• Yes, we’re still at MS-DEFCON 2 – No need to install any September updates

    Home » Forums » Newsletter and Homepage topics » Yes, we’re still at MS-DEFCON 2 – No need to install any September updates


    Yes, I read the email you probably read this morning. No, I don’t see any reason to recommend that most people update their machines — not yet. Here
    [See the full post at: Yes, we’re still at MS-DEFCON 2 – No need to install any September updates]

    4 users thanked author for this post.
    Viewing 16 reply threads
    • #217529

      Thanks Woody.

      What email?

      2 users thanked author for this post.
      • #217552

        I’m guessing that you don’t subscribe to Windows Secrets Newsletter.

        • #217559

          Ah! My sub expired this month and there’s no longer anything of interest in it to me as Patch Lady Susan is now here and the remaining articles are usually delving into the inner workings of Office and not much else, so I haven’t renewed.

          2 users thanked author for this post.
    • #217536

      Note on Susan’s patch list,

      Windows 7 – the Monthly Quality Rollup is KB4457144 not 145.

    • #217548

      New version of file “C:\Windows/system32/netevent.dll” caused wiped all messages in event manager (No MUI file found). My language is Czech, but before this change all events even in English was correct.

      So all events which uses this dll are corrupted (for me is MEIx64 and e1dexpress).

      File date is 12.8.2018 22:28 so i am not sure if is caused by September  or August update.

      Win 7 64 bit

      1 user thanked author for this post.
    • #217570

      @woody, you wrote that

      Should you be rushing out to install all of this month’s Windows patches because of ALPC? I don’t think so. First, it’s a privilege execution exploit — in plain English, that means it’s only usable if a miscreant already has access to your computer.

      I’ve seen this kind of vulnerability description before, but I’ve never been entirely clear on what exactly it means when somebody says “if they have access to your computer.” Does it mean if they are sitting at your keyboard, or can it also mean if they have hacked remotely into your computer?


      • #217588

        It would mean either sitting at your keyboard or the latter (remote access gained via a malware exploit). The upshot is that access is access, regardless of how such access was obtained.

        1 user thanked author for this post.
        • #217609

          Just a reminder that anyone phoning you and purporting to be from Microsoft or an ISP (often not yours, of course) and claiming to have noted an issue on your computer which they can fix should not be given remote access to it. That is a scam, and the only thing that will be done with your computer is the installation of malware.

          I know it’s obvious, and nobody with the wit to frequent this site would fall for it, but I’ve just read an account in the UK news today of a professional financial adviser who fell for a con trick from financial fraudsters and lost almost a million pounds in the process. These people are trained to be convincing! Fortunately in that case the gang were caught and have been jailed for terms up to 13 years. They took just under 3 million pounds in total, including the life savings of a woman whose mother was struggling with cancer. Exercise caution, and don’t think it can’t happen to you!

          3 users thanked author for this post.
    • #217589

      This is the zero-day exploit for Task Scheduler revealed on Twitter by @SandboxEscaper

      why do people always have to reveal exploits and security holes so that malware-******** can use it to infect other peoples computers?
      wouldn’t it be enough to report it to microsoft so that they can fix it? no, it has to be public for malware to arise… i don’t get it…

      Edit: Please refer to askwoody-lounge-rules regarding foul language.

      PC: Windows 7 Ultimate, 64bit, Group B
      Notebook: Windows 8.1, 64bit, Group B

    • #217591

      Regarding KB4457144.  I have a laptop – Windows 7 Home Premium 64bit and a Desktop – Windows 7 Home Premium 32 bit. After installing update KB4457144 ie11 stopped working on both computers. I reset the IE advanced and security setting on both machines but that did not solve the problem. I also attempted to chat with Microsoft and after waiting over 40 minutes with no response I gave up.  I uninstalled the update on both machines and IE now works.  Anyone else have this problem?


    • #217592

      Question: I ~think~ I recall someone mentioning in a post for a Win7 Pro SP1 X64 Intel PC, getting the error 0X8000FFFF for the 9-2018 Secur-Only patch KB4457145. Still, I have the impression that this error ~generally~ hits the Rollup patch, ~not~ the Secur.-only. Correct?

    • #217605

      Cumulative update for Internet Explorer for Windows 7 and Windows 8.1: September 14, 2018 (KB4463376)

      likely will be included in the next Preview Rollup (unless they plan not to release one for this month)

      5 users thanked author for this post.
      • #217624

        Just posted https://www.askwoody.com/2018/heads-up-new-cumulative-update-kb-4463376-for-internet-explorer-on-win7-8-1/

    • #217633

      FWIW our company’s security guy was saying that the image exploit could be exploited even through Internet Explorer.  Eg, An ad with an exploited image appears.  Your computer downloads the image in order to display the ad banner.  You’re now compromised.

      There’s been talk on a couple security forums (I don’t have access so I haven’t read) regarding this.  Could be an overreaction, but I don’t think so as the exploit is in how Windows handles pictures, not any specific application.

      1 user thanked author for this post.
    • #217945

      After installing .NET security patches to address CVE-2018-8421, SharePoint 2010 workflows stop working (KB 4457916).
      Here you can find a temporary solution: https://blogs.msdn.microsoft.com/rodneyviana/2018/09/13/after-installing-net-security-patches-to-address-cve-2018-8421-sharepoint-workflows-stop-working/

      1 user thanked author for this post.
    • #217965

      Woody, don’t forget those of us still waiting on the fence with 1607 when you finally give the go ahead advice for September patches. Thanks in advance!

      • #217972

        If you’re running 1607 (not LTSC), you need to move to 1709 or 1803 (or 1809) next month. There are too many exploits for 1607 running around — staying still isn’t safe.

        Wait for the general advice about moving from 1703, which I’ll have early next month, then do it.

        • #217976

          I  am still am getting the error code  Code 80073701.  Update KB4463376 updated fine.  Update KB3177467  also updated fine previously.  So is what you are waiting for possibly still going to fix this?  Thank you for keeping us updated.

    • #217973

      Am installing Windows 7 September Updates on my Win 7 test virtual machine.

      Offered to a system previously up to date “Group A” style: 3 Important updates only:


      Beyond the normal Windows Update servers (ds.download.windowsupdate.com, fe2.update.microsoft.com, and download.windowsupdate.com), as usual lately both a setup.exe that was dropped in my TEMP folder and the Windows Installer tried to access http://www.microsoft.com online (but in both cases were denied by my firewall). Blocking this hasn’t caused any update failures in the recent past and as expected the updates seemed to go in okay again today. Sorry, Microsoft, but I’m no fan of software that unexpectedly chooses to reach out to the Internet. I remember all too well when malware was what dropped executables into your TEMP folder and ran them.

      Initial fitness for purpose testing hasn’t shown any new problems on this test VM so far, but of course I don’t do with it anywhere near all of what Windows can do (in other words, your mileage may vary; wait for Woody’s go-ahead).

      In my case I am using Windows 7 to run a small server, so I am concerned about getting my testing done and getting the updates on my hardware to mitigate the potential new packet fragmentation vulnerability. I’ll report back here, of course, if I find any problems.


      2 users thanked author for this post.
    • #219246

      I was just wondering if there was any information on any progress regarding this issue?  Not sure how this forum works.  Was it addressed somewhere else?  Curiosity only.


      • #219248

        @krutzy Keep an eye on the MS-DEFCON indicator at the top of the page, when it switches to 3 or 4 it will be safe to patch. Patches are currently being checked and tested for September across all (in support) versions of Windows so, there’s quite a lot to check.
        Instructions will then be given on methodology of patching, just in case there are any pitfalls! Just hang in there..

        Win8.1/R2 Hybrid lives on..
        2 users thanked author for this post.
    • #219936

      NTDBD here, reporting in with patch results:

      Installed .NET KB4457918 and KB4457144 (Win 7 Sept Rollup…and…(drum roll)

      No issues. (Yet.) (Stage Dir: Cue last two bars  of the “Hallelujah Chorus”, then fall over.)

      Thanks Woody, Patch Lady!!

      (BTW, does KB stand for “Kibbles and Bits”?)

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
      "Nine out of 10 doctors say Acid Reflux is mainly caused by computers."

      1 user thanked author for this post.
    • #219950

      So NTDFBD, installing KB4457918 fixed the error?

      • #219992

        It had already been installed previously, in Sept. 2017, so there was no issue for me on that one.

        Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
        "Nine out of 10 doctors say Acid Reflux is mainly caused by computers."

        1 user thanked author for this post.
    • #220042

      Ok, I didn’t have that installed which is why I asked.  Appreciate.  I will just wait until some more movement.

    • #224271

      Well it seems all well now.  Everything seems to be fixed with:

      2018-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4459922)

      Thanks to everyone!

    Viewing 16 reply threads
    Reply To: Yes, we’re still at MS-DEFCON 2 – No need to install any September updates

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: