Reaffirming that we’re still at MS-DEFCON 2

Topic

New Reply

There’s still no pressing reason to install the early crop of Patch Tuesday patches. Full rundown coming in Computerworld.
[See the full post at: Reaffirming that we’re still at MS-DEFCON 2]

3 users thanked author for this post.

JDeC, SueW, Elly

Reply | Quote

Replies

I am wondering for Windows PC users (Win 7 in my case) who want to avoid any performance hits if it is going to be generally safe to assume that if we do any online transactions or banking, that a simple reboot afterwards will clear kernel memory and thus avoid any problems? It would seem that if all I have done over the last few hours was work on a Word document or Excel spreadsheet, or maybe play an online game, that there won’t be any loot in loaded in memory that can be stolen. Obviously patching will be necessary soon, but I was hoping to wait for improved work arounds in the future, rather than applying the first patch they come up with.

Reply | Quote

Group A  Win 7 X64.  No problem so far.  No slow down.  I use windows up date clean up after down loading.  KB4056894

Reply | Quote

I’m missing something, I think. I’m group B so I do all my updates manually, by which I mean I download the stand-alone patches and then install them. Woody’s article in Computerworld says something to the effect of ‘for heaven’s sake don’t update manually’ (pardon the paraphrase).

Please educate me as to what’s bad about the manual installs. (I am waiting until Defcon 3 or 4 before any installation of any patches this month.)

Thanks

Reply | Quote

There is a Registry entry that is made by anti-virus programs to show that it is compatible with the SO or Rollup. It prevents the Rollup from showing in WU, thus preventing the install from WU.

However, the lack of the Registry entry does not prevent a manual install. If the AV is incompatible it can cause a BSOD. So, you need to check for the Registry entry BEFORE installing.

AND, We are still at DEFCON 2. WAIT WAIT WAIT

4 users thanked author for this post.

lizzytish, JDeC, Ascaris, DrBonzo

Reply | Quote

OK, got it. Thanks PKCano.

I’m definitely waiting, waiting, waiting. 🙂

I’m running Microsoft Security Essentials and I did get the Rollup notification on Windows Update, so I should be OK with the Security Only update. I’ll grit my teeth and check the registry, though.

Reply | Quote

Ah, so that’s how it works… the least elegant and consumer-friendly way possible.  Should have known, really.  Thanks for the info, though.

With each passing day, Windows gets less and less relevant. If this is the point of reckoning with regard to Windows updates, well… it’s gotten here earlier than I expected.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

We’re Group B (and of course we are NOT updating until Woody says) but the January patches are
not showing in WU – the December roll ups are still there- as we had installed the Security only
manually for December. We run Norton Security and have just updated – but it is on Live Update automatically… My question/request is. When the time comes to update would someone very kindly run through the steps of being able to check the Registry to see if the AV has the correct setting please before one goes ahead and install the security patches manually. Have just changed the settings in WU to NEVER and then reverted back to Check but let me decide to download etc. and the
same ones have been offered again, that is the December ones…… mind you I didn’t reboot and that might have triggered the new batch should our computers have passed muster.
Once more we owe a great big vote of thanks to Woody and all those who’ve chimed in to help.
Many thanks! LT

There’s an indeterminate sized
not quite full
moon,
shining like an arrow,
through an
undefined gap of
ancient Persian elegance,
in an old and endangered Deodar Tree.

The little red monkeys are squeaking
and grizzling as
dark
and cold
come on.
(Can’t say I blame them.
Would I like dark and cold, sleeping in a tree?)

I enjoy the moon
and the dark redbrown
fearful colour of the mountains
immediately post
alpenglow.

T’wasn’t sweet and pink tonight,
our winter alpenglow.
The world is trembling,
shaking
and all life’s balance is
nervewrackingly precarious.

I know the feeling.

So hell, reach out to the world
reach out to your friends and their friends
and create ripples
of caring
sharing
helping
and let us all
hunker down,
legs spread and feet planted firmly
for balance
and see if we can just, together, save the world.

Happy New Year.

love joy peace freedom to all and impeachment where needed….
(Courtesy of the Guardian UK – quote by FerenjiNan )

1 user thanked author for this post.

Elly

Reply | Quote

“When the time comes to update would someone very kindly run through the steps of being able to check the Registry to see if the AV has the correct setting please before one goes ahead and install the security patches manually.”

See https://forum.avast.com/index.php?topic=212689.msg1439561#msg1439561.

1 user thanked author for this post.

lizzytish

Reply | Quote

sadly I have to inform that after installing this updates in serveral computers with Windows 10, now they does not start anymore, they just stuck in Windows Logo after the first reboot, so seems thet last update introduced the same bug that is present in Insider Build 17063 :S

all the machines affected have AMD Athlon 64 X2 CPUs.

Reply | Quote

Which version of Win10 are you using?
Was the RegAllow key present in the Registry before the install?

Reply | Quote

Windows 10 1709 with Windows Defender only.

Reply | Quote

Tried a manual installation on v.1607 with the full accumulative file, didn’t finish. After 15-20 min. it replies with a generic message saying that it will revert the changes. And that’s that.

Mind you: it requires the Windows Update service to be enabled or it won’t install.

Tomorrow I’ll test with a couple of v.1709. Well, at least it isn’t an important issue!

Reply | Quote

List of vulnerabilities Microsoft fixed this month (from https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2018/av18-002-en.aspx):

“CVE-2017-5754, CVE-2017-5753, CVE-2017-5715, CVE-2018-0818, CVE-2018-0788, CVE-2018-0754, CVE-2018-0750, CVE-2018-0741, CVE-2018-0753, CVE-2018-0746, CVE-2018-0747, CVE-2018-0748, CVE-2018-0751, CVE-2018-0752, CVE-2018-0744, CVE-2018-0745, CVE-2018-0749, CVE-2018-0743, CVE-2018-0762, CVE-2018-0772, CVE-2018-0766, CVE-2018-0773, CVE-2018-0774, CVE-2018-0781, CVE-2018-0800, CVE-2018-0758, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0803”

1 user thanked author for this post.

SueW

Reply | Quote

I’ve installed the security only patch and theIE 11 patch on a Win7 X64 machine and have had no issues as of yet. It has a Core i3 processor. I am NOT installing the security only patch on my main AMD (Ryzen) machine, although I did install the IE 11 patch, as my understanding is that it’s for Meltdown, which doesn’t appear to affect AMD chips. Again, no issues are apparent.

To be clear, both machines are Win 7 X64, I’m group B, and have at this time experienced no problems. My name is guinea pig.  🙂

justaned

1 user thanked author for this post.

SueW

Reply | Quote

patch is not only against Meltdown, it’s again more vulnerabilities too, so you should install it anayway, even if you are using a Ryzen CPU.

Reply | Quote

I will politely disagree with your assessment; especially given the BSOD issue.

justaned

Reply | Quote

Anyone know what’s going on with KB4056898 for Windows 2012 R2?

My WSUS server received TWO entries for the x64 processor on 01/06. They look identical, except for the revisions:
– one shows revisions 203 and 204 (and it appears 204 is now marked expired)
– the other shows revision 200 (not expired in revision history view, but in the main view it is also marked as expired).

This one’s a minefield to install. So theoretically I should approve revision 203, but the main entry containing 203 is marked as expired.

No matter where you go, there you are.

Reply | Quote

Ardvark here…Updated my W7 64 bit system after verifying Avast had fixed their Virus Scanner…downloaded security update kb4056897 only (not rollup kb4056894) from MS Catalog… downloaded & installed with no issues… understand it probably only covers Meltdown fix from MS… not sure when/where Spectre fix will be available…no BSOD or other issues so far… system working fine… will need IE 11 update at some point, but not sure where to get it…assume I will need to contact ASUS or visit their web site at some point for firmware or BIOS updates. Can anyone confirm my assumptions?

Reply | Quote

The security only patch and the IE11 Cumulative are available in AKB2000003 on this site. Be sure you get the right bitedness.

Reply | Quote

“understand it probably only covers Meltdown fix from MS”

The January 2018 Windows updates address all three Spectre/Meltdown vulnerabilities for the products listed at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv180002. Exception: 32-bit Windows January 2018 updates do not address Meltdown! Source: FAQ #7 at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv180002.

Reply | Quote

From https://twitter.com/GossiTheDog/status/950325474022092800 (my bolding): “Microsoft have added the following text to their KB article to clarify that unless the AV compatibility registry key is set, Windows Update will not delivery January’s *or all future* security updates. […]”

2 users thanked author for this post.

SueW, Cascadian

Reply | Quote

What if someone isn’t running antivirus, will the registry switch ever be set?

Reply | Quote

If you are not running AV, you can manually add the RegAllow key. But at this point, I wouldn’t take the chance of a BSOD. Wait until this is sorted out.

Reply | Quote

From https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/:

“If you’re one of the unlucky souls whose AV company doesn’t plan to add that registry key, this is a .reg file Bleeping Computer put together to automatically create the following registry key for you.

[…]

We’ll display this in red so it sticks out. Do not run the .reg file unless you’ve confirmed with your AV vendor that they’re compatible with the Meltdown and Spectre patches.”

Reply | Quote

Not for me, I know what is going on. I mean for someone barely gets updates installed let alone keeps good track of their antivirus.

Are they just going to stop getting updates because nothing set the key?

Starting state:
Gets updates but has no (working) AV protection.

Ending state after this update is released:
Still has no (working) AV protection, key not set, no-longer gets updates either.

Reply | Quote