Newsletter/Alerts” button in the top menubar above the DEFCON number.

Reply | Quote

but the newest one isn’t there? 😉
It will be uploaded soon

UPDATE: OK Folks, it’s there now! 🙂

No problem can be solved from the same level of consciousness that created IT- AE

6 users thanked author for this post.

SueW, Elly, woody, marko, PKCano, bradam

Reply | Quote

Yep. We’re waiting for Tracey to wake up and get a cuppa coffee.

I think we’ll do that for the foreseeable future – post the articles a little while after they’re available in the newsletter. I want to give people a gentle nudge to sign up for Plus membership. Since it’s on the donation model, you pay what it’s worth to you.

At some point we’ll get paid and free versions of the site, but for now that seems to be a decent way to go.

2 users thanked author for this post.

Elly, Seff

Reply | Quote

Patch Watch and DEFCON are directed at two different audiences.

For people who want a simple green light/red light solution, DEFCON is the way to go (with a few shades of orange in between).

If you’re comfortable wrassling with individual patches, Susan’s Patch Watch has always been my go-to source.

6 users thanked author for this post.

Demeter, Elly, SueW, Lars220, TJ, Microfix

Reply | Quote

KISS, thank you Woody. Keep It Simple, Silly. Kinda like Home users consider the DEFCON system, and Business users take a more in-depth look with Susan Bradley’s Patch Lady expertise. I review both and follow the DEFCON when Woody, PKCano, and Microfix say it is safe. Thanks to all MVP”s !!

 

Computers become slow when they sense that their servants are in a hurry.

1 user thanked author for this post.

Myst

Reply | Quote

Has the Windows 7 Rollup been fixed yet or do we still need KB4487345 ?  And if we still need it, do we install it before patching or after ?

Reply | Quote

try searching KB4487345 in the askwoody search box, there are a few posts you may be interested in regarding positive test reports. (as per Susan’s Masterpatch List)
We are at MS-DEFCON 2 so it may be wiser to wait it out until a definitive method is given once Woody publishes his computerworld article when DEFCON 3 or above is announced.

No problem can be solved from the same level of consciousness that created IT- AE

2 users thanked author for this post.

Myst, Demeter

Reply | Quote

I don’t know a lot about networking, but I have a Win. 10 and Win. 7 computer that I share files and folder on between them. I also have a printer-scanner that  is shared between them. This is a simple click on the file or folder and select share type setup. Does this problem pertain to this kind of setup? As far As I know, I’m not using Windows Server 2008 R2, just plain out of the box, over the counter PC’s.

Reply | Quote

The January Rollup KB4480970 still has an issue date of 1/8/2019. It has not been reissued (fixed).
+ The activation issue for KMS clients has been fixed on MS’s servers.
+ The issue with NTLM (network interface controllers) does not affect domain accounts in the local Administrators Group. Susan mainly deals with businesses, so this may not affect her, thus safe to patch in her case. However, the MS pages say:

Local users who are part of the local “Administrators“ group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing the January 8^th, 2019 security updates.

This issue is resolved in KB4487345

Whether or not you need the additional patch KB4487345 will most likely be further explained by Woody when he raises the DEFCON number and publishes the accompanying ComputerWorld article.

+ There is also the problem with the Microsoft Jet database and the Access 97 file format (which may or may not be applicable as well).

4 users thanked author for this post.

Elly, Microfix, Lars220, bobcat5536

Reply | Quote

Under this topic, when logged out, I see the following message:
You must be logged in to reply to this topic.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Microfix

Reply | Quote

Probably a glitch, we’ll look into it, thanks @Geekdom

No problem can be solved from the same level of consciousness that created IT- AE

1 user thanked author for this post.

woody

Reply | Quote

Since I did a clean install of Windows 10 ten days ago from a Microsoft download installer, version 1809 was what I got.  There was not any other option to install a previous version.  Other than a hard drive recognition issue which I resolved, I haven’t seen any aberrant behavior.  It may be different for those who were already running Win 10 and accepted the 1809 update.

1 user thanked author for this post.

b

Reply | Quote

I have a bit of a strange situation that I haven’t seen mentioned yet. On my Windows 7 Computer, I have two Office updates available: KB4461614 and KB4462157. Supposedly, the latter is only required if the former causes issues with Microsoft Access and Excel. However, KB4461614 appears as unchecked, while KB4462157 appears as checked. Would installing only KB4462157 apply the same security patches as installing KB4461614 first? Or do I need to install both of them?

Reply | Quote

Microsoft leaves patches unchecked for various reasons.
But the main result is that unchecked patches don’t get installed for whatever reason MS leaves them unchecked.
We do not recommend installing unchecked patches.

As for the January updates, we are still on DEFCON2 which means WAIT to install the patches. When the DEFCON number is 3 or greater, Woody will give safe patching instructions in his ComputerWorld article.

Reply | Quote

If you follow the standard advice by installing what’s checked and not checking anything that isn’t already checked on Windows 7 with Office 2010 you’ll be fine. After installing all of the checked Office 2010 updates including KB4462157… the next time you check for updates KB4461614 will no longer be there.

NOTE: KB4461614 didn’t disappear from the list on either of my computers until after I restarted the computers and checked for updates again.

To be a little more precise… I installed all of the CHECKED Office 2010 updates first, then the Silverlight update, and then the .NET Rollup… all without restarting the computer and KB4461614 was still showing in the list of available updates. I then closed Windows Update and installed the Security Only and IE updates manually and restarted the computer. When I checked for updates again after the restart KB4461614 was no longer available.

1 user thanked author for this post.

jburk07

Reply | Quote

Typo: “What to do: If Excel or Access fail after installing KB 441614 …” s/b “KB 4461614”

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

Reply | Quote

Thanks. Got it.

Reply | Quote

I do have a question about delayed feature updates.  If the date is set to wait 4 months before installing any “Feature Update”, when does the 4 month countdown start?  In other words, does the countdown start when the Feature update is released, or does it start, after the FU is re-released, after the issue MS had w/ v1809 this past fall, and the release, recall-and-repair, and then the re-release in late January?  (I’m currently set for SAC–not SAC-Targeted.)

[Moderator comment: check content and edit after posting please, the forum software dislikes many formats.]

1 user thanked author for this post.

Elly

Reply | Quote

It looks like the deferral countdown starts when the version hits whatever branch you’ve specified. For most of us, that’s “Semi-Annual Channel” (not Targeted, which is the late-beta-testing channel).

If you’re on SAC, the deferral days are counted from the time Microsoft moves the version from SAC-T to SAC. (Ya think they could make the terminology more obfuscatory?)

Adding to the confusion, there have been times when Microsoft has announced that a particular version of Win10 is “ready for broad distribution” without making it crystal clear that it’s moving from SAC-T to SAC.

We try to make sense of it all here on AskWoody. Stay tuned.

Reply | Quote

For the default SAC-Targeted, and Home edition, the 1809 release date was November 13, 2018 (not October or January).

Notice: November 13, 2018: All editions of Windows 10 October 2018 Update, version 1809, for Windows client and server have resumed. …
November 13 marks the revised start of the servicing timeline for the Semi-Annual Channel (“Targeted”)
Windows 10 – Release information

But as Woody says; for your SAC option, the deferral start date has not yet arrived.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote