Results 1 to 7 of 7
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Seattle, WA
    Thanked 132 Times in 86 Posts

    Only one season for Windows and Office patching


    Only one season for Windows and Office patching

    By Susan Bradley

    September is the start of another school year for many children, but Windows patching is a never-ending lesson in new vulnerabilities. This month is fairly typical for the number and variety of updates. But an Edge patch proves that no software is perfect.

    The full text of this column is posted at (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Kathleen Atkins; 2015-09-09 at 19:51.

  2. #2
    New Lounger
    Join Date
    Nov 2013
    Thanked 1 Time in 1 Post
    On Windows 7 Pro I am also seeing Security update 3083992 - Update to improve AppLocker certificate handling. The description says:
    The update improves certain publisher rule scenarios for AppLocker. After applying this defense-in-depth update, AppLocker will no longer use the current userís certificate store for publisher rules.
    and the FAQ says:
    What does the update do?
    The update corrects how AppLocker handles certificates to prevent bypassing publisher rules.
    This sounds like a good thing but there is no mention in either the knowledgebase article or the security advisory of any possible side-effects of installing this update. Do I assume that it is safe to install?


  3. #3
    3 Star Lounger
    Join Date
    Sep 2014
    Hampshire, UK
    Thanked 53 Times in 36 Posts
    Thanks as ever Susan for the informative article and advice.

    Like patermann, I am being offered 3083992.

    I note your advice about 3087039 relating to a graphics component that may prevent games from running. Interestingly, that warning is not evident on the information page for that update but it is on the information page for 3086255 which I am also being offered although you haven't mentioned that update. I am holding both updates pending clarification and further advice, not least as I am a keen gamer and have no intention of installing any update that may prejudice my gaming.

    You advise holding 3092627 pending further advice. This seems to be a hotfix for any issues encountered with the earlier 3076895 which I installed last month without any problems. I am holding it in accordance with your current advice.

    Lastly, I am also being offered 3083324 which appears to be the latest in a series of Windows Update system updates and may also be Windows 10 marketing nagware. It was offered initially as an optional patch according to an article by Woody Leonhard. As such, I am holding it for now.

    Again, many thanks!

    EDIT: This is in relation to Windows 7.
    Last edited by Tandor; 2015-09-10 at 15:35.

  4. #4
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Mojave Desert CA
    Thanked 248 Times in 202 Posts
    I installed all the updates except KB3083992, and KB3086255 and as others have mentioned, I didn't see them mentioned on Patch Watch.

  5. #5
    3 Star Lounger
    Join Date
    Jan 2010
    Seattle, WA, USA
    Thanked 30 Times in 25 Posts
    We noticed KB 3083992 on a Win7 machine but did not have time to investigate it. Based on the description, it's not a fix for a vulnerability, but a security enhancement. We'll see if we can get more information on it, but we don't think it's critical to install it immediately.

  6. The Following 2 Users Say Thank You to Tracey Capen For This Useful Post:

    frapper (2015-09-11),Hihomumio (2015-09-29)

  7. #6
    3 Star Lounger
    Join Date
    Dec 2009
    Courtenay, BC
    Thanked 17 Times in 16 Posts
    I've also gotten offered the above mentioned patches, as well as about 10 others not listed. Seems these are the ones from last month you suggested we give a pass to.

    The current approach to patching seems a little odd. After all these years of carefully choosing which patches to install and which to wait or avoid, Win10 takes away that choice. That has simply been accepted, yet at the same time the old advice is being used for everything prior. And other columnists are observing that you want to be fully patched before making some kinds of upgrades.

    So there is now 2 competing approaches running concurrently and one cannot be taken forward. If you have systems running several OS's, do you really want to be using multiple approaches to maintain them? Perhaps Patch Watch needs to shift some into focusing on problematic patches, like the game issue and urgent fixes and let go of all the other detail. Or maybe summarize, like saying there's a batch of Office fixes for X. I'm rarely finding the list is complete anymore anyway or the numbers vary from whats listed by OS sometimes. And it must be a ton of work trying to list everything that we're all just going to install anyway.


  8. #7
    Star Lounger
    Join Date
    Nov 2011
    Calgary, AB, Canada
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by DavidFB View Post
    I setup a Home Network of 3 NAS, Home Entertainment including Boxee, 2 Routers in different configurations and a workstation PC which I NAMED. That was started on W 7 through W 8 and W 8.1.

    When I started as on the Insider Program in the first Build of W 10, the OS assumed the NAME of my Home Network was My Organizational Name, what I assume is like a virtual Domain??? This then does not seem much different than being behind a domain and/or connected to WSUS. I prefer altering the Registry over the Group Policy method so with a bit of Registry dexterity, I have Windows Update as locked down as I have had it, since W 7. With the use of KB3073930 - Show or hide updates troubleshooter package now.diagcab, I can see MOST of what is available on WU, MOST of the time. If I am checking for updates I am usually ready for Downloads and I still have the time control available anyway.

    As an Insider. I can change to the Fast Ring and with in a few minutes to about 4 hours and Clicking Check for Updates, down will come the next Build(Flight). Again the time control is there. I grab the "Install.esd" convert it to an ISO and Upgrade from the ISO.

    The point I am trying to demonstrate is that I have found away to stay in full control and meet my own timing, NOT TO AVOID UPDATES! I want the updates, just on my schedule not Gabe Aul's. I should also say I have not Upgraded my Main or Test W 8.1 partitions yet.

    Windows 10.0 Pro TH2 SR0 10532 2015.09.10 Capture.PNG

    Best Regards,

    Last edited by PhotM; 2015-09-10 at 19:05.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts