News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Reaffirming that we’re still at MS-DEFCON 2

    Home Forums AskWoody blog Reaffirming that we’re still at MS-DEFCON 2

    Viewing 10 reply threads
    • Author
      • #156500 Reply
        Da Boss

        There’s still no pressing reason to install the early crop of Patch Tuesday patches. Full rundown coming in Computerworld.
        [See the full post at: Reaffirming that we’re still at MS-DEFCON 2]

        3 users thanked author for this post.
      • #156570 Reply
        AskWoody Lounger

        I am wondering for Windows PC users (Win 7 in my case) who want to avoid any performance hits if it is going to be generally safe to assume that if we do any online transactions or banking, that a simple reboot afterwards will clear kernel memory and thus avoid any problems? It would seem that if all I have done over the last few hours was work on a Word document or Excel spreadsheet, or maybe play an online game, that there won’t be any loot in loaded in memory that can be stolen. Obviously patching will be necessary soon, but I was hoping to wait for improved work arounds in the future, rather than applying the first patch they come up with.

      • #156628 Reply
        AskWoody Lounger

        Group A  Win 7 X64.  No problem so far.  No slow down.  I use windows up date clean up after down loading.  KB4056894

      • #156656 Reply
        AskWoody Plus

        I’m missing something, I think. I’m group B so I do all my updates manually, by which I mean I download the stand-alone patches and then install them. Woody’s article in Computerworld says something to the effect of ‘for heaven’s sake don’t update manually’ (pardon the paraphrase).

        Please educate me as to what’s bad about the manual installs. (I am waiting until Defcon 3 or 4 before any installation of any patches this month.)


        • #156658 Reply
          Da Boss

          There is a Registry entry that is made by anti-virus programs to show that it is compatible with the SO or Rollup. It prevents the Rollup from showing in WU, thus preventing the install from WU.

          However, the lack of the Registry entry does not prevent a manual install. If the AV is incompatible it can cause a BSOD. So, you need to check for the Registry entry BEFORE installing.

          AND, We are still at DEFCON 2. WAIT WAIT WAIT

          4 users thanked author for this post.
          • #156740 Reply
            AskWoody Plus

            OK, got it. Thanks PKCano.

            I’m definitely waiting, waiting, waiting. 🙂

            I’m running Microsoft Security Essentials and I did get the Rollup notification on Windows Update, so I should be OK with the Security Only update. I’ll grit my teeth and check the registry, though.

          • #156776 Reply

            Ah, so that’s how it works… the least elegant and consumer-friendly way possible.  Should have known, really.  Thanks for the info, though.

            With each passing day, Windows gets less and less relevant. If this is the point of reckoning with regard to Windows updates, well… it’s gotten here earlier than I expected.

            Group "L" (KDE Neon User Edition 5.18.4).

          • #156847 Reply
            AskWoody Lounger

            We’re Group B (and of course we are NOT updating until Woody says) but the January patches are
            not showing in WU – the December roll ups are still there- as we had installed the Security only
            manually for December. We run Norton Security and have just updated – but it is on Live Update automatically… My question/request is. When the time comes to update would someone very kindly run through the steps of being able to check the Registry to see if the AV has the correct setting please before one goes ahead and install the security patches manually. Have just changed the settings in WU to NEVER and then reverted back to Check but let me decide to download etc. and the
            same ones have been offered again, that is the December ones…… mind you I didn’t reboot and that might have triggered the new batch should our computers have passed muster.
            Once more we owe a great big vote of thanks to Woody and all those who’ve chimed in to help.
            Many thanks! LT

            There’s an indeterminate sized
            not quite full
            shining like an arrow,
            through an
            undefined gap of
            ancient Persian elegance,
            in an old and endangered Deodar Tree.

            The little red monkeys are squeaking
            and grizzling as
            and cold
            come on.
            (Can’t say I blame them.
            Would I like dark and cold, sleeping in a tree?)

            I enjoy the moon
            and the dark redbrown
            fearful colour of the mountains
            immediately post

            T’wasn’t sweet and pink tonight,
            our winter alpenglow.
            The world is trembling,
            and all life’s balance is
            nervewrackingly precarious.

            I know the feeling.

            So hell, reach out to the world
            reach out to your friends and their friends
            and create ripples
            of caring
            and let us all
            hunker down,
            legs spread and feet planted firmly
            for balance
            and see if we can just, together, save the world.

            Happy New Year.

            love joy peace freedom to all and impeachment where needed….
            (Courtesy of the Guardian UK – quote by FerenjiNan )

            1 user thanked author for this post.
      • #156665 Reply

        sadly I have to inform that after installing this updates in serveral computers with Windows 10, now they does not start anymore, they just stuck in Windows Logo after the first reboot, so seems thet last update introduced the same bug that is present in Insider Build 17063 :S

        all the machines affected have AMD Athlon 64 X2 CPUs.

