Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • The usual non-security update previews are out, along with three non-security patches for Server 2008

    Home Forums AskWoody blog The usual non-security update previews are out, along with three non-security patches for Server 2008

    This topic contains 31 replies, has 10 voices, and was last updated by  ch100 2 weeks, 6 days ago.

    • Author
      Posts
    • #129564 Reply

      woody
      Da Boss

      More of the usual. KB 4034670 – Preview of the non-security part of next month’s Win 7 Monthly Rollup KB 4034663 – Preview of the non-security part of
      [See the full post at: The usual non-security update previews are out, along with three non-security patches for Server 2008]

      1 user thanked author for this post.
    • #129567 Reply

      abbodi86
      AskWoody MVP

      I think the articles were too generic (i.e. does not list the changes), thus temporary down for revising

      or they are waiting for the .NET blog post to be ready

      2 users thanked author for this post.
    • #129569 Reply

      ky41083
      AskWoody Lounger

      Well, let’s start here… they have this list of issues to fix, some of which have been on this list since .NET 4.7 was first¬†released.

      https://support.microsoft.com/en-us/help/4015088/known-issues-in-the-net-framework-4-7

      Most of those issues were recently fixed on Windows 10 1703 by a¬†1703 rollup. As¬†.NET 4.7 is considered part of 1703, it gets patched by Windows only rollups, outside of and in addition to (I’m assuming) the usual .NET rollups. Annoyed¬†yet?

      Now, MS is trying to bring those fixes (if not more) to all the other supported platforms. To date, this list of known issues, and lack of reasonable fixes, is the reason I have not deployed .NET 4.7 yet.

      My guess, they are trying to get the .NET releases right, so people finally start deploying .NET 4.7 in the enterprise…

      1 user thanked author for this post.
    • #129576 Reply

      abbodi86
      AskWoody MVP

      FYI, since July 2017 Preview, 4.6/4.6.1/4.6.2/4.7 updates had been reconciled (Microsoft wording) into one rollup update for all of them, and it’s based on 4.7 version

      so even if you don’t install 4.7, you still get its updates on top of your downlevel version starting 4.6

      4.5.2 is still separate

      2 users thanked author for this post.
      • #129577 Reply

        ky41083
        AskWoody Lounger

        I don’t “think?” the .NET 4.7 bits apply if you are on an older .NET, say 4.6.2 for example. I know when I run ngen.exe it still outputs the version code for 4.6.2…

        Then on machines where 1703 has been installed, I am seeing the newer version code for .NET 4.7 when executing ngen.exe.

        Not sure if that means the 4.7 specific changes in the 4.7 tagged rollups sit and wait until 4.7 is installed, or, if those rollups would reappear in WU after a¬†fresh 4.7 upgrade, to be reapplied… and probably won’t find out till the end of this month.

        • #129586 Reply

          abbodi86
          AskWoody MVP

          Well, i’m not saying this as analysis or opinion, it’s a fact ūüôā

          the rollup updates part of the installed Framework, not all of it, and the changes and installed 4.7 files will become active

          for Windows 8.1 (CBS), installing 4.7 later will not need to reinstall the rollup
          but for Windows 7 (MSI), the rollup needs reinstallation after 4.7

          1 user thanked author for this post.
          • #129761 Reply

            ky41083
            AskWoody Lounger

            The way I read your post, it sounded like you were saying the 4.7 bits install and become active, even if you don’t install the 4.7 update itself. Thank you for clarifying ?

            1 user thanked author for this post.
    • #129582 Reply

      MrBrian
      AskWoody MVP

      Revision 101 of https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in doesn’t mention the .NET monthly preview rollups. Revision 99 that was current earlier today did mention the .NET monthly preview rollups.

    • #129578 Reply

      anonymous

      I would say that KB4019276 to add TLS 1.1 and 1.2 on Win 2008 SP2 is interesting.

      It is not categorized as security by MS, nor is it a security patch in the usual sense. More like a feature add.

      But I would say that this feature add once installed (and configured!) improves security for schannel dependent communications. Arguably to a great extent depending on what the services are.
      -Jim

      1 user thanked author for this post.
    • #129672 Reply

      anonymous

      Does Windows 8.1 suffer from this wordpad crash?

