News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • September Patch Tuesday rolling out

    Home Forums AskWoody blog September Patch Tuesday rolling out

    This topic contains 110 replies, has 34 voices, and was last updated by  GoneToPlaid 3 hours, 7 minutes ago.

    • Author
      Posts
    • #1947002 Reply

      woody
      Da Boss

      The September 2019 patches are out, and there’s a bumper crop: 216 separate patches in the Catalog 80 identified security holes (CVEs) Two listed as “
      [See the full post at: September Patch Tuesday rolling out]

      7 users thanked author for this post.
    • #1947004 Reply

      PKCano
      Da Boss

      The 2019-09 Security-only Update and IE11 Cumulative Update have been added to AKB2000003  for Group B patchers (and anyone else who needs them).

      NOTE: The links in AKB2000003 are direct download links to the MS Update Catalog.
      NOTE: Win7 Security-only KB4516033 contains KB2952664 functionality “Compatibility Appraiser”
      UPDATE: NOTE: Win8.1 Security-only KB4516064 also contains the telemetry functionality.

      *************
      Another version of KB4474419 v.3 has been released on Sept Patch Tuesday.
      UPDATE: Install this patch before the Servicing Stack See @abbodi86 #1948298.

      This security update was updated September 10, 2019 to include boot manager files to avoid startup failures on versions Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2.

      *************
      There are new Servicing Stack Updates for:
      Win7:  KB4516655 –  Download 32-bit or 64-bit
      Win8.1:  KB4512938 – Download 32-bit or 64-bit

      • This reply was modified 5 days, 16 hours ago by  PKCano.
      • This reply was modified 5 days, 14 hours ago by  PKCano.
      13 users thanked author for this post.
      • #1947289 Reply

        Tex265
        AskWoody Plus

        So I’m not seeing the new Servicing Stack update KB4516655 for Win7 in my Windows Updater.

        Is this a MS Catalog download only, and if so, download and install before installing the other KB’s appearing in the Windows Updater?

        Windows 10 Pro x64 v1803 and Windows 7 Pro SP1 x64
        • #1947302 Reply

          geekdom
          AskWoody Plus

          KB4516655 won’t appear until the updates in the queue are installed; the queue needs to be empty.

          Have you installed the updates in the update queue?

          Group G{ot backup} TestBeta
          Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
          • This reply was modified 6 days, 8 hours ago by  geekdom.
          • This reply was modified 6 days, 8 hours ago by  geekdom.
          1 user thanked author for this post.
          • #1948163 Reply

            Tex265
            AskWoody Plus

            No, I have not installed anything yet. I’m also Group A.

            For past Servicing Stack updates, PK Cano has always recommended they be installed first and by themselves.
            Is this still the case?

            If yes, do we simply obtain the SS Update from the Catalog and manually install? Or is this where we need to hide all updates to make this appear then install then unhide the other updates?

            Windows 10 Pro x64 v1803 and Windows 7 Pro SP1 x64
            • #1948177 Reply

              Microfix
              Da Boss

              For past Servicing Stack updates, PK Cano has always recommended they be installed first and by themselves.
              Is this still the case?

              Group A (SMQR) needs all the patches installed in the WU queue first then, and only then, will the SSU be displayed for installation!

              ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

              1 user thanked author for this post.
            • #1948553 Reply

              GoneToPlaid
              AskWoody Plus

              Yes, Servicing Stack updates need to be installed first, and by themselves. A reboot may or may not be required. Note that there is also a new version 3 update for SHA-2, which also must be installed by itself, and which does require a reboot.

              I am Group B with Win7 computers. Today I installed September’s Servicing Stack update, the version 3 SHA-2 update, and then the September SO update. All went well and without issues. I will post about this. Yet everyone note that we are at Defcon 2 and that I ignored Defcon 2 in order to test the September Group B side of things for September. I have not installed or tested any September IE or .NET updates since I prefer to wait a while in order to see reports about any issues.

              2 users thanked author for this post.
            • #1948565 Reply

              geekdom
              AskWoody Plus

              Microsoft went against the usual convention of installing Servicing Stack Update first. Read here:
              https://www.askwoody.com/forums/topic/september-patch-tuesday-rolling-out/#post-1948298

              Group G{ot backup} TestBeta
              Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
              • This reply was modified 5 days, 7 hours ago by  geekdom.
              • This reply was modified 5 days, 7 hours ago by  geekdom.
            • #1948581 Reply

              OscarCP
              AskWoody Plus

              Regardless of Group A or B, the other patches (Windows, Office, .Net, etc.) are not going to show up unless the August service stack patch is installed first. Until that is done, Windows Update will tell you that your PC “is up to date” and there are “no updates for your computer”. Not true, but you need to install the SSH  patch to make that change to “updates waiting to be installed”.

              Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

            • #1948583 Reply

              geekdom
              AskWoody Plus

              Other patches show before the Servicing Stack Update. Read here:
              https://www.askwoody.com/forums/topic/september-patch-tuesday-rolling-out/#post-1947026

              Group G{ot backup} TestBeta
              Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
              1 user thanked author for this post.
            • #1948586 Reply

              OscarCP
              AskWoody Plus

              Geekdom: my own experience was as I just described it and, compared to yours, a fairly different. one. It looks like what happens does vary from user to user…

              Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

        • #1948455 Reply

          Geo
          AskWoody Plus

          Ivanti mentions in September patch tuesday notations: “Microsoft continues to adjust their software update process, releasing service stack updates for all operating systems this month. Usually these release for one or a couple of Windows editions, so for all Windows OSs to be impacted by this one is a bit out of the ordinary. A couple of things to note about servicing stack updates. They are rated as Critical but are not resolving security vulnerabilities. They are also not part of the cumulative update chain. Servicing stack updates are a separate update that needs to be installed outside of the normal cumulative or security-only bundle. This is a critical update to Microsoft’s update system within the OS. This means some changes are coming down the line and there will be a point where you cannot apply the Windows updates on the system if the servicing stack update is not applied. The shortest we have seen from availability to enforcement is two months. Our guidance is to begin testing as soon as possible and plan to have these in place before November to be on the safe side. Before October would be best case on the off-chance Microsoft enforces these changes sooner.”

          • This reply was modified 5 days, 10 hours ago by  Geo.
          1 user thanked author for this post.
    • #1947018 Reply

      TweakHound
      AskWoody Lounger

      SearchUI fix worked for me.

      Incidentally O&O Shutp10 was patched today to fix the patch that was patched today. (Yeah, that confused me typing it.)

      2 users thanked author for this post.
    • #1947026 Reply

      geekdom
      AskWoody Plus

      September Beta Test Report Windows 7 x64 Updates

      Important
      – September 2019 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4514602)
      – September 2019 Security Monthly Quality Rollup Windows7 for x64 (KB4516065)
      – September 2019 Security Update for Windows 7 for x64 (KB4474419)

      Updates installed without error and the system rebooted without error.

      Prompted/Checked for updates. (“Check for updates but let me choose whether to download and install them” is set. Normally, I have to click the button to check for updates, even with this setting, but this time I was prompted with an update. It was already at the gate.)

      Important
      – September 2019 Servicing Stack Update for Windows 7 for x64-based Systems (KB4516655)

      Update installed without error. Although reboot not required, I rebooted, and the system rebooted without error.

      Checked for updates and no further updates.

      Nice.

      Group G{ot backup} TestBeta
      Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
      6 users thanked author for this post.
      • #1947204 Reply

        EP
        AskWoody_MVP

        important note: the newly released KB4516655 servicing stack update supersedes/replaces the KB4490628 servicing stack update.

        so KB4490628 is no longer needed

        1 user thanked author for this post.
      • #1948423 Reply

        Charlie
        AskWoody Plus

        Wonderful!  And you didn’t have to dig up some three year old file to make everything work!…?

        Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L

    • #1947051 Reply

      anonymous

      Warning for group B Windows 7 users!

      After the “July 9, 2019—KB4507456 (Security-only update)”, there is another “security-only” update that contains telemetry.

      It is the “September 10, 2019—KB4516033 (Security-only update)”.

      It replaces infamous KB2952664 and contains telemetry. Unfortunately, there is no “file information” in MS update description, but some info can be found at http://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=03092e33-5b1d-4cc9-bcf9-578e906cefb2 (in “Package details”->”This update replaces the following updates” there is KB2952664 listed).
      It applies to both x64 and x86-based systems.

      I have found that it contains the following files :
      File;Version
      centel.dll;10.0.18362.1015
      gentel.dll;10.0.18362.1015
      appraiser.sdb;not applicable
      appraiser_data.ini;not applicable
      appraiser_telemetryrunlist.xml;not applicable
      aeinv.dll;10.0.18362.1015
      aeinv.mof;not applicable
      aepic.dll;10.0.18362.1015
      acmigration.dll;10.0.18362.1015
      aitstatic.exe;10.0.18362.1015
      api-ms-win-downlevel-advapi32-l1-1-1.dll;10.0.14393.0
      api-ms-win-downlevel-advapi32-l4-1-0.dll;10.0.14393.0
      api-ms-win-downlevel-kernel32-l1-1-0.dll;10.0.14393.0
      api-ms-win-downlevel-kernel32-l2-1-0.dll;10.0.14393.0
      api-ms-win-downlevel-ole32-l1-1-1.dll;10.0.14393.0
      api-ms-win-downlevel-user32-l1-1-1.dll;10.0.14393.0
      api-ms-win-downlevel-version-l1-1-0.dll;10.0.14393.0
      appraiser.dll;10.0.18362.1015
      compatprovider.dll;10.0.14393.0
      compattelemetry.inf;not applicable
      compattelrunner.exe;10.0.18362.1015
      devinv.dll;10.0.18362.1015
      diagtrack.dll;10.0.10586.10007
      diagtrackrunner.exe;10.0.10586.8
      dismapi.dll;10.0.18362.1015
      dismcore.dll;10.0.18362.1015
      dismcoreps.dll;10.0.18362.1015
      dismprov.dll;10.0.18362.1015
      ffuprovider.dll;10.0.9896.0
      folderprovider.dll;10.0.18362.1015
      frxmain.sdb;not applicable
      imagingprovider.dll;10.0.18362.1015
      invagent.dll;10.0.18362.1015
      logprovider.dll;10.0.18362.1015
      nxquery.inf;not applicable
      nxquery.sys;not applicable
      vhdprovider.dll;10.0.18362.1015
      wimprovider.dll;10.0.18362.1015

      Sorry for posting it twice (here and https://www.askwoody.com/forums/topic/ms-defcon-2-get-windows-automatic-update-locked-down/#post-1947029), but I started making my post just before this topic (I think more appropiate for such post) was created.

      12 users thanked author for this post.
      • #1947082 Reply

        woody
        Da Boss

        Oh fiddlesticks.

        Not again.

      • #1947081 Reply

        anonymous

        ? says:

        excellent work and thank you, saved me the trouble of looking it up. and thanks PK for posting the links for the other needed September patches just above this good news! so, where do we go from here?

        2 users thanked author for this post.
        • #1947086 Reply

          PKCano
          Da Boss

          so, where do we go from here?

          Into the basement for shelter!

          8 users thanked author for this post.
          • #1947103 Reply

            anonymous

            ? says:

            again, thank you for helping us\me navigate the muddy waters of dear microsoft. gotta love their ways. maybe there are last minute big bonuses out for the get-rid-of-win7-users-at-all-costs bounty program up in Redmond? so what if some of us just wanted to get to EOL in a peaceful and orderly fashion?

             

            1 user thanked author for this post.
      • #1947132 Reply

        anonymous

        Well that’s just another month of Windows 7 “Security Only’ Patching that I’m skipping and on to Oct 2019 to see if that’s Telemetry Free.

        I’m not really that worried for one of my Windows 7 laptops that came with a Windows 8 Pro License that the Laptop’s OEM factory downgraded to Windows 7 Pro via Pro OS version degrade rights. That’s getting Windows 8 Pro and updated in place to 8.1 anyways.

        So Spy in the buttermilk, shoo, Spy, shoo! And Skip, Skip, Skip to the Loo and Flush that update right on down!

        • #1947185 Reply

          EP
          AskWoody_MVP

          I can also “downgrade” my dad’s Toshiba C55dt touchscreen late 2013 laptop from Win8.1 Home to Win7 home premium as there are specific Win7, 8.1 & 10 downloads available for my dad’s laptop on the Toshiba/Dynabook support site 🙂

          • #1947328 Reply

            anonymous

            Yes anyone can downgrade if they have the Image/Media it’s just the matter of the Licensing check and there may be a problem with that. But usually it’s only officially the Pro versions of Windows with the automatic downgrade rights so if you can get the Pro upgrade license add that to the windows 8.1 home key and register the upgrade to Pro then it’s probably OK as far  as licensing to do that. And to downgrade a windows 8/8.1 Pro(or higher) license requires some active license key for 8/8.1 Pro/Higher than Pro variant.

            Now going from Windows 7 Pro to Windows XP Pro is possible with a Windows 7 pro key/7 Pro Upgrade license Key.  But that’s really not going forward at this point in time.

            Having the Image downloads available is nice and can be done but how do you get around the licensing checks.

            I have a Toshiba Satellite C655 with a first generation core i3(Arrandale/Mobile) CPU and that laptop has a Windows 7 Pro upgrade license from Windows 7 home that I purchased later on. but no Windows 8/8.1 license so that’s going to require purchasing a Windows 8/8.1 (Home/Pro) OEM Key license anyways but the laptop is not worth that added expense so it’s Linux Mint for that laptop after Jan 2020.

            The good thing about Retail “OEM” Windows 8/8.1 license keys are that they are very inexpensive currently, even the Pro/Above edition Keys or even retail DVDs(Rare now). But the problem with that is the Laptop’s needed drivers to match the specific hardware on the laptop.  So that has to be available as well And I have been looking at Dynadook’s(Formally Toshiba) and their documentation is not in good shape for my C655 laptop  that’s 2010 and that’s really not worth attempting any sorts of extra time other than to try a Linux Distro and hope that the wifi works.

            1 user thanked author for this post.
            • #1947441 Reply

              anonymous

              I have a dell 120, mint worked fine. the usual problem with wireless card in dells. Do a search on that and its easily fixed. Unfortunately, I dont remember the steps. You’ll need an ethernet connection,though.

              1 user thanked author for this post.
            • #1949309 Reply

              mn–
              AskWoody Lounger

              Well, then there’s the potential issue that even when you do have the downgrade right with the included product key, that product key might still not be valid for the downgraded versions.

              This is rare but can happen. Seen with OEM embedded Windows 8 Pro product key, reinstalling 7 Pro after disk replacement. (Hadn’t complained about the key with the old HDD, either.)

              Really looks like clean-installing 7 with updates might be getting even more difficult from now on.

              After reading this marathon thread am I the only one who thinks Microsoft is going for a ‘last ditch effort’ to seriously mess up Windows 7 prior to end of patching next January?

              Can’t tell if it’s on purpose, given how the Windows 10 updates seem to go – like https://www.askwoody.com/2019/so-did-ms-fix-the-win10-1903-searchui-exe-redlining-bug-or-not/ and all the older ones…

              So if it all were on purpose, I’d have to conclude that Microsoft really wants to get out of the desktop operating systems business but is prevented from just coming out and saying that officially?

      • #1947254 Reply

        anonymous

        ? says:

        again post #1947051, thank you putting the info up and so quickly. i spent some time looking at the files that the September Security Only patch installs and wondering how much space they take and how much resources they use and how all these files from/for windows 10 make the last few months of windows 7 “better” for the user. i know i can “neutralize,” some of their functions, but the only way to remove them is to do a clean install.

      • #1948582 Reply

        GoneToPlaid
        AskWoody Plus

        Yeah, the September Win7 SO update KB4516033 does replace a bunch of files which are related to telemetry. Yet on my Win7 Group B computers, CEIP optout is still being honored, and I do not see any new tasks or other tasks in Task Scheduler which were re-enabled and which are related to telemetry.

        3 users thanked author for this post.
    • #1947145 Reply

      Fred
      AskWoody Plus

      I installed the cumulative update for W10.1903  KB4515384  manually;
      The version of Windows I had clearly needed a gross of repares/updates….

      1* Cortana’s SearchUI.exe was not replaced, so the former renamed searchui.exe will stay renamed. No peaking in memory (yet)
      2* The rest of the patches seem to work out correct (fingers crossed);
      it brought the W10H1903 to build version 18362.356
      3* For W10.v1903 there is a specific new servicing stack too :
      “windows10.0-kb4515383-x64”

      info at:
      https://www.ghacks.net/2019/09/10/microsoft-windows-security-updates-september-2019-overview/

      [PGP-ID available]

      • This reply was modified 6 days, 11 hours ago by  Fred.
      2 users thanked author for this post.
    • #1947205 Reply

      Barry
      AskWoody Plus

      Installed all updates on my 1903 Home machine. They all installed fine,restarted fine with no apparent problems.

       

      Barry (Seeker)
      Windows 10 Home V 1903

      • This reply was modified 6 days, 10 hours ago by  Barry.
      1 user thanked author for this post.
    • #1947213 Reply

      abbodi86
      AskWoody_MVP

      Windows 8.1 x86, all updates installed no issues

      Worth noting that Win 8.1 and 10 got new .NET updates, whereas Win 7 only got new update bundle (the actual .NET updates are all from previous months)

      regarding Win 7 SO KB4516033 and telemetry, just neutralize it 🙂

      4 users thanked author for this post.
      • #1948026 Reply

        anonymous

        abbodi86: As an expert on Telemetry in windows updates, there is the following user comment (3rd down at time of writing) at Ghacks (https://www.ghacks.net/2019/09/10/microsoft-windows-security-updates-september-2019-overview/) from “Belga” which states “Added two telemetry tasks under Win 8.1!, as was the case under Win 7!” which might interest you.

        I know nothing about this myself. It may or may not be true, but I just thought I would pass it on.

        2 users thanked author for this post.
        • #1948153 Reply

          abbodi86
          AskWoody_MVP

          Thanks, i’m actually aware of that
          but there are unfortunately very little interest in Windows 8.1 (here or in the world)

          2 users thanked author for this post.
    • #1947230 Reply

      Sailor
      AskWoody Lounger

      Where MSRT? (kb890830)

      • #1947237 Reply

        Seff
        AskWoody Plus

        Agreed. I don’t install it any longer, but it is noticeable by its absence.

    • #1947279 Reply

      T
      AskWoody Plus

      Good grief… another SHA-2 patch, a new servicing stack update and the return of telemetry (admittedly easily disabled). Another fun month awaits eh? I will not miss my patching headaches come january 2020.

      1 user thanked author for this post.
      • #1947412 Reply

        anonymous

        Once a DLL is installed on your system and even if a registry key is set to disable that service that does not mean that some other software can link into that DLL and pull in that symbol table and call those public functions. And MS has even better than just the symbol tables it has the source code and that includes the private unpublished functions and method calls as well.

        I guess that wire-shark or some other software can track some traffic but that requires hooks into the OS provided by MS and the only way around that is a firewall router running it’s own processor/OS and code to check the packets and other such traffic. But MS can have loads of ways to hide traffic and any hidden OS functionality calling any code that’s installed on the system regardless of any registry settings.

        1 user thanked author for this post.
        • #1947429 Reply

          abbodi86
          AskWoody_MVP

          A software load Microsoft file to force running and sending telemetry to Microsoft
          why anyone would code such software?

    • #1947321 Reply

      abbodi86
      AskWoody_MVP

      Also worth noting, Windows 7 SSU KB4516655 contain new file ExtendedSecurityUpdatesAI.dll

      as the name suggest, it’s ment to handle the upcoming Extended Security Updates after Januay 2020

      they are using the same approach like Windows 10 v1607 (SupplementalServicingAI.dll), which checks if the system is eligible for installing updates
      since CloverTrail devices are still eligible for any Edition (not just Enterprise LTSB 2016), up to 2023

      this restriction approch is solid, but can be workarouned by installing the updates offline (i.e. integration prior installation, or after installation by booting to WinPE)

      back to Windows 7, we cannot know how it will work until it become effective 🙂
      although, i sense that Windows Embedded Standard 7 extra support might make it easier (since it share the exact same updates with regular Windows 7)

      4 users thanked author for this post.
      • #1947389 Reply

        anonymous

        “ExtendedSecurityUpdatesAI.dll”

        That’s for the Enterprise/Volume Licensing customers that can purchase from MS Extended Windows 7 security updates until 2023. So none of the Non Enterprise/Volume licensees will get that offered.

        But really it’s not hard for MS to offer that for their big customers as the Windows 8 OS Kernel is for the most part just the Windows 7 Kernel with TIFKAM on top and Windows 8.1 is the same as 8 mostly as far as the Windows OS Kernel is concerned as well.

        Windows 8.1 license keys are still in the retail channels with the Pro versions being very affordable and after that’s installed there is third party software that will tackle TIFKAM and make the UI look and act like Windows 7’s UI. So consumers still have options for Windows 8/8.1 as long as there are still the available 8/8.1 license keys in the retail channels.

        But those Enterprise/Volume licensing customers probably have some very expensive bespoke mission critical software that’s only been vetted/certified for Windows 7 so that’s more expensive to those clients to vett/certify, all at once, for a newer OS so MS is offering them the option to purchase extended security updates for Windows 7 Enterprise/Volume Licensing editions until 2023. It’s XP all over again but Mission Critical Software vetting/certification costs are one of the reasons that many stayed on XP and took their time converting to Windows 7. And I’ll bet that it’s the very same businesses/governmental institutions that stayed on XP the longest that will be staying on Windows 7 past Jan 2020.

        1 user thanked author for this post.
        • #1947627 Reply

          warrenrumak
          AskWoody Plus

          The part about the Windows 8.1 kernel being “just the Windows 7 kernel” is grossly inaccurate.  It contained a lot of major refactoring work to split everything up into proper layered components (i.e. all the new files with names like api-ms-win-core-sysinfo-l1-2-0.dll).  There’s the AppContainer security model, the new “pico process” model that was later used to implement WSL, AppLocker, Control Flow Guard, and a whole bunch of other lower level stuff.  I could go on about performance improvements in the memory manager, too, to say nothing of all the more highly visible stuff like built-in USB 3 support.

          Where I work, Windows 7 (and Server 2008 R2) has long been banned from use in secure environments because it lacks a lot of modern security infrastructure in the kernel.  Even if Windows itself gets patches to fix security vulnerabilities, there is still a ton of third-party software that is riddled with bugs that an attacker can exploit a system with.  The protections introduced in Windows 8 and 8.1 close off entire classes of attacks against third-party software that don’t depend on exploiting Windows itself.

          People would’ve noticed & appreciated this stuff a lot more if Microsoft hadn’t thoroughly messed up the user interface.

          • This reply was modified 6 days, 3 hours ago by  warrenrumak.
          6 users thanked author for this post.
    • #1948042 Reply

      CraigS26
      AskWoody Plus

      My W10 Home is now 18.362356 with No Issues as usual in my Ethernet-to-AT&T Uverse setup..

      Settings Update History (3) shows Sept Cum Update, Net Frmwk 3.5/4.8, and Adobe Flash (via Edge, I think).

      Control Panel (4) adds KB4515383 Svc Stack…. MSRT in Settings “Other Updates” last shows date of Aug Cum Update = 8/13/19, so maybe in a follow-up.

       

      W10 1903-18362.329 Home / Hm-Stdnt Ofce '16 C2R / i5-8400/ 12 GB / 256 SSD + 1 TB HDD / InSpectre #8 = GREEN

    • #1948075 Reply

      anonymous

      Windows Vista 32 (aka Windows Server 2008), W7 Starter 32, W7 64.
      ALL UPDATES AUTO / MANUAL, 32-BIT & 64-BIT, INSTALLED OK.

    • #1948078 Reply

      anonymous

      Microsoft has updated description of KB4516033 and KB4516065. They added file information and acknowledged the following issue:

      After installing this update, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in Event Log related to cryptnet.dll.

      Links to update description and file information for each patch:

      For KB4516033:

      https://support.microsoft.com/en-us/help/4516033

      https://download.microsoft.com/download/6/3/6/636df5b4-609a-4780-8348-1a39a6b15f08/4516033.csv

      For KB4516065:

      https://support.microsoft.com/en-us/help/4516065

      https://download.microsoft.com/download/1/6/0/1603b576-6404-453a-905c-83d5eee371d6/4516065.csv

      1 user thanked author for this post.
    • #1948099 Reply

      Microfix
      Da Boss

      Initial Report: Installation date 10th/11th September 2019
      SMQR (Group A) from WU patches on the following three MSFT OSes.

      Win7 Pro x86:

      KB4474419 SHA2 v3 code signing support
      KB4516065 SMQR September
      KB4516655 SSU September

      W7x86Sept

      W7x86EvView

      Win7 Pro x64:
      KB4474419 SHA2 v3 code signing support
      KB4516065 SMQR September
      KB4474419 SSU September

      W7x64Sept

      W7x64EvView

      W8.1 Pro x64:
      KB4516115 Adobe Flash Player Update
      KB4516067 SMQR September
      KB4512938 Replacement SSU September

      W81x64Sept

      W81x64EvView

      All systems exhibited NO system errors via event viewer post updates.

      Post patch telemetry Checks:

      HINT: As ‘Diagtrack’ service is completely removed on our systems:

      COMPUTER MANAGEMENT:
      Computer Management/ System Tools/ Performance/ Data collector Sessions/ AIT and SQMLogger
      Computer Management/ System Tools/ Performance/ Startup Event Trace Sessions/ AIT and SQMLogger

      NO change and ALL still disabled.

      TASK SCHEDULER:
      Application Experience (NO change all disabled)
      Autochk (NO change, disabled)
      CEIP (NO change, disabled)
      Maintenance/ WinSAT (NO change, disabled)

      SFC showed NO integrity violations an all devices.

      SMQR Patching FTW!

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      Attachments:
      4 users thanked author for this post.
      • #1948110 Reply

        woody
        Da Boss

        Can you confirm that the telemetry routines are installed with this month’s Win8.1 Security-only patch? (Just hoping.) 🙂

        • #1948116 Reply

          Microfix
          Da Boss

          Only do SMQR patches no group B (gave that up over a year ago, too much hassle)
          I’ll say this though, disabling diagtrack service completely in W7/W8 works without affecting integrity which may seem a ruthless method to avoid telemetry but, if needs must 🙂
          DISM online will no doubt re-introduce the diagtrack service.

          ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

          1 user thanked author for this post.
      • #1948530 Reply

        DrBonzo
        AskWoody Plus

        @microfix – It looks like you are installing the SSU AFTER the SMQR. Is that correct? Also, are you installing manually or are you letting Windows Update install everything? Thanks

    • #1948119 Reply

      anonymous

      Hey everyone. New guy here so I’m hoping I’m posting in the right place. Several of us on Reddit as experiencing start menu issues with KB4515384. When you click the start button and being to type to search for something, nothing happens at all. Uninstalling the CU fixes it.

      I would copy the links to the threads but I didn’t know if that was against rules or not.

    • #1948257 Reply

      anonymous

      So no MRT for September on Win7 Home SP1, Win7 Pro SP1, or Win10 v1903? Perhaps it comes with later updates?

      2 users thanked author for this post.
    • #1948298 Reply

      abbodi86
      AskWoody_MVP

      Thabks to @pkcano (and @garf02 at MDL forums)

      Servicing Stack Update (KB4516655) Failed

      Windows 7 SSU KB4516655 is signed sha-2 only
      meaning, it will require first to have KB4474419 installed and ready

      so much for SSU install-first logic 😮

      i believe KB4474419 don’t require any SSU to get installed, but will have to verify that

      7 users thanked author for this post.
      • #1948608 Reply

        abbodi86
        AskWoody_MVP

        I finished testing

        on clean installed Windows 7, KB4474419 can be installed directly (no SSU required)

        however, SSU KB4490628 is still needed (before or after KB4474419)

        otherwise, SSU KB4516655 will fail with error 0x80092004 – CRYPT_E_NOT_FOUND

        did MS actually tested this scenario before they dare to supersede KB4490628?

        i expect or hope they fix this mess, by releasing and keeping any new SSU as SHA1 signed (like KB4490628)

        5 users thanked author for this post.
        • #1948620 Reply

          geekdom
          AskWoody Plus

          KB4490628 was released March 2019:
          https://www.catalog.update.microsoft.com/Search.aspx?q=KB4490628

          Group G{ot backup} TestBeta
          Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
          • #1948625 Reply

            PKCano
            Da Boss

            That is correct. And it needs to be installed on the computer before the Sept SSU.
            You srill need KB3133977. KB4490628 and KB4474419 before the Sept updates.
            KB3133977  was installed on this computer in 2016.
            Here is my update history:

            Screen-Shot-2019-09-11-at-8.06.54-PM

            • This reply was modified 5 days, 5 hours ago by  PKCano.
            • This reply was modified 5 days, 5 hours ago by  PKCano.
            Attachments:
            1 user thanked author for this post.
            • #1948708 Reply

              DrBonzo
              AskWoody Plus

              The MS support page for the September Win 7 Rollup (KB4516065) says that Both the SHA-2 and SSU (KB4474419 v-3, and KB4516655, respectively) should be installed immediately followed by a restart before the Rollup is installed.

              And yet it seems as though a few people in this thread are reporting successful results by installing the Rollup first followed by the SHA-2 and SSU.

              Maybe the order of the Rollup and combined SHA-2 and SSU doesn’t matter?

            • #1948866 Reply

              abbodi86
              AskWoody_MVP

              The order does matter if you are installing updates for the first time

              for now, September Monthly Rollup (or Security Only update) do not require SSU KB4516655

              they only need:
              SSU KB4490628
              SHA KB4474419 (any version would work)
              EFI KB3133977 (if the system is UEFI, and it’s just precaution requirement, KB4474419-v3 supposedly fix the booting files issue)

              KB4516655 cannot be installed until KB4474419 is completely installed (which will require rebooting to finish)

              the SSU requirement might change next month(s)

              • This reply was modified 5 days, 3 hours ago by  abbodi86.
              2 users thanked author for this post.
            • #1948901 Reply

              PaulK
              AskWoody Lounger

              Also see 1948832 for a sequence that worked.

              1 user thanked author for this post.
        • #1952232 Reply

          KP
          AskWoody Plus

          Super, it fixed my 80092004.

          1) KB4490628 – install successful
          2) KB4512506 – reported already installed
          3) KB4512486 – Security Only – install successful
          4) KB4512506 – Monthly Cumulative Update – install successful

          Super Thanks

          Deserves mention in Patch Watch, @PatchLady

          • This reply was modified 1 day, 6 hours ago by  KP.
          • This reply was modified 1 day, 6 hours ago by  KP.
          1 user thanked author for this post.
    • #1948357 Reply

      anonymous

      Something I noticed, after installing 4516033 (security only) and 4516046 (IE) on my Win 7 32-bit I saw audit failure entries for appidapi.dll and appid.sys in event logs, 2 each, but for the files in \SoftwareDistribution\Download not the installed ones in System32. A search turns up a similar event when updating in March, may have mentioned it here, or it may have been mentioned as known back then, seem to recall something?

      Did a sfc /scannow while I was at it and it said it found some problems that it couldn’t fix, and while checking the log I saw that the problems had to do with files with telemetry and diagnostics in the path, usually .json files. (May well be the first time I run that command though, so no idea when it would have started detecting that.)

      — Cavalary

    • #1948364 Reply

      EP
      AskWoody_MVP

      WHAT! KB4474419 got yet another re-release this September (as V3)?

      didn’t see that one coming

      • This reply was modified 5 days, 12 hours ago by  EP.
      • #1948366 Reply

        PKCano
        Da Boss

        And it needs to be installed BEFORE the SSU!

        • #1948384 Reply

          anonymous

          Thank you PK for confirming my notes. I’m not the brightest light bulb but sometimes I get things right. Sitting back relaxing waiting for the DeFcon number to go up.

        • #1948383 Reply

          anonymous

          Not necessarily. You need some version of it before the SSU, but doesn’t have to be the last one if you don’t have the problems it fixes (or claims to fix).

          — Cavalary

        • #1948587 Reply

          GoneToPlaid
          AskWoody Plus

          I don’t think so, as long as one already has the v2 SHA-2 update already installed. I installed the Sept SSU on my Win7 computers first. No reboot was required. Then I installed the v3 version of the SHA-2 update, which in all cases did require a reboot. After that, I installed the Sept SO update which of course required a reboot.

          All of my computers are Win7 Group B.

           

          2 users thanked author for this post.
    • #1948378 Reply

      anonymous

      Do we need the bitlocker patch for KB4516065? I don’t see it mentioned in the how to section of the support page. Only says KB4474419 and KB4516655 are needed.

      • #1948388 Reply

        PKCano
        Da Boss

        If the Bitlocker patch wasn’t installed back in 2016, it should have been installed with the Aug. updates. You don’t need to install it again.

        1 user thanked author for this post.
        • #1948395 Reply

          anonymous

          I skipped the August rollup and the bitlocker patch due to the problems people were having. I only installed KB4474419 in August.

        • #1948406 Reply

          anonymous

          ? says:

          oh, darn i forgot to install the bitlocker kb 3133977 from what three years ago? and the August sha v-2 plus IE, and SO installed just so fine? funny how disk cleanup\DISM removes the March KB4474419 sha-v1 and i wonder if after applying the the third try latest sha-v3 if the August sha-v2 will go away during cleanup? and as for installing this month’s Security Only WinX telemetry files at this late stage of the game, well i’m with the person who posted yesterday up above saying “Spy in the buttermilk…”

          i guess i’m off the the local Micro Center for more Win 7 EOL last stand supplies becuase based on Microsoft’s less than stellar performances over the last few years i think the real fun is only just beginning…

    • #1948425 Reply

      DnnSmm
      AskWoody Plus

      Not sure this is the place to ask this, but I’m having a heck of a time
      trying to figure out how to download and manually install a patch. What
      I usually end up doing is clicking on “check for updates” and taking
      everything Microsoft gives me after the newsletter says it’s okay. I do
      have automatic updates turned off and get nothing from Microsoft without
      checking for updates. Checking on the forum gives me no information I
      can use or understand. Thought I was an Intermediate, but feel a lot like a novice.

      If someone could steer me toward the answer on the forum or provide a short
      “go by”, it would be so much appreciated.

      • #1948444 Reply

        PKCano
        Da Boss

        Go to the MS Update Catalog.
        Enter the patch number (without the KB), for example 3133977.
        It will take you to a list of the OSs that are elegible for that patch.
        Be sure you choose the right OS and the right bitedness for your computer(x86=32-bit, x64=64-bit)
        Click on download and save the file to your computer.
        Double click on the file and follow the instructions.

        1 user thanked author for this post.
      • #1948456 Reply

        Microfix
        Da Boss

        or if you are using Win7 or Win8.1 visit: AKB2000003

        ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

        1 user thanked author for this post.
    • #1948505 Reply

      abbodi86
      AskWoody_MVP

      Another notice, regarding msu files download links from MU catalog

      this month 1809 cumulative KB4512578 have issues downloading the x64 msu file
      the default link we get from catalog

        sometimes

      gives corrupted smaller file 227.87 MB

      http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/09/windows10.0-kb4512578-x64_f4b0236517a3cbe635660042e4052971cf4307cb.msu

      to make sure you get the correct file, add fg.ds. prefix

      http://fg.ds.download.windowsupdate.com/c/msdownload/update/software/secu/2019/09/windows10.0-kb4512578-x64_f4b0236517a3cbe635660042e4052971cf4307cb.msu

      maybe there are other files affected, but this is the one i saw reports about and vrified myself

      1 user thanked author for this post.
    • #1948508 Reply

      Geo
      AskWoody Plus

      Group A,  Win7X64, Home Premium, home user.  AMD.  Took everything.  No problems so far to report.

      2 users thanked author for this post.
      • #1948631 Reply

        anonymous

        Hi Geo, when you took everything and restarted:

        Was it a normal looking restart, or one of those unusual double restarts?

        After allowing things to settle in, did you run an additional “check for updates” that returned an empty queue?

        I’m asking because of the discussion over a new SSU further up this page. Thanks for posting. (I will be waiting on these updates or I would also share my own experience)

        • #1948642 Reply

          PKCano
          Da Boss

          See #1948625.
          I used Windows Update to do the Group A installations.
          The Sept SSU does not show up until the Importnat queue is empty (as usual) and has t be installed by itself.
          No double boot during one install, it just has to be two installs b/c the SSU shows up after all the rest and a reboot.

          1 user thanked author for this post.
          • #1948649 Reply

            anonymous

            Thank you PKCano, that is the the way I read your discussion. Because of the need for a second check from an empty queue, I wondered if Geo had found the same, did not find the same, or had not done the additional check. I presume that all machines that are set the same, would see the same.

        • #1949511 Reply

          Geo
          AskWoody Plus

          After updating I had a normal restart.  Afterwards the SSU showed up and I downloaded that.  Same thing normal restart.  Group A, W7X64, home premium, home user.  AMD.

          • This reply was modified 4 days, 15 hours ago by  Geo.
          2 users thanked author for this post.
    • #1948664 Reply

      GoneToPlaid
      AskWoody Plus

      Hi everyone,

      Following are my notes about installing the Sept updates on my Win7 Group B computers.

      First, note that we are at Defcon 2 for all September updates.

      Second, most of you all probably do know to wait 10 minutes after rebooting your computer, if an installed update told you that you must reboot your computer, before proceeding to install additional updates. The reason for the 10 minute time delay is to allow Windows to have fully completed its three stages of the OS boot process.

      Third, updates during the past few months do have a bug which you may or may not experience. After installing an update and clicking on the Restart button which is presented by the update’s installation process, please instead click on Cancel. Then reboot your computer via the start menu’s Start >> Shut down >> Restart method. Doing so will prevent a potential hang when rebooting, and will prevent erroneous Event Viewer messages that the installed update failed.

      Fourth, I have no idea about what bugs (if any) are in the Group A September Monthly Rollup for Win7 computers. Microsoft does have a track record of late for breaking things in IE.

      With the above said, we are at Defcon 2! Do not install updates until Woody moves us to either Defcon 3 or 4.

      Today I decided to install some of the September updates on my Win7 Group B computers. The updates were installed in the following order as detailed.

      KB4516655 — September Servicing Stack update for Windows Update. This update installed just fine, and it did not require me to reboot my Win7 computers. You can get KB4516655 straight from Microsoft at:

      https://www.catalog.update.microsoft.com/Search.aspx?q=KB4516655

      KB4474419 — Version 3 of the SHA-2 update with the same KB number. KB4474419 was updated on September 10, 2019 to include boot manager files to avoid startup failures on versions Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2. Seriously? Really? One would think that Microsoft would have thought to make sure that KB4474419 included boot manager files which are needed for EFI boot in KB4474419’s first incarnation! Or am I just too stupid to understand how Microsoft does anything. Anyway, this update must be installed by itself, as in not installing any other updates at the same time. You will have to reboot your computer after installing this update. You can get KB4474419 straight from Microsoft at:

      https://www.catalog.update.microsoft.com/search.aspx?q=kb4474419

      Presently, I do think that the above two updates are not safe to install. In my opinion, the KB4474419 September Servicing Stack is a no-brainer to go ahead and install. I also think that KB4474419, the version 3 of the SHA-2 is a no-brainer to go ahead and install since it belatedly includes the boot manager files which are needed in order to prevent boot failures for some Win7 computers. When booting vie EFI, if Windows can’t find it or if the required files were not updated in the EFI boot partition, then Windows will not boot. Recovery from this scenario can be a royal pain.

      Again, we are at Defcon 2. The above two updates, at least to me, appear to be safe to install, as in no issues whatsoever.

      The next item is the September Win7 SO update, KB4516033. This update provides protections against a new subclass of speculative execution side-channel vulnerabilities. This update also provides important security updates for a lot of core Windows stuff. I had no issues installing this update on my Win7 computers. Yet I do note that my Win7 computers were running noticeably slower for around a half hour after installing the Sept Win7 SO update. Maybe Windows Indexing was running? Maybe .NET had to re-optimize all programs which use .NET? I don’t know, and I don’t care since this slowdown went away sometime around a half hour to an hour later. My money is on .NET performing re-optimization of programs which use .NET.

      Anyway, the Win7 September SO appears (at the time being) to be okay to install. Yet I do NOT recommend that you install it until Woody gives the all clear via his Defcon system. You can get KB4516033 straight from Microsoft at:

      https://www.catalog.update.microsoft.com/Search.aspx?q=KB4516033

      • This reply was modified 5 days, 4 hours ago by  GoneToPlaid. Reason: fix a typo
      3 users thanked author for this post.
      • #1948773 Reply

        AJNorth
        AskWoody Plus

        Greetings GTP,

        Presently, I do think that the above two updates are not safe to install.

        With respect, might you have intended to convey that those two updates are safe to install?

         

        Or am I just too stupid to understand how Microsoft does anything.

        Well, once again I shall invoke that classic routine from more than eight decades ago:  “Who’s on first?”

        Cheers,

        AJN

        • #1948938 Reply

          GoneToPlaid
          AskWoody Plus

          Hi AJNorth,

          Yep, a typo. I meant to say that the September servicing stack update and the v3 SHA-2 update do appear to be safe to install. Thank you for catching that error.

          Best regards,

          –GTP

           

          1 user thanked author for this post.
      • #1949211 Reply

        anonymous

        Hi GTP, thank you for your excellent post of installing the Group B patches. While I see you mention the 10 minute wait after an install, I will not argue. If people are willing to wait 10 minutes then great. I never have. Three to four minutes or when the hard drive light stops flickering wildly is sufficient for me. I have not had any failed installations and I do occasionally examine the event logs. It is never a patch I just installed if there are any errors, they are the same “dumb” errors MS had on this computer for years, like it could not find a printer port because there isn’t one nor a printer.

        “…note that my Win7 computers were running noticeably slower for around a half hour after installing the Sept Win7 SO update. Maybe Windows Indexing was running? Maybe .NET had to re-optimize all programs which use .NET?” That is a good observation and assumption. I have wondered the same. It could be Windows Indexing and if any .NETs were installed the “NGEN” would run the MSCORSVW process and rebuild the .NET image. I post this every time I have a .NET in a patch month and force .NET to rebuild NOW! not later in 30 minutes:
        http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx

        Lastly, don’t forget to let the computer sit 45 minutes to allow “Process Idle Tasks” to initiate, or force it manually like the .NET NGEN with this administrative command prompt command: rundll32 advapi32.dll, ProcessIdleTasks

        Thank you again GTP. Your posts are always thought out, very informative and well done. I see you post frequently and you have helped a lot of people here.

        2 users thanked author for this post.
        • #1949497 Reply

          anonymous

          Hello GTP and Admins. When I posted the command to force Idle Tasks I did not have a space after the comma. Does your Web Software do corrections?

          The Administrative Command is: rundll32 advapi32.dll,ProcessIdleTasks

          A space between rundll32 and advapi32,dll a comma, no space, then ProcessIdleTasks

          With capital letters for the words, Process Idle and Tasks.

          Thank you.

          • #1949563 Reply

            geekdom
            AskWoody Plus

            After you post, you have 15 minutes to edit your post.

            Edited to add: unless you are anonymous and under that circumstance you cannot edit a post.

            Group G{ot backup} TestBeta
            Win7Pro · x64 · SP1 · i3-3220 · RAM 8GB · Firefox: uBlock Origin - NoScript · HDD · Canon Printer · Microsoft Security Essentials · Windows: Backup - System Image - Rescue Disk - Firewall
            • This reply was modified 4 days, 14 hours ago by  geekdom.
      • #1949442 Reply

        GoneToPlaid
        AskWoody Plus

        I meant to say that I think that the servicing stack update and the version 3 of the SHA-2 update are safe to install.

    • #1949241 Reply

      Carl D
      AskWoody Lounger

      Phew!

      After reading this marathon thread am I the only one who thinks Microsoft is going for a ‘last ditch effort’ to seriously mess up Windows 7 prior to end of patching next January?

      Why else would they go to so much trouble with this SHA-2 business and all the other ‘botched’ updates (and procedures for getting around them which mostly need to be figured out by trial and error) for an operating system with 4 months left until end of life?

      This isn’t really surprising when you look at their past efforts to mess up Windows 7 since the release of Windows 10 over 4 years ago.

      Hold on to your hats, I believe the worst is yet to come over the next 4 months…

      1 user thanked author for this post.
      • #1949416 Reply

        abbodi86
        AskWoody_MVP

        Phew!

        After reading this marathon thread am I the only one who thinks Microsoft is going for a ‘last ditch effort’ to seriously mess up Windows 7 prior to end of patching next January?

        Why else would they go to so much trouble with this SHA-2 business and all the other ‘botched’ updates (and procedures for getting around them which mostly need to be figured out by trial and error) for an operating system with 4 months left until end of life?

        This isn’t really surprising when you look at their past efforts to mess up Windows 7 since the release of Windows 10 over 4 years ago.

        Hold on to your hats, I believe the worst is yet to come over the next 4 months…

        Windows 7 Embedded is still supported to October 2021 (that’s 22 months beyond January 2020)

        they also need to secure and lockdown update mechanism for the Extended Security Updates offer (specially for the virtual Azure cloud instances)

        based on the new SSU KB4516655, this mechanism will mostly depend on special certificates chain to determine eligibility

        • This reply was modified 4 days, 18 hours ago by  abbodi86.
        5 users thanked author for this post.
        • #1949455 Reply

          NoLoki
          AskWoody Lounger

          I really do not think that Microsoft will sabotage W7 for nefarious reasons. They probably have their less skilled, less experienced coders on it, but these individuals are still going to see W7 through to EOL with a degree of professionalism and pride.

          The worst that is yet to come is more likely going to be the barrage of ads promoting W10 that all W7 and W8 users will be subjected to. Not so subtle references to how important updates are to securing ‘your personal computing experience’. It’s going to be all about marketing, not sabotage.

          Also, MS is counting on the W7 requisite hardware to not last much longer as they have the new hardware under wraps – W10 only.

          FWIW: This is pure speculation on my part, but I think that Microsoft will quietly treat W8 as abandon-ware soon after W7 eol. The outcome of this, even with so few users … uncertain.

          1 user thanked author for this post.
    • #1949435 Reply

      anonymous

      Interestingly, my two Dell XPS computers (a desktop and a laptop), both Win 7 Home x64 SP1, required KB3046017 downloaded and installed prior to downloading and installing the new SSU, but after installing the first three updates (monthly update, daily virus definitions, and latest version of the prior old SSU). My HP desktop with Win 7 Pro x64 SP1 did not require the old KB3046017 update. I wonder what that was all about.

       

    • #1949443 Reply

      Proisiasc
      AskWoody Lounger

      Installed windows 10 update 1903 this morning slowed machine down made outlook 2010 crash had to reverse update is this a common problem

      • #1949449 Reply

        PKCano
        Da Boss

        It seems the Search function is causing some 1903 machines to redline. This may be what you experienced. Best to wait for now on the Sept. update.

    • #1949470 Reply

      anonymous

      Hmm, Windows Update does not have the MSRT (malicious software removal tool), KB890830, for September 2019.  I cannot recall a month where this ubiquitous update has not been offered.

    • #1949599 Reply

      Geo
      AskWoody Plus

      Group A , Win7X64,  home premium, home user, AMD.  Did update.  I don’t  take the the .net updates.  Did other updates.  Normal restart.  Went back in and the SSU update showed up.  Downloaded the SSU.  Once again normal restart. No problems. I also never take any previews.

      • This reply was modified 4 days, 14 hours ago by  Geo.
      • This reply was modified 4 days, 14 hours ago by  Geo.
      1 user thanked author for this post.
    • #1949914 Reply

      RMeijer
      AskWoody Lounger

      Woody, this may be outside of your realm but my event viewer shows multiple, continuing and completely unauthorized access of my W7 Pro   (Dell XPS 8700) machine since I deleted the Dell Utilities found to have RCE vulnerabilities.

      Just today‘s samples include those shown below.   Dell heatedly denies making any unauthorized access to machine.   Any suggestions?

      Either way, continuing thanks for your help thus far and your web site.

      Bob Meijer

      Driver Management has concluded the process to add Service BCMH43XX for Device Instance ID USB\VID_0846&PID_9011\6&320464AE&0&1

      Driver Management has concluded the process to add Service vwifibus for Device Instance ID USB\VID_0846&PID_9011\6&320464AE&0&1

      The Background Intelligent Transfer Service service entered the running state.

      The SoftThinks Agent Service service entered the running state.

      The Microsoft .NET Framework NGEN v4.0.30319_X86 service entered the running state.

      Driver Management concluded the process to install driver FileRepository\bcmwlhigh6.inf_amd64_neutral_0a0bdc44d6d79ff2\bcmwlhigh6.inf for Device Instance ID USB\VID_0846&PID_9011\6&320464AE&0&1

      • #1949992 Reply

        anonymous

        Bob, you should be able to remove the Dell support and similar via programs and features uninstall.

        See: How to Uninstall Dell Support Center, https://www.dell.com/support/article/us/en/04/sln113650/how-to-uninstall-dell-support-center?lang=en from DELL Support.

        “The SoftThinks Agent Service service entered the running state.” this is a DELL backup program.

        Softthinks Agent Service, https://www.dell.com/community/Windows-10/Softthinks-Agent-Service/td-p/4734765 from DELL-Jesse L Moderator.
        “SoftThinks Agent Service, a component of the Dell DataSafe Local Backup utility.” and “If you do not plan on using the program you could uninstall it and it should remove the Agent as well.”

        If you have already uninstalled these items from your DELL, you may consider:

        1) in file manager, look for any leftover files or folders that dealt with the items you uninstalled. You may find a few left behind. Double check they are those files with an internet search and if they are left behind, delete them.

        2)Run Ccleaner (version 5.29 or 5.30 prior to AVAST) and have it clean your drive. After deletion of temp files, etc., run the registry cleaner portion of Ccleaner. It will probably find left over registry entries. I have used Ccleaner since version 1.x and it is a very well behaved program. I, my relatives and friends all use it and I used it daily at work (computer repairs).

        3) in Ccleaner tools, startup, windows look for any startup items you do not need starting every time and disable. In tools, startup, Scheduled Tasks, look and see if anything catches your eye there.

        4) WHILE IN Ccleaner, go to tools startup, Browser Plugins and see if any add-ons or plug-ins catch your eye you do not want for each browser you may have.

        I have used Ccleaner to clean and remove old items and even malware.

        I hope this helps you.

      • #1949999 Reply

        PKCano
        Da Boss

        Please stay on topic
        This thresd is about September Patch Tuesday, NOT Dell Utilities.
        Off-topic posts are subject ot removal.

      • #1950035 Reply

        anonymous

        Bob Meijer, PKCano is right. This Dell issue is getting a little off topic. You might want to start a new topic or have yours moved. If you or they do, I will find it and continue to try and help.

    • #1952188 Reply

      gpmartens1
      AskWoody Plus

      Applied the KB4515384 Cumulative Update to 4 machines using Win 10 1903.  On 3 of the 4 machines, it made Pin Login Unavailable.  I uninstalled the update on 1 machine, and it did not fix the problem.  I’ve tried numerous suggested fixes/changes in Group Policy, etc., and nothing has fixed the problem.  No other problems have been noted yet.

      • #1952269 Reply

        gpmartens1
        AskWoody Plus

        There are other details to getting to this point, but found a solution, after trying 10-15 other suggestions.  Delete the contents of the folder C:\Windows\ServiceProfile\LocalServices\AppData\Local\Microsoft\Ngc , then reboot, and your prompted for the Pin login again.  Don’t know why it’s requiring a 6 digit PIN, because I’ve never set that rule.  The files in the Ngc folder will be rebuilt when you reboot.

        1 user thanked author for this post.
      • #1952383 Reply

        woody
        Da Boss

        See https://www.askwoody.com/2019/yet-another-bug-with-this-months-win10-1903-cumulative-update-pin-knockout/

        Could you elaborate (over on that thread) what exactly “Pin Login Unavailable” means? Did you lose your old PIN? Did you try to create a new PIN and had problems?

    • #1952518 Reply

      anonymous

      Win10 1803 64 bit.  Downloaded and installed KB4512576 SSU and KB4516058 September update, stable for 3 days.  Used WU Mgr and installed September Office 2013 updates, no issues.

    • #1952638 Reply

      anonymous

      Windows 7 Pro SP1 x64 KB4516065, kb4516655 and KB4474419 installed last week and have not had any issues with these patches at all. Happy Days! albeit numbered

      1 user thanked author for this post.
    • #1952748 Reply

      RM
      AskWoody Plus

      In reference to KB4516655 for Win 7:  I checked my Windows Update (WU) to see if this was on the list.  It is currently not on WU but I have the other updates as mentioned by Susan Bradley on the Windows Secret newsletter today.  Based upon my reading of discussion in forums on this topic, I know that I need to install KB4516655, by itself, before doing the other Sept updates when given the all clear by Woody.  I believe that KB4474419 should be installed before this update. Is that correct?   Already have KB4490628-installed in March.  I am just trying to make sure that I am interpreting the responses on the forum correctly.  Thank you to all of you who make this site the best for Windows information.

      • #1952751 Reply

        PKCano
        Da Boss

        I have been letting Windows Update do the installing and had no problems.
        See the install order in post #1948625 above.
        I know this is not the usual order, but it works without any trouble.

        Servicing Stack KB4516655 will not show up in Windows Update Important queue until all other updates have been installed or hidden.

    • #1952933 Reply

      RM
      AskWoody Plus

      Thanks for your response.  Operating system:  Win 7 Pro.  I checked for KB3133977 and appear not have it installed.  I looked up KB3133977  and it includes Win 7 Pro in the applies to section.  It appears that this is for BitLocker.  I do not use, as far as I know, Bitlocker.  The KB article says that if you have an ASUS mainboard, there are issues with this update.  I have a ASUS P8P67 with an Intel Core I7 @2600 which is probably why I did not install KB3133977.  However I have installed KB4490628 successfully and KB4474419.  Now WU is showing KB4474419 again, which Susan Bradley pointed out in the Ask Woody Pluss newsletter this morning.  I plan to install KB4474419, Sept 10, 2019 version, before doing the rest of the updates.  I did research on KB4516655 and found that “There are no prerequisites to apply this update.” in the KB article.   Since KB4516655 replaces KB4490628 and I have successfully installed KB4490628, can I just install the KB4516655 and avoid the issues with ASUS motherboards and KB3133977?  Thanks very much.

      • #1952969 Reply

        PKCano
        Da Boss

        To install KB3133977:  instructions for ASUS motherboards are linked here.
        You can try to install Servicing Stack KB4516655.
        FYI, there have bee three versions of KB4474419, dated 3/11, 8/12 and 9/9.

      • #1953363 Reply

        GoneToPlaid
        AskWoody Plus

        Hi RM,

        You really do need to install the Bitlocker update KB3133977, yet only after you have printed the ASUS instructions which PKCano linked to. You probably will not experience this issue, unless you took special steps to install Windows 7 to use EFI boot. Anyway, the ASUS fix for this issue is easy to implement so long as you have full access to your computer’s BIOS.

        PKCano also mentioned that there are three versions of KB4474419, dated 3/11, 8/12 and 9/9. The previous two versions were superseded by the latest 2019-09-09 version. You only need to install the latest v3 version which you can get from here:

        https://www.catalog.update.microsoft.com/Search.aspx?q=KB4474419

        In the above link, look at the top third of the list for the appropriate update for your version of Windows 7 which is dated 9/9/2019.

        Best regards,

        –GTP

         

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: September Patch Tuesday rolling out

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel