Karlston Posted December 15, 2016 Share Posted December 15, 2016 It’s still too early to install the latest patches for Win7, 8.1, and Office, but next month things will get less complicated Credit: Thinkstock This is the last month we’ll see security bulletins from Microsoft—and I can’t wait. Patch numbers are currently interlocked, with security bulletins referencing KB numbers that aren’t available in the Windows 10 cumulative updates or in the Windows 7 or 8.1 security-only or monthly rollup patches. But hang in there, it will get less complicated next month. I hope. This month there were 12 security bulletins from Microsoft, six rated critical, six important, the obligatory Flash Player patch, updates for the Excel Viewer and the Office Compatibility Pack, and a bewildering array of previews, which you don’t want unless you’re testing software. There was also a welcome revamp in the way Win7 and 8.1 security-only and monthly rollup patches overlap/supersede each other. The Win10 1607 cumulative update KB 3206632, as explained yesterday, fixed a major internet connection bug. Here’s what you need to know about the other Patch Tuesday updates. There’s the usual massive list of Office 2003, 2007, 2010, 2013, and 2016 patches in KB 3208595, which combines the Dec. 6 non-security updates with the Dec. 13 security updates. Almost a hundred patches appear on the list. I haven’t heard of any problems with them, but the month is yet young. The SANS Internet Storm Center says that there are known exploits for four of this month’s patches – that’s the zero-day count. Two of the already-exploited patches are for Internet Explorer and Edge, which you probably aren’t using. One of them is for the .Net Framework patch KB 3205640 (more on that later). Leaving one “real” zero-day that most folks need to be concerned about: MS16-146 / KB 3204066, the security update for Microsoft Graphics Component. Tyler Reguly at Tripwire describes the issue this way: Two code execution vulnerabilities in the Windows Graphic component and an information disclosure in GDI. In addition to the vulnerability fixes, this update provides defense-in-depth changes that are not fully documented in the bulletin. It looks like the already-exploited hole is CVE-2016-7272, a remote code-execution vulnerability that we have very little published information about. If you see any in-the-real-world reports of exploits, let me know on AskWoody.com. Which brings me to the morass known as .Net Framework updates. In October we had separate patches for .Net 3.5.1 security-only, and for .Net 4.x security-only. This month, we have a security-only update for .Net 4.6.2, and a monthly rollup for all versions of .Net (including 4.6.2). If you’re running Win7, you can find the security-only patch for .Net 4.6.2, KB 3205394, in the Microsoft Update Catalog. Or you can find the monthly rollup via Windows Update. There’s a raging debate on AskWoody.com about the intrusive nature of .Net Framework Monthly Rollups. The general consensus is that most Windows users are OK installing the whole monthly rollup, instead of trying to pluck out the security-only portions. Finally, for those of you still running Vista, I have this advice from AskWoody contributor ER about speeding up your Windows Update scans: It looks like the KB3204723 security updates from MS security bulletin MS16-151 are the new Windows Update win32k.sys “speed-up” fixes for Windows Vista & Server 2008. Once again, KB3204723 is a new temporary “speedup” patch that will work from Dec. 13, 2016 to Jan. 9, 2017. As usual, I recommend you hold off on applying any of these patches until the initial carnage has run its course. When it’s safe to patch, I’ll post full details, including download links for those of you who wish to stay in the “Group B” security-only camp. The discussion continues on AskWoody.com. Source: Say goodbye to Microsoft security bulletins (InfoWorld - Woody Leonhard) Link to comment Share on other sites More sharing options...
steven36 Posted December 15, 2016 Share Posted December 15, 2016 We Read the Security Bulletins So You Don't Have To Quote Microsoft just released 12 different security bulletins. Do you need to panic over any of them? We've gone ahead and done the reading -- and possible panicking -- for you. Microsoft Security Bulletin MS16-145 - Cumulative Security Update for Microsoft Edge (3204062) What it does: It keeps attackers from remote-code execution on your browser, thanks to tweaking how the browser and scripting engines handle objects in memory. Which users it affects: Windows 10. Microsoft Security Bulletin MS16-146 - Security Update for Microsoft Graphics Component (3204066) What it does: It addresses remote code-execution vulnerabilities by correcting how the Windows GDI component handles objects in memory. Which users it affects: Windows 7; Windows 8/8.1; Windows 10; Windows Server 2008; Windows Server 2012; Windows Server 2016. Microsoft Security Bulletin MS16-150 - Security Update for Secure Kernel Mode (3205642) What it does: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL). Which users it affects: Windows 10; Windows Server 2016. Microsoft Security Bulletin MS16-153 - Security Update for Common Log File System Driver (3207328) What it does: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Information Disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. Which users it affects: Windows 7; Windows 8/8.1; Windows 10; Windows Server 2008; Windows Server 2012; Windows Server 2016. Microsoft Security Bulletin MS16-149 - Security Update for Microsoft Windows (3205655) What it does: This security update resolves vulnerabilities in Microsoft Windows by correcting how a Windows crypto driver handle objects in memory. Which users it affects: Windows 7; Windows 8/8.1; Windows 10; Windows Server 2008; Windows Server 2012; Windows Server 2016. Microsoft Security Bulletin MS16-155 - Security Update for .NET Framework (3205640) What it does: This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server by correcting the way .NET Framework handles the developer-supplied key, and thus properly defends the data. Which users it affects: Windows 7; Windows 8/8.1; Windows 10; Windows Server 2008; Windows Server 2012. Microsoft Security Bulletin MS16-152 - Security Update for Windows Kernel (3199709) What it does: The update resolves an information-disclosure vulnerability by correcting how the Windows kernel handles objects in memory. Which users it affects: Windows 10; Windows Server 2016. Microsoft Security Bulletin MS16-144 - Cumulative Security Update for Internet Explorer (3204059) What it does: This security update resolves vulnerabilities in Internet Explorer by correcting how scripting engines, the Microsoft browser and affected components handle objects in memory. Which users it affects: Which users it affects: Windows 7; Windows 8/8.1; Windows 10; Windows Server 2008; Windows Server 2012; Windows Server 2016. Microsoft Security Bulletin MS16-147 - Security Update for Microsoft Uniscribe (3204063) What it does: The update eliminates a vulnerability in Windows Uniscribe which could have allowed remote code execution by correcting how Windows Uniscribe handles objects in memory. Which users it affects: Windows 7; Windows 8/8.1; Windows 10; Windows Server 2008; Windows Server 2012; Windows Server 2016. Microsoft Security Bulletin MS16-151 - Security Update for Windows Kernel-Mode Drivers (3205651) What it does: The update addresses privilege vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory. Which users it affects: Windows 7; Windows 8/8.1; Windows 10; Windows Server 2008; Windows Server 2012; Windows Server 2016. Microsoft Security Bulletin MS16-154 - Security Update for Adobe Flash Player (3209498) What it does: This eliminates vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge Which users it affects: Windows 8.1; Windows 10; Windows Server 2012; Windows Server 2016. Microsoft Security Bulletin MS16-148 - Security Update for Microsoft Office (3204068) What it does: It corrects security holes in the productivity suite by fixing how Microsoft Office initializes variables, validates input, rechecks registry values, and parses file formats. Which users it affects: Microsoft Office 2007; Microsoft Office 2010; Microsoft Office 2013; Microsoft Office 2016. http://winsupersite.com/microsoft/we-read-security-bulletins-so-you-dont-have-5 I installed my updates Tuesday what i would like too know will Woody pay for the damages or anyone else that suggest we postpone updates if we get hacked.? Hell no they want! I been installing all Windows updates for 15 years and really never had any problems that were not easy resolved tell they put just GWX on windows 7 and 8.1 and that went bye bye in August and all i had too do is not install updates for windows 10 in older os it was easy and all security updates were fine.and never did try to upgrade anyone. Link to comment Share on other sites More sharing options...
Karlston Posted December 15, 2016 Author Share Posted December 15, 2016 Here's my personal anecdote... I stopped applying all Windows updates to my (old) Windows 7 system sometime in 2012. It ran fine for another 4+ years, I never had any problems either, and was never hacked. So I have zero need (or desire) to join the update-now zealots who apply updates milliseconds after Microsoft issue them. I wait until someone (Woody L) says it's OK, because the last year and a half has shown time and time again that the greatest threat to the stabilty of a Windows OS is no longer the nasty malware people, it's the flaky system-borking Microsoft Windows updates. Dear Microsoft, it's not the economy stupid! It is your zero-QA flaky updates! Link to comment Share on other sites More sharing options...
steven36 Posted December 15, 2016 Share Posted December 15, 2016 LOL , I have one windows 7 PC i had not turned it on since Sept I turned it on and done updates and all updates came up in a few minutes 300 and some MB and apply all of them and rebooted a few times and turned it off and got back on Windows 10. I wish Windows 10 was as easy to update as windows 7 900 mb of updates two times a month sucks . They say there not going to fix updates tell RS2 and after I'm on RS2 with improved updates. Sites like Infoworld will list a bunch of invalid reasons to keep crappy updates with windows 10 rs1 Link to comment Share on other sites More sharing options...
lurch234 Posted December 15, 2016 Share Posted December 15, 2016 1 hour ago, Karlston said: Here's my personal anecdote... I stopped applying all Windows updates to my (old) Windows 7 system sometime in 2012. It ran fine for another 4+ years, I never had any problems either, and was never hacked. That's good to hear. I decided to stop updating after September of this year. I'm damned tired of microsofts idiocies. Since they don't make any improvements to Win 7 I sure don't need there crappy updates anymore! Link to comment Share on other sites More sharing options...
banned Posted December 15, 2016 Share Posted December 15, 2016 I went to Microsoft Update site and manually selected the XP security updates I wanted this month. It was fast, easy and painless. I don't like the cumulative mess in newer versions of Windows, because Microsoft always tends to slip in updates I don't want. Link to comment Share on other sites More sharing options...
Karlston Posted December 16, 2016 Author Share Posted December 16, 2016 3 hours ago, lurch234 said: Since they don't make any improvements to Win 7 I sure don't need there crappy updates anymore! Indeed. That's why, after a few months of enduring Windows 10 and its problems, I ditched 10 and upgraded to Windows 8.1. Because Windows 8.1 was mature and stable, there was the same option of just turning off updates with little or no downside. As fine as Windows 7 is, I wanted something newer, but still stable, mature, and an OS *I* felt in control of. Windows 10 ticked none of those boxes, so Windows 8.1 was it. I replaced the tile-infested Start Menu with Start8, and I'm happier than a pig in the proverbial. Link to comment Share on other sites More sharing options...
straycat19 Posted December 16, 2016 Share Posted December 16, 2016 Let's be honest, the real problem with Microsoft's updates is........well, the updates. In August they released an update of Windows 8.1. It was broke and needed to be fixed. When did they fix it? December! So the wise thing to do is delay applying updates for 4 months, or to really play it safe, 6 months, so Microsoft will have time to fix them before you screw your system up. I have no problem with updates before JUNE 2015 for either 7 or 8.1. I grabbed the old WSUSOFFLINE build for May of 2015 and created update ISOs for Windows 7 and 8.1 both x86 and x64, so when I do a new install I use those disks to apply updates and then I turn off the updates totally. Those systems are running fine. Link to comment Share on other sites More sharing options...
SPECTRUM Posted December 16, 2016 Share Posted December 16, 2016 12 hours ago, Karlston said: Here's my personal anecdote... I stopped applying all Windows updates to my (old) Windows 7 system sometime in 2012. It ran fine for another 4+ years, I never had any problems either, and was never hacked. So I have zero need (or desire) to join the update-now zealots who apply updates milliseconds after Microsoft issue them. I wait until someone (Woody L) says it's OK, because the last year and a half has shown time and time again that the greatest threat to the stabilty of a Windows OS is no longer the nasty malware people, it's the flaky system-borking Microsoft Windows updates. Dear Microsoft, it's not the economy stupid! It is your zero-QA flaky updates! if you PC is not connected to any network, and you don't put unknown external drives or you don't execute unknown apps, and the PC is only used by you, then your PC will be safe, even without updates. but the trouble is if your computer is connected to internet and have non-patched vulnerabilities, then is exposed to anybody that could exploit them from the internet, and your PC could be used as a botnet (a zombie PC to make DDOS attacks with others exploited PCs) or even to send spam emails to others users, propagate worms, ransomware, etc, and you will never notice it, but you will be contributing to propage malware and other bad things on internet, so think about it, because even Linux receive weekly updates, and is always recommended to install them. Link to comment Share on other sites More sharing options...
pc71520 Posted December 16, 2016 Share Posted December 16, 2016 M$ Updates? Sometimes, they have been worst than Malware.... Link to comment Share on other sites More sharing options...
WALLONN7 Posted December 16, 2016 Share Posted December 16, 2016 1 minute ago, pc71520 said: M$ Updates? Sometimes lately, they have been worst than Malware.... Fits better... Link to comment Share on other sites More sharing options...
Karlston Posted December 16, 2016 Author Share Posted December 16, 2016 UPDATE from poster SteveK: lots of machines on our w10 1000 +/- computer network choking on what appears to be KB3206632. Partially installs then IP errors occur, and computer can no longer obtain valid IP address to be on network. Can shutdown, reboot etc. multiple times and it does not install. One did finish today after 5 restarts and we were able to see that it was the update that was holding IP up. No idea why it decided to install on that 5th or 6th restart. Our current strategy is to reimage but as the numbers increase we can’t keep doing this. Not yet able to determine why some will install KB3206632 when rebooted and others will never finish installing it. Anybody else seeing that? Source: Patch Tuesday for Win7 and 8.1 brings order – but it’s still too early to install (AskWoody) Link to comment Share on other sites More sharing options...
SPECTRUM Posted December 17, 2016 Share Posted December 17, 2016 6 hours ago, Karlston said: UPDATE from poster SteveK: lots of machines on our w10 1000 +/- computer network choking on what appears to be KB3206632. Partially installs then IP errors occur, and computer can no longer obtain valid IP address to be on network. Can shutdown, reboot etc. multiple times and it does not install. One did finish today after 5 restarts and we were able to see that it was the update that was holding IP up. No idea why it decided to install on that 5th or 6th restart. Our current strategy is to reimage but as the numbers increase we can’t keep doing this. Not yet able to determine why some will install KB3206632 when rebooted and others will never finish installing it. Anybody else seeing that? Source: Patch Tuesday for Win7 and 8.1 brings order – but it’s still too early to install (AskWoody) that bug in Windows 10 related with lossing connectivity was caused by KB3201845 and has been fixed by KB3206632. Link to comment Share on other sites More sharing options...
Karlston Posted December 17, 2016 Author Share Posted December 17, 2016 4 hours ago, SPECTRUM said: that bug in Windows 10 related with lossing connectivity was caused by KB3201845 and has been fixed by KB3206632. If I've read it correctly, SteveK's problem is the failure of Windows 10 update KB3206632 to completely install on "lots of machines" in his network. Any partial install led to DHCP problems for those machines. Perhaps M$ are trying recursion to fix flaky updates now... inability to install a specific update can be fixed by installing that update Link to comment Share on other sites More sharing options...
pc71520 Posted December 17, 2016 Share Posted December 17, 2016 Don't be surprised if you see a fix for KB3206632 which was a fix for KB3201845. Link to comment Share on other sites More sharing options...
darkwalker Posted December 17, 2016 Share Posted December 17, 2016 8 hours ago, pc71520 said: Don't be surprised if you see a fix for KB3206632 which was a fix for KB3201845. I sure wont be surprised since the update (KB3206632) that is supposed to fix connectivity problems actually kills my network adapter. The only way I could fix it was to uninstall the update. My system restore points blue screen the machine after installing this update. Removed it and all it good again. Link to comment Share on other sites More sharing options...
pc71520 Posted December 18, 2016 Share Posted December 18, 2016 That's the story... Fixes for the fixes, and then fixes, and nothing but fixes... Link to comment Share on other sites More sharing options...
WALLONN7 Posted December 18, 2016 Share Posted December 18, 2016 19 minutes ago, pc71520 said: That's the story... Trying-to-fixes for the trying-to-fixes, and then trying-to-fixes, and nothing but trying-to-fixes... Fits better... again... Link to comment Share on other sites More sharing options...
pc71520 Posted December 19, 2016 Share Posted December 19, 2016 On 18/12/2016 at 2:53 PM, WALLONN7 said: Fits better... again... If you think so... Link to comment Share on other sites More sharing options...
3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.