Results 1 to 7 of 7
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Only one season for Windows and Office patching


    PATCH WATCH



    Only one season for Windows and Office patching


    By Susan Bradley

    September is the start of another school year for many children, but Windows patching is a never-ending lesson in new vulnerabilities. This month is fairly typical for the number and variety of updates. But an Edge patch proves that no software is perfect.

    The full text of this column is posted at windowssecrets.com/patch-watch/only-one-season-for-windows-and-office-patching/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Kathleen Atkins; 2015-09-09 at 20:51.

  2. #2
    New Lounger
    Join Date
    Nov 2013
    Posts
    14
    Thanks
    1
    Thanked 1 Time in 1 Post
    On Windows 7 Pro I am also seeing Security update 3083992 - Update to improve AppLocker certificate handling. The description says:
    The update improves certain publisher rule scenarios for AppLocker. After applying this defense-in-depth update, AppLocker will no longer use the current userís certificate store for publisher rules.
    and the FAQ says:
    What does the update do?
    The update corrects how AppLocker handles certificates to prevent bypassing publisher rules.
    This sounds like a good thing but there is no mention in either the knowledgebase article or the security advisory of any possible side-effects of installing this update. Do I assume that it is safe to install?

    Thanks,
    patermann

  3. #3
    2 Star Lounger
    Join Date
    Sep 2014
    Location
    Hampshire, UK
    Posts
    169
    Thanks
    4
    Thanked 46 Times in 31 Posts
    Thanks as ever Susan for the informative article and advice.

    Like patermann, I am being offered 3083992.

    I note your advice about 3087039 relating to a graphics component that may prevent games from running. Interestingly, that warning is not evident on the information page for that update but it is on the information page for 3086255 which I am also being offered although you haven't mentioned that update. I am holding both updates pending clarification and further advice, not least as I am a keen gamer and have no intention of installing any update that may prejudice my gaming.

    You advise holding 3092627 pending further advice. This seems to be a hotfix for any issues encountered with the earlier 3076895 which I installed last month without any problems. I am holding it in accordance with your current advice.

    Lastly, I am also being offered 3083324 which appears to be the latest in a series of Windows Update system updates and may also be Windows 10 marketing nagware. It was offered initially as an optional patch according to an article by Woody Leonhard. As such, I am holding it for now.

    http://www.askwoody.com/2015/dont-ch...documentation/

    Again, many thanks!

    EDIT: This is in relation to Windows 7.
    Last edited by Tandor; 2015-09-10 at 16:35.

  4. #4
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,841
    Thanks
    258
    Thanked 174 Times in 147 Posts
    I installed all the updates except KB3083992, and KB3086255 and as others have mentioned, I didn't see them mentioned on Patch Watch.

  5. #5
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    376
    Thanks
    1
    Thanked 29 Times in 24 Posts
    We noticed KB 3083992 on a Win7 machine but did not have time to investigate it. Based on the description, it's not a fix for a vulnerability, but a security enhancement. We'll see if we can get more information on it, but we don't think it's critical to install it immediately.

  6. The Following 2 Users Say Thank You to Tracey Capen For This Useful Post:

    frapper (2015-09-11),Hihomumio (2015-09-29)

  7. #6
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Courtenay, BC
    Posts
    244
    Thanks
    9
    Thanked 16 Times in 15 Posts
    I've also gotten offered the above mentioned patches, as well as about 10 others not listed. Seems these are the ones from last month you suggested we give a pass to.

    The current approach to patching seems a little odd. After all these years of carefully choosing which patches to install and which to wait or avoid, Win10 takes away that choice. That has simply been accepted, yet at the same time the old advice is being used for everything prior. And other columnists are observing that you want to be fully patched before making some kinds of upgrades.

    So there is now 2 competing approaches running concurrently and one cannot be taken forward. If you have systems running several OS's, do you really want to be using multiple approaches to maintain them? Perhaps Patch Watch needs to shift some into focusing on problematic patches, like the game issue and urgent fixes and let go of all the other detail. Or maybe summarize, like saying there's a batch of Office fixes for X. I'm rarely finding the list is complete anymore anyway or the numbers vary from whats listed by OS sometimes. And it must be a ton of work trying to list everything that we're all just going to install anyway.

    Thoughts?

  8. #7
    Star Lounger
    Join Date
    Nov 2011
    Location
    Calgary, AB, Canada
    Posts
    54
    Thanks
    51
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by DavidFB View Post
    Thoughts?
    I setup a Home Network of 3 NAS, Home Entertainment including Boxee, 2 Routers in different configurations and a workstation PC which I NAMED. That was started on W 7 through W 8 and W 8.1.

    When I started as on the Insider Program in the first Build of W 10, the OS assumed the NAME of my Home Network was My Organizational Name, what I assume is like a virtual Domain??? This then does not seem much different than being behind a domain and/or connected to WSUS. I prefer altering the Registry over the Group Policy method so with a bit of Registry dexterity, I have Windows Update as locked down as I have had it, since W 7. With the use of KB3073930 - Show or hide updates troubleshooter package now.diagcab, I can see MOST of what is available on WU, MOST of the time. If I am checking for updates I am usually ready for Downloads and I still have the time control available anyway.

    As an Insider. I can change to the Fast Ring and with in a few minutes to about 4 hours and Clicking Check for Updates, down will come the next Build(Flight). Again the time control is there. I grab the "Install.esd" convert it to an ISO and Upgrade from the ISO.

    The point I am trying to demonstrate is that I have found away to stay in full control and meet my own timing, NOT TO AVOID UPDATES! I want the updates, just on my schedule not Gabe Aul's. I should also say I have not Upgraded my Main or Test W 8.1 partitions yet.

    Windows 10.0 Pro TH2 SR0 10532 2015.09.10 Capture.PNG


    Best Regards,

    Crysta
    Last edited by PhotM; 2015-09-10 at 20:05.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •