News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • September 2021 – it’s patch day!

    Home Forums AskWoody blog September 2021 – it’s patch day!

    Viewing 27 reply threads
    • Author
      Posts
      • #2389787
        Susan Bradley
        Manager

        This week is clearly “patch the zero day” week.  Yesterday we had Apple, also Chrome fix several zero days. Today we have the Microsoft version.  Now
        [See the full post at: September 2021 – it’s patch day!]

        Susan Bradley Patch Lady

        3 users thanked author for this post.
      • #2389790
        PKCano
        Manager

        AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on Sept 14, 2021.

        There is a Security-only Update for those with Win7 ESU subscriptions.
        There was a September IE11 CU KB5005563 for Win7. Download 32-bit or 64-bit.

        September Rollup KB5005633 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

        You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

        There is a July 2021 Servicing Stack KB5004378 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

        There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

         

        There were no Security .NET updates for September. There were no Security-only .NET updates. See #2389777.

        5 users thanked author for this post.
        • #2389998
          Seff
          AskWoody Plus

          Alternatively, you can pay £24 per annum to 0patch and let them protect your Win7 machine seamlessly in the background with no monthly update paranoia to be concerned with!

          Could I please suggest a Newsletter article some time from one of the experts on their assessment of how well their 0patch experience has gone thus far? I imagine one of the more knowledgeable contributors (or commenters) has given it an extensive try and it would be interesting to see their conclusions. The article could also address the effectiveness and ease of application of the ESU subscription by way of a balanced comparison.

           

          2 users thanked author for this post.
      • #2389791
        Microfix
        AskWoody MVP

        All September CU/SO Updates:
        Another attempt at resolving printnightmare scenario..3rd time lucky?
        CVE-2021-26435 and CVE-2021-36965
        https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

        Detailed overview on ghacks.net

        | Quality over Quantity |
        1 user thanked author for this post.
        • #2389814
          Alex5723
          AskWoody Plus

          Windows 7 – 22 vulnerabilities
          Windows 8.1 – 24 vulnerabilities
          Windows 10 – 32 vulnerabilities
          Windows 11 – ?

          2 users thanked author for this post.
          • #2389824
            b
            AskWoody MVP

            Do you imagine that there is ANY software with versions being actively developed having less vulnerabilities than versions which were long-ago mothballed? Bugs need programmers.

            Windows 10 Pro version 21H2 build 19044.1263 + Microsoft 365 (group ASAP)

            • #2389890
              doriel
              AskWoody Lounger

              @Alex5723 wrote:

              Windows 7 – 22 vulnerabilities
              Windows 8.1 – 24 vulnerabilities
              Windows 10 – 32 vulnerabilities



              @b
              wrote:

              Do you imagine that there is ANY software with versions being actively developed having less vulnerabilities than versions which were long-ago mothballed?

              Thats another reason why I would remain on previous, more debugged (and safer?) SW. The first reason is “superfluous” attention, that updates require. Im an old fashioned guy.

              The golden rule of technician is: If it works, dont mess with settings. 🙂

              Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

              HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

              PRUSA i3 MK3S+

            • #2389884
              anonymous
              Guest

              I would very much expect that the newer versions would fix the old bugs, yes.

              • #2389917
                b
                AskWoody MVP

                But you don’t expect newer versions to have new bugs?

                Windows 10 Pro version 21H2 build 19044.1263 + Microsoft 365 (group ASAP)

              • #2389999
                Seff
                AskWoody Plus

                Not on the same scale as the older versions security-wise if the new version was being touted as the most secure ever.

                1 user thanked author for this post.
          • #2390106
            CAS
            AskWoody Plus

            Installed September  update on 9-14  without any difficulty, resulting issues or fallout.  Took less than 30 minutes. Now at Windows 10 Pro version 21H1 build 19043.1237.

            Peace, CAS

      • #2389829
        bbearren
        AskWoody MVP

        Signature update for Microsoft Defender, the Malicious Software Removal Tool and

        KB5005565 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems.

        The Cumulative Update had two stages of “Installing” going from 0 – 100%.  The second stage was about three times as long as the first.

        Both sides of my dual boot daily driver updated with no hiccups.  My NAS will await the push from Microsoft, as usual.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        1 user thanked author for this post.
        CAS
        • #2389836
          PKCano
          Manager

          My guess is that you are seeing SSU install in first stage, CU install in second stage.

      • #2389830
        WYT
        AskWoody Lounger
        1 user thanked author for this post.
        b
      • #2389852
        RetiredGeek
        AskWoody MVP

        DellXPS8920 W10 Pro- Patched – No problems.

        DellXPS8700 W10 Pro – Patched – No Problems.

        DellXPS137000 Win10Pro – Patched – No Problems.

        Get-WinVer.ps1 data files updated!
        Get-WinVer-Screen
        HTH

         

        May the Forces of good computing be with you!

        RG

        PowerShell & VBA Rule!
        Computer Specs

      • #2389893
        sheldon
        AskWoody Plus

        for WIN10 does this month’s update include “Target Product Version”  for the Group Policy Editor?

      • #2389903
        agoldhammer
        AskWoody Plus

        I let the PC that drives my television set update every month on Patch Tuesday.  It only need to load Edge and run streaming apps.  The update went smoothly with no issues at all.  I run Windows 10 Home (Pro on the other two workstations in the house and those updates are always deferred).

      • #2389909
        blueboy714
        AskWoody Plus

        Susan/AW –

        Question on cell phone notification.  I already have a Plus Membership and when I tried to sign up for cell phone notification when MS-DEFCON changed it asked me to sign up for a Plus Membership (which I already have).

        What gives?  Is there a Double Secret Plus Membership that I have to sign up for cell phone notification?  It sounds like a great idea – but in practice it seems like there are bugs that need to be worked out.

        I tried to log into Plus with my UN/PW and it said I do not exist.  How can my UN/PW not exist when I am logged into AW with them right now???   Am I missing something painfully obvious to everyone else?

        • #2389913
          Susan Bradley
          Manager

          Email me at sb@askwoody.com and I can help you with any issues.  The sites are two independent log ins (as I didn’t want to upset anything on this site)  You aren’t signing up for plus membership, you are just signing up for cell phone texting.

          Susan Bradley Patch Lady

          • #2389956
            WSstarvinmarvin
            AskWoody Plus

            Speaking of cellphone texting, you mentioned in your full post of September 2021 – it’s patch day! the following:

            We request a small fee requested (along the lines of the decide what you want to pay as the main site has) in order to cover the costs of the monthly texting service and server hosting. ”

            Susan, I’m wondering if the word requested might be superfluous in the context of the sentence?

            Also, a second question. Is the MSHTML vulnerability the one that involves opening a malicious Word file in Internet Explorer? If so, should we be concerned if we no longer ever use IE?

            • #2389962
              Susan Bradley
              Manager

              You can always tell when I’m missing the excellent skills of  Will/Roberta.  Actually the MSHTML vulnerability is for opening word files in File explorer/preview pane, not Internet Explorer.

              Susan Bradley Patch Lady

              1 user thanked author for this post.
      • #2389957
        anonymous
        Guest

        This patch created network connectivity issues and users are unable to access network drives. Uninstall doesn’t work so trying a system restore. Got to love Microsoft and their untested patches.

        • #2389960
          b
          AskWoody MVP

          Which patch is “this patch”?

          Windows 10 Pro version 21H2 build 19044.1263 + Microsoft 365 (group ASAP)

          • #2391623
            anonymous
            Guest

            KB5005568

            KB5005568 broke VM Network Access from sysadmin

            In our environment, it looks like this: We have two host systems with Windows Server 2019. Various VMs on top. Two of them are terminal servers. These simply lose their network connection in between without any noticeable signs. The only solution to reconnect to the network is to hard restart the VMs. However, this only affects the terminal server VMs; it does not occur with the other VMs. Does anyone know this behavior?

            • #2391654
              Susan Bradley
              Manager

              HyperV?  What network card is in the host server?  I disable all Receive side scaling at the command line when dealing with VMs and make sure the network driver card is up to date.

              Susan Bradley Patch Lady

        • #2389961
          Susan Bradley
          Manager

          Can you be specific as to patch and what network OS you are attempting to access?

          Uninstalling updates should always put the system back to where it was.

          Not seeing other reports so wanting to jump on this/narrow it down quickly.

          Susan Bradley Patch Lady

        • #2390113
          Susan Bradley
          Manager

          Can you provide any additional info as I’m not seeing this reported.

          https://groups.google.com/u/1/g/patchmanagement/c/iea5lPCvi8Q

          Robert S has reported that ”

          I have seen reports KB5005566 (Win10 1909) breaks Skype and Excel macros.

          1. Skype has an issue where if it launches, for both O365 and Office 2016, it consistently stops responding when you type a new message and hit send.
          2. Both O365 and Office 2016 unable to open Excel files that have macros. Some claim the patch stops honoring trusted locations. If true, signed macros should not be affected.

          wusa /uninstall /KB:5005566 /quiet /warnrestart:120 /log:C:\Temp\KB5005566removal.log

           

          Susan Bradley Patch Lady

      • #2389963
        Alex5723
        AskWoody Plus

        Do you imagine that there is ANY software with versions being actively developed having less vulnerabilities than versions which were long-ago mothballed? Bugs need programmers.

        Yes. There is no actively development with Windows 10/11.
        The kernel is the same NT kernel and what has/is been “developed” is the GUI and shuffling around control panel functions…
        So yes, we should have expected less security bugs, not more.

        • #2389966
          b
          AskWoody MVP

          The kernel is the same NT kernel

          Same as what? How do you know?

          Windows 10 Pro version 21H2 build 19044.1263 + Microsoft 365 (group ASAP)

        • #2389971
          Susan Bradley
          Manager

          Given that back then we were 32 bit and now we’re 64 bit there definitely has been coding changes over the years.

          Susan Bradley Patch Lady

        • #2389973
          bbearren
          AskWoody MVP

          The kernel is the same NT kernel

          Nope.  The NT kernel has a filename, ntoskrnl.exe, and it’s located in C:\Windows\System32.  It gets updated somewhat regularly.  I mean, “Windows Update” does actually update Windows, as the name implies.

          My kernel was updated yesterday, 9/14/2021, to version 10.0.19041.1327.  There were quite a few files updated in the System32 folder yesterday, that is to say, for those of us who updated yesterday.  Open File Explorer, navigate to C:\Windows\System32 and sort by Date modified.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

      • #2389968
        Alex5723
        AskWoody Plus
      • #2390010
        PKCano
        Manager

        So much for the effort to remove Windows bloatware. Looks like most of us are going to get stuck with the “whole enchilada” eventually, as MS removes more and more of the built-in removal tools.
        Alternative browsers till the end !!!

        UPDATE on EDGE 9/14/2021: After the the Sept update KB5005565, the removal of Edge seems to be no longer viable. It can still be removed, but it is restored with the updates through Windows Update. If the Edge folder at Program Files (x86)\Microsoft\Edge\ is left intact, the next CU update will fail with error code 0x800f0922.
        It installed Edge v93… through Windows UPdate, so it is ignoring GP and Registry settings blocking CrEdge. Looks like the solution to maintain exclusive use of a non-MS browser as default is now a third-party app like Edge Deflector – a route I was hoping not to take!
        And we are back to the same situation we were in when MS got slapped with the fine for integrating IE into the OS.

        2 users thanked author for this post.
        • #2390050
          bbearren
          AskWoody MVP

          Firefox has been and remains my default browser.  Edge has never been my default browser, and Windows updates have yet to remove Firefox from the selection of default browser.  No hiccups.

          I haven’t tried to uninstall it, because it doesn’t get in my way.  I fully expect the “Special Folders” to come back with the Windows 10 21H2 update, but I can deal with them with a few mouse clicks.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

          • #2390093
            PKCano
            Manager

            Windows updates have yet to remove Firefox from the selection of default browser.

            It doesn’t remove FF as the default browser. However, it does step in and use Edge for certain functions without asking, even FF is the default.
            Guess you haven’t run across that (yet).

            • #2390099
              bbearren
              AskWoody MVP

              Guess you haven’t run across that (yet).

              Indeed.  I have yet to see evidence of Edge doing anything at all.

              Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
              "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
              "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

            • #2390112
              Susan Bradley
              Manager

              My guess is because Edge was removed and this update reinstalls it that it steps on FF again.  Because this is fixing those MSHTML zero days https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 I’ll bet that’s why it’s laying down Edge again.

              This why I say don’t even try to remove it because sooner or later because Microsoft builds their patches to ASSUME that everyone has it, you’ll get it again. Remember Microsoft does not test for, nor code for, what I’m going to call the “corner cases” (no disrepect intended, they code for the Fortune 499 – everyone but Apple) as such they do not take into account anyone who would remove parts of the operating system.

              Susan Bradley Patch Lady

              • #2390116
                PKCano
                Manager

                It does NOT remove FF as the default browser in Settings.
                It just installs Edge in spite of the Group Policy and Registry settings blocking the install of Cromium Edge.
                Which means, that Edge will override the default browser on certain conditions.
                And further, it seems to mean you can’t get rid of CrEdge if you want to without breaking Windows Update. Installing the next CU will result in failure with error code 0x800f0922.

                1 user thanked author for this post.
              • #2390155
                anonymous
                Guest

                Chredge removal along with old edge did work but, as anticipated prior to September CU, I nuked W10
                Guess that’s part of your walkthrough redundant now :¬

                Concentrating efforts on various Linux distro’s seems far more rewarding these days (experimentation) as well as keeping the good-time MSFT Oses updated.
                microfix

      • #2390012
        rebop2020
        AskWoody Plus

        Say it isn’t so!!! I have to follow for the fix to make my preferred browser the default.

        Never stops.

         

      • #2390029
        Linda2019
        AskWoody Plus

        I see the new alerts for DEFCON notifications – will we still be getting email alerts?

        • #2390052
          Susan Bradley
          Manager

          Yup they will still be emailed. This is just another way to be alerted.

          Susan Bradley Patch Lady

      • #2390133
        Alex5723
        AskWoody Plus

        Indeed.  I have yet to see evidence of Edge doing anything at all.

        Have you tried loading .mhtml file using your default FF browser ?

        • #2390151
          bbearren
          AskWoody MVP

          Have you tried loading .mhtml file using your default FF browser ?

          I have never used the “View in web browser” option with email.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

          • #2390193
            bbearren
            AskWoody MVP

            And might I add that “View in web browser” is in no circumstance to be considered as part of “safe practices” for computer security.  In my view that is a form of phishing, and to be avoided.  YMMV

            Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
            "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
            "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

      • #2390172
        anonymous
        Guest

        KB5005565 on Windows 10 networks where all computers are Windows 10, is breaking networked printing altogether. I got a call from my former place of employment asking for help, have been trying to right it for them remotely for two days now. I was getting there and then the update reinstalled itself overnight, so now starting over with the added step of trying to hide the update.

        I’m seeing basically what is described in this thread:

        https://www.bleepingcomputer.com/forums/t/758380/installed-kb5005565-today-now-cant-print-to-networked-printers/

        Glen Ventura
        MS-MVP 2002-2009

      • #2390227
        RyanA
        AskWoody Lounger

        I’ve encountered network connectivity issues with my SCCM/MECM site server this morning (in addition with another another low priority server we use for piloting patches, both running Server 2019 Standard.)

        No SNMP/Ping/UNC share or application/database access was possible non-locally.

        Have removed patch KB5005568, and now able to remotely connect and do all of the above.

        I fully expect this is a Microsoft bug!?

      • #2390261
        EricW
        AskWoody Plus

        Since the update to Adobe Acrobat/Reader was mentioned: I ran into a problem similar to what is reported at: https://community.adobe.com/t5/acrobat-discussions/adobe-acrobat-and-reader-september-update-2021-007-20091-botched/m-p/12387606 . To quote:
        “The issue is that after applying the 2021.007.20091 updates for Adobe Acrobat DC or Adobe Reader DC each time you attempt to launch the application from the shortcuts (Start Menu, or Desktop) the application performs an install/configuration before it launches. If you open a .PDF file directly it will open in Acrobat or Reader without performing the install.”

        Adobe replies: “This issue has already been escalated and reported to engineering team.”

      • #2390269
        anonymous
        Guest

        Win 10 Pro 21H1 64 bit.   Downloaded and installed September CU via WUMgr OK.  Stable for 2 days on two machines, including network printing (HP LJ).

      • #2390292
        wavy
        AskWoody Plus

        corner cases

        OMG now I know. I am a Corner Case!! ⬜🔺◻🔻◽ Now just which corner??

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
      • #2390380
        SUCH41
        AskWoody Plus

        Regarding “Target Product Version” will there be examples on how to do it in AKB2000016 for Windows 10 Pro version?

        • #2390411
          PKCano
          Manager

          The script files for 20H2 and 21H1 in AKB2000016 to set TRV, also set the Product Version for Windows 10. The directions are the same in AKB2000016 except for the content of the script files.

          If you download the script file, and want to change to a different version or Win11:
          + Edit the script file in Notepad (or other text editor).
          + Change the TRV version to your choice (21H1, 21H2, etc), and/or change Windows 10 to Windows 11 (highlight and overwrite, do not change any of the other characters).
          + Save it as .reg (NOT .reg.txt or .txt)

          1 user thanked author for this post.
      • #2390417
        Alex5723
        AskWoody Plus

        PringNightmare :

        Administrator credentials required every time apps attempt to print

        After installing KB5005033 or a later update, certain printers in some environments using Point and Print might receive a prompt saying, “Do you trust this printer” and requiring administrator credentials to install every time an app attempts to print to a print server or a print client connects to a print server. This is caused by a print driver on the print client and the print server using the same filename, but the server has a newer version of the file. When the print client connects to the print server, it finds a newer driver file and is prompted to update the drivers on the print client, but the file in the package it is offered for installation does not include the later file version.

        Workaround: Verify that you are using the latest drivers for all your printing devices and where possible, use the same version of the print driver on the print client and print server….

        • #2390583
          Alex5723
          AskWoody Plus

          KB5005652—Manage new Point and Print default driver installation behavior (CVE-2021-34481)

          Windows updates released August 10, 2021 and later will, by default, require administrative privilege to install drivers. We made this change in default behavior to address the risk in all Windows devices, including devices that do not use Point and Print or print functionality. For more information, see Point and Print Default Behavior Change and CVE-2021-34481.

          By default, non-administrator users will no longer be able to do the following using Point and Print without an elevation of privilege to administrator:

          Install new printers using drivers on a remote computer or server

          Update existing printer drivers using drivers from remote computer or server…

      • #2390444
        BobC
        AskWoody Plus

        Thanks to all for the information and feedback.

        Perhaps another issue when updating Windows Pro 21H1 with the September Update, (September 14, 2021—KB5005565 (OS Builds 19041.1237, 19042.1237, and 19043.1237).

        In my case, it broke the Windows Hello fingerprint login functionality on 3 machines in our office.  The machines are all LG gram 17 computers: two model 17Z990-RAAS7U1, and one model 17Z90N-R.AACU1, with i7 8565U and i7-1065G7 CPUs, respectively.  The machines all have fingerprint readers built into the power button, which have worked without issue since the machines were first set up.

        Upon installing above update, the Windows Hello fingerprint login failed on all 3 of these machines.  The work around, for these 3 machines was to remove the fingerprint data stored on the machine, and then recreate it.  I tried several other steps first, including rebooting the machine, but none worked.  With only two users in our office, re-entering the fingerprint login data was not a significant issue, but it could be, depending on the availability and the number of individuals involved.

        BobC

        1 user thanked author for this post.
      • #2390619
        Alex5723
        AskWoody Plus

        Updated Windows 10 Pro 21H1 (using Wumgr)

        KB890830
        Servicing Stack : 10.0.19041.1220
        KB5005565
        Winver : 19043.1237

        No problems so far.

      • #2390862
        MrChaz
        AskWoody Lounger

        “Stay tuned, deeper analysis by this weekend.” sorry, I can’t see anything to indicate this on the site.

        Windows 7 esubypass working as expected, no problems to report as a homeuser with much less beaconware by default.

        illegitimi Non Carborundum
        1 user thanked author for this post.
        • #2391084
          Susan Bradley
          Manager

          Sign up for the newsletter.  Remember a mere $1 can get you access.

          Susan Bradley Patch Lady

      • #2391069
        Damian
        AskWoody Plus

        I have started to deploy KB5005566 to our Win10 v1909 work environment and so far we have two laptops spending over an hour trying to installing KB5005566. I ended up performing a normal Start Button>Restart which brought up the Updating Windows screen where they sat indefinitely.  Forcing the computer down and bringing it back up brings the desktop with a spinning cursor that can’t click on anything.  This is separate from a growing number of machines that haven’t received any patches yet that, but have decided to start freeze up entirely on users only allowing the cursor to be moved but without the ability to click anything. To patch or not patch, does it really matter with Windows 10…

        • #2391085
          Susan Bradley
          Manager

          What’s your a/v?  When computers freeze where they worked fine before, look through your list of usual suspects of third party software like antivirus/monitoring software/pdf software, etc.

          Susan Bradley Patch Lady

          • #2391093
            Damian
            AskWoody Plus

            Running SEP v14.3.4516.2000, with newer additional monitoring through DefenseStorm 2.1.1. Since DefenseStorm is newer for us, I’ve been keeping that in the back of my mind. Unfortunately Windows event logs have have not shed any light. So far all noted machines are running v1909 with Office 2013 except for one with 2016. Eventually I will find some kind of overlap, until then I’ll be crossing my fingers that one the these forced shutdowns doesn’t corrupt Windows.

      • #2391864
        anonymous
        Guest

        Bleeping Computer – Windows 10 emergency update resolves KB5005565 app freezes, crashes
        ————————————————————————————-
        https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-update-resolves-kb5005565-app-freezes-crashes/

        Apps might fail to open, close unexpectedly or become unresponsive
        ——————————————————————
        https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-21h1#1696msgdesc

    Viewing 27 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: September 2021 – it’s patch day!

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.