News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • September Windows/Office security patches

    Home Forums AskWoody blog September Windows/Office security patches

    Viewing 16 reply threads
    • Author
      Posts
      • #216797
        woody
        Manager

        I see 127 individual patches in the Microsoft Update Catalog.
        [See the full post at: September Windows/Office security patches]

        8 users thanked author for this post.
      • #216800
        PKCano
        Manager

        September 2018 Group B Security-only patches have been updated in AKB2000003.

        11 users thanked author for this post.
        • #216812
          anonymous
          Guest

          Thank you!

          As a Group B member, this AKB resource is super-handy each month, as well as for occasionally rebuilding a system. I really appreciate the extra time it takes to keep this list accurate and up-to-date.

      • #216808
        geekdom
        AskWoody Plus

        Beta Test
        Reporting on Windows 7 updates:

        • Windows Malicious Software Removal Tool (KB890830)
        • Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB4457918)
        • September Security Monthly Quality Rollup (KB4457144)

        All installed without error and the system rebooted without error.
        Please note that I have GWX Control Panel to prohibit Windows 10 upgrade.

        On Hiatus {with backup and coffee}
        offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
        offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
        online▸ Win10Pro 20H2.19042.804 x64 i5-9400 RAM16GB HDD Firefox86.0 WindowsDefender TRV=20H2 WuMgr
        2 users thanked author for this post.
      • #216822
        Wazhai
        AskWoody Lounger

        Like usual, the newer the version of Windows, the more critical and important vulnerabilities that exist and have to be fixed.

        2 users thanked author for this post.
        • #216828
          Ed
          AskWoody Lounger

          This information is undoubtedly incorrect! Windows 10 is the best and most secure operating system EVER!

          /sarcasm off now, it appears my Sarcastic font has been rendered by M$

      • #216832
        krzemien
        AskWoody Lounger

        Just updated my both Windows 8.1 & 10 x64 Home instances without issues.

      • #216823
        anonymous
        Guest

        In my desktop:
        Windows 10 (1803), KB4457128 (OS Build 17134.285) installed twice, perhaps because the Service Stack Update (SSU) (KB4456655) must be installed before the most recent cumulative update (LCU) (KB4457128) is installed.

        The LCU will not be reported as applicable until the SSU is installed.

      • #216824
        anonymous
        Guest

        Martin Brinkmann forgot to include Windows Server 2008 SP2 in his list. This month marks the first time Windows Server 2008 SP2 is serviced just like the other supported Windows Server OS with the choice of using a cumulative monthly rollup or a single security-only update.

        This change was announced by Microsoft last june in this blog:
        https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/

        Francis

        1 user thanked author for this post.
        • #216889
          EP
          AskWoody_MVP

          Martin already included the Windows Server 2008 SP2 security rollup & security only updates (KB4458010 and KB4457984)

      • #216844
        Charlie
        AskWoody Plus

        Like usual, the newer the version of Windows, the more critical and important vulnerabilities that exist and have to be fixed.

        You beat me to it, I was going to say almost the same thing.  Way to go.  Win 7 lives on.  Not really any surprise there.

      • #216845
        geekdom
        AskWoody Plus

        If you are installing updates (beta testing), could you also provide the update names with numbers that installed or failed to install?

        On Hiatus {with backup and coffee}
        offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender TRV=1909 WuMgr
        offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
        online▸ Win10Pro 20H2.19042.804 x64 i5-9400 RAM16GB HDD Firefox86.0 WindowsDefender TRV=20H2 WuMgr
      • #216857
        BobbyB
        AskWoody Lounger

        Here’s todays little “haul” for Win10x64 Home 1803 on a VHD captured at Boot/Log in time in the midst of my daily read 😉 , with metered set, and WUMT set to run at Log in with this little Task Scheduler trick. Of course hidden awaiting pending developments, seems to work and has been doing now for the last 2 Official (B) Patch Tuesdays may bring some relief with it set on Auto run at log in. The question is will it work with the 1809 upgrade next Month? I guess I will find out soon enough, it has done so far with Win10 1709 Home back in April/May.
        Win10-Home-1803-WUMT-run-at-Boot

        Attachments:
      • #216866
        anonymous
        Guest

        On our WSUS servers we are seeing detection logic problems for multiple .NET Framework updates.

        KBs: 4457914, 4457915, 4457916, 4457917 and 4457919 ares showing installed on a significant number of our WSUS client systems where none of those have been installed or for that matter had sufficient time to install them.

        Additionally none of those KBs have yet been approved on WSUS.  However our configurations do allow Windows Update to be run locally to check back directly to Microsoft.

        The fact remains that WSUS clients are showing the mentioned KB as installed, and therefore not needed, when it is definitely not installed and is needed.

         

        Jim

        2 users thanked author for this post.
      • #216870
        anonymous
        Guest

        Updated my Win 7 pc’s last week for July & August security patches (Group B) along with Office 2010 patches (and ran manual chk for click to run for Office 2013 on other system). I held off downloading/installing KB4343900 (Spectre patch) as you advised. Should we still hold off on that patch,? And if so, the Sept patches will include an updated KB4343900 patch or would we first download/install Grouo B Sept security patches and then download/install KB4343900 when you raise the Defcon back to 4? Thx! Very appreciative!

        Edit to remove HTML

        • #216873
          PKCano
          Manager

          I held off downloading/installing KB4343900 (Spectre patch)

          KB4343900 is not a “Spectre patch.” KB4343900 is the 2018-08 Security Monthly Quality ROLLUP for Win7. If you are in Group B you do not install Rollups, even under DEFCON-4. Group B installs only the Security-only Updates. and the IE11 CU.

          3 users thanked author for this post.
      • #216878
        woody
        Manager

        @abbodi86 reporting in a different venue:

        In WSUS, all Windows 10 CUs and Windows 7/8.1 Monthly
        Rollups have two versions.

        The first is automatically expired of course, and the second is all
        dated 2018-09-09

        seems a last minute bug fix included 🙂

        4 users thanked author for this post.
      • #216943
        anonymous
        Guest
      • #217061
        anonymous
        Guest

        Win 8.1 x64 – updates installed – no problems found.

        Win 7 x32 starter – All updates installed, so far, no problems.

        I noticed discussion on a zero day, privilege escalation bug was patched.

        https://www.zerodayinitiative.com/blog/2018/9/11/the-september-2018-security-update-review

        “This CVE could allow an attacker to execute code on a target system just by convincing someone to view an image. That’s all the user interaction needed. Open the wrong image – even through a web browser – and code executes”

        That code might execute at system level, because kernel mode graphic drivers are involved.  Patching that is my top priority.   If something break, system restore has been very dependable.

        1 user thanked author for this post.
      • #217423
        EP
        AskWoody_MVP

        @woody:

        OH NO:(
        those problematic meltdown/spectre microcode updates (KB4100347, KB4090007, KB4091663, KB4091664 & KB4091666) that were released on 2018-07 are back on MS Update Catalog with new revised dates (9/13/2018). search for any of those updates and you will see.

        On a test machine with Win10 Pro v1703 (using an AMD Phenom II X4 processor), Windows Update offered KB4091663 dated today THU Sept. 13, 2018 [oh no 🙁 ]
        but I used WindowsUpdate MiniTool to immediately block/hide it

        1 user thanked author for this post.
      • #218367
        fredcm3
        AskWoody Lounger

        I’ve been trying to figure out how to manage Windows 10 Updates without using WSUS (for good reasons not on topic here).  I finally had a DOH!! moment.  I was under the assumption that deferring Windows updates would put them more under our control.  Well, “control” can mean a lot of things I guess….

        We’ve been deferring updates on most computers and testing on a few others.  This led to questions like:
        – If an update is deferred, how do we know this?
        – If an update is deferred, when was it deferred or when will it be installed (date)?
        – If an update is deferred, how do we proceed to install it NOW?
        and so forth….

        It suddenly occurred to me that we aren’t expected to be that much in control.  Microsoft will manage the deferrals AND the installations AND …… so that there’s nothing but a few settings for us to make.

        It would be a bit more assuring if the deferral settings were actually being met.  But no,  deferrals of 365 days end up being more like 120 days in reality.  hmmmm…..

        Why is it so hard to understand and interact with anyway?

    Viewing 16 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: September Windows/Office security patches

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.