Content in the Patches for Windows site has been modified.
Modified:
[Major] 4494175: Intel microcode updates - Windows Server 2016 - KB4494175 (x64) (V3.0) (ID: 449417513)
[Major] MS19-SEP: Cumulative Update for Windows 10 Version 1709 - Windows 10 Version 1709 - KB4516066 (x64) (ID: 451606601)
[Minor] MS19-SEP: Security update for the information disclosure vulnerability in Microsoft Visual Studio 2015 Update 3 - KB4513696 (ID: 451369601)
Reason for Update:
Missing source release date in fixlet ID 451369601.
Updated relevance in fixlet ID 449417513 to fix targeting issue.
Fixed file download details in actionscript of fixlet ID 451606601
Actions to Take:
None
Published site version:
Patches for Windows, version 3370
Hi BigFix Team, wanted to pass along the following comments from my patching team in regards to this month’s content:
• They forgot the .NET Framework updates for Windows 7 this month, for example the cumulative feature and security update KB 4514602.
• The Intel microcode update for Win10 Build 1709 (KB4494452) lacks a default action; all the other microcode updates have one so this was just an oversight.
• Microsoft is still publishing cumulative updates for Windows 10 Build 1607 even though it is technically out of support. BigFix releases them for the LTSB (long term service branch) but not the regular version. It would be nice if, as long as Microsoft is publishing them, they also released fixlets for the regular version. (We still have one computer out there, I think…)
This is bit of an odd case. There are no Windows 7 .NET security updates listed in the Microsoft’s September security guide. https://portal.msrc.microsoft.com/en-us/security-guidance
Nor is Windows 7 mentioned in the CVE advisory for which the September .NET Framework security updates address: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1142
Looking at the article for KB4514602, it looks like it is a re-wrap of previous updates. KB4514602 encompasses the following:
4507004 for .net 3.5.1 - July 2019 security updates
4507001 for .net 4.5.2 - July 2019 security updates
4511516 for .net 4.6-4.7.2 - September preview updates released late August
4511525 for .net 4.8 - September preview updates released late August
Note we do have content for all the listed KBs already.
We’ll add the MS19-SEP label to them to help further identify them as part of the September “security” updates.
Another interesting thing to note here is that there are no corresponding “security only” (vs security & quality rollup) updates for the Windows 7 .NET updates for September.
Regarding default action, I’ll let the team know and this will be updated shortly.
The patch binary for cumulative updates for Windows 10 LTSB and non-LTSB editions have always been the same. After Microsoft announced end of support for Windows 10 1607 non-LTSB editions, we changed our fixlets to only include LTSB editions. If you try to install the patch on non-LTSB editions, it will simply fail. Are you seeing something different?
Did you check the Update Catalog for KB4514602? It seems pretty clear cut to me that this is an MS19-SEP update that replaces KBs 4507420 and 4512193, for both Windows 7 and Windows Server 2008 R2: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4514602
Windows Server 2008 SP2 did not receive an update for September, as far as I can tell, and adding the MS19-SEP tag to those fixlets is confusing, in my opinion.
KB4514602 is just a wrapper. If you look at the child KBs wrapped by KB4514602 (which can be viewed by going to the KB article or clicking the Download button in your screenshot), they are just old .NET updates, some of which were included in the MS19-JUL release and others as part of the Preview rollups.
Like Windows 7 & Windows Server 2008 R2, old Windows Server 2008 SP .NET updates were re-wrapped under a new parent KB number (KB4514605) for September.
The team has reversed course in terms of re-labeling the older fixlets which contained the same exact updates as KB4514605/KB4514602 and have opted to create new fixlets for the re-rewrapped updates instead. This should help keep data fields like Source Release Date and Category more in line with what is defined by the new KB wrapper.
