Yes, we’re still at MS-DEFCON 2 – No need to install any September updates

Topic

New Reply

Yes, I read the email you probably read this morning. No, I don’t see any reason to recommend that most people update their machines — not yet. Here
[See the full post at: Yes, we’re still at MS-DEFCON 2 – No need to install any September updates]

4 users thanked author for this post.

Elly, Myst, geekdom, columbia2011

Reply | Quote

Replies

Thanks Woody.

What email?

2 users thanked author for this post.

b, geekdom

Reply | Quote

I’m guessing that you don’t subscribe to Windows Secrets Newsletter.

Reply | Quote

Ah! My sub expired this month and there’s no longer anything of interest in it to me as Patch Lady Susan is now here and the remaining articles are usually delving into the inner workings of Office and not much else, so I haven’t renewed.

2 users thanked author for this post.

woody, Cybertooth

Reply | Quote

Note on Susan’s patch list,

Windows 7 – the Monthly Quality Rollup is KB4457144 not 145.

Reply | Quote

New version of file “C:\Windows/system32/netevent.dll” caused wiped all messages in event manager (No MUI file found). My language is Czech, but before this change all events even in English was correct.

So all events which uses this dll are corrupted (for me is MEIx64 and e1dexpress).

File date is 12.8.2018 22:28 so i am not sure if is caused by September  or August update.

Win 7 64 bit

1 user thanked author for this post.

woody

Reply | Quote

@woody, you wrote that

Should you be rushing out to install all of this month’s Windows patches because of ALPC? I don’t think so. First, it’s a privilege execution exploit — in plain English, that means it’s only usable if a miscreant already has access to your computer.

I’ve seen this kind of vulnerability description before, but I’ve never been entirely clear on what exactly it means when somebody says “if they have access to your computer.” Does it mean if they are sitting at your keyboard, or can it also mean if they have hacked remotely into your computer?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

It would mean either sitting at your keyboard or the latter (remote access gained via a malware exploit). The upshot is that access is access, regardless of how such access was obtained.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Just a reminder that anyone phoning you and purporting to be from Microsoft or an ISP (often not yours, of course) and claiming to have noted an issue on your computer which they can fix should not be given remote access to it. That is a scam, and the only thing that will be done with your computer is the installation of malware.

I know it’s obvious, and nobody with the wit to frequent this site would fall for it, but I’ve just read an account in the UK news today of a professional financial adviser who fell for a con trick from financial fraudsters and lost almost a million pounds in the process. These people are trained to be convincing! Fortunately in that case the gang were caught and have been jailed for terms up to 13 years. They took just under 3 million pounds in total, including the life savings of a woman whose mother was struggling with cancer. Exercise caution, and don’t think it can’t happen to you!

3 users thanked author for this post.

GoneToPlaid, SueW, Cybertooth

Reply | Quote

This is the zero-day exploit for Task Scheduler revealed on Twitter by @SandboxEscaper

why do people always have to reveal exploits and security holes so that malware-******** can use it to infect other peoples computers?
wouldn’t it be enough to report it to microsoft so that they can fix it? no, it has to be public for malware to arise… i don’t get it…

Edit: Please refer to askwoody-lounge-rules regarding foul language.

PC: Windows 7 Ultimate, 64bit, Group B
Notebook: Windows 8.1, 64bit, Group B

Reply | Quote

Regarding KB4457144.  I have a laptop – Windows 7 Home Premium 64bit and a Desktop – Windows 7 Home Premium 32 bit. After installing update KB4457144 ie11 stopped working on both computers. I reset the IE advanced and security setting on both machines but that did not solve the problem. I also attempted to chat with Microsoft and after waiting over 40 minutes with no response I gave up.  I uninstalled the update on both machines and IE now works.  Anyone else have this problem?

RJS

Reply | Quote

See abbodi86 ‘s post below – IE11 Cumulative Update released 9/14

2 users thanked author for this post.

walker, woody

Reply | Quote

Question: I ~think~ I recall someone mentioning in a post for a Win7 Pro SP1 X64 Intel PC, getting the error 0X8000FFFF for the 9-2018 Secur-Only patch KB4457145. Still, I have the impression that this error ~generally~ hits the Rollup patch, ~not~ the Secur.-only. Correct?

Reply | Quote

Read abbodi86’s answer here:
https://www.askwoody.com/forums/topic/solution-for-the-error-0x8000fff-in-windows-7/#post-217455

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

2 users thanked author for this post.

walker, woody

Reply | Quote

Cumulative update for Internet Explorer for Windows 7 and Windows 8.1: September 14, 2018 (KB4463376)

catalog-only
likely will be included in the next Preview Rollup (unless they plan not to release one for this month)

5 users thanked author for this post.

walker, PKCano, Microfix, woody, geekdom

Reply | Quote

Just posted https://www.askwoody.com/2018/heads-up-new-cumulative-update-kb-4463376-for-internet-explorer-on-win7-8-1/

Reply | Quote

FWIW our company’s security guy was saying that the image exploit could be exploited even through Internet Explorer.  Eg, An ad with an exploited image appears.  Your computer downloads the image in order to display the ad banner.  You’re now compromised.

There’s been talk on a couple security forums (I don’t have access so I haven’t read) regarding this.  Could be an overreaction, but I don’t think so as the exploit is in how Windows handles pictures, not any specific application.

1 user thanked author for this post.

woody

Reply | Quote

After installing .NET security patches to address CVE-2018-8421, SharePoint 2010 workflows stop working (KB 4457916).
Here you can find a temporary solution: https://blogs.msdn.microsoft.com/rodneyviana/2018/09/13/after-installing-net-security-patches-to-address-cve-2018-8421-sharepoint-workflows-stop-working/

1 user thanked author for this post.

woody

Reply | Quote

Woody, don’t forget those of us still waiting on the fence with 1607 when you finally give the go ahead advice for September patches. Thanks in advance!

Reply | Quote

If you’re running 1607 (not LTSC), you need to move to 1709 or 1803 (or 1809) next month. There are too many exploits for 1607 running around — staying still isn’t safe.

Wait for the general advice about moving from 1703, which I’ll have early next month, then do it.

Reply | Quote

I  am still am getting the error code  Code 80073701.  Update KB4463376 updated fine.  Update KB3177467  also updated fine previously.  So is what you are waiting for possibly still going to fix this?  Thank you for keeping us updated.

Reply | Quote

Am installing Windows 7 September Updates on my Win 7 test virtual machine.

Offered to a system previously up to date “Group A” style: 3 Important updates only:

Beyond the normal Windows Update servers (ds.download.windowsupdate.com, fe2.update.microsoft.com, and download.windowsupdate.com), as usual lately both a setup.exe that was dropped in my TEMP folder and the Windows Installer tried to access http://www.microsoft.com online (but in both cases were denied by my firewall). Blocking this hasn’t caused any update failures in the recent past and as expected the updates seemed to go in okay again today. Sorry, Microsoft, but I’m no fan of software that unexpectedly chooses to reach out to the Internet. I remember all too well when malware was what dropped executables into your TEMP folder and ran them.

Initial fitness for purpose testing hasn’t shown any new problems on this test VM so far, but of course I don’t do with it anywhere near all of what Windows can do (in other words, your mileage may vary; wait for Woody’s go-ahead).

In my case I am using Windows 7 to run a small server, so I am concerned about getting my testing done and getting the updates on my hardware to mitigate the potential new packet fragmentation vulnerability. I’ll report back here, of course, if I find any problems.

-Noel

2 users thanked author for this post.

jburk07, Elly

Reply | Quote

I was just wondering if there was any information on any progress regarding this issue?  Not sure how this forum works.  Was it addressed somewhere else?  Curiosity only.

 

Reply | Quote

@krutzy Keep an eye on the MS-DEFCON indicator at the top of the page, when it switches to 3 or 4 it will be safe to patch. Patches are currently being checked and tested for September across all (in support) versions of Windows so, there’s quite a lot to check.
Instructions will then be given on methodology of patching, just in case there are any pitfalls! Just hang in there..

Win8.1/R2 Hybrid lives on..

2 users thanked author for this post.

Elly, krutzy

Reply | Quote

NTDBD here, reporting in with patch results:

Installed .NET KB4457918 and KB4457144 (Win 7 Sept Rollup…and…(drum roll)

No issues. (Yet.) (Stage Dir: Cue last two bars  of the “Hallelujah Chorus”, then fall over.)

Thanks Woody, Patch Lady!!

(BTW, does KB stand for “Kibbles and Bits”?)

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Nine out of 10 doctors say Acid Reflux is mainly caused by computers."

1 user thanked author for this post.

krutzy

Reply | Quote

So NTDFBD, installing KB4457918 fixed the error?

Reply | Quote

It had already been installed previously, in Sept. 2017, so there was no issue for me on that one.

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Nine out of 10 doctors say Acid Reflux is mainly caused by computers."

1 user thanked author for this post.

krutzy

Reply | Quote

Ok, I didn’t have that installed which is why I asked.  Appreciate.  I will just wait until some more movement.

Reply | Quote

Well it seems all well now.  Everything seems to be fixed with:

2018-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4459922)

Thanks to everyone!

Reply | Quote