This month’s massive bundle of Patch Tuesday rags roughly positively contains some-more than a few surprises, and they’re usually starting to surface. Here’s a outline of what I’ve seen in a diminutive hours of Wednesday morning.
There are lots of reports of delayed, unsuccessful and rolled behind installations of KB 4041676, a Win10 Creators Update (version 1703) monthly accumulative update, that brings 1703 adult to build 15063.674. A discerning peek during a KB essay confirms that there are dozens and dozens of fixes in this accumulative refurbish — a conspicuous state of affairs, deliberation a Fall Creators Update, chronicle 1709, is due on Oct. 17.
Overnight, Günter Born and Bogdan Popa amassed prolonged lists of people stating problems with a update, including reports of hangs, uncontrolled restarts, and exceedingly delayed downloads. Born reports that a source of some problems competence be attributable to Norton. If you’re carrying problems, my long-standing advice for cleaning things adult and using a Update Troubleshooter competence help.
For those of we wondering what happened to this month’s Flash confidence patches, there’s a startling answer: You aren’t saying any Adobe confidence rags this month given there aren’t any! All of this month’s patches are peculiarity updates, er, bug fixes.
@PKCano on AskWoody has confirmed that there were no .NET Security-only updates this month. All of a .NET updates enclose non-security rags only.
@MrBrian found this small gem in dual Microsoft posts:
All updates for .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 need a D3 Compiler to be installed. We suggest that we implement a enclosed D3 Compiler before requesting this update. For some-more information about a D3 Compiler, see KB 4019990.
MrBrian goes on to note
On a Windows 7 x64 practical appurtenance with no Windows monthly rollups installed, and .NET Framework 4.6.1 installed, Windows Update does not list a Oct 2017 .NET Framework monthly rollup… But a primer installer for a Oct 2017 .NET Framework monthly rollup successfully installed. Ugh!
Do NOT request a TPM firmware refurbish before to requesting a Windows handling complement slackening update. Doing so will describe your complement incompetent to establish if your complement is affected. You will need this information to control full remedation.
And ZDI illuminates:
This is only a stop-gap magnitude and still requires primer intervention. When a tangible firmware updates hurl out from TPM vendors, a routine will need to occur all over again — solely this time, new TPM firmware needs to be commissioned on each influenced device.
Which is adequate to tie any admin in knots. Alhonen offers some insight:
If your hardware is a Surface device, firmware updates are nonetheless not accessible as of Oct 10, 2017. Surface Laptop and a Surface Pro (released in Jun 2017) are NOT affected… [for Surface Pro 3] Infineon firmware chronicle 5.0 TPM is not safe. Please refurbish your firmware.
If you’re patching a 2015 LTSC chronicle of Windows 10, we need to see Microsoft’s admission that a Windows Presentation Framework competence get munged. WPF crashes after a Oct 2017 Security and Monthly Quality Rollup is practical on Windows 10 chronicle 1507 that has Microsoft .NET Framework 4.6.2 installed.
There’s also a lot of difficulty about Microsoft’s explanation for a fix of CVE-2017-11776. Microsoft says: “An assailant who exploited a disadvantage could use it to obtain a email calm of a user,” when in fact no conflict is necessary. The SEC-Consult blog has a minute explanation:
If we used Outlook’s S/MIME encryption in a past 6 months (at least, we are still watchful for Microsoft to recover minute information and refurbish a blog) your mails competence not have been encrypted as expected. In a context of encryption this can be deliberate a worst-case bug.
Kevin Beaumont (@GossiTheDog) has tied a pieces together and concluded:
Outlook S/MIME bug is positively reproducible, we only did it. Does not need an attacker. Microsoft have personal it wrong.
So if we used Outlook’s S/MIME encryption for content emails in a past 6 months, your emails haven’t been encrypted during all. The “encrypted” emails went out in plain text, no antivirus backdoor required. Gotcha.
No decisive word as nonetheless on either a Win 8.1 Monthly Rollup, KB 4041693, or a Security-only update, KB 4041687, repair a baffling problem where Win 8.1 business can’t pointer in with a Microsoft account. That bug was introduced in a Sep Monthly Rollup. The subject isn’t even mentioned in a KB articles.
… and it’s been reduction than a day given a rags rolled out.
Got a patching problem? Hit us on a AskWoody Lounge.