Time for the general August patching shoe to drop.
Late final night time Microsoft launched a flurry of patches, posting them at the Microsoft Update Catalog. Some are to be had via Windows Update, some don’t seem to be.
As of early Friday morning, the Win10 patches are no longer to be had via WSUS, the replace server provider. It’s no longer transparent if that’s a mistake, a hesitation — or if any individual simply went house final night time and forgot.
Let’s listen it for patching predictability. And transparency.
The Win10 patches
Those of you with Win10 1803 get KB 4346783, which brings you as much as construct 17134.254. I discovered two of the fixes worthy of be aware:
- Addresses a topic that reasons pc certificates enrollment or renewal to fail with an “Access denied” error after putting in the April 2018 replace. Some admins on Reddit have been looking ahead to that repair, which have been promised for Tuesday.
- Addresses a topic that forestalls printing on a 64-bit OS when 32-bit packages impersonate different customers (normally by way of calling LogonUser). This factor happens after putting in per thirty days updates beginning with KB4034681, launched in August 2017. Which will come as welcome, if stale, information for builders who misplaced the aptitude a yr in the past.
Microsoft nonetheless hasn’t fastened the months-old trojan horse:
Launching Microsoft Edge the use of the New Application Guard Window might fail
and its resolution is to uninstall the Aug. 14 cumulative replace, set up the July 24 cumulative replace, then reinstall the Aug. 14 cumulative replace. Which, in a cumulative global, is unnecessary in any respect.
Folks who’re placing tight with Win10 1709 get KB 4343893, which brings you as much as construct 16299.637. There’s a protracted listing of adjustments, none of which appear specifically noteworthy.
If you’re the use of Win10 1703 — that’s nonetheless my selection for manufacturing machines — the brand new KB 4343889 brings you as much as construct 15063.1292. There’s a shorter listing of adjustments. Note that safety patches for 1703 will result in October. In six weeks or so, you’ll have to make a choice from 1709, 1803, or perhaps 1809. As it’s possible you’ll consider, I’ll be staring at the growing old procedure astutely.
@abbodi86 advises that, as of Friday morning:
Windows 10 Updates didn’t hit WSUS, even if 4346783 (1803) and 4343889 (1703) have been delivered as Dynamic Updates (i.e., characteristic improve partners)
There’s additionally a cumulative replace for Win10 1607/Server 2016, KB 4343884. Same outdated usual.
The Win7 and eight.1 Monthly Rollups
The Win7 Monthly Rollup Preview, KB 4343894, accommodates a significant trojan horse repair for Internet Explorer 11:
Addresses a topic in Internet Explorer 11 that can purpose a clean web page to seem for some redirects. Additionally, for those who open a web site that makes use of Active Directory Federation Services (AD FS) or Single sign-on (SSO), the web site is also unresponsive.
Which is a superb approach to describe a trojan horse that Microsoft offered within the Aug. 14 Monthly Rollup, KB 4343900, and within the Aug. 14 Internet Explorer Security-only replace, KB 4343205. As lengthy as you’re putting in Monthly Rollups, the sequencing works out al lright, however for those who’re manually putting in Security-only updates, the one approach to repair the trojan horse within the Aug. 14 Security-only patch is to put in this Monthly Rollup Preview. Which, once more, is unnecessary in any respect. Thx, @DrBonzo.
In addition, the traditional trojan horse with community interface controller drivers continues to be there:
There is a matter with Windows and third-party tool associated with a lacking record (oem<quantity>.inf). Because of this factor, after you follow this replace, the community interface controller will prevent running.
Not abruptly, the Win8.1 Monthly Rollup Preview, KB 4343891, appears to be like blank as a hound’s enamel.
The .Net mess, model three.1415a
We have been, uh, blessed in the midst of the night time with 3 new .Net Previews:
- KB 4346080 — August 2018 Preview of the Quality Rollups for .Net Framework three.five.1, four.five.2, four.6, four.6.1, four.6.2, four.7, four.7.1, and four.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4346080)
- KB 4346081 — August 2018 Preview of the Quality Rollups for .Net Framework three.five, four.five.2, four.6, four.6.1, four.6.2, four.7, four.7.1, and four.7.2 for Windows Server 2012
- KB 4346082 — August 2018 Preview of the Quality Rollups for .Net Framework three.five, four.five.2, four.6, four.6.1, four.6.2, four.7, four.7.1, and four.7.2 for Windows eight.1, RT eight.1, and Server 2012 R2
There are subsidiary KB articles that offer extra detailed explanations of the adjustments in those KBs. Again, I do not see anything else earth-shattering.
Intel microcode insanity
While you have been drowsing — or deliberately ignoring the increasingly more dismal information — Microsoft has additionally been piling on Intel microcode updates, directed at Meltdown and Spectre (variations 1, 2, three, 3a, four, n for n >=four). There is still confusion about why the Intel microcode updates get put in on AMD machines, what bits wish to be flipped through which registries, and whether or not firmware updates trump Windows patches. It’s a large number par excellence, with little documentation, and not anything legit that’s dependable. We have two energetic threads at the matter(s) on AskWoody, right here and right here.
Don’t find out about you, however I will be able to’t obtain the important thing Win10 1803 Intel microcode patch, KB 4100347. Susan Bradley has been asking Microsoft whether or not they’ve pulled the patch, and thus far the one reaction is crickets.
Of direction, we nonetheless haven’t observed any in-the-wild Meltdown or Spectre infections. When we do, the entire workout will indubitably grow to be a satisfying advertising alternative for a few producers.
What to do?
Sit tight. The cumulative updates are nonetheless too younger. And I by no means counsel that you simply set up Previews. There aren’t any important safety exploits which can be patched by way of the July or August crop of fixes (except you’re the use of IE in a Chinese corporate that’s change into a goal for North Korea). Let’s see if any undead get up over the lengthy weekend.
Most of Microsoft must be again to paintings by way of subsequent week anyway. We overlooked ya.
Thx, @abbodi86, @sb, @DrBonzo, @PKCano, @Kirsty.
Join the lengthy march to WinOblivion at the AskWoody Lounge.