With the coming of “Fourth Week” patches on the remaining running day of August, and having had a couple of days to vet them, it seems like we’re in a position to unlock the cracklin’ Kraken.
The steaming pile of Windows Intel microcode patches
Microsoft continues to unharness microcode patches for Meltdown and Spectre (variations 1, 2, three, 3a, four, n for n >=four). You received’t get stung via any of them, except you particularly move searching for bother.
Considering there nonetheless haven’t been any garden-variety Meltdown or Spectre assaults, I strongly recommend you forget about Microsoft’s Intel microcode patches, except you’re in command of a server that multitasks customers with delicate information. Wait until Microsoft (and Intel) will get the kinks labored out.
If you actually really feel like beta-testing for Microsoft, apply RetiredGeek’s suggestions for Meltdown/Spectre mitigations on 1803. Make particular word of the truth that he flashed his Dell XPS 8920 firmware previous to pursuing the Herculean labors.
Win7/Server 2008R2 Network Card insects proceed
Microsoft has a worm in its Win7 Monthly Rollup that’s been, uh, bugging us since March. If you put in any Win7/Server 2008R2 patches after March and your community connections didn’t move kablooey, you’re nearly indisputably OK to continue with this month’s patches.
On the opposite hand, for those who’ve been ready to put in patches on your Win7 or Server 2008R2 device, you wish to have to concentrate on a worm that Microsoft has said.
Symptom: There is a matter with Windows and third-party device this is associated with a lacking report (oem<quantity>.inf). Because of this factor, after you practice this replace, the community interface controller will forestall running.
Workaround: To find the community tool, release devmgmt.msc; it’s going to seem below Other Devices.
1. To mechanically rediscover the NIC and set up drivers, make a choice Scan for Hardware Changes from the Action menu.
2. Alternatively, set up the drivers for the community tool via right-clicking the tool and deciding on Update. Then make a choice Search mechanically for up to date driving force device or Browse my laptop for driving force device.
That’s a ordinary, convoluted collection of steps. Microsoft nonetheless hasn’t showed which third-party device is at fault, however studies have it that it’s in large part a VMware downside. Five months later, the worm’s nonetheless there, nonetheless said, nonetheless unfixed.
If you’re frightened that putting in this month’s updates will clobber your Network Interface Card, you should definitely take a complete backup prior to putting in the updates. You too can take @Long pastToPlaid’s recommendation and edit sure registry entries prematurely.
Internet Explorer will get a Single Sign On repair — in a Preview
Microsoft broke Single Sign On (SSO) in IE 11 within the first set of August patches. Per the KB article:
In Internet Explorer 11, a clean web page might seem for some redirects. Additionally, for those who open a website online that makes use of Active Directory Federation Services (AD FS) or Single sign-on (SSO), the website online is also unresponsive.
Microsoft says you’ll repair that downside via putting in the Monthly Preview (KB 4343894 for Win7; KB 4343891 for Wineight.1). Confusingly, there’s additionally a KB 4459022 — a “Cumulative Update for Internet Explorer: August 30, 2018” — however that KB article says that you wish to have to put in one of the vital Monthly Previews to mend the issue.
Monthly Previews, after all, are meant to include advance copies of non-security patches anticipated within the following month. They’re designed for other folks who want to take a look at the following month’s patches, to vet them prior to they hit the mainstream.
Increasingly, Microsoft isn’t solving insects that it introduces with correct patches. Instead, it is throwing them into the Monthly Preview stew and hoping that the ones affected determine they want to soar forward to mend what was once simply damaged.
Susan Bradley’s Master Patchlists for July and August display that the previous two months’ patches glance blank, after all, with the exception of for the Meltdown/Spectre inanities. The professional Fixes or workarounds articles for Office come with many particular issues and a couple of conceivable answers.
Ready to take an opportunity on messing up your NIC? Here’s how one can continue. The patching trend will have to be acquainted to lots of you.
Step 1. Make a full-system picture backup prior to installing the August patches.
There’s a non-zero likelihood that the patches — even the most recent, biggest patches of patches of patches — will hose your device. Best to have a backup that you’ll reinstall even supposing your device refuses besides. This, along with the standard want for System Restore issues.
There are various full-image backup merchandise, together with a minimum of two excellent unfastened ones: Macrium Reflect Free and EaseUS Todo Backup. For Win 7 customers, If you aren’t making backups incessantly, check out this thread began via Cybertooth for main points. You have excellent choices, each unfastened and not-so-free.
Step 2. For Win7 and eight.1
Microsoft is obstructing updates to Windows 7 and eight.1 on contemporary computer systems. If you might be operating Windows 7 or eight.1 on a PC that’s a yr outdated or much less, apply the directions in AKB 2000006 or @MrBrian’s abstract of @radosuaf’s manner to verify you’ll use Windows Update to get updates implemented.
If you’ve already put in any Monthly Rollups after March, your Network Interface Card will have to be proof against the most recent slings and arrows. But for those who haven’t been conserving up on patches, see the dialogue within the Network Cards segment above to offer protection to your self.
If you’re very focused on Microsoft’s snooping on you and need to set up simply safety patches, understand that the privateness trail’s getting harder. The outdated “Group B” — safety patches best — isn’t useless, but it surely’s not throughout the snatch of conventional Windows shoppers. If you insist on manually putting in safety patches best, apply the directions in @PKCano’s AKB 2000003 and take note of @MrBrian’s suggestions for hiding any undesirable patches.
For maximum Windows 7 and eight.1 customers, I like to recommend following AKB 2000004: How to use the Win7 and eight.1 Monthly Rollups. Realize that some or all the anticipated patches for July and August would possibly not display up or, in the event that they do display up, is probably not checked. DON’T CHECK any unchecked patches. Unless you might be very certain of your self, DON’T GO LOOKING for extra patches. In specific, for those who set up the August Monthly Rollups or Cumulative Updates, you received’t want (and more than likely received’t see) the concomitant patches for July. Don’t mess with Mother Microsoft. Take what is being presented, and checked, and do not snatch one thing unchecked simply because it sounds excellent.
If you need to reduce Microsoft’s snooping however nonetheless set up all the presented patches, flip off the Customer Experience Improvement Program (Step 1 of AKB 2000007: Turning off the worst Windows 7 and eight.1 snooping) prior to installing any patches. (Thx, @MrBrian.) If you spot KB 2952664 (for Win7) or its Wineight.1 cohort, KB 2976978 — the patches that so helpfully show you how to improve to Win10 — uncheck them and pressure a wood stake via your motherboard. Watch out for driving force updates — you’re a long way at an advantage getting them from a producer’s site.
After you’ve put in the most recent Monthly Rollup, for those who’re intent on minimizing Microsoft’s snooping, run throughout the steps in AKB 2000007: Turning off the worst Win7 and eight.1 snooping. Realize that we don’t know what knowledge Microsoft collects on Window 7 and eight.1 machines. But I’m beginning to consider that knowledge driven to Microsoft’s servers for Win7 house owners is nearing equality to that driven in Win10.
Step three. For Windows 10
If you’re operating Win10 Creators Update, model 1703 (my present choice), or model 1709, and you need to stick on 1703 or 1709 and now not get sucked into the 1803 vortex, apply the directions right here to chase away the improve. Of path, all bets are off if Microsoft, uh, forgets to honor its personal settings.
Remember: If you need to keep away from 1803, don’t click on “Check for Updates” till you’ve long gone via all of the precautions indexed on this article, together with operating wushowhide. If you fail to remember, you will be tossed within the seeker heap and shuffled off to 1803 land.
Worried about 1809? Yeah, me too. Those of you operating Win10 1703 will want to improve to 1709, 1803 or perhaps 1809 in the future in October. (It isn’t transparent if Microsoft will unlock Fourth Tuesday or C/D Week patches for 1703 in October.) I’m nonetheless sitting on a fence, and recommend you sign up for me in MSmugwump land till we’ve got a clearer view of the horizon.
If you could have bother getting the most recent cumulative replace put in, you should definitely’ve checked your antivirus settings and, if all is easily, run the newly refurbished Windows Update Troubleshooter prior to inventing new epithets.
To get Windows 10 patched, move throughout the steps in “eight steps to put in Windows 10 patches like a professional.”
Thanks to the handfuls of volunteers on AskWoody who give a contribution mightily, particularly @sb, @PKCano, @abbodi86, @gborn, @Long pastToPlaid, @Cybertooth, @RetiredGeek and @MrBrian.
We’ve moved to MS-DEFCON four on the AskWoody Lounge.