New
#1
Do these monthly security only updates include security patches for IE 11 ?
Thanks
September 12, 2017 - KB4038779 (Security-only update)
Improvements and fixes
This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:
- Addressed issue where applications that have LDAP referral chasing options enabled use a TCP dynamic port connection that doesn’t close until the applications close or the calling OS restarts. With sufficient time and volume, these applications may completely consume all TCP dynamic ports. If that occurs, network communications will fail for any protocol or operation that uses dynamic ports. This issue was introduced by the July and August 2017 cumulative updates starting with KB4025337 and KB4025341.
- Re-release of MS16-087- Security update for Windows print spooler components.
- Security updates to Microsoft Graphics Component, Windows kernel-mode drivers, Windows shell, Windows Hyper-V, Windows kernel, and Windows Virtualization.
For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.
Known issues in this update
Symptom
The WordPad application can sometimes crash on launch after installing KB4025341.
Workaround
Microsoft is working on a resolution and will provide an update in an upcoming release.
How to get this update
This update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the Microsoft Update Catalog website.
File information
For a list of the files that are provided in this update, download the file information for update 4038779.
Source: https://support.microsoft.com/en-us/...date-kb4038779
Direct download links for KB4038779 MSU file from Microsoft Update Catalog:
Download KB4038779 MSU for Windows 7 32-bit (x86) - 25.0 MB
Download KB4038779 MSU for Windows 7 64-bit (x64) - 41.8 MB
Do these monthly security only updates include security patches for IE 11 ?
Thanks
Not anymore, the early Security-only updates did, but MS has now separated them. Here is this months:
https://support.microsoft.com/en-gb/...ernet-explorer
At least with the IE updates they're cumulative, so you only need to install the latest one.
I thought that these (Security Only) updates were cumulative.
I've just skimmed through the last 6 months worth of updates and the sizes are totally random.
The Security-only updates aren't cumulative - you have to install each months, or you'll have gaps in your security updates. Only the Security Monthly Quality Rollups and IE Security updates are cumulative.
I haven't installed the September update on my main systems yet. I usually wait for a couple of weeks just to see if there's any serious bugs reported first. I install them on release day in my VM's, but that's all.
I got a problem with this patch (KB4038779). Before opening a support ticket with Microsoft and pay my own money to get them sort out their problem I'll be asking here.
I have a piece of software, a server, that relies on resolving connects from incoming clients from the IP address to the respective hostname. As a side note: there even exists a PTR record in the DNS server for that incoming client IP.
I boiled down the problem to the getnameinfo() function stopping to work. The following program shows the problem:
To reproduce it, you gotta first check, whether KB4038779 is installed on your Windows 7 Pro system. If it is, uninstall it and install it freshly.Code:// gethostname.c // // Testprogramm zum Testen der getnameinfo-Funktion unter Windows (7,10, Windows Server 20xx) // Author: CPK // get an IP address from the command line and resolve that IP to a hostname #define WIN32_LEAN_AND_MEAN #include <windows.h> #include <stdio.h> #include <sys/types.h> typedef unsigned int SOCKET; #include <Winsock2.h> #include <ws2tcpip.h> void usage(void); int exit(int); #define MAXHOSTNAMELEN 512 static char hostinfo[NI_MAXHOST]; static char hostname[MAXHOSTNAMELEN]; int main(int argc, char *argv[]) { int result,err; int wsreturn; static char tmpstring[1024]; WORD wVersionRequested; WSADATA wsaData; SOCKADDR_IN sa; struct hostent *hent; struct addrinfo *res=0; sa.sin_family=AF_INET; wVersionRequested = MAKEWORD( 2, 2 ); err = WSAStartup( wVersionRequested , &wsaData ); if ( err != 0 ) { /* Tell the user that we couldn't find a usable */ /* winsock.dll. */ printf("server: couldn't find a Winsock 2.2!\n"),exit(3); } if(argc !=2) usage(); inet_pton(AF_INET,argv[1], &(sa.sin_addr)); result=getnameinfo((struct sockaddr *)&sa, sizeof (sa),hostinfo,NI_MAXHOST,NULL,0,0); wsreturn=WSAGetLastError(); if(wsreturn!=0) printf("WSockError=%d\n",wsreturn); printf("CLIENT: ip=[%s] hostinfo=[%s] result=%d wsreturn=%d\n", argv[1],hostinfo,result,wsreturn); result=getaddrinfo(argv[1],0,0,&res ); wsreturn=WSAGetLastError(); if(wsreturn!=0) printf("WSockError=%d\n",wsreturn); { char host[512],port[128]; result=getnameinfo(res->ai_addr,res->ai_addrlen,host,512,0,0,0); printf("Host: %s",host); freeaddrinfo(res); } return 0; } void usage() { printf("gethostname <IP>\nz.B. gethostname 10.172.10.35\n"),exit(1); }
You will observe the following beaviour when opening a CMD-window and invoking the test program with some host IP of a host in your network. It may matter whether the host is in a different subnet or not. I have not examined this yet.
Using it, gives the following result:
After a while the behaviour changed again to that of the situation before the patch was installed. I don't know what makes it functioning again. It happened after I pinged that host once or pinged the DNS server. I also did an ipconfig /flushdns to no avail.Code:C:\>gethostname 172.27.1.252 ... a few (10) seconds of waiting here CLIENT: ip=[172.27.1.252] hostinfo=[172.27.1.252] result=0 wsreturn=0 Without the patch C:\>gethostname 172.27.1.252 ... no waiting here, immediate return CLIENT: ip=[172.27.1.252] hostinfo=[some.host.domain] result=0 wsreturn=0
--
Christoph