        • #156671 Reply
          Da Boss

          Which version of Win10 are you using?
          Was the RegAllow key present in the Registry before the install?

          • #156682 Reply

            Windows 10 1709 with Windows Defender only.

      • #156703 Reply
        AskWoody Lounger

        Tried a manual installation on v.1607 with the full accumulative file, didn’t finish. After 15-20 min. it replies with a generic message saying that it will revert the changes. And that’s that.

        Mind you: it requires the Windows Update service to be enabled or it won’t install.

        Tomorrow I’ll test with a couple of v.1709. Well, at least it isn’t an important issue!

      • #156755 Reply

        List of vulnerabilities Microsoft fixed this month (from

        “CVE-2017-5754, CVE-2017-5753, CVE-2017-5715, CVE-2018-0818, CVE-2018-0788, CVE-2018-0754, CVE-2018-0750, CVE-2018-0741, CVE-2018-0753, CVE-2018-0746, CVE-2018-0747, CVE-2018-0748, CVE-2018-0751, CVE-2018-0752, CVE-2018-0744, CVE-2018-0745, CVE-2018-0749, CVE-2018-0743, CVE-2018-0762, CVE-2018-0772, CVE-2018-0766, CVE-2018-0773, CVE-2018-0774, CVE-2018-0781, CVE-2018-0800, CVE-2018-0758, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0803”

        1 user thanked author for this post.
      • #156775 Reply

        I’ve installed the security only patch and theIE 11 patch on a Win7 X64 machine and have had no issues as of yet. It has a Core i3 processor. I am NOT installing the security only patch on my main AMD (Ryzen) machine, although I did install the IE 11 patch, as my understanding is that it’s for Meltdown, which doesn’t appear to affect AMD chips. Again, no issues are apparent.

        To be clear, both machines are Win 7 X64, I’m group B, and have at this time experienced no problems. My name is guinea pig.  🙂


        1 user thanked author for this post.
        • #156972 Reply

          patch is not only against Meltdown, it’s again more vulnerabilities too, so you should install it anayway, even if you are using a Ryzen CPU.

          • #157205 Reply

            I will politely disagree with your assessment; especially given the BSOD issue.


      • #157270 Reply
        AskWoody Plus

        Anyone know what’s going on with KB4056898 for Windows 2012 R2?

        My WSUS server received TWO entries for the x64 processor on 01/06. They look identical, except for the revisions:
        – one shows revisions 203 and 204 (and it appears 204 is now marked expired)
        – the other shows revision 200 (not expired in revision history view, but in the main view it is also marked as expired).

        This one’s a minefield to install. So theoretically I should approve revision 203, but the main entry containing 203 is marked as expired.

        No matter where you go, there you are.

      • #157314 Reply

        Ardvark here…Updated my W7 64 bit system after verifying Avast had fixed their Virus Scanner…downloaded security update kb4056897 only (not rollup kb4056894) from MS Catalog… downloaded & installed with no issues… understand it probably only covers Meltdown fix from MS… not sure when/where Spectre fix will be available…no BSOD or other issues so far… system working fine… will need IE 11 update at some point, but not sure where to get it…assume I will need to contact ASUS or visit their web site at some point for firmware or BIOS updates. Can anyone confirm my assumptions?

      • #157387 Reply

        From (my bolding): “Microsoft have added the following text to their KB article to clarify that unless the AV compatibility registry key is set, Windows Update will not delivery January’s *or all future* security updates. […]”

        2 users thanked author for this post.
        • #157394 Reply

          What if someone isn’t running antivirus, will the registry switch ever be set?

          • #157400 Reply
            Da Boss

            If you are not running AV, you can manually add the RegAllow key. But at this point, I wouldn’t take the chance of a BSOD. Wait until this is sorted out.

          • #157402 Reply


            “If you’re one of the unlucky souls whose AV company doesn’t plan to add that registry key, this is a .reg file Bleeping Computer put together to automatically create the following registry key for you.


            We’ll display this in red so it sticks out. Do not run the .reg file unless you’ve confirmed with your AV vendor that they’re compatible with the Meltdown and Spectre patches.”

          • #157409 Reply

            Not for me, I know what is going on. I mean for someone barely gets updates installed let alone keeps good track of their antivirus.

            Are they just going to stop getting updates because nothing set the key?

            Starting state:
            Gets updates but has no (working) AV protection.

            Ending state after this update is released:
            Still has no (working) AV protection, key not set, no-longer gets updates either.

    Viewing 10 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Reaffirming that we’re still at MS-DEFCON 2

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.