Topic: September Windows/Office security patches @ AskWoody

September Windows/Office security patches

Posted on woody Comment on the AskWoody Lounge
Home › Forums › AskWoody blog › September Windows/Office security patches

Tagged: September 2018 Black Tuesday

This topic contains 20 replies, has 11 voices, and was last updated by
EP 5 months, 1 week ago.
- Author
  
  Posts
- September 11, 2018 at 12:29 pm #216797 Reply
  
  woody
  Da Boss
  
  I see 127 individual patches in the Microsoft Update Catalog.
  [See the full post at: September Windows/Office security patches]
  
  8 users thanked author for this post.
  
  cesmart4125,
  Elly,
  PhotM,
  Laptop Boy,
  DrBonzo,
  geekdom,
  alphacharlie,
  Microfix
- September 11, 2018 at 12:32 pm #216800 Reply
  
  PKCano
  Da Boss
  
  September 2018 Group B Security-only patches have been updated in AKB2000003.
  
  11 users thanked author for this post.
  
  Elly,
  Kranium,
  LH,
  SueW,
  Bill C.,
  Laptop Boy,
  woody,
  MikeFromMarkham,
  DrBonzo,
  geekdom,
  Microfix
  - September 11, 2018 at 12:48 pm #216812 Reply
    
    anonymous
    
    Thank you!
    
    As a Group B member, this AKB resource is super-handy each month, as well as for occasionally rebuilding a system. I really appreciate the extra time it takes to keep this list accurate and up-to-date.
- September 11, 2018 at 12:44 pm #216808 Reply
  geekdom
  AskWoody Plus
  Beta Test
  Reporting on Windows 7 updates:
  
  Windows Malicious Software Removal Tool (KB890830)
  
  Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4457918)
  
  September Security Monthly Quality Rollup (KB4457144)
  
  All installed without error and the system rebooted without error.
  Please note that I have GWX Control Panel to prohibit Windows 10 upgrade.
  
  Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
  
  This reply was modified 5 months, 1 week ago by
  geekdom.
  
  This reply was modified 5 months, 1 week ago by
  geekdom.
  
  2 users thanked author for this post.
  
  Chessie,
  DrBonzo
- September 11, 2018 at 1:34 pm #216822 Reply
  
  Wazhai
  AskWoody Lounger
  
  Like usual, the newer the version of Windows, the more critical and important vulnerabilities that exist and have to be fixed.
  
  2 users thanked author for this post.
  
  Seff,
  Charlie
  - September 11, 2018 at 2:04 pm #216828 Reply
    
    Ed
    AskWoody Lounger
    
    This information is undoubtedly incorrect! Windows 10 is the best and most secure operating system EVER!
    
    /sarcasm off now, it appears my Sarcastic font has been rendered by M$
- September 11, 2018 at 2:12 pm #216832 Reply
  
  krzemien
  AskWoody Lounger
  
  Just updated my both Windows 8.1 & 10 x64 Home instances without issues.
- September 11, 2018 at 2:14 pm #216823 Reply
  
  anonymous
  
  In my desktop:
  Windows 10 (1803), KB4457128 (OS Build 17134.285) installed twice, perhaps because the Service Stack Update (SSU) (KB4456655) must be installed before the most recent cumulative update (LCU) (KB4457128) is installed.
  
  The LCU will not be reported as applicable until the SSU is installed.
- September 11, 2018 at 2:16 pm #216824 Reply
  
  anonymous
  
  Martin Brinkmann forgot to include Windows Server 2008 SP2 in his list. This month marks the first time Windows Server 2008 SP2 is serviced just like the other supported Windows Server OS with the choice of using a cumulative monthly rollup or a single security-only update.
  
  This change was announced by Microsoft last june in this blog:
  https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/
  
  Francis
  
  1 user thanked author for this post.
  
  woody
  - September 11, 2018 at 5:56 pm #216889 Reply
    
    EP
    AskWoody_MVP
    
    Martin already included the Windows Server 2008 SP2 security rollup & security only updates (KB4458010 and KB4457984)
- September 11, 2018 at 2:38 pm #216844 Reply
  
  Charlie
  AskWoody Plus
  
  Wazhai wrote:
  
  Like usual, the newer the version of Windows, the more critical and important vulnerabilities that exist and have to be fixed.
  
  You beat me to it, I was going to say almost the same thing. Way to go. Win 7 lives on. Not really any surprise there.
  
  Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B
- September 11, 2018 at 2:39 pm #216845 Reply
  geekdom
  AskWoody Plus
  If you are installing updates (beta testing), could you also provide the update names with numbers that installed or failed to install?
  
  Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
  
  This reply was modified 5 months, 1 week ago by
  geekdom.
  
  This reply was modified 5 months, 1 week ago by
  geekdom.
- September 11, 2018 at 3:32 pm #216857 Reply
  
  BobbyB
  AskWoody Lounger
  
  Here’s todays little “haul” for Win10x64 Home 1803 on a VHD captured at Boot/Log in time in the midst of my daily read 😉 , with metered set, and WUMT set to run at Log in with this little Task Scheduler trick. Of course hidden awaiting pending developments, seems to work and has been doing now for the last 2 Official (B) Patch Tuesdays may bring some relief with it set on Auto run at log in. The question is will it work with the 1809 upgrade next Month? I guess I will find out soon enough, it has done so far with Win10 1709 Home back in April/May.
  
  Attachments:
  You must be logged in to view attached files.
- September 11, 2018 at 4:16 pm #216866 Reply
  
  anonymous
  
  On our WSUS servers we are seeing detection logic problems for multiple .NET Framework updates.
  
  KBs: 4457914, 4457915, 4457916, 4457917 and 4457919 ares showing installed on a significant number of our WSUS client systems where none of those have been installed or for that matter had sufficient time to install them.
  
  Additionally none of those KBs have yet been approved on WSUS. However our configurations do allow Windows Update to be run locally to check back directly to Microsoft.
  
  The fact remains that WSUS clients are showing the mentioned KB as installed, and therefore not needed, when it is definitely not installed and is needed.
  
  Jim
  
  2 users thanked author for this post.
  
  columbia2011,
  woody
- September 11, 2018 at 4:24 pm #216870 Reply
  
  anonymous
  
  Updated my Win 7 pc’s last week for July & August security patches (Group B) along with Office 2010 patches (and ran manual chk for click to run for Office 2013 on other system). I held off downloading/installing KB4343900 (Spectre patch) as you advised. Should we still hold off on that patch,? And if so, the Sept patches will include an updated KB4343900 patch or would we first download/install Grouo B Sept security patches and then download/install KB4343900 when you raise the Defcon back to 4? Thx! Very appreciative!
  
  Edit to remove HTML
  - September 11, 2018 at 4:28 pm #216873 Reply
    
    PKCano
    Da Boss
    
    anonymous wrote:
    
    I held off downloading/installing KB4343900 (Spectre patch)
    
    KB4343900 is not a “Spectre patch.” KB4343900 is the 2018-08 Security Monthly Quality ROLLUP for Win7. If you are in Group B you do not install Rollups, even under DEFCON-4. Group B installs only the Security-only Updates. and the IE11 CU.
    
    3 users thanked author for this post.
    
    Elly,
    walker,
    woody
- September 11, 2018 at 5:16 pm #216878 Reply
  
  woody
  Da Boss
  
  @abbodi86 reporting in a different venue:
  
  In WSUS, all Windows 10 CUs and Windows 7/8.1 Monthly
  Rollups have two versions.
  
  The first is automatically expired of course, and the second is all
  dated 2018-09-09
  
  seems a last minute bug fix included 🙂
  
  4 users thanked author for this post.
  
  Elly,
  walker,
  columbia2011,
  geekdom
- September 11, 2018 at 9:57 pm #216943 Reply
  
  anonymous
  
  Information also here:
  https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-2018
  
  and here:
  https://support.microsoft.com/en-us/help/20180911/security-update-deployment-information-september-11-2018
  
  Regards
  Alitai
- September 12, 2018 at 1:24 pm #217061 Reply
  
  anonymous
  
  Win 8.1 x64 – updates installed – no problems found.
  
  Win 7 x32 starter – All updates installed, so far, no problems.
  
  I noticed discussion on a zero day, privilege escalation bug was patched.
  
  https://www.zerodayinitiative.com/blog/2018/9/11/the-september-2018-security-update-review
  
  “This CVE could allow an attacker to execute code on a target system just by convincing someone to view an image. That’s all the user interaction needed. Open the wrong image – even through a web browser – and code executes”
  
  That code might execute at system level, because kernel mode graphic drivers are involved. Patching that is my top priority. If something break, system restore has been very dependable.
  
  1 user thanked author for this post.
  
  RockJohny
- September 13, 2018 at 5:24 pm #217423 Reply
  EP
  AskWoody_MVP
  @woody:
  
  OH NO:(
  those problematic meltdown/spectre microcode updates (KB4100347, KB4090007, KB4091663, KB4091664 & KB4091666) that were released on 2018-07 are back on MS Update Catalog with new revised dates (9/13/2018). search for any of those updates and you will see.
  
  On a test machine with Win10 Pro v1703 (using an AMD Phenom II X4 processor), Windows Update offered KB4091663 dated today THU Sept. 13, 2018 [oh no 🙁 ]
  but I used WindowsUpdate MiniTool to immediately block/hide it
  
  This reply was modified 5 months, 1 week ago by
  EP.
  
  1 user thanked author for this post.
  
  BobbyB
- September 19, 2018 at 2:20 pm #218367 Reply
  
  fredcm3
  AskWoody Lounger
  
  I’ve been trying to figure out how to manage Windows 10 Updates without using WSUS (for good reasons not on topic here). I finally had a DOH!! moment. I was under the assumption that deferring Windows updates would put them more under our control. Well, “control” can mean a lot of things I guess….
  
  We’ve been deferring updates on most computers and testing on a few others. This led to questions like:
  – If an update is deferred, how do we know this?
  – If an update is deferred, when was it deferred or when will it be installed (date)?
  – If an update is deferred, how do we proceed to install it NOW?
  and so forth….
  
  It suddenly occurred to me that we aren’t expected to be that much in control. Microsoft will manage the deferrals AND the installations AND …… so that there’s nothing but a few settings for us to make.
  
  It would be a bit more assuring if the deferral settings were actually being met. But no, deferrals of 365 days end up being more like 120 days in reality. hmmmm…..
  
  Why is it so hard to understand and interact with anyway?
- Author
  
  Posts
Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

Reply To: September Windows/Office security patches
You can use BBCodes to format your content.
Your account can't use Advanced BBCodes, they will be stripped before saving.

Your information:

Website:

Cancel
Comments are closed.

Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced.