Microsoft Windows Security Updates April 2019 overview - gHacks Tech News

Microsoft Windows Security Updates April 2019 overview

Microsoft released security updates for supported versions of Windows and other company today on the April 9, 2019 Patch Tuesday.

Updates are provided in various ways: via Windows Update, as direct downloads, and through Enterprise updating systems.

Our monthly overview of Microsoft's Patch Day offers detailed information  on updates, additional information that is relevant, and links to supported articles.

It starts with an executive summary, and is followed by the statistics, the list of released updates, known issues, and direct download links.

You can check out last month's Patch Day in case you have missed it. As always, it is recommended that systems are backed up before new patches are installed. Note that some users had troubles installing the last cumulative update for Windows 10 version 1809; you can check a possible fix for System Service Exception blue screens here.

Attention: Reports of Windows 7 and 8.1, and Server 2008 R2 / 2012 R2 machines freezing after update installation. Is apparently related to Sophos products, only solution right now is to uninstall the update. Check out this article for more details.

Microsoft Windows Security Updates April 2019

Download the following Excel spreadsheet listing security updates and related information for updates that Microsoft released in April 2019. Click on the following link to download the spreadsheet to your local system: microsoft-windows-security-updates-april-2019.zip

Executive Summary

  • Windows 10 version 1607 reached end of support for Enterprise and Education customers today.
  • Windows 10 version 1709 reached end of support for Home, Pro and Pro for Workstations today.
  • Microsoft released security updates for all client and server versions of Windows.
  • Other Microsoft software with security updates: Microsoft Edge, Internet Explorer, Microsoft Exchange Server, Team Foundation Server, Azure DevOps Server, Windows Admin Center, Microsoft Office
  • Microsoft fixed many long standing known issues.
  • The Update Catalog lists 133 updates.

Operating System Distribution

  • Windows 7: 29 vulnerabilities of which 6 are rated critical and 23 are rated important (links see W10 1809)
    • CVE-2019-0791 | MS XML Remote Code Execution Vulnerability
    • CVE-2019-0792 | MS XML Remote Code Execution Vulnerability
    • CVE-2019-0793 | MS XML Remote Code Execution Vulnerability
    • CVE-2019-0795 | MS XML Remote Code Execution Vulnerability
    • CVE-2019-0845 | Windows IOleCvt Interface Remote Code Execution Vulnerability
    • CVE-2019-0853 | GDI+ Remote Code Execution Vulnerability
  • Windows 8.1: 31 vulnerabilities of which 7 are rated critical and 24 are rated important (links see W10 1809)
    • CVE-2019-0790 | MS XML Remote Code Execution Vulnerability
    • CVE-2019-0791 | MS XML Remote Code Execution Vulnerability
    • CVE-2019-0792 | MS XML Remote Code Execution Vulnerability
    • CVE-2019-0793 | MS XML Remote Code Execution Vulnerability
    • CVE-2019-0795 | MS XML Remote Code Execution Vulnerability
    • CVE-2019-0845 | Windows IOleCvt Interface Remote Code Execution Vulnerability
    • CVE-2019-0853 | GDI+ Remote Code Execution Vulnerability
  • Windows 10 version 1607:  33 vulnerabilities of which 7 are critical and 26 are important
    • critical issues same as W10 1809 except for CVE-2019-0786 which is not listed.
  • Windows 10 version 1703:  35 vulnerabilities of which 7 are critical and 28 are important
    • critical issues same as W10 1809 except for CVE-2019-0786 which is not listed.
  • Windows 10 version 1709: 37 vulnerabilities of which 8 are critical and 29 are important
    • critical issues same as W10 1809
  • Windows 10 version 1803: 37 vulnerabilities of which 8 are critical and 29 are important
    • critical issues same as W10 1809
  • Windows 10 version 1809: 36 vulnerabilities of which 8 are critical and 28 are important

Windows Server products

  • Windows Server 2008 R2: 29 vulnerabilities of which 6 are critical and 23 are important.
    • same as Windows 7
  • Windows Server 2012 R2: 31 vulnerabilities of which 7 are critical and 24 are important.
    • critical issues same as W10 1809 except CVE-2019-0786 which is not listed.
  • Windows Server 2016: 33 vulnerabilities of which 7 are critical and 26 are important
    • critical issues same as W10 1809 except CVE-2019-0786 which is not listed.
  • Windows Server 2019: 36 vulnerabilities of which 8 are critical and 28 are important.
    • Critical issues same as W10 1809

Other Microsoft Products

  • Internet Explorer 11: 5 vulnerability, 1 critical, 4 important
  • Microsoft Edge: 9 vulnerabilities, 7 critical, 2 important

Windows Security Updates

Windows 7 Service Pack 1

Monthly rollups won't include PciClearStaleCache.exe anymore starting with this update. Microsoft advises that administrators make sure that updates between April 20, 2018 and March 12, 2019 are installed prior to installing this update and future monthly rollup updates to make sure that the program is on the system.

The following symptoms may be experienced if the file is not available:

  • Existing NIC definitions in control panel networks may be replaced with a new Ethernet Network Interface Card (NIC) but with default settings. Any custom settings on the previously NIC persist in the registry but were unused.
  • Loss of static IP address settings.
  • Network Flyout does not display certain Wi-Fi profile settings.
  • Disabling of Wi-Fi network adapters.

KB4493472 -- Monthly Rollup

  • Provides protections against Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754) for VIA-based computers.
  • Fixed an issue that caused the error "0x3B_c0000005_win32k!vSetPointer".
  • Fixed the netdom.exe error "The command failed to complete successfully" appears.
  • Fixed the Custom URI Schemes issue.
  • Fixed the WININET.DLL issue.
  • Security updates

KB4493448 -- Security only update

  • Same as monthly rollup except for error "0x3B_c0000005_win32k!vSetPointer" and Custom URI Schemes.

Windows 8.1

KB4493446 -- Monthly Rollup

  • Provides protections against Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754) for VIA-based computers.
  • Fixes an issue with MSXML6 that could cause programs to stop responding.
  • Fixed an issue with the Group Policy Editor that caused it to stop responding when editing Group Policy Preferences for Internet Explorer 10 Internet settings.
  • Fixed an issue with Custom URI schemes for Application Protocol Handlers.
  • Fixed an authentication issue in Internet Explorer 11 and other apps that use WININET.DLL.
  • Security updates for various components.

KB4493467 -- Security-only Update

  • Same as the Monthly rollup except the Custom URI schemes fix (not listed)

Windows 10 version 1607

KB4493470

  • Fixed several known issues.
  • Fixed an issue to meet GB18030 certificate requirements.
  • Security updates.

Windows 10 version 1703

KB4493474

  • Fixed several known issues
  • Security Updates

Windows 10 version 1709

KB4493441

  • Fixed several known issues
  • Security Updates

Windows 10 version 1803

KB4493464

  • Fixed several known issues
  • Addresses a stop error that occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting.
  • Security updates.

Windows 10 version 1809

KB4493509

  • Fixed several known issues including EUDC blue screen, MXSML6 stop responding, Group Policy Editor stops responding, WININET.DLL
  • Security updates

Other security updates

KB4493435 -- Cumulative Security Update for Internet Explorer

KB4491443 -- Remote code execution vulnerability in Windows Embedded POSReady 2009

KB4493448 -- Security Only Quality Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4493450 -- Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4493451 -- Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4493458 -- Security Only Quality Update for Windows Server 2008

KB4493471 -- Security Monthly Quality Rollup for Windows Server 2008

KB4493472 -- Security Monthly Quality Rollup for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4493478 -- Security Update for Adobe Flash Player

KB4493563 -- Remote code execution vulnerability in Windows Embedded POSReady 2009

KB4493730 -- Security Update for Windows Server 2008

KB4493790 -- Remote code execution vulnerability in Windows Embedded POSReady 2009

KB4493793 -- Remote code execution vulnerability in Windows Embedded POSReady 2009

KB4493794 -- Remote code execution vulnerability in Windows Embedded POSReady 2009

KB4493795 -- Remote code execution vulnerability in Windows Embedded POSReady 2009

KB4493796 -- Remote code execution vulnerability in Windows Embedded POSReady 2009

KB4493797 -- Remote code execution vulnerability in Windows Embedded POSReady 2009

KB4493927 -- Information disclosure vulnerability in Windows Embedded POSReady 2009

KB4494059 -- Remote code execution vulnerability in Windows Embedded POSReady 2009

KB4494528 -- You receive an Error 1309 message when you install an .msi file on Windows Embedded POSReady 2009

KB4495022 -- Information disclosure vulnerability in Windows Embedded POSReady 2009

Known Issues

Windows 7 Service Pack 1

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. Workarounds available.

Windows 8.1

Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires. Workarounds available.

Windows 10 version 1607

For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update.

After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

And the Windows 7 SP1 issue.

Windows 10 version 1607 and newer

After installing the Internet Explorer cumulative update, custom URI schemes for application protocol handlers may not work properly in Internet Explorer. Workaround available.

Windows 10 version 1803

Same as Windows 7 SP1

Windows 10 version 1809, Windows Server 2016

Same as Windows 7 SP1

Security advisories and updates

ADV190011 | April 2019 Adobe Flash Security Update

ADV990001 | Latest Servicing Stack Updates

Non-security related updates

KB4487990 -- Update for POSReady 2009

KB890830 -- Windows Malicious Software Removal Tool - April 2019

Microsoft Office Updates

You find a list of all released updates for Microsoft Office -- security and non-security - here.

How to download and install the April 2019 security updates

microsoft updates windows april 2019

Windows Updates get installed automatically on Home systems by default. You can block or delay the installation of updates on these systems.

It is not recommended to run a manual check for updates as it may lead to the installation of preview updates or feature updates, but you may do so in the following way:

  1. Open the Start Menu.
  2. Type Windows Update.
  3. Click on the "check for updates" button to run a manual check.

You may use third-party tools like the excellent Windows Update Manager or Windows Update Minitool to download updates.

Direct update downloads

Microsoft makes available all cumulative updates that it releases for Windows as direct downloads on the Microsoft Update Catalog website. Follow the links listed below to go there for the listed version of Windows.

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4493472 -- 2019-04 Security Monthly Quality Rollup for Windows 7
  • KB4493448 -- 2019-04 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4493446 -- 2019-04 Security Monthly Quality Rollup for Windows 8.1
  • KB4493467 -- 2019-04 Security Only Quality Update for Windows 8.1

Windows 10 and Windows Server 2016 (version 1607)

  • KB4493470 -- 2019-04 Cumulative Update for Windows 10 Version 1607

Windows 10 (version 1703)

  • KB4493474 -- 2019-04 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4493441 -- 2019-04 Cumulative Update for Windows 10 Version 1709

Windows 10 (version 1803)

  • KB4493464 -- 2019-04 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

  • KB4493509 -- 2019-04 Cumulative Update for Windows 10 Version 1809

Additional resources

Summary
Microsoft Windows Security Updates April 2019 overview
Article Name
Microsoft Windows Security Updates April 2019 overview
Description
Microsoft released security updates for supported versions of Windows and other company today on the April 9, 2019 Patch Tuesday.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post:

Comments

  1. ilev said on April 9, 2019 at 8:33 pm
    Reply

    Microsoft throws in the towel on Windows 10 1809

    The company largely stopped distributing the October 2018 Update in March, apparently deciding to simply skip one feature upgrade to solve the problem of two on a collision course.

    https:// www. computerworld. com/ article/ 3387978/microsoft-throws-in-the-towel-on-windows-10-1809.html

    1. Yuliya said on April 9, 2019 at 11:13 pm
      Reply

      >Microsoft throws in the towel on Windows 10 1809
      >By Gregg Keizer
      >Senior Reporter, Computerworld

      smh… this passes as tech journalism these days… Regardless of what some.. self proclaimed, who apparently knows little to nothing about what he’s writing about, says, Microsoft will not scrap the 1809 branch. It’s a LTS and Server release. 1507, 1607 and 1809 is what brings Microsoft the income. Any other Win10 release insignificant. The fact that home users had/have problems with either of these three releases means nothing to them.

      I don’t know how the mere mortal aka consumer versions of Win10 still work update-wise, i.e Home/Pro/Education, but if you’re able to disable feature updates do it, and stay on a LTS equivalent build until the next one comes. If you’re enough tech savvy, just disable WinUpdate and apply the patches manually once per month, they are a 1,2GiB file, at least for LTS1607, containing all the fixes from day one until present. I guess MS stole this idea after had seen how wonderful Simplix Update Pack works on 7.

      1. ilev said on April 10, 2019 at 5:24 pm
        Reply

        You should better you reading comprehensions. No one said Microsoft is scrapping 1809, just that Microsoft has stopped PUSHING 1809 to home, enterprise.. PCs that didn’t it by now.
        Everyone is free to download and install 1809. It is still there.

      2. Yuliya said on April 10, 2019 at 11:48 pm
        Reply

        Then it means the title is clickbait, which is even worse.

    2. AnorKnee Merce said on April 10, 2019 at 5:06 pm
      Reply

      @ ilev

      According to a very recent ZDNet report, the FCC stated that in 2018, only 24.7 million Americans do not have Broadband Internet ( = download speed of 3Mbps to 25Mbps) but M$ countered that from her Windows(= Win 10/8.1/7) Telemetry & Data collection or spyware, a whopping 162.8 million Americans out of 300+ million in total US population do not have Broadband Internet = about 50%.
      ……. Maybe, that is why M$ is throwing the towel on Win 10 1809, ie the FCC had screwed up with her data.

      Nevertheless, after knowing the above data, M$ still had the nerve to continue forcing Win 10 users to be auto-upgraded every 6 months or every year which required the users to download a humongous 4GB upgrade file.
      ……. This means, if the hapless Win 10 user has an Internet plan of 2Mbps, it will take his/her Win 10 computer about 6 hours to download the upgrade file. There will be the risk of corrupted file transfer during the 6 hour long download = borked computers. The inplace upgrade itself may encounter incompatibilities = borked computers.
      ……. Tens of millions of American Win 10 users who do not have Broadband Internet have been suffering at the hands of M$ and her forced auto-upgrades. Shouldn’t M$ be charged in US Federal court for knowingly harming millions of American computer users.?

      It is general knowledge that an OS upgrade is better done via a clean install, instead of an inplace upgrade which is fraught with problems. Hence, most computer users prefer to do an OS upgrade every 3 to 5 years, ie by doing a clean install or buying a new OEM Windows computer. Some even prolong the upgrade to every 10 years, as per Windows EOL.

      Personally, I think it is insane for ordinary computer users to do an OS upgrade every 6 months, whether via a clean install or an inplace upgrade. Even smartphone users are not forced by Google or Apple to do that.

      M$, in her pursuit of maximum profit$, imposed forced auto-upgrades every 6 months or every year on Win 10 users. M$ did this not for the benefit of the users or for any other altruistic reason.

      Similarly, Ubuntu has Rolling Releases of new OS versions every 6 months with an EOL of 9 months, eg Ubuntu 16.10, Ubuntu 17.04, Ubuntu 17.10 and so on. OTOH, Ubuntu also has LTS Releases of new OS versions every 2 years with an EOL of 5 years, eg Ubuntu 14.04, 16.04 and 18.04. Both these Releases are not forced auto-upgrades for Ubuntu users, ie they are optional.
      ……. Rolling Releases are mostly used by tech-geeks, alpha-testers, experimenters, bleeding-edgers, trend-followers, software developers, new computer buyers, etc.
      ….

  2. chesscanoe said on April 9, 2019 at 10:11 pm
    Reply

    “It is not recommended to run a manual check for updates as it may lead to the installation of preview updates or feature updates, but you may do so in the following way:

    Open the Start Menu.
    Type Windows Update.
    Click on the “check for updates” button to run a manual check.”

    I did not see Martin’s advice above until after successfully installing KB4493509 and 3 others via Windows Update for my Windows 10 1809 x64 Home laptop. No observable problems.

  3. Coriy said on April 9, 2019 at 10:24 pm
    Reply

    You’ve got the links for Windows 8.1 and Windows 7 SP1 mixed up, so that I get the versions for Win8.1 instead of Win7 if I click the links.

  4. Anonymous said on April 10, 2019 at 1:58 am
    Reply

    Under Windows Security Updates – Windows 7 Service Pack 1 and Windows 8.1 you have the KB numbers listed in reverse. The Windows 7 are listed under Windows 8 and vice versa.

    Also, you have the same Windows 7 KB4493448 and KB4493472 listed again under Other security updates. Was that deliberate, none of the others listed above are duplicated in that section so it wasn’t clear to me, or is there some other Windows 7 other security updates that were meant there?

    Thanks.

  5. John G. said on April 10, 2019 at 5:15 am
    Reply

    This update makes my W10 1809 lost video files associations, Chrome flickering has turn back.

  6. Awshux said on April 10, 2019 at 9:13 am
    Reply

    BSOD for windows 7 x64 on my AMD A8-7650K ASROCK …

  7. Ananda said on April 10, 2019 at 11:12 am
    Reply

    Very queer if you ask me. But perhaps quite logical to Microsoft.
    The first time I installed KB4493509 for Windows 10 Home, it said I had build 17763.379.
    I updated again, and lo and behold, KB 4493509 appeared again. It installed, apparently without problems, but this time I had build 17763.439.
    Microsoft, jolly joker…

  8. Shane said on April 10, 2019 at 2:36 pm
    Reply

    Reverted from kb4493472 on Windows 7 x64. USB mouse didn’t work, SENS service ‘couldn’t be found’, rebooted via Ctrl-Alt-Del and keyboard, got fed up waiting for boot screen, ran System Restore from Startup Repair. Seems to be similar kind of issue for users with Sophos, but no Sophos here. NOD32 here. Now I’ve hidden kb4493472.

  9. John IL said on April 10, 2019 at 3:12 pm
    Reply

    Glad to be able to delay these feature updates after 1903, and am hoping I don’t get 1903 for awhile. Actually 1809 is pretty stable now which ironic how I just get a release stable and have to endure yet another release around the corner. With something like a 1/3 of users having got 1809 and the rest on previous releases. Guess maybe its why Microsoft finally caved on letting all Win 10 users pause the feature updates after 1903. I am at a point now, where nothing coming out in these new feature updates is worthy of the mess upgrading my PC’s. Other then a requiring a stable Windows OS, I don’t care for the rest of the stuff Microsoft keeps pilling onto Windows releases.

  10. Isabelle COLLARD said on April 10, 2019 at 6:24 pm
    Reply

    Hello,
    Issue on Windows 7 since last update was installed !!
    Update and Reboot take a long time, keyboard doesn’t work…

  11. ilev said on April 10, 2019 at 9:01 pm
    Reply

    Windows 7,8.1 and Windows 10 are freezing after April patches. The culprit is probably Sophos apps.
    Uninstall the updates in safe mode or restore from system restore point.

    https:// community. sophos. com/kb/en-us/133945

    https:// www. tenforums. com/ windows-10-news/130491-cumulative-update-kb4493509-windows-10-v1809-build-17763-437-april-9-a-2.html#post1612321

  12. Marc F said on April 10, 2019 at 9:21 pm
    Reply

    Three Lenovo T430 with WIndows 7 would not boot after last nights MS updates

  13. ULBoom said on April 10, 2019 at 10:34 pm
    Reply

    Woody’s at DEVCON 2 for these updates: don’t update unless absolutely necessary

    https://www.askwoody.com/

    The walls are caving in on Windows Update.

    1. AnorKnee Merce said on April 11, 2019 at 10:55 am
      Reply

      Like I said before, since the launch of Win 10 in 2015, M$ has weaponized Windows Update to become like malware, eg GWX KB3035583 and Telemetry KB2952664. M$ is probably issuing buggy KB updates for Win 7/8.1 on purpose, in order to push the users onto Win 10 asap.

      From 2015 until Feb 2017, M$ purposely borked Windows Update for those who had to do a clean install of Win 7/8.1(eg after a hard-drive failure), in order to push the users to upgrade to Win 10. The affected users were forced to manually install 100+ security updates one-by-one from M$ Update Catalog.

      Hence, from 2016, I have stopped updating my Win 7 laptop = have peace of mind. Of course, I also have real-time AV protection and practice safe-browsing.
      ……. My main OS is a dual-booted Linux installed on an external USB hard-drive because M$’s Windows Update can sometimes bork a dual-boot system that is on the same hard-drive.

    2. Peterc said on April 11, 2019 at 7:10 pm
      Reply

      @ULBoom: Technically, it’s DEFCON, but when you consider the current state of development at Microsoft, maybe it *should* be DEVCON… ;-)

  14. Etaoin Shrdlu said on April 10, 2019 at 11:15 pm
    Reply

    KB4493446 won’t install, despite repeated attempts (including a manual install). The other two updates for April 10, 2019 installed just fine, but not this one.

  15. EP said on April 11, 2019 at 3:54 am
    Reply

    hi Martin.

    it appears the KB4493472 update for Win7 is also causing problems on systems with Avast security software as well. Sophos is no longer the only one affected by KB4493472.

    https://kb.support.business.avast.com/GetPublicArticle?title=Windows-machines-running-Avast-for-Business-and-Cloud-Care-Freezing-on-Start-up

  16. Peterc said on April 13, 2019 at 9:40 pm
    Reply

    EXECUTIVE SUMMARY:

    I installed the April 2019 Patch Tuesday *security-only* updates for Windows 7 x64 SP1 without incident … so far, knock on wood. (I’d “turned off” Internet Explorer, I run Kaspersky Free 2019 antivirus, and I haven’t assigned static IP addresses to my network interfaces *locally*, but rather from my router.)

    LONG-WINDED ACCOUNT:

    I’m running Windows 7 x64 SP1 with Kaspersky Free 2019 antivirus. I “turned off” Internet Explorer in Programs and Features several months ago, and I don’t have any version of Microsoft Office installed. Last night I downloaded and installed this month’s security-only updates using WSUS Offline Update [WOU] with the automatic reboot and recall option. I *believe* WOU’s installer stage went through two reboot cycles (so far as I noticed out of the corner of my eye), staying stuck at a black screen for *quite some time* on the first reboot. (I’ve learned to be patient with those scary black screens, and grateful that my laptop has a hard-drive-activity light.) Upon completion, there were no errors and no warnings of any significance in the install log. I rebooted manually one more time after dismissing the log — something I have learned is useful to avoid OS glitches (at least if you select WOU’s option to automatically display the install log before your personal desktop and settings get loaded, as I do). Once that was done, I ran Belarc Advisor to confirm that no security updates were still missing and Windows Privacy Dashboard [WPD] to confirm that no unwanted diagnostics or telemetry had been reactivated. (I had already updated WPD’s firewall rules a day or two earlier, and the rules were still up to date.) Finally, and most importantly, my computer seems to be running okay. In short, all seems to be well.

    PS: Before doing any of the above, I ran a disk check on my system drive and cloned it using Macrium Reflect. I’m not foolhardy enough to rely on Windows’ built-in tools to recover from a borked system. Swapping in a cloned drive takes me around five or ten minutes and has worked flawlessly every time on every computer I’ve done it on. Top marks to Macrium Reflect, the Windows software I will miss *most* once I’ve finished moving to Linux. (To my knowledge, none of cloning solutions for Linux allow you to reliably clone a live system that you can continue to work in while the clone is running. Cloning can take a while, and it’s nice to be able to use the computer during that time if you need to.)

    1. Peterc said on April 15, 2019 at 8:16 pm
      Reply

      Ha! Less than 24 hours after I applied my Patch Tuesday updates, an updated version of WSUS Offline Update was released, sometime on 13 April! After reading the release notes, I decided to run another round of updates using the new version. It downloaded and installed updates to C++ and Windows Defender definitions, but no new security-only updates for Windows proper (or updates to Silverlight or Remote Desktop Client, either, for that matter). No reboot was required (although I soon did one for other reasons). All is seemingly still good.

      A friend of mine ran a single round of April 2019 Patch Tuesday security-only updates using the freshly released version of WSUS Offline Update, and he didn’t run into any problems, either. He also runs Windows 7 x64 Pro SP1 and has also turned of Internet Explorer, but unlike me, he runs Microsoft Office (2010) and a slightly older version of Kaspersky Free (2018).

      One of my dad’s computers runs Windows 7 x64 Enterprise SP1 and Sophos Endpoint Security and Control (a choice imposed by the institution he works for). I’m going to be turning off Internet Explorer 11 on that computer during my next visit — I set Windows Update to stop checking for updates on it quite some time ago — but I don’t yet know how and when I’m going to install this month’s Windows security-only updates. Hopefully, Sophos and Microsoft are sorting out the problems.

      IMPORTANT?: There is apparently a newly disclosed unpatched security vulnerability in Internet Explorer, one more reason to turn it off in Programs and Features. See:

      Internet Explorer security flaw allows hackers to steal files
      https://www.engadget.com/2019/04/14/internet-explorer-file-stealing-exploit/
      “You don’t even have to use IE for this to be a problem.”

      Pale Moon is my primary browser, I have the MozArchiver extension installed in it, and I’ve configured MozArchiver to make Pale Moon the default program for MHT files, so *I* ~probably~ wouldn’t be hit, but other users could be. Besides, Internet Explorer 11 isn’t a great browser and it’s had a long string of security problems, so unless you absolutely *need* it to access a specific site, it seems like a good idea to just turn the sucker off. (Well … to the extent turning it off actually works. I’m not particularly amused to see that I’m still getting fresh Internet Explorer temporary files *after* “turning it off.” Apparently, you can’t turn it off *completely*.)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.