B2gfserwe Posted May 30, 2019 Share Posted May 30, 2019 Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow. New attack on speculative execution Just like the first three, Zombieload is exploited by taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speeds and performance. For more than a year, academics have been poking holes in various components of the speculative execution process, revealing ways to leak data from various CPU buffer zones and data processing operations. Meltdown, Spectre, and Foreshadow have shown how various CPU components leak data during the speculative execution process. Today, an international team of academics -- including some of the people involved in the original Meltdown and Spectre research -- along with security researchers from Bitdefender have disclosed a new attack impacting the speculative execution process. This one is what researchers have named a Microarchitectural Data Sampling (MDS) attack, and targets a CPU's microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. These are smaller-sized caches that are used alongside the main CPU cache. By exploiting normal speculative execution operations that work within these microarchitectural structures, an MDS attack can infer data that is being processed in the CPU by other apps, to which an attacker shouldn't normally have access to. Academics have discovered four such MDS attacks, targeting store buffers (CVE-2018-12126 aka Fallout), load buffers (CVE-2018-12127), line fill buffers (CVE-2018-12130, aka the Zombieload attack, or RIDL), and uncacheable memory (CVE-2019-11091) --with Zombieload being the most dangerous of all because it can retrieve more information than the others. There are both good news and bad news in regards to Zombieload and fellow MDS attacks. The bad news In several research papers published today, academics say that all Intel CPUs released since 2011 are most likely vulnerable. Processors for desktops, laptops, and (cloud) servers are all impacted, researchers said on a special website they've set up with information about the Zombieload flaws. Several YouTube demos [1, 2, 3] showed just how deadly MDS attacks can be, with researchers employing in one case a Zombieload attack to monitor websites that a user was visiting using a privacy-protecting Tor Browser running inside a virtual machine. What this means is that malware capable of carrying out a Zombieload attack can effectively break all privacy protections that exist between apps, similar to how both Meltdown and Spectre broke those lines, but via other vulnerabilities in the speculative execution process. The good news But things aren't as bleak as they were when Meltdown and Spectre were first disclosed in January 2018. For starters, Intel hasn't been caught with its pants down like the last time, and the company has already shipped microcode updates. Furthermore, newer processors aren't impacted, as they already include protections against speculative execution attacks --such as the MDS attacks-- since last year when Meltdown and Spectre first hit, and Intel modified the way its CPU's worked. In addition, Microsoft, Apple, and the Linux project are expected to have operating system updates roll out later today, or in the coming days. Source: Intel CPUs impacted by new Zombieload side-channel attack (ZDNet) Fixes Updates from: Intel Intel Security Advisory Intel-SA-00233 GitHub: Intel-Linux-Processor-Microcode-Data-Files List of MDS-affected processors by Family/Model Deep Dive: Intel Analysis of Microarchitectural Data Sampling Microsoft To get the standalone package for this update, go to the Microsoft Update Catalog website. https://www.catalog.update.microsoft.com/Search.aspx?q=KB4497165 for Windows 10 1903 Microarchitectural Data Sampling: ADV190013 Windows 10 1903 Intel microcode updates: KB4497165 Windows 10 1809, Windows Server 2019 all versions: KB4494441 Windows 10: KB4494454: Intel Microcode Updates Windows 10 1803: KB4499167 Windows 10 1709: KB4494452: Intel Microcode-updates Windows 8.1, Windows Server 2012 R2: KB4499151 (Rollup) Windows 8.1, Windows Server 2012 R2: KB4499165 Windows Server 2012, Windows Embedded 8 Standard: KB4499158 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1: KB4499175 MITRE CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Amazon Amazon Linux AMI Security Advisory: ALAS-2019-1205 Apple ZombieLoad & Co.: Apple Canonical Ubuntu updates to mitigate new Microarchitectural Data Sampling (MDS) vulnerabilities Debian Debian Security Advisories DSA-4444-1 DSA-4447-1 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 FreeBSD Security Advisory FreeBSD-SA-19:07.mds Google Chromium Security: Microarchitectural Data Sampling (Chrome OS) Kubernetes Engine Security Bulletin IBM IBM Addresses Reported Intel Security Vulnerabilities Red Hat MDS - Microarchitectural Data Sampling SUSE SUSE addresses Microarchitectural Data Sampling Vulnerabilities VMware VMware Security Advisory VMSA-2019-0008 (VMware ESXi 6.0, 6.5, 6.7, Workstation 15.x, Fusion 11.x) Xen Xen Security Advisory XSA-297 MDS Bitdefender Yet Another Meltdown – A Microarchitectural Fill Buffer Data Sampling Vulnerability (CVE-2018-12130) Cyberus Technology ZombieLoad: Cross Privilege-Boundary Data Leakage TU Graz Zombieloadattack.com cpu.fail Vrije Universiteit Amsterdam RIDL and Fallout: MDS attacks Red Hat MDS vulnerabilities explained in ~three minutes Link to comment Share on other sites More sharing options...
B2gfserwe Posted May 30, 2019 Author Share Posted May 30, 2019 MDS Tool from RIDL Team Verify whether your system is vulnerable today with our MDS tool. Scroll down to Download https://mdsattacks.com/ Link to comment Share on other sites More sharing options...
mp68terr Posted May 30, 2019 Share Posted May 30, 2019 1 hour ago, B2gfserwe said: Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The leading attack in this new vulnerability... Source? How feasible are the new attacks in the real life? Link to comment Share on other sites More sharing options...
Karlston Posted May 30, 2019 Share Posted May 30, 2019 @B2gfserwe your post is appreciated, but please remember to include a link to the original article. From the Forum Guidelines ... Quote Members are reminded to respect copyrights. As such, any links or posts containing illegal content are not permitted. This includes and is not limited to cracks, keygens, serials and "licensed" software materials. Requests for illegal materials are not permitted. Any content copied from elsewhere should include a source link. I've added the source link to your post. Link to comment Share on other sites More sharing options...
funkyy Posted June 5, 2019 Share Posted June 5, 2019 I'm using Win 7 (x64) and my processor is INTEL Core i5 7400. I downloaded and installed the Microsoft security update KB4499175 on the 15th May as advised. Then I ran the MDS Tool in the post above and it shows "vulnerable" in various areas. I have searched and searched for INTEL's promised microcode update but all I can find is description after description of what this vulnerability is and what we should do to patch it....but nowhere can I find a download link for the promised microcode update patch. I've been to INTEL pages and Microsoft pages and my motherboard manufacturer's pages...just going round in circles. Can anyone point me in the right direction?...please!!😀😀😀 Link to comment Share on other sites More sharing options...
Karlston Posted June 5, 2019 Share Posted June 5, 2019 Topic (belatedly) moved from Security & Privacy Center. Link to comment Share on other sites More sharing options...
B2gfserwe Posted June 15, 2019 Author Share Posted June 15, 2019 On 6/5/2019 at 4:16 AM, funkyy said: I'm using Win 7 (x64) and my processor is INTEL Core i5 7400. I downloaded and installed the Microsoft security update KB4499175 on the 15th May as advised. Then I ran the MDS Tool in the post above and it shows "vulnerable" in various areas. I have searched and searched for INTEL's promised microcode update but all I can find is description after description of what this vulnerability is and what we should do to patch it....but nowhere can I find a download link for the promised microcode update patch. I've been to INTEL pages and Microsoft pages and my motherboard manufacturer's pages...just going round in circles. Can anyone point me in the right direction?...please!!😀😀😀 ZombieLoad: New Intel vulnerability, patch slows CPUs significantly down ZombieLoad: Another microcode gap in Intel CPUs Intel released another serious vulnerability yesterday on Patch Day, which takes place every second Tuesday of the month. This is called ZombieLoad and is like Spectre and Meltdown a problem in the microcode. The gap was found by members of Graz University of Technology together with the IT security company Cyberus Technology, and colleagues from KU Leuven and the Worcester Polytechnic Institute. Intel also discovered the gap earlier together with three other gaps. They have also put a website online with information about ZombieLoad. Specifically, ZombieLoad is a side channel attack called Microarchitectural Data Sampling (MDS) by Intel. An exploit can record data from processes running on the same processor core. Other data cannot be listened to, but with appropriate technical tricks the process can be started exactly when sensitive data can be stolen. This enables a malicious program to collect a lot of important data – even across operating system boundaries. This means that data from virtual machines can also be affected without any problems. The attack works even better with processors that use hyperthreading, since the malicious process and the process to be spyed on share more resources here. Cyberus Technology shows in a video how well this works. The exploit used records data from the Tor browser, which runs on Linux Tails in a qemu machine. https://www.pcbuildersclub.com/en/2019/05/zombieload-new-intel-vulnerability-patch-slows-cpus-significantly-down/ Link to comment Share on other sites More sharing options...
B2gfserwe Posted June 15, 2019 Author Share Posted June 15, 2019 On 5/30/2019 at 7:47 PM, Karlston said: @B2gfserwe your post is appreciated, but please remember to include a link to the original article. From the Forum Guidelines ... I've added the source link to your post. ok thx form info Link to comment Share on other sites More sharing options...
B2gfserwe Posted June 15, 2019 Author Share Posted June 15, 2019 On 5/30/2019 at 7:10 PM, mp68terr said: How feasible are the new attacks in the real life? In our demo, we show how an attacker can monitor the websites the victim is visiting despite using the privacy-protecting Tor browser in a virtual machine. https://zombieloadattack.com/public/videos/demo_720.mp4 https://zombieloadattack.com/#demo ZombieLoad Attack Watch out! Your processor resurrects your private browsing-history and other sensitive data. After Meltdown, Spectre, and Foreshadow, we discovered more critical vulnerabilities in modern processors. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys. The attack does not only work on personal computers but can also be exploited in the cloud. Make sure to get the latest updates for your operating system! https://zombieloadattack.com Link to comment Share on other sites More sharing options...
mp68terr Posted June 15, 2019 Share Posted June 15, 2019 39 minutes ago, B2gfserwe said: In our demo, we show how an attacker can monitor the websites the victim is visiting despite using the privacy-protecting Tor browser in a virtual machine. I see, and had a look at the video too. Even if the guest uses the tor browser, the real connection is made by the host. Maybe what we see is the attacker monitoring the host machine requests, not Tor requests per se. Link to comment Share on other sites More sharing options...
B2gfserwe Posted June 15, 2019 Author Share Posted June 15, 2019 there is a GitHub repository containing test code for the ZombieLoad attack he repository contains two different attacker variants. Variant 1 (Linux only) Variant 1 is the fastest, easiest and most stable variant for a privileged attacker (i.e., it requires root privileges). Hence, except for testing, this is especially useful for attacks on SGX or for attacks on virtual machines. Run For this variant, KASLR and KPTI have to be disabled. This can be achieved by providing nopti nokaslr to the kernel command line. Then, run the attacker on one hyperthread as root: sudo taskset -c 3 ./leak Variant 2 (Windows only) Variant 2 does not require privileges but it only works on Windows. Run Run the attacker on one hyperthread: start /affinity 3 .\leak.exe. It takes a while (up to 1 minute) until the leakage starts, as the PoC has to wait for Windows to collect information about the memory used by the PoC. Starting a different program which uses memory (e.g., a browser) sometimes reduces the waiting time. Victim Applications All attacker variants can be used to leak data from the following victim applications. All victim applications leak one uppercase letter. Independent of the chosen victim and attacker application, the attacker displays a histogram of leaked values. An example output is as follows (for the secret letter 'X' loaded by the victim). Link to comment Share on other sites More sharing options...
B2gfserwe Posted June 15, 2019 Author Share Posted June 15, 2019 Warnings Warning #1: We are providing this code as-is. You are responsible for protecting yourself, your property and data, and others from any risks caused by this code. This code may cause unexpected and undesirable behavior to occur on your machine. This code may not detect the vulnerability on your machine. Warning #2: If you find that a computer is susceptible to ZombieLoad, you may want to avoid using it as a multi-user system. ZombieLoad breaches the CPU's memory protection. On a machine that is susceptible to ZombieLoad, one process can potentially read all data used by other processes or by the kernel. Warning #3: This code is only for testing purposes. Do not run it on any productive systems. Do not run it on any system that might be used by another person or entity. Link to comment Share on other sites More sharing options...
steven36 Posted June 15, 2019 Share Posted June 15, 2019 On 6/4/2019 at 10:16 PM, funkyy said: I'm using Win 7 (x64) and my processor is INTEL Core i5 7400. I downloaded and installed the Microsoft security update KB4499175 on the 15th May as advised. Then I ran the MDS Tool in the post above and it shows "vulnerable" in various areas. I have searched and searched for INTEL's promised microcode update but all I can find is description after description of what this vulnerability is and what we should do to patch it....but nowhere can I find a download link for the promised microcode update patch. I've been to INTEL pages and Microsoft pages and my motherboard manufacturer's pages...just going round in circles. Can anyone point me in the right direction?...please!!😀😀😀 You can get it from the Windows update catalog if on Windows 10 https://support.microsoft.com/en-us/help/4494452/kb4494452-intel-microcode-updates http://www.catalog.update.microsoft.com/Search.aspx?q=4494452 Intel don't have them for you model for Windows they only have them for Linux https://downloadcenter.intel.com/product/97147/Intel-Core-i5-7400-Processor-6M-Cache-up-to-3-50-GHz- I got mine on auto updates on Ubuntu On windows 7 and 8.1 the only option i see is to mitigate it yourself in the registry https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot The Bad news is Testing on Linux and Mac have disclosed huge performance drops https://venturebeat.com/2019/05/14/intel-zombieload-flaw-forces-os-patches-with-up-to-40-performance-hits/ https://support.apple.com/en-us/HT210107 https://cse.google.com/cse?cx=partner-pub-0253814508491313:1305299758&ie=UTF-8&q=Zombie+Load+Mitigations&sa=Search But the good news is Gaming Performance Only Faintly Touched By MDS / Zombie Load Mitigations https://www.phoronix.com/scan.php?page=news_item&px=Zombie-Load-Gaming-Impact and Home users and corporate office users typically do not let the processor run at full capacity, so the impact of microcode updates is largely negligible. The test results on the Linux system are mainly likely to have an impact on the game frame rate, but the impact is relatively small. Therefore, for home and business office users, it is safe to install microcode updates, at least in terms of security. https://meterpreter.org/zombie-load-mitigations/ As far as Windows there is no real info i can find on Performance but i'm sure it's effected as well . All I can find on Windows is this Quote Microsoft is a little fuzzier in its language about hyper-threading, but says it has “seen some performance impact” and so “in some cases, mitigations are not enabled by default to allow users and administrators to evaluate the performance impact and risk exposure before deciding to enable the mitigations.” https://www.theverge.com/2019/5/17/18628568/how-to-secure-mds-intel-zombieload-apple-windows-chromeos https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190013 So your best bet is the next time you buy is too buy AMD instead , because Intel is garbage . Intel needs to do more, and it shouldn’t be customers eating the consequences while the vendor profits. If speculative compute didn't work without being vulnerable, the rule that allows data needs to change. Is it that it can’t be fixed? Or, just not fixed easily? Or is it that it’s more profitable to remediate the vulnerability without addressing the performance impact, leaving the onus on the customer to find a new solution. https://www.intelligonetworks.com/blog/what-is-zombieload This really sucks Apple didn't really fully patch it and Windows more or less never implemented in older versions of Windows and left it up for you to decide , you can fully mitigate it yourself in older versions Windows or Mac if you want. I like the way Linux did it better they fully patched it but fixed it were you can remove it in the kernel if you don't want it . Zombieload forces a choice between performance and security. What will you do? https://www.digitaltrends.com/computing/zombieload-performance-security/ Link to comment Share on other sites More sharing options...
funkyy Posted June 15, 2019 Share Posted June 15, 2019 Thanks for your post above steven36, that's a good read. What really annoys me most, apart from the points made in your post, is that they expect people with limited or very limited computer knowledge to know what to do as regards "mitigating" the problem. It's like, you buy a new car and 1 year later they tell you it has a construction fault and that you have to go fix it yourself...rogues they are, just rogues!! I'm not a very happy Funkyy today!!😟😟😟 Link to comment Share on other sites More sharing options...
B2gfserwe Posted June 15, 2019 Author Share Posted June 15, 2019 Intel Intel Security Advisory Intel-SA-00233 GitHub: Intel-Linux-Processor-Microcode-Data-Files List of MDS-affected processors by Family/Model Deep Dive: Intel Analysis of Microarchitectural Data Sampling Microsoft To get the standalone package for this update, go to the Microsoft Update Catalog website. https://www.catalog.update.microsoft.com/Search.aspx?q=KB4497165 for Windows10 1903 ADV190013: Microarchitectural Data Sampling Windows 10 1903 Intel microcode updates: KB4497165 Windows 10 1809, Windows Server 2019 all versions: KB4494441 Windows 10: KB4494454: Intel Microcode Updates Windows 10 1803: KB4499167 Windows 10 1709: KB4494452: Intel Microcode-updates Windows 8.1, Windows Server 2012 R2: KB4499151 (Rollup) Windows 8.1, Windows Server 2012 R2: KB4499165 Windows Server 2012, Windows Embedded 8 Standard: KB4499158 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1: KB4499175 MITRE CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Amazon Amazon Linux AMI Security Advisory: ALAS-2019-1205 Apple ZombieLoad & Co.: Apple Canonical Ubuntu updates to mitigate new Microarchitectural Data Sampling (MDS) vulnerabilities Debian Debian Security Advisories DSA-4444-1 DSA-4447-1 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 FreeBSD Security Advisory FreeBSD-SA-19:07.mds Google Chromium Security: Microarchitectural Data Sampling (Chrome OS) Kubernetes Engine Security Bulletin IBM IBM Addresses Reported Intel Security Vulnerabilities Red Hat MDS - Microarchitectural Data Sampling SUSE SUSE addresses Microarchitectural Data Sampling Vulnerabilities VMware VMware Security Advisory VMSA-2019-0008 (VMware ESXi 6.0, 6.5, 6.7, Workstation 15.x, Fusion 11.x) Xen Xen Security Advisory XSA-297 MDS Bitdefender Yet Another Meltdown – A Microarchitectural Fill Buffer Data Sampling Vulnerability (CVE-2018-12130) Cyberus Technology ZombieLoad: Cross Privilege-Boundary Data Leakage TU Graz Zombieloadattack.com cpu.fail Vrije Universiteit Amsterdam RIDL and Fallout: MDS attacks Red Hat MDS vulnerabilities explained in ~three minutes Link to comment Share on other sites More sharing options...
B2gfserwe Posted June 15, 2019 Author Share Posted June 15, 2019 2 hours ago, funkyy said: Thanks for your post above steven36, that's a good read. What really annoys me most, apart from the points made in your post, is that they expect people with limited or very limited computer knowledge to know what to do as regards "mitigating" the problem. It's like, you buy a new car and 1 year later they tell you it has a construction fault and that you have to go fix it yourself...rogues they are, just rogues!! I'm not a very happy Funkyy today!!😟😟😟 Yes right but it´s not all vulnerabilities Intel can´t fix everything it needs some Hardware changes maybe the next 3 CPU Generation fix it (all) Link to comment Share on other sites More sharing options...
funkyy Posted June 15, 2019 Share Posted June 15, 2019 Just like these "wonderful" self-drive cars that we're supposed to BETA test for the car companies. How many people have already been killed by them, either run over or drivers killed when they crash? It seems that they've progressed from lab mice and are using the same testing principles on us. We're just collateral damage when they market their products. Joe public accepts everything it seems and big business knows it.😟😟😟 Right, I feel better already for that rant!!!😀😀😀 Link to comment Share on other sites More sharing options...
funkyy Posted June 15, 2019 Share Posted June 15, 2019 Ok I'm using Win 7 (x64) and I have an Intel Core i5 7400 processor. I've installed the following Security Only Microsoft KB files:- KB4019990 (14th Sept 2018) KB4486564 (12th Feb 2019) KB4493448 (9th April 2019) KB4499175 (15th May 2019) +(pciclearstalecache_d243a607b50db10ed50f03cff570498018c61a59) KB4503269 (12th June 2019) Is there something else that I can do? Is there a step by step instruction anywhere that tells us exactly how to "mitigate"? When you visit INTEL's site for instructions you just go round in circles. Thanks for your patience guys!!😀 Link to comment Share on other sites More sharing options...
Karlston Posted June 15, 2019 Share Posted June 15, 2019 1 hour ago, B2gfserwe said: ADV190013: Microarchitectural Data Sampling Windows 10 1903 Intel microcode updates: KB4497165 Windows 10 1809, Windows Server 2019 all versions: KB4494441 Windows 10: KB4494454: Intel Microcode Updates Windows 10 1803: KB4499167 Windows 10 1709: KB4494452: Intel Microcode-updates Windows 8.1, Windows Server 2012 R2: KB4499151 (Rollup) Windows 8.1, Windows Server 2012 R2: KB4499165 Windows Server 2012, Windows Embedded 8 Standard: KB4499158 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1: KB4499175 @B2gfserwe Firstly thanks for that helpful comprehensive post. I edited the above links to point at the English versions, as posted they linked to the German versions. From the Forum Guidelines... Quote Members are asked to ensure their interactions (posts, PM's, shouts and status updates) are consistent with 'normal writing' in the English language. Posts should be free from excessive emoticons or images. Users additionally should avoid posting text in full capital letters, extra large or very small text and excessive punctuation in topics or posts. Link to comment Share on other sites More sharing options...
sm1tty Posted June 16, 2019 Share Posted June 16, 2019 On 5/30/2019 at 12:12 PM, B2gfserwe said: Spoiler MDS Tool from RIDL Team Verify whether your system is vulnerable today with our MDS tool. Scroll down to Download https://mdsattacks.com/ I get cant start VCRUNTIME140.dll missing Link to comment Share on other sites More sharing options...
mp68terr Posted June 16, 2019 Share Posted June 16, 2019 3 hours ago, sm1tty said: I get cant start VCRUNTIME140.dll missing Get it from the net and add it in the application folder. The dll is also easily available for x86 and x64 systems in the .wa archives at https://www.nsaneforums.com/topic/346221-visual-c-redistributable-runtimes-addons-by-abbodi1406-20190614/. Link to comment Share on other sites More sharing options...
B2gfserwe Posted June 16, 2019 Author Share Posted June 16, 2019 21 hours ago, funkyy said: Ok I'm using Win 7 (x64) and I have an Intel Core i5 7400 processor. I've installed the following Security Only Microsoft KB files:- KB4019990 (14th Sept 2018) KB4486564 (12th Feb 2019) KB4493448 (9th April 2019) KB4499175 (15th May 2019) +(pciclearstalecache_d243a607b50db10ed50f03cff570498018c61a59) KB4503269 (12th June 2019) Is there something else that I can do? Is there a step by step instruction anywhere that tells us exactly how to "mitigate"? When you visit INTEL's site for instructions you just go round in circles. Thanks for your patience guys!!😀 Known issues in this update Microsoft is not currently aware of any issues with this update. How to get this update Before installing this update Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. If you are using Windows Update, the latest SSU (KB4490628) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog. Install this update This update is now available for installation through WSUS. To get the standalone package for this update, go to the Microsoft Update Catalog website. File information For a list of the files that are provided in this update, download the file information for update 4499175. Link to comment Share on other sites More sharing options...
B2gfserwe Posted June 16, 2019 Author Share Posted June 16, 2019 21 hours ago, Karlston said: @B2gfserwe Firstly thanks for that helpful comprehensive post. I edited the above links to point at the English versions, as posted they linked to the German versions. From the Forum Guidelines... thx i have edited the first Post to Link to comment Share on other sites More sharing options...
B2gfserwe Posted June 16, 2019 Author Share Posted June 16, 2019 @funkyy Product Platform Article Download Impact Severity Supersedence Windows 7 for x64-based Systems Service Pack 1 4499164 Monthly Rollup Information Disclosure Important 4493472 4499175 Security Only To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle. Link to comment Share on other sites More sharing options...
funkyy Posted June 17, 2019 Share Posted June 17, 2019 @B2gfserwe thanks for your last post (above) with KB files highlighted. I have Windows automatic updates switched off, so I just install Security Only updates. You'll notice that I edited my post (5:23pm yesterday) to include KB4499175, Do you recommend that I install the other two updates files in your post? (KB1199164 and KB4493472). I have downloaded them ready to install.😀 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.