    • #129683 Reply

      anonymous

      I have been declining “Preview” updates in WSUS as, from what I understand, these are beta/test versions of updates to be realised in the future.

      Is this the correct thing to do?

      • #129685 Reply

        PKCano
        AskWoody MVP

        The “Previews” are the pre-release of the Rollup.
        For example, the “Preview” of the August 2017 Security Monthly Quality Rollup will contain the August Rollup + the non-security patches for September. In Sept, it will be combined with the security updates to make the September Rollup.

        Although it supposedly contains the finished next month’s non-security updates, it is really for testing for those who need to be sure it is “going to work.” So, unless you are in the testing mode, let someone else be the Guinea Pig.

        It is usually a rule not to install unchecked updates anyway.

        • #129698 Reply

          anonymous

          I never understood the whole “Don’t install unchecked updates” philosophy. I never install the preview rollups, but anything else I do check off and never had a problem. I’ve never had a reason not to install them unless it was some Windows 10 upgrade thing or preview rollup.

    • #129730 Reply

      Geo
      AskWoody Lounger

      Group A guinea pig.  Win 7 SP1 X64 home premium.  Took the full updates. So far nothing happened out of the ordinary.

      1 user thanked author for this post.
    • #129753 Reply

      radosuaf
      AskWoody Lounger

      No sign of block for Skylake in Windows 8.1 :). According to this one:

      https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/

      they should be already starting to get us cut off :). Is anybody following the situation with Kaby Lake? Is the block present in the latest rollups?

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit + Windows 10 Mobile 1607 (Lumia 735)
    • #129760 Reply

      ky41083
      AskWoody Lounger

      Can anyone familiar enough with the code chime in here? Is the function that detects “newer” CPU’s something variable that can be coded once and just keep working, or is it more of a static list that MS will have to actively add newer gen CPU’s to, until software EoL?

      • This reply was modified 1 month ago by  ky41083. Reason: Removed redundant quote, wups
      • #129850 Reply

        MrBrian
        AskWoody MVP

        You could ask at https://github.com/zeffy/wufuc.

        • This reply was modified 1 month ago by  MrBrian.
        1 user thanked author for this post.
        • #130033 Reply

          ky41083
          AskWoody Lounger

          Ick, hate reading decompiled code… especially hate reading assembly code, makes my head hurt.

          Based on what’s there, it would appear to be a static list that needs updating for marking additional CPU’s as “unsupported”. Unless I missed it, the actual list isn’t in the posted Github code, being that the Github code is just overriding the result returned from the function that looks at the list, not the actual list itself.

          Based on the way the evaluation is written, it defaults the CPU type to “supported”, and only changes it to “unsupported” if the function that references the list returns a hit from said list.

          Basically, all CPU’s default to supported, until they are added to a blacklist check MS clearly went out of the way to add, as this whole “IsCpuSupported” function did not exist in the code until very recently.

          Which we more or less already knew. It is nice to see the code though. And going forward, know that CPU’s will default to supported, until MS gets around to adding them to the blacklist, and updating the blacklist via Windows updates.

          So, to finally answer my own question, lol… newer CPU’s MS deems “unsupported” will in fact work, until they are cut off by a future update.

          My big WTF here and now is, what about hypervisors that pass through the CPU ID, rather than emulate it, like VMware. This blacklist check means you HAVE to run the Github posted memory patch referenced above, especially in an enterprise environment, in order to test future updates on Win 7/8.1 VM’s, hosted on systems using any blacklisted CPU.

          1 user thanked author for this post.
          • #130037 Reply

            ch100
            AskWoody MVP

            what about hypervisors that pass through the CPU ID, rather than emulate it, like VMware.

            As far as I know, none of the hypervisors emulate CPU or RAM resources. They are managed, scheduled, but not emulated.

            • #130039 Reply

              ky41083
              AskWoody Lounger

              That’s how¬†I meant it, and it’s too late to edit above now…

              I meant, that hypervisors like VMware, don’t emulate the CPU to the guest, they use passthrough instead, because it’s more efficient.

              Hypervisors like QEMU, do emulate the CPU to the guest, at an increase in overhead.

              Hence, old VM’s migrated to new hardware will be immediately effected by all this, on the more efficient hypervisors enterprises are using.

              • This reply was modified 1 month ago by  ky41083. Reason: Added emulation case
            • #130044 Reply

              ch100
              AskWoody MVP

              Hypervisors like QEMU, do emulate the CPU to the guest, at an increase in overhead.

              XenServer hypervisor which uses QEMU emulation for I/O (without XenServer Tools installed) does passthrough of the CPU resources and RAM.
              I don’t know of any hypervisor emulating CPU.
              Maybe KVM?

            • #130046 Reply

              ky41083
              AskWoody Lounger

              From: https://en.wikipedia.org/wiki/QEMU

              “QEMU is a hosted virtual machine monitor: it emulates CPUs through dynamic binary translation and provides a set of device models, enabling it to run a variety of unmodified guest operating systems.”

              You have to¬†mix QEMU with things like Xen or KVM to remove¬†the CPU emulation overhead. For example, using only QEMU’s I/O emulation layer on top of Xen, as you cited. From same source:

              “QEMU is involved only in the emulation of hardware; the execution of the guest is done within Xen and is totally hidden from QEMU.”

              KVM definitely doesn’t do CPU emulation, and can interact similarly with QEMU like¬†Xen does.

              Basically, the CPU passthrough you are seeing on Xen, is the Xen layer, not the QEMU layer.

              1 user thanked author for this post.
          • #130051 Reply

            MrBrian
            AskWoody MVP
    • #129916 Reply

      abbodi86
      AskWoody MVP
    • #130451 Reply

      PerthMike
      AskWoody Lounger

      I would say that KB4019276 to add TLS 1.1 and 1.2 on Win 2008 SP2 is interesting. It is not categorized as security by MS, nor is it a security patch in the usual sense. More like a feature add. But I would say that this feature add once installed (and configured!) improves security for schannel dependent communications. Arguably to a great extent depending on what the services are. -Jim

      Indeed, I find this VERY interesting, since it really does qualify as a security patch if you run any sort of web server (in our case, our OWA) on a 2008 non-R2 server. Suddenly adding TLS 1.2 support to an internet-facing web server is a bit security fix for us.

      Looks like there’s already been reports that installing this patch breaks FTP functionality (somehow screws up the ftp protocol packets), but I can live with that.

      COBOL programmers understand why women hate periods.

      • #130551 Reply

        anonymous

        Anyone faces any issue on the patch KB4019276 for supporting TLS 1.2 client? We installed the patch in our Windows Server 2008 SP2, and even though the TLS 1.2 server works, but the client does not, meaning we cannot connect to our client’s web API successfully because the client’s web API only supports TLS 1.2 which are not supported by sChannel in Windows Server 2008 SP2.

        Anyone is aware of whether Microsoft plans to come out with the updated cipher suites for TLS 1.2 for Windows Server 2008 SP2?

    • #131469 Reply

      abbodi86
      AskWoody MVP

      It seems .NET is going to get new Rollups soon (tonight?), and they are Security ones

      https://support.microsoft.com/en-us/help/4035038

      Notice

      Previously, the .NET Framework Preview of Quality Rollup (KB 4035038) was released as an optional update. The improvements that were delivered in the Preview of Quality Rollup are now available in a Security and Quality Rollup (KB 4039114) as a recommended update. No new improvements were added since the Preview of Quality Rollup was released.

      • #131475 Reply

        woody
        Da Boss

        Oh man. What a mess this month has been!

        • #131554 Reply

          abbodi86
          AskWoody MVP

          Well, nothing out yet (too early KB revision?)

          but it’s interesting to see that KB4035038 article description itself and all sub-articles changed from “August 2017 Preview Rollups” to “Security and Quality Rollups”

          this only applies to Windows 8.1 articles, Windows 7 still have the old description
          https://support.microsoft.com/en-us/help/4035036

          • #131557 Reply

            ch100
            AskWoody MVP

            This one would be catalog only, at least for now.
            It should not be of most readers concern.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: The usual non-security update previews are out, along with three non-security patches for Server 2008

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.