![](\"https:\/\/images.idgesg.net\/images\/article\/2017\/09\/windows_patch_security3-100734732-large.3x2.jpg\"\/)
<\/p>\n
Credit to Author: Woody Leonhard| Date: Thu, 20 Sep 2018 08:40:00 -0700<\/strong><\/p>\n As we near the end of patching\u2019s \u201cC Week\u201d (which is to say<\/a>, the week that contains the third Tuesday of the month), there are no show-stopping bugs in the Windows and Office patches and just a few gotchas. As long as you avoid Microsoft\u2019s patches for Intel\u2019s Meltdown\/Spectre bugs, you should be in good shape.<\/p>\n On Sept. 17, Microsoft released two very-out-of-band cumulative updates for Windows 10:<\/p>\n Both of the cumulative updates fix a bug that was introduced in the July 24 cumulative updates. The bug causes Microsoft\u2019s Intune to stutter because it looks in the wrong place for user profiles. The second cumulative update also fixes an obscure VPN bug.<\/p>\n I have no idea why Microsoft released those patches on a Monday. They certainly could\u2019ve waited until Tuesday \u2013 the \u201cC Week\u201d Tuesday traditionally being used to fix bugs introduced on Patch Tuesday. Somebody clearly jumped the gun, and folks who patch for a living aren\u2019t really happy about having their chains jerked.<\/p>\n We never did get a cumulative update for Win10 1703. Maybe it wasn\u2019t affected by the July 24 bug. Maybe it\u2019s just too long in the tooth, with support for 1703 due to expire next month.<\/p>\n We also got a way-out-of-band cumulative update for Windows 7 Internet Explorer, KB 4463376<\/a>, on a \u201cB Week\u201d Friday afternoon.<\/p>\n If September follows the precedent set this year, we\u2019ll probably see another set of Win10 cumulative updates during \u201cD Week\u201d \u2013 next Tuesday, Sept. 25. At the same time, we\u2019ll likely see sets of Monthly Rollup Previews for Win7 and 8.1. Of course, you should ignore them.<\/p>\n We\u2019re getting more and more firmware updates for Microsoft Surface devices. In the past month, there\u2019ve been firmware\/driver patches for the Surface Pro 3, Surface Pro 4, Surface Pro 2017, Surface Book, and even the Surface Studio. It\u2019s an across-the-board makeover (or massive fix) that hasn\u2019t been extended to the Surface Laptop, Book 2, or Go. Yet.<\/p>\n Meanwhile, I\u2019m still hearing complaints about the Surface Pro 4 update<\/a>.<\/p>\n While there has yet to be any credible Meltdown or Spectre threat (Spectre v 1, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7, 1.8, 2, 3, 3a, 4 or 5), Microsoft continues to release microcode updates for Intel processors on machines running Win10 version 1709 and 1803. Sometimes the installers try to install the Intel updates on AMD processors, but what the hay.<\/p>\n I go back to Helen Bradley\u2019s statement last month<\/a>:<\/p>\n Unless you are a nation state, have a key asset in a cloud server, or are running for a government office, I think we are spending way, way more time worrying about this than we should.\u00a0 I still think that attackers will nail me with malware, attack me with phishing, ransomware, etc., etc. way more than someone will use these side channel attacks to gain information from me.\u00a0 Remember that the attacker has to get on your system first and I still think they will use the umpteen other ways to attack me easier than this attack.\u00a0 Also keep in mind that we won\u2019t really have a full fix for this issue for several years.\u00a0 Intel and AMD will need to redesign the chips to ultimately get fixed.<\/p>\n If you\u2019re concerned about such things, do yourself a favor and go to Intel (probably via your PC\u2019s manufacturer) and install the specific patches that you need. And remember that they won\u2019t completely solve the problem.<\/p>\n If you insist on using the Microsoft approach to microcode, abandon all hope, and follow Bradley\u2019s advice here<\/a>.<\/p>\n July patching was an unmitigated disaster. August fared substantially better. Now, although the month isn\u2019t yet over, September seems to be doing well \u2013 if you ignore the Patch Monday gaffe and throw up your hands over Meltdown and Spectre.<\/p>\n In spite of several Chicken Little warnings this month, there haven\u2019t been any widespread attacks<\/a> that warrant rushing out and installing any of the September patches just yet.<\/p>\n Susan Bradley\u2019s Master PatchList<\/a> looks relatively serene.<\/p>\n There\u2019s something to look forward to. In October we get an \u201cE Week\u201d \u2013 there are five Tuesdays in October. It\u2019ll be the first \u201cE Week\u201d since Microsoft adopted the \u201cA Week\u201d \u201cB Week\u201d bafflegab. What wonders await?<\/p>\n Thx to @sb and @PKCano<\/em><\/p>\n Patching problems? Join us on the AskWoody Lounge<\/a>.<\/em><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Woody Leonhard| Date: Thu, 20 Sep 2018 08:40:00 -0700<\/strong><\/p>\n As we near the end of patching\u2019s \u201cC Week\u201d (which is to say<\/a>, the week that contains the third Tuesday of the month), there are no show-stopping bugs in the Windows and Office patches and just a few gotchas. As long as you avoid Microsoft\u2019s patches for Intel\u2019s Meltdown\/Spectre bugs, you should be in good shape.<\/p>\n<\/p>\n