Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon

  • September Windows/Office security patches

    Posted on woody Comment on the AskWoody Lounge

    Home Forums AskWoody blog September Windows/Office security patches

    Tagged: 

    This topic contains 20 replies, has 11 voices, and was last updated by  EP 1 week, 3 days ago.

    • Author
      Posts
    • September 11, 2018 at 12:29 pm #216797 Reply

      woody
      Da Boss

      I see 127 individual patches in the Microsoft Update Catalog.
      [See the full post at: September Windows/Office security patches]

      8 users thanked author for this post.
      cesmart4125, Elly, PhotM, Laptop Boy, DrBonzo, geekdom, alphacharlie, Microfix
    • September 11, 2018 at 12:32 pm #216800 Reply

      PKCano
      AskWoody MVP

      September 2018 Group B Security-only patches have been updated in AKB2000003.

      11 users thanked author for this post.
      Elly, Kranium, LH, SueW, Bill C., Laptop Boy, woody, MikeFromMarkham, DrBonzo, geekdom, Microfix
      • September 11, 2018 at 12:48 pm #216812 Reply

        anonymous

        Thank you!

        As a Group B member, this AKB resource is super-handy each month, as well as for occasionally rebuilding a system. I really appreciate the extra time it takes to keep this list accurate and up-to-date.

    • September 11, 2018 at 12:44 pm #216808 Reply

      geekdom
      AskWoody Lounger

      Beta Test
      Reporting on Windows 7 updates:

      • Windows Malicious Software Removal Tool (KB890830)
      • Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4457918)
      • September Security Monthly Quality Rollup (KB4457144)

      All installed without error and the system rebooted without error.
      Please note that I have GWX Control Panel to prohibit Windows 10 upgrade.

      Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
      • This reply was modified 1 week, 5 days ago by  geekdom.
      • This reply was modified 1 week, 5 days ago by  geekdom.
      2 users thanked author for this post.
      Chessie, DrBonzo
    • September 11, 2018 at 1:34 pm #216822 Reply

      Wazhai
      AskWoody Lounger

      Like usual, the newer the version of Windows, the more critical and important vulnerabilities that exist and have to be fixed.

      2 users thanked author for this post.
      Seff, Charlie
      • September 11, 2018 at 2:04 pm #216828 Reply

        Ed
        AskWoody Lounger

        This information is undoubtedly incorrect! Windows 10 is the best and most secure operating system EVER!

        /sarcasm off now, it appears my Sarcastic font has been rendered by M$

    • September 11, 2018 at 2:12 pm #216832 Reply

      krzemien
      AskWoody Lounger

      Just updated my both Windows 8.1 & 10 x64 Home instances without issues.

    • September 11, 2018 at 2:14 pm #216823 Reply

      anonymous

      In my desktop:
      Windows 10 (1803), KB4457128 (OS Build 17134.285) installed twice, perhaps because the Service Stack Update (SSU) (KB4456655) must be installed before the most recent cumulative update (LCU) (KB4457128) is installed.

      The LCU will not be reported as applicable until the SSU is installed.

    • September 11, 2018 at 2:16 pm #216824 Reply

      anonymous

      Martin Brinkmann forgot to include Windows Server 2008 SP2 in his list. This month marks the first time Windows Server 2008 SP2 is serviced just like the other supported Windows Server OS with the choice of using a cumulative monthly rollup or a single security-only update.

      This change was announced by Microsoft last june in this blog:
      https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/

      Francis

      1 user thanked author for this post.
      woody
      • September 11, 2018 at 5:56 pm #216889 Reply

        EP
        AskWoody Lounger

        Martin already included the Windows Server 2008 SP2 security rollup & security only updates (KB4458010 and KB4457984)

    • September 11, 2018 at 2:38 pm #216844 Reply

      Charlie
      AskWoody Lounger
      Wazhai wrote:

      Like usual, the newer the version of Windows, the more critical and important vulnerabilities that exist and have to be fixed.

      You beat me to it, I was going to say almost the same thing.  Way to go.  Win 7 lives on.  Not really any surprise there.

      Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

    • September 11, 2018 at 2:39 pm #216845 Reply

      geekdom
      AskWoody Lounger

      If you are installing updates (beta testing), could you also provide the update names with numbers that installed or failed to install?

      Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
      • This reply was modified 1 week, 5 days ago by  geekdom.
      • This reply was modified 1 week, 5 days ago by  geekdom.
    • September 11, 2018 at 3:32 pm #216857 Reply

      BobbyB
      AskWoody Lounger

      Here’s todays little “haul” for Win10x64 Home 1803 on a VHD captured at Boot/Log in time in the midst of my daily read 😉 , with metered set, and WUMT set to run at Log in with this little Task Scheduler trick. Of course hidden awaiting pending developments, seems to work and has been doing now for the last 2 Official (B) Patch Tuesdays may bring some relief with it set on Auto run at log in. The question is will it work with the 1809 upgrade next Month? I guess I will find out soon enough, it has done so far with Win10 1709 Home back in April/May.
      Win10-Home-1803-WUMT-run-at-Boot

      Attachments:
      You must be logged in to view attached files.
    • September 11, 2018 at 4:16 pm #216866 Reply

      anonymous

      On our WSUS servers we are seeing detection logic problems for multiple .NET Framework updates.

      KBs: 4457914, 4457915, 4457916, 4457917 and 4457919 ares showing installed on a significant number of our WSUS client systems where none of those have been installed or for that matter had sufficient time to install them.

      Additionally none of those KBs have yet been approved on WSUS.  However our configurations do allow Windows Update to be run locally to check back directly to Microsoft.

      The fact remains that WSUS clients are showing the mentioned KB as installed, and therefore not needed, when it is definitely not installed and is needed.

       

      Jim

      2 users thanked author for this post.
      columbia2011, woody
    • September 11, 2018 at 4:24 pm #216870 Reply

      anonymous

      Updated my Win 7 pc’s last week for July & August security patches (Group B) along with Office 2010 patches (and ran manual chk for click to run for Office 2013 on other system). I held off downloading/installing KB4343900 (Spectre patch) as you advised. Should we still hold off on that patch,? And if so, the Sept patches will include an updated KB4343900 patch or would we first download/install Grouo B Sept security patches and then download/install KB4343900 when you raise the Defcon back to 4? Thx! Very appreciative!

      Edit to remove HTML

      • September 11, 2018 at 4:28 pm #216873 Reply

        PKCano
        AskWoody MVP
        anonymous wrote:

        I held off downloading/installing KB4343900 (Spectre patch)

        KB4343900 is not a “Spectre patch.” KB4343900 is the 2018-08 Security Monthly Quality ROLLUP for Win7. If you are in Group B you do not install Rollups, even under DEFCON-4. Group B installs only the Security-only Updates. and the IE11 CU.

        3 users thanked author for this post.
        Elly, walker, woody
    • September 11, 2018 at 5:16 pm #216878 Reply

      woody
      Da Boss

      @abbodi86 reporting in a different venue:

      In WSUS, all Windows 10 CUs and Windows 7/8.1 Monthly
      Rollups have two versions.

      The first is automatically expired of course, and the second is all
      dated 2018-09-09

      seems a last minute bug fix included 🙂

      4 users thanked author for this post.
      Elly, walker, columbia2011, geekdom
    • September 11, 2018 at 9:57 pm #216943 Reply

      anonymous

      Information also here:
      https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-2018

      and here:
      https://support.microsoft.com/en-us/help/20180911/security-update-deployment-information-september-11-2018

      Regards
      Alitai

    • September 12, 2018 at 1:24 pm #217061 Reply

      anonymous

      Win 8.1 x64 – updates installed – no problems found.

      Win 7 x32 starter – All updates installed, so far, no problems.

      I noticed discussion on a zero day, privilege escalation bug was patched.

      https://www.zerodayinitiative.com/blog/2018/9/11/the-september-2018-security-update-review

      “This CVE could allow an attacker to execute code on a target system just by convincing someone to view an image. That’s all the user interaction needed. Open the wrong image – even through a web browser – and code executes”

      That code might execute at system level, because kernel mode graphic drivers are involved.  Patching that is my top priority.   If something break, system restore has been very dependable.

      1 user thanked author for this post.
      RockJohny
    • September 13, 2018 at 5:24 pm #217423 Reply

      EP
      AskWoody Lounger

      @woody:

      OH NO:(
      those problematic meltdown/spectre microcode updates (KB4100347, KB4090007, KB4091663, KB4091664 & KB4091666) that were released on 2018-07 are back on MS Update Catalog with new revised dates (9/13/2018). search for any of those updates and you will see.

      On a test machine with Win10 Pro v1703 (using an AMD Phenom II X4 processor), Windows Update offered KB4091663 dated today THU Sept. 13, 2018 [oh no 🙁 ]
      but I used WindowsUpdate MiniTool to immediately block/hide it

      • This reply was modified 1 week, 3 days ago by  EP.
      1 user thanked author for this post.
      BobbyB
    • September 19, 2018 at 2:20 pm #218367 Reply

      fredcm3
      AskWoody Lounger

      I’ve been trying to figure out how to manage Windows 10 Updates without using WSUS (for good reasons not on topic here).  I finally had a DOH!! moment.  I was under the assumption that deferring Windows updates would put them more under our control.  Well, “control” can mean a lot of things I guess….

      We’ve been deferring updates on most computers and testing on a few others.  This led to questions like:
      – If an update is deferred, how do we know this?
      – If an update is deferred, when was it deferred or when will it be installed (date)?
      – If an update is deferred, how do we proceed to install it NOW?
      and so forth….

      It suddenly occurred to me that we aren’t expected to be that much in control.  Microsoft will manage the deferrals AND the installations AND …… so that there’s nothing but a few settings for us to make.

      It would be a bit more assuring if the deferral settings were actually being met.  But no,  deferrals of 365 days end up being more like 120 days in reality.  hmmmm…..

      Why is it so hard to understand and interact with anyway?

    • Author
      Posts

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: September Windows/Office security patches

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.

Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced.

Keep AskWoody alive and free

Shop on Amazon by clicking on our affiliate link.
Buy anything, AskWoody gets a small bounty.
No charge to you, of course. Click to shop at Amazon USA

Bitcoin 17JPn51nLfwzSGmQGaYPNseMSkrRSJceD4
Or send a check payable to AskWoody
P.O. Box 2511 - Brentwood, TN 37024
If you don't want your name to appear on the Thanks! page, please so indicate in PayPal/ Patreon comments.

Recent Replies

September 2018
M T W T F S S
« Aug    
 12
3456789
10111213141516
17181920212223
24252627282930

Forums

Topics

AskWoody blog
4926
AskWoody Central
147
Suggestions about improvi
88
Tips for using the Lounge
23
Outside the box
119
Rants
55
Fun Stuff
31
Learn to code
6
Travel
2
Rumors and what-ifs
17
AskWoody support
1283
Windows
920
Windows 10
407
Questions: Win10
200
Windows 10 beta builds
18
Windows 10 cumulative upd
10
Windows 10 version 1511 -
2
Windows 10 version 1703 -
29
Windows 10 version 1709 -
37
Windows 10 version 1607
5
Windows 10 version 1803 -
33
Windows 8.1
46
Questions: Win 8.1 (and W
25
Windows 8.1 (and Win 8) p
12
Windows 7
364
Questions: Windows 7
215
Windows 7 patches
109
Windows Vista, XP and ear
8
Questions: Vista, XP back
2
Questions: Windows Mobile
4
Office
83
Questions: Office
21
Office 365 and Click-to-R
21
Office 2010 and earlier f
12
Office 2016 for PC
6
Office 2013 for PC
4
PC hardware
43
Questions: Microsoft Surf
7
Questions: What hardware
10
Questions: How to trouble
5
Connected home / Internet
31
Questions: Amazon Echo/Al
3
Questions: Google Home
2
Questions: Microsoft Inte
2
Questions: Other home/IoT
15
Other platforms - for Win
116
Linux for Windows wonks
58
macOS for Windows wonks
25
iOS for Windows wonks
4
Android for Windows wonks
14
Chromebooks and ChromeOS
13
Questions: Browsers and d
89
Updates for browsers, app
26
Knowledge Base
35
Tools
73
Code Red - Security advisories
170
DevOps Lounge
11
Developers, developers, develo
18
Other MS software updates
13
Managing updates in organ
2
Admin IT Lounge
97
WSUS, SCCM, Exchange and
26
Tech Accessibility
14
Testing Forum
1
Powered by WordPress
Theme designed by My Mobiles, modifications by PapayaSoft