Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Yes, we’re still at MS-DEFCON 2 – No need to install any September updates

    Home Forums AskWoody blog Yes, we’re still at MS-DEFCON 2 – No need to install any September updates

    This topic contains 21 replies, has 15 voices, and was last updated by  krutzy 1 day, 6 hours ago.

    • Author
    • #217520 Reply

      Da Boss

      Yes, I read the email you probably read this morning. No, I don’t see any reason to recommend that most people update their machines — not yet. Here
      [See the full post at: Yes, we’re still at MS-DEFCON 2 – No need to install any September updates]

      4 users thanked author for this post.
    • #217529 Reply

      AskWoody Lounger

      Thanks Woody.

      What email?

      2 users thanked author for this post.
      • #217552 Reply

        Da Boss

        I’m guessing that you don’t subscribe to Windows Secrets Newsletter.

        • #217559 Reply

          AskWoody Lounger

          Ah! My sub expired this month and there’s no longer anything of interest in it to me as Patch Lady Susan is now here and the remaining articles are usually delving into the inner workings of Office and not much else, so I haven’t renewed.

          2 users thanked author for this post.
    • #217536 Reply


      Note on Susan’s patch list,

      Windows 7 – the Monthly Quality Rollup is KB4457144 not 145.

    • #217548 Reply

      AskWoody Lounger

      New version of file “C:\Windows/system32/netevent.dll” caused wiped all messages in event manager (No MUI file found). My language is Czech, but before this change all events even in English was correct.

      So all events which uses this dll are corrupted (for me is MEIx64 and e1dexpress).

      File date is 12.8.2018 22:28 so i am not sure if is caused by September  or August update.

      Win 7 64 bit

      1 user thanked author for this post.
    • #217570 Reply

      AskWoody Lounger

      @woody, you wrote that

      Should you be rushing out to install all of this month’s Windows patches because of ALPC? I don’t think so. First, it’s a privilege execution exploit — in plain English, that means it’s only usable if a miscreant already has access to your computer.

      I’ve seen this kind of vulnerability description before, but I’ve never been entirely clear on what exactly it means when somebody says “if they have access to your computer.” Does it mean if they are sitting at your keyboard, or can it also mean if they have hacked remotely into your computer?


      • #217588 Reply

        AskWoody Lounger

        It would mean either sitting at your keyboard or the latter (remote access gained via a malware exploit). The upshot is that access is access, regardless of how such access was obtained.

        1 user thanked author for this post.
        • #217609 Reply

          AskWoody Lounger

          Just a reminder that anyone phoning you and purporting to be from Microsoft or an ISP (often not yours, of course) and claiming to have noted an issue on your computer which they can fix should not be given remote access to it. That is a scam, and the only thing that will be done with your computer is the installation of malware.

          I know it’s obvious, and nobody with the wit to frequent this site would fall for it, but I’ve just read an account in the UK news today of a professional financial adviser who fell for a con trick from financial fraudsters and lost almost a million pounds in the process. These people are trained to be convincing! Fortunately in that case the gang were caught and have been jailed for terms up to 13 years. They took just under 3 million pounds in total, including the life savings of a woman whose mother was struggling with cancer. Exercise caution, and don’t think it can’t happen to you!

          3 users thanked author for this post.
    • #217589 Reply

      AskWoody Lounger

      This is the zero-day exploit for Task Scheduler revealed on Twitter by @SandboxEscaper

      why do people always have to reveal exploits and security holes so that malware-******** can use it to infect other peoples computers?
      wouldn’t it be enough to report it to microsoft so that they can fix it? no, it has to be public for malware to arise… i don’t get it…

      Edit: Please refer to askwoody-lounge-rules regarding foul language.

    • #217591 Reply

      AskWoody Lounger

      Regarding KB4457144.  I have a laptop – Windows 7 Home Premium 64bit and a Desktop – Windows 7 Home Premium 32 bit. After installing update KB4457144 ie11 stopped working on both computers. I reset the IE advanced and security setting on both machines but that did not solve the problem. I also attempted to chat with Microsoft and after waiting over 40 minutes with no response I gave up.  I uninstalled the update on both machines and IE now works.  Anyone else have this problem?


      • #217619 Reply

        AskWoody MVP

        See abbodi86 ‘s post below – IE11 Cumulative Update released 9/14

        1 user thanked author for this post.
    • #217592 Reply


      Question: I ~think~ I recall someone mentioning in a post for a Win7 Pro SP1 X64 Intel PC, getting the error 0X8000FFFF for the 9-2018 Secur-Only patch KB4457145. Still, I have the impression that this error ~generally~ hits the Rollup patch, ~not~ the Secur.-only. Correct?

    • #217605 Reply

      AskWoody MVP

      Cumulative update for Internet Explorer for Windows 7 and Windows 8.1: September 14, 2018 (KB4463376)

      likely will be included in the next Preview Rollup (unless they plan not to release one for this month)

      4 users thanked author for this post.
      • #217624 Reply

        Da Boss

        Just posted https://www.askwoody.com/2018/heads-up-new-cumulative-update-kb-4463376-for-internet-explorer-on-win7-8-1/

    • #217633 Reply

      AskWoody Lounger

      FWIW our company’s security guy was saying that the image exploit could be exploited even through Internet Explorer.  Eg, An ad with an exploited image appears.  Your computer downloads the image in order to display the ad banner.  You’re now compromised.

      There’s been talk on a couple security forums (I don’t have access so I haven’t read) regarding this.  Could be an overreaction, but I don’t think so as the exploit is in how Windows handles pictures, not any specific application.

      1 user thanked author for this post.
    • #217945 Reply

      AskWoody Lounger

      After installing .NET security patches to address CVE-2018-8421, SharePoint 2010 workflows stop working (KB 4457916).
      Here you can find a temporary solution: https://blogs.msdn.microsoft.com/rodneyviana/2018/09/13/after-installing-net-security-patches-to-address-cve-2018-8421-sharepoint-workflows-stop-working/

      1 user thanked author for this post.
    • #217965 Reply


      Woody, don’t forget those of us still waiting on the fence with 1607 when you finally give the go ahead advice for September patches. Thanks in advance!

      • #217972 Reply

        Da Boss

        If you’re running 1607 (not LTSC), you need to move to 1709 or 1803 (or 1809) next month. There are too many exploits for 1607 running around — staying still isn’t safe.

        Wait for the general advice about moving from 1703, which I’ll have early next month, then do it.

        • #217976 Reply

          AskWoody Lounger

          I  am still am getting the error code  Code 80073701.  Update KB4463376 updated fine.  Update KB3177467  also updated fine previously.  So is what you are waiting for possibly still going to fix this?  Thank you for keeping us updated.

    • #217973 Reply

      Noel Carboni
      AskWoody MVP

      Am installing Windows 7 September Updates on my Win 7 test virtual machine.

      Offered to a system previously up to date “Group A” style: 3 Important updates only:


      Beyond the normal Windows Update servers (ds.download.windowsupdate.com, fe2.update.microsoft.com, and download.windowsupdate.com), as usual lately both a setup.exe that was dropped in my TEMP folder and the Windows Installer tried to access http://www.microsoft.com online (but in both cases were denied by my firewall). Blocking this hasn’t caused any update failures in the recent past and as expected the updates seemed to go in okay again today. Sorry, Microsoft, but I’m no fan of software that unexpectedly chooses to reach out to the Internet. I remember all too well when malware was what dropped executables into your TEMP folder and ran them.

      Initial fitness for purpose testing hasn’t shown any new problems on this test VM so far, but of course I don’t do with it anywhere near all of what Windows can do (in other words, your mileage may vary; wait for Woody’s go-ahead).

      In my case I am using Windows 7 to run a small server, so I am concerned about getting my testing done and getting the updates on my hardware to mitigate the potential new packet fragmentation vulnerability. I’ll report back here, of course, if I find any problems.


      You must be logged in to view attached files.
      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Yes, we’re still at MS-DEFCON 2 – No need to install any September updates

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:

    Comments are closed.