September Patch Tuesday Frequently Asked Questions
It’s that beautiful time of the month again where Microsoft and other third party vendors release their patches, you watch our fantastic Patch Tuesday webinar series to solve all of your burning questions, and then you go on to patch your systems like a champ.
In case you missed our Patch Tuesday webinar, you have three easy steps to follow to solve all of your patching problems:
- You can watch the webinar on-demand here.
- Review this blog post to go over frequently asked questions about the September releases.
- Sign up for the webinar next month.
Q: Is the Zero Day patched in the MS critical updates for September?
- A: Yes, the Windows ALPC zero-day (CVE-2018-8440) is patched in the September updates.
Q: I’m having issues with KB445714 (Windows 7/2008R2 September Monthly Rollup).
- A: Microsoft has updated their page with this issue. It appears that in some situations, the servicing stack update (KB3177467) is required for successful install. On our fully unpatched machines without that respective update had successful deployments, so the exact configuration necessary is not clear.
Q: Microsoft announced that for Windows 1803 Update KB4457128 it is necessary to install KB4456655 before. Is that included in Patch Management?
- A: In our testing, we noticed that the servicing stack update was not necessary to guarantee a successful install, where the 1607 updates are dependent the May servicing stack update. Both patches, however, are included in our data to include in your patch groups.
Q: Server 2016 end of support lifecycle – is it similar to Windows 10?
- A: Server 2016 is in the long-term servicing lifecycle, which is currently set end support 01/11/2022. The semi-annual channel, however ends support alongside each respective Windows 10 branch. Please see the Windows Server release information page for confirmation.
Q: Where can I find the weekly patch blog posts?
- A: The Patch Tuesday category page on the Ivanti Blog
Q: What sources do you recommend for keeping up to date with public disclosures?
- A: Microsoft does a good job of identifying public disclosures on their CVE pages. Also keep an eye out for one-off articles, even though it’s difficult. We try to summarize everything on our weekly digests.
Q: How many updates have there been to Spectre/Meltdown and they all patched differently? Will the monthly rollup include all of the needed patches?
- A: Any monthly rollup since January should include all the updates needed for the vulnerabilities associated with Spectre/Meltdown however it will require additional registry configuration to turn enable complete remediation for Windows Server machines. See Microsoft’s security guidance around this.