Microsoft Security Updates September 2017 release

Sep 12, 2017

Updated • Jan 4, 2018

Security updates for all supported versions of Microsoft Windows and other Microsoft products have been released on September 12, 2017.

This guide offers extensive information on the release; important to get a clearer picture on what has been released this month, and how the updates should be deployed.

It begins with an executive summary that lists the most important facts about the guide. What follows is the distribution of operating systems -- by client and server versions of Windows -- and other Microsoft products.

All security updates, security advisories, and non-security updates are listed afterwards. Each links to a Microsoft support page to look up information that Microsoft published on the particular update.

The last part of the guide links to direct security update downloads for Windows, and offers additional resource links that you may follow.

Check out the August 2017 Patch day if you missed it.

Microsoft Security Updates September 2017

Download the following Excel spreadsheet that lists all security updates and detailed information released by Microsoft since the August 2017 Patch Day.

Click on the following link to download the -- zipped -- spreadsheet to your local system: microsoft-Security-Updates-september-2017.zip

Executive Summary

Microsoft released security patches for all versions of Windows.
Security updates were also released for Internet Explorer, Microsoft Edge, Microsoft Office, Skype for Business and Lync, Microsoft Exchange Server, Adobe Flash Player, and the .Net Framework.

Operating System Distribution

Windows 7:Â 22 vulnerabilities of which 3 are rated critical, 19 important
Windows 8.1: 26 vulnerabilities of which 4 are rated critical, 22 important
Windows 10 version 1703: 25 vulnerabilities of which 2 are rated critical, 23 important

Windows Server products:

Windows Server 2008 R2: 23Â vulnerabilities, of which 3 are rated critical, 20 important
Windows Server 2012 and 2012 R2: 26 vulnerabilities, of which 4 are rated critical 21 important and 1 moderate
Windows Server 2016: 28 vulnerabilities of which 2 are rated critical, 26 important

Other Microsoft Products

Internet Explorer 11: 7Â vulnerabilities, 5 critical, 2 important
Microsoft Edge: 28 vulnerabilities, 19 critical,Â 7 important, 2 moderate

Security Updates

KB4038788 -- Windows 10 Version 1703

Addressed issue where the color profiles do not revert to the user-specified settings after playing a full-screen game.
Updated HDR feature to be turned off by default in the OS.
Addressed issue where you can't open the Start menu when you add a third-party IME.
Addressed issue with scanners that rely on inbox driver support.
Addressed issue in a Mobile Device Manager Enterprise feature to allow headsets to work correctly.
Addressed issue where some machines fail to load wireless WAN devices when they resume from Sleep.
Addressed issue where Windows Error Reporting doesn't clean up temporary files when there is a redirection on a folder.
Addressed issue where revoking a certificate associated with a disabled user account in the CA management console fails. The error is "The user name or password is incorrect.
0x8007052e (WIN32: 1326 ERROR_LOGON_FAILURE)â€.
Addressed issue where LSASS is leaking large amounts of memory.
Addressed issue where enabling encryption using syskey.exe renders the system unbootable.
Updated the BitLocker.psm1 PowerShell script to not log passwords when logging is enabled.
Addressed issue where saving a credential with an empty password to Credential Manager causes the system to crash when attempting to use that credential.
Updates to Internet Explorer 11â€™s navigation bar with search box.
Addressed issue in Internet Explorer where undo is broken if character conversion is canceled using IME.
Addressed issue with the EMIE where Microsoft Edge and Internet Explorer repeatedly switched between each other.
Addressed issue where a device may stop responding for several minutes and then stop working with error 0x9F (SYSTEM_POWER_STATE_FAILURE) when a USB network adapter is attached.
Addressed issue where some apps cannot be opened because the IPHlpSvc service stops responding during the Windows boot procedure.
Addressed issue where spoolsv.exe stops working.
Addressed issue where the Get-AuthenticodeSignature cmdlet does not list TimeStamperCertificate even though the file is time stamped.
Addressed issue where, after upgrading to Windows 10, users may experience long delays when running applications hosted on Windows Server 2008 SP2.
Addressed RemoteApp display issues that occur when you minimize and restore a RemoteApp to full-screen mode.
Addressed issue that sometimes causes Windows File Explorer to stop responding and causes the system to stop working.
Addressed issue that causes the Export-StartLayout cmdlet to fail when exporting the layout of tiles at startup.
Addressed issue where the option to join Azure AAD is sometimes unavailable during the out-of-box experience.
Addressed issue where clicking the buttons on Windows Action Center notifications results in no action being taken.
Re-release of MS16-087- Security update for Windows print spooler components.
Security updates to Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Microsoft Uniscribe, Microsoft Edge, Device Guard, Windows TPM, Internet Explorer, Microsoft Scripting Engine, Windows Hyper-V, Windows kernel, and Windows Virtualization.

KB4038792 -- Windows 8.1 and Windows Server 2012 R2 Monthly Rollup

Updates to Internet Explorer 11â€™s navigation bar with search box.
Addressed issue in Internet Explorer where undo is broken if character conversion is canceled using IME.
Addressed issue in Internet Explorer where graphics render incorrectly.
Addressed issue in Internet Explorer where the Delete key functioned improperly.
and all updates of KB4038793

KB4038793 -- Windows 8.1 and Windows Server 2012 R2 Security-only update

Re-release of MS16-087- Security update for Windows print spooler components.
Security updates to Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Microsoft Uniscribe, Microsoft Windows PDF Library, Windows TPM, Windows Hyper-V, Windows kernel, and the Windows DHCP Server.

KB4038799 -- 2017-09 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

Same as KB4038793

KB4038786 -- 2017-09 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

Same as KB4038793

KB4038777 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 Monthly Rollup

Updates to Internet Explorer 11â€™s navigation bar with search box.
Addressed issue in Internet Explorer where undo is broken if character conversion is canceled using IME.
Addressed issue in Internet Explorer where graphics render incorrectly.
Addressed issue in Internet Explorer where the Delete key functioned improperly.
and all updates of KB4038779

KB4038779 -- Windows 7 SP1 and Windows Server 2008 R2 SP1 Security-only Update

Addressed issue where applications that have LDAP referral chasing options enabled use a TCP dynamic port connection that doesnâ€™t close until the applications close or the calling OS restarts. With sufficient time and volume, these applications may completely consume all TCP dynamic ports. If that occurs, network communications will fail for any protocol or operation that uses dynamic ports. This issue was introduced by the July and August 2017 cumulative updates starting with KB4025337 and KB4025341.
Re-release of MS16-087- Security update for Windows print spooler components.
Security updates to Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Windows Hyper-V, Windows kernel, and Windows Virtualization.

KB4036586 -- Cumulative security update for Internet Explorer

KB3170455 -- Security Update for Windows Server 2008 -- security update for Windows print spooler components (July 2016, re-release September 2017)

KB4032201 -- Security update for the Windows kernel information disclosure vulnerability in Windows Server 2008 -- An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory.

Note: You need to re-install the update after you install language packs on the system.

KB4034786 -- Security Update for Windows Server 2008 -- Security update for the Microsoft Bluetooth driver spoofing vulnerability in Windows Server 2008.

Note: You need to re-install the update after you install language packs on the system.

KB4038806 -- 2017-09 Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012

KB4038874 -- Security Update for Windows Server 2008 -- Security update for the Windows Kernel information disclosure vulnerability in Windows Server 2008.

Note: You need to re-install the update after you install language packs on the system.

KB4039038 -- Security Update for Windows Server 2008 -- Security update for the information disclosure vulnerability in Windows Server 2008

Note: You need to re-install the update after you install language packs on the system.

KB4039266 -- Security Update for Windows Server 2008 -- Security update for the Windows shell remote code execution vulnerability in Windows Server 2008

Note: You need to re-install the update after you install language packs on the system.

KB4039325 -- Security Update for Windows Server 2008 -- No information yet

KB4039384 -- Security Update for Windows Server 2008 and Windows XP Embedded -- Security update for the Windows Uniscribe vulnerabilities in Windows Server 2008

Note: You need to re-install the update after you install language packs on the system.

KB4041083 -- 2017-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4041084 -- 2017-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

KB4041085 -- 2017-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4041086 -- 2017-09 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4041090 -- 2017-09 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4041091 -- 2017-09 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

KB4041092 -- 2017-09 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1 and Windows Server 2012 R2

KB4041093 -- 2017-09 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4038781 -- 2017-09 Dynamic Cumulative Update for Windows 10 Version 1607

KB4038783 -- 2017-09 Dynamic Cumulative Update for Windows 10 Version 1511

KB4038788 -- 2017-09 Cumulative Update for Windows 10 Version 1607 and Windows 10

KB3203474 -- Security update for Office 2016: September 12, 2017

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

KB3213551 -- Security update for Office 2016: September 12, 2017

Same as KB3203474

KB4011050 -- Excel 2016 Security Update September 12, 2017

Same as KB3203474
Also includes large list of non-security improvements that improve performance and fix crashes among other things.

KB3213564 -- Security update for Office 2013: September 12, 2017

Same as KB3203474

KB3213638, KB3213631, KB3213626Â -- Security update for Office 2010: September 12, 2017

Same as KB3203474

Known Issues

KB4038788

Installing KB4034674 may change Czech and Arabic languages to English for Microsoft Edge and other applications.
- No workaround yet.

KB4038792 and KB4038793

NPS authentication may break, and wireless clients may fail to connect.
- Workaround: Set SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13\DisableEndEntityClientCertCheck to value 0.
Japanese IME may hang in certain scenarios.
- Workaround: Install KB2962409.

Security advisories and updates

ADV170015 -- Microsoft Office Defense in Depth Update

KB4025398 -- Security Update for WES09 and POSReady 2009 -- Fixes an information disclosure vulnerability in the Windows System Information Console.

Non-security related updates

KB3186568 -- Microsoft .NET Framework 4.7 for Windows 10

KB3186607 -- Microsoft .NET Framework 4.7 Language Packs for Windows 10

KB4039111 -- Update for WEPOS and POSReady 2009

KB4039556 -- 2017-09 Dynamic Update for Windows 10 Version 1607

KB890830 -- Windows Malicious Software Removal Tool for Windows - September 2017

KB4038921 -- Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

KB4038922 -- Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1 and Windows Server 2012 R2

KB4038923 -- Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4035036 -- August, 2017 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4035037 -- August, 2017 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012

KB4035038 -- August, 2017 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4035039 -- August, 2017 Preview of Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008

KB4019276 -- Update for Windows Server 2008 -- Adds support for TLS 1.1 and TLS 1.2.

KB4036162 -- Update for Windows Server 2008 -- Fixes a crash in WordPad.

KB4037616 -- Update for Windows Server 2008 -- Fixes a crash in spoolsv.exe.

KB4022633 -- 2017-05 Update for Windows 10 Version 1511 -- OOBE update for Windows 10 Version 1511

How to download and install the September 2017 security updates

Suggestion: Windows updates may backfire; they may introduce issues or even block the PC from booting or functioning properly. I suggest you create a backup of the system before you install updates.

Windows PCs are configured to download and install important updates -- like security updates -- automatically. This is not a real-time process though, and you may want to run a manual check for updates at times, or download updates manually to install them without direct connection to Microsoft's servers.

You may run a manual check for updates on Windows in the following way:

Select the Windows-key on the keyboard, type Windows Update, and select the Enter-key.
Windows may run a check automatically when the page opens, or after you click on the "check for updates" link or button.
Updates may be downloaded automatically if they are found, or only after you accept them.

You may download updates directly from Microsoft's Update Catalog website as well. The links are listed below:

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

KB4038777 -- 2017-09 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
KB4038779 -- 2017-09 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems

Windows 8.1 and Windows Server 2012 R2

KB4038792 -- 2017-09 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems
KB4038793 -- 2017-09 Security Only Quality Update for Windows 8.1 for x86-based Systems

Windows 10 and Windows Server 2016 (version 1703)

KB4038788 -- 2017-09 Cumulative Update for Windows 10 Version 1703

Additional resources

Summary

Article Name

Microsoft Security Updates September 2017 release

Description

Security updates for all supported versions of Microsoft Windows and other Microsoft products have been released on September 12, 2017.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo

Comments

Paul(us) said on September 12, 2017 at 8:49 pm


Thank you very much to Martin, that you have shown me the way through the maze of updates for the various systems with a steady hand, just like every month.
I am also very pleased that you have been able to upload the Microsoft security update links in a spreadsheet for some time. It’s so easy to get an overview of the 753 different updates (it’s almost impossible to grasp how many of them are!).
I find it a good addition to your page in specific cases and to get an overview.
Hopefully, you will continue to be inspired down to the length of days to present this monk’s work every month.
Stefan said on September 12, 2017 at 11:00 pm


Intruduces new bugs !
1. svim said on September 13, 2017 at 12:01 am
  
  
  OK some people are averse to updating their stuff because of sentiments like that. It’s not like that doesn’t happen on occasion but that’s really rare and most of these security updates are addressing real-world issues. If you are scared to apply updates because they might possibly ‘introduce new bugs’, for your own peace of mind you should give serious thought to avoid using any computer, or at least never allow your computer any online access.
  1. ilev said on September 13, 2017 at 12:03 pm
    
    
    I stopped updating Microsoft’s update for my Windows 7, ~3 years ago.
  2. kr said on September 14, 2017 at 1:03 pm
    
    
    No, it’s not really rare. The latest updates (September 2017) made my Internet Explorer so it can’t be opened, and when I try to restore my computer to an earlier date, system restore can’t find any hard drives on my computer. So my computer is now totally screwed up. And stuff like that has happened to my computers for years when I use automatic updates. The only “malicious user” that’s ever gained access to my computer is MICROSOFT.
2. todd said on September 14, 2017 at 6:38 am
  
  
  I have 2 Windows 10 computers that got this update, both now take about 8 min to login and display the desktop. work fine after i get logged in but it just displays a black screen for the first 8 min.
  1. Ksuvi Khor said on September 25, 2017 at 3:57 pm
    
    
    We are experiencing a similar issue in our organization. After installing KB4038777 on our HP 6200 desktop machines (running Windows 7 Professional 64-bit) our users are experiencing a blank screen with cursor for several minutes immediately after logging in, thus delaying their ability to log in and get to work. Removing KB4038777 and rebooting fixes this issue.
CHEF-KOCH said on September 12, 2017 at 11:14 pm


The color profile bug got finally fixed with the latest update:
https://support.microsoft.com/en-us/help/4038788/windows-10-update-kb4038788
AJ North said on September 13, 2017 at 12:00 am


Thank you for your September 2017 comprehensive update list, Martin!

For those who install the Security Only Quality Update, should it not also include the “Cumulative security update for Internet Explorer: September 12, 2017” (KB4036586)? (Catalog page: https://www.catalog.update.microsoft.com/search.aspx?q=kb4036586 )

Again, many thanks â€• and take good care!

With cordial regards,

AJN
Jonnyredhead said on September 13, 2017 at 12:16 am


Is there an update url link for IE11 Win x64.
1. seeprime said on September 13, 2017 at 12:33 am
  
  
  Security patches for IE are included in Windows updates.
  1. TelV said on September 13, 2017 at 2:38 pm
    
    
    Security only updates does not include IE11 patches: https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=8c3d7238-564c-4ed3-ae6f-e3d9881f6f5f
    
    Only the Security Quality Monthly rollup includes the IE patch: https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=786a3f74-0243-4482-9206-6f8c72c3c4c7
    
    Click the button called Package Details in both links to see the difference.
    
    The links are for Windows 8.1 x64 but apply equally for other Windows versions.
  2. Jonnyredhead said on September 13, 2017 at 8:54 pm
    
    
    Thanks guys. So, Is there a Win7 x64 IE11 update for Sept 2017. I installed the other update a few months back. Prefer just the win7 x64 security only and separate IE11 updates.
T J said on September 13, 2017 at 12:45 am


Martin, thank you for the work which you have done to design the spreadsheet.
It is even more impressive that you built in links which take us directly to the relevant MS information bulletins.
This saves a huge amount of time in searches :))
PismoGizmo said on September 13, 2017 at 3:46 am


Please list the KB Number for IE 11 cummulative security only update for windows 7, I need the KB number for IE 11 each and every month and both you and woody need to list KB numbers for those that are doing the updates directly from microsoft’s update catalog! And the KB number for IE 11 cummulative monthly update is not listed, and its hard to find that IE 11 cummulative sec update KB number each month. .

I’d rather that updates be listed in outline form by OS version the OS listed as the outline header of say for example: Windows 7, then indent and list by KB Number and Include all the security only updates that fall under each respective version’s heading( windows 8.1, windows 7, windows server versions, etc)

So far I have only been updating the windows 7 monthly sec only “Quality” updates and the IE 11 cummulative security only updates, and no others directly from the windows/microsoft update catalog(since Oct of 2016), Have I been missing any other updates that may be necessary?
Deo et Patriae said on September 13, 2017 at 6:20 am


I would have much respect after the fall creators update, stop releasing these major upgrades with added features and keep focusing only on bug, stability and efficiency fixing for at at least one year. Best would be two years, but we all know not gonna happen.
leanon said on September 13, 2017 at 7:02 am


THANK YOU Kept getting network error on KB4038788 with windows update so followed your link and had that 935mb bad boy downloaded an installed in half the time those cumulative updates often take.
leanon said on September 13, 2017 at 7:09 am


BTW anyone have problems with Edge browser after updating? Mine wouldnt load the first few times I tried and when it finally did ublock was disabled. Did disable a few network items near the bottom in about:flags which may or may not have fixed it, but it seem to have on this end.
1. Martin Brinkmann said on September 13, 2017 at 7:15 am
  
  
  Edge auto-quits on one of my systems, but that has been the case for a couple of months. Cannot use the browser, repair not working.
2. Tom said on September 13, 2017 at 5:30 pm
  
  
  Edge now has a random behavior – it feels like a hacked browser by it’s own eginners… Firefox is now default on my system.
3. Matt M said on September 13, 2017 at 7:31 pm
  
  
  Yeah I had the same problem and I’m seeing regular crashes with edge now. Exception code 0xc0000604.
4. John S said on September 14, 2017 at 1:40 pm
  
  
  Yes, all three of my PC’s had Edge issues after updates. Home page took forever to load and sometimes it just did not. Posted on Microsoft’s forum but of course just got a bunch of canned troubleshooting replies. Too bad Edge is so difficult to uninstall or reset. I really didn’t care to spend a lot of time trying to fix. Don’t use Edge that much so I just used Firefox or Chrome. Some had issues with Internet Explorer too I guess so maybe related to the patches?
5. leanon said on September 17, 2017 at 9:25 am
  
  
  Went back to about:flags an reenabled those 3 settings I had mentioned earlier with no ill affects so must had just been a coincidence.
  
  Can say uBO now seems to be working better after the update. In the past after opening Edge I would go right to uBO to check for filter updates, it would take on average 3 trys to get uBO to open but now maybe 1.01 :)
  
  Hope all the problems finding others dont find me (knocks on wood)
Anonymous said on September 13, 2017 at 8:51 am


There was this exploit called CVE-2017-8759 to which Microsoft claimed that customers who received automatic updates for their products are protected.

Do we need to update .Net Framework?

I have .Net Framework 4.6.1 but KB4040957 only prompts me to install .Net Framework 4.7.
1. TelV said on September 13, 2017 at 4:26 pm
  
  
  You need this one: https://www.catalog.update.microsoft.com/Search.aspx?q=4041090
  
  See: https://support.microsoft.com/en-ca/help/4040957/description-of-the-security-only-update-for-the-net-framework-4-6-4-6
  1. Anonymous said on September 14, 2017 at 8:35 am
    
    
    It’s me again.
    
    That’s what I did. But the problem is that I didn’t see any update for 4.6.1. Only 2 updates asked me to install 3.5 and 4.7. One was something that could download 4.7 and the other only updates 3.5.
  2. Anonymous said on September 14, 2017 at 8:38 am
    
    
    Plus from what I heard in Woody’s blog, that exploit is aimed more towards anyone guarding state secrets.
Franck said on September 13, 2017 at 11:16 am


Thank you so much for this awesome sum-up !

A lot clearer and more informative than the MS shady pages !
chesscanoe said on September 13, 2017 at 4:34 pm


FWIW. I received a Microsoft Security Notification 20 hours ago that said in part:
“CVE-2017-8529

– Title: CVE-2017-8529 | Microsoft Browser Information Disclosure
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To address known print regression issues
customers may experience when printing from Internet Explorer
or Microsoft Edge after installing any of the June security
updates, monthly rollups, or IE cumulative updates, Microsoft has
released the following September security updates: Internet
Explorer Cumulative Update 4036586; Monthly Rollups 4038777,
4038799, 4038792; Security Updates 4038781, 4038783, 4038782,
and 4038788 for all affected editions of Microsoft Edge and
Internet Explorer when installed on supported editions of Windows.
Please note that with the installation of these updates, the
solution to CVE-2017-8529 is turned off by default to help
prevent the risk of further issues with print regressions, and
must be activated via your Registry. To be fully protected from
this vulnerability, please see the Update FAQ section for
instructions to activate the solution.
– Originally posted: June 13, 2017
– Updated: September 12, 2017
– CVE Severity Rating: Moderate
– Version: 5.0 ”

It’s not of concern to me, but may be for some.
1. Mike said on September 20, 2017 at 8:47 pm
  
  
  After installing the necessary patches, the registry key they refer to (FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX) still isn’t available. Anyone get this to work?
  
  From Microsoft’s FAQ:
  
  FAQ
  
  After I install the updates for CVE-2017-8529, is there anything else I need to do to be protected from this vulnerability?
  Yes. With the rerelease of CVE-2017-8529 Microsoft has addressed previously known print issues related to this vulnerability; however, to prevent the potential for any further print regressions, the solution for CVE-2017-8529 is turned off by default in your registry. To be fully protected from this vulnerability, you need to do the following after installing the update:
  
  Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  
  For 32-bit and 64-bit systems:
  1.Click Start, click Run, type regedt32 or type regedit, and then click OK.
  
  2.In Registry Editor, locate the following registry folder: KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX
  
  3.Double-click the value named iexplore.exe and change the Value data field to 1.
  
  4.Click OK to close.
  
  For 64-bit systems only:
  1.Click Start, click Run, type regedt32 or type regedit, and then click OK.
  
  2.In Registry Editor, locate the following registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX
  
  3.Double-click the value named iexplore.exe and change the Value data field to 1.
  
  4.Click OK to close.
  1. Mike said on September 20, 2017 at 9:11 pm
    
    
    Weird!!!!!
    
    I’ve been trying to find a solution to this. While re-reading the same article I pasted above, the page refreshed and the text changed! Microsoft must have updated it while I was looking at it.
    
    Sure enough, the modified date changed to today. Thanks for the extra gray hair Microsoft!
    
    Before it said to LOCATE the key. Now it says to CREATE it manually.
    
    Here’s what it says now.
    
    After I install the updates for CVE-2017-8529, is there anything else I need to do to be protected from this vulnerability?
    Yes. With the rerelease of CVE-2017-8529 Microsoft has addressed previously known print issues related to this vulnerability; however, to prevent the potential for any further print regressions, the solution for CVE-2017-8529 is turned off by default. To be fully protected from this vulnerability, you need to do the following after installing the update:
    
    Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
    
    Note If you have previously configured the FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX subkey, double-click the iexplore.exe DWORD and then follow Step 7 to change the value.
    
    For 32-bit and 64-bit systems:
    1.Click Start, click Run, type regedt32 or type regedit, and then click OK.
    
    2.In Registry Editor, locate the following registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\
    
    3.Right-click FeatureControl, point to New, and then click Key.
    4.Type FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, and then press Enter to name the new subkey.
    5.Right-click FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, point to New, and then click DWORD Value.
    6.Type “iexplore.exe” for the new DWORD value.
    7.Double-click the new DWORD value named iexplore.exe and change the Value data field to 1.
    
    8.Click OK to close.
    
    For 64-bit systems only:
    1.Click Start, click Run, type regedt32 or type regedit, and then click OK.
    
    2.In Registry Editor, locate the following registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\
    3.Right-click FeatureControl, point to New, and then click Key.
    4.Type FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, and then press Enter to name the new subkey.
    5.Right-click FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, point to New, and then click DWORD Value.
    6.Type “iexplore.exe” for the new DWORD value.
    7.Double-click the new DWORD value named iexplore.exe and change the Value data field to 1.
    
    8.Click OK to close.
Stevie70 said on September 14, 2017 at 7:26 am


when I was shutting down my laptop on September 12 my laptop had 2 options…update and shutdown or update and restart…I chose the first….3 hour later I tried to login to my laptop and it told me my “password is incorrect” and I have used that password for the past year…I then tried my first password from when I bought my laptop in 2013 and it worked….I then found out the updates ERASED EVERYTHING and reverted back to Windows 7 and the only photos I had left were from 2013….it did have some programs from this year but 90% of my photos and other downloads were erased and even my toolbar and Google…did this happen to anyone else? Unfortunately I did NOT have an external backup system since my USB ports quit working about 2 years ago a few months AFTER I installed Windows 10 and I tried downloading driver updates and it didn’t work
1. AJ North said on September 14, 2017 at 9:02 am
  
  
  Hello Stevie70,
  
  It is possible that the data was not actually eradicated, and may still be recoverable. Have you tried a data recovery utility, such as the highly-rated Recuva (from Piriform, the vendor of CCleaner)? (Please see https://www.lifewire.com/free-data-recovery-software-tools-2622893 and http://www.techradar.com/news/software/applications/best-free-data-recovery-tools-1321723 and https://fossbytes.com/top-best-free-data-recovery-software-2016/ .)
  
  Needless to say, whether you are able to recover some or all of your data (hopefully the latter), the watchword from here on out is “BACKUP” â€” regularly, to an external drive (and perhaps also an optical disc, for extremely important files).
  
  Best of luck!
  
  Cheers,
  
  AJN
John S said on September 14, 2017 at 1:35 pm


Can’t believe Edge 28 vulnerabilities. WOW. So much for Microsoft’s safer and better browser. Same old, same old.
Stefan said on September 15, 2017 at 9:53 pm


I stopped updating my Windows 7 x64 when Microsoft intruduced the ROLLUPS. Cause some software to behave strange…

XP x64 gets updates until 2019 but even these updates are damn buggy and make my musicstudio go berzerk… Clean install and only the updates until they officially ended the support.

7 x64 and XP x64 are both secured in many ways. If something bad happens i just restore it from a backup that takes about 40 mins.

The spyware 8.x and 10 will never be installed on any of my computers, not now nor ever !

To get problems with the rollups is a common issue to many users, especially people with no computerskills.
1. AJ North said on September 15, 2017 at 9:57 pm
  
  
  Hello Stefan,
  
  Let me wholeheartedly second both your evaluation and approach!
  
  Cheers,
  
  AJN
2. Jody Thornton said on September 16, 2017 at 2:15 pm
  
  
  @Stefan:
  
  XP x64 does not receive POS Ready updates until 2019. XP x86 does (or more correctly, can be made to install them). So if you’re updating XP x64 Edition somehow, I’d like to know.
  
  How do you feel that XP is more secure? It runs on lesser equipment – yes, but how is it more secure?
  I run Windows 8 and I’m not sure of the “spyware” that you speak of.
3. Jody Thornton said on September 22, 2017 at 1:39 pm
  
  
  Ahem….. @Stefan:
  
  I still want to hear about these XP 64-bit updates that you dreamt up. And I’d like to tell me why Windows 8x has supposed spyware, but you give Windows 7 a pass. Windows 7 also has updates that include telemetry components; you did know that right?
mark said on September 23, 2017 at 8:21 am


My 2012R2 VM’s install September updates fine, but then want to install the same updates over and over. Anyone else seeing this issue?
1. Mark said on September 24, 2017 at 11:39 pm
  
  
  KB4038774, 4036479, 4038792 and 4041085 want to keep installing. They get installed, reboot, check for updates, they are listed again for install.
  
  Only happening on Hyper-V VM’s. Physical Hosts which are 2012R2 aren’t seeing this issue.
  1. Bitpuffa said on September 25, 2017 at 4:34 pm
    
    
    Same problem happens to me for 2012 R2 virtual guests. In addition, on virtual web servers with webdav enabled
    (which previously worked fine) unable to create new file/folders with error 0x80070057 parameter is incorrect (using my system administrator account!!)

Microsoft Security Updates September 2017 release