none
KB4230450 (IE Cumulative Update) Not Being Detected as Needed Through WSUS

    Frage

  • Is anybody else seeing KB4230450 (Cumulative security update for Internet Explorer for Windows 7 x86/x64 and Windows Server 2008 R2), released Tuesday, not being detected as needed through WSUS? This KB also applies to Windows 8.1 and Server 2012, but we don’t have either, therefore I don’t know if this problem applies to them as well.

         WSUS: Windows 2012 R2 (fully patched with all updates except for ones released Tuesday)
         Windows 7: Professional, x64/x86 OEM (fully patched with all updates before or after Patch Tuesday are affected)

    This detection problem resembles the problem Microsoft had in May for Windows 10 Professional clients using WSUS, which didn’t affect Enterprise editions of Windows 10.

    I've read elsewhere where other sysadmins are needing to manually install this KB on Servers and clients. That isn't a solution or workaround for the size of our environment.

    Any ideas? Is this a Microsoft problem and we just need to wait for them to acknowledge and resolve?

    Thanks,
    Scott


    Mittwoch, 13. Juni 2018 20:37

Antworten

  • The flaw in detection routine of KB4230450 was fixed by Microsoft last night (see date 2018-06-14 in catalog: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4230450). So client systems of WSUS detects this update now as "needed".

    As "Security Only" updates are not distributed with Microsoft Update directly, bypassing WSUS, and the June Security Monthly Quality Rollup includes KB4230450 fully, this update is not offered for installation by Microsoft Update.

    <If you like this answer, please feel free to vote as helpful, thank you.>


    • Bearbeitet YellowShark Freitag, 15. Juni 2018 09:28
    • Als Antwort markiert Scott Kraft Freitag, 15. Juni 2018 16:32
    Freitag, 15. Juni 2018 09:27
  • Yes, I saw with a sync late yesterday these packages were updated. Also as clients reported in with WSUS overnight, I can confirm that the revision by Microsoft fixed this detection problem.

    • Als Antwort markiert Scott Kraft Freitag, 15. Juni 2018 16:32
    Freitag, 15. Juni 2018 16:32

Alle Antworten

  • Hi Scott,
     
    Has the KB4230450 been detected through WSUS or not? If the KB4230450 has been detected and just not show as needed. The cause may be as the follows: 
     
    This security update KB4230450 for Internet Explorer is not applicable for installation on a computer on which the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from June 2018 (or a later month) is already installed. This is because those updates contain all the fixes that are in this Security Update KB4230450 for Internet Explorer.
     
    The following link is the detailed information of KB4230450 not needed:
     
     
    So as you have mentioned your WSUS and Windows 7 have been fully patched with all updates except for ones released Tuesday. If the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from June 2018 have alreay been installed on your WSUS and Windows 7, KB4230450 is then not needed.
     
    Hope this can help you and feel free to contact me if there is any question.
     
    Best regards,
    Li Jianjie



    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com




    Donnerstag, 14. Juni 2018 05:06
  • Facing same issue.

    But we are not deploying the Rollup patches at all.

    Still this patch is mentioned as not applicable.

    Only 2018-06 Security Only Quality Update for Windows 7 for x64-based Systems (KB4284867)  got installed from June month update



    Midhun.PS

    Donnerstag, 14. Juni 2018 16:35
  • More details and I believe Microsoft made a major mistake with the detection rules with June 2018 Internet Explorer updates for Windows 7 and Server 2008 R2 and 2012 R2 (I don’t have other pre-Windows 10 systems, therefore I expect the same, but cannot confirm). I’ll start with my observations and then follow with my conclusions (Microsoft has made major unannounced changes).

    My clients (Windows 7, 2008 R2, & 2012 R2) reporting in with our WSUS (2012 R2) are installing the following this month:

    • 2018-06 Security Monthly Quality Rollup for Windows 7/2008 R2/2012 R2 (KB4284826)
    • 2018-06 Security Only Quality Rollup for Windows 7/2008 R2/2012 R2 (KB4284867)


    Also, security updates for Office were installed, but unrelated to this issue.

    The description for KB4284826 and KB4284867 state that it contains security updates for Internet Explorer, but not which ones.

    Looking through Windows Update history on my clients through May 2018 I am seeing the Security Only Quality Rollup and Security Monthly Quality Rollup along with Cumulative Security Update for Internet Explorer 11 being installed each month. However starting this month, June 2018, no system (regardless of patch level) is seeing KB4230450 (Cumulative security update for Internet Explorer for Windows 7/2008 R2/2012 R2) as needed through WSUS.

    On systems with KB4284826 and KB4284867 installed, going to Internet Explorer and looking at About Internet Explorer shows that KB4230450 as being installed. Therefore installing KB4284826 and KB4284867 appears to install KB4230450 (June 2018 IE Cumulative Update), which is different than any previous month.

    I never approve or install the Preview of any of Microsoft’s patches. On systems (7, 2018 R2, & 2012 R2), which only have May 2018 Security Monthly Quality Rollup and <g class="gr_ gr_305 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Punctuation only-ins replaceWithoutSep" data-gr-id="305" id="305">Security</g> Only Quality Rollup are not detecting KB4230450 (IE Cumulative Update) as needed. This is a problem, which Microsoft needs to correct by updating the detection rules for these updates.

    With above observations I have the following conclusions for Windows 7 and Server 2008 R2 and 2012 R2 systems:

    1) Microsoft made a change with June 2018 Security Monthly Quality Rollup and/or Security Only Quality Rollup updates to include Cumulative Security Update for Internet Explorer 11. Previous months either did not include the Cumulative Security Update for Internet Explorer 11 or the detection rules for Cumulative Security Update for Internet Explorer 11 were wrong and got installed as well. Either way, this is a major change and Microsoft should be upfront regarding these type of changes.

    2) The detection rules for KB4230450 (June 2018 Cumulative security update for Internet Explorer) has a problem through WSUS (I don’t know if the same problem occurs through Microsoft Update directly, bypassing WSUS) in which it is not being detected as needed for any system, including ones in which don’t have June 2018 updates or June’s preview updates. This is a problem, which Microsoft must fix.

    We have some isolated lab equipment systems, which can only receive non-OS updates because otherwise, OS updates break the software that runs this lab equipment. We do install all Internet Explorer and Office updates on these systems, therefore we need Microsoft to correct the detection rules for KB4230450 (IE Cumulative Update).

    I would like someone at Microsoft to acknowledge and address these two problems.

    Donnerstag, 14. Juni 2018 18:02
  • The flaw in detection routine of KB4230450 was fixed by Microsoft last night (see date 2018-06-14 in catalog: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4230450). So client systems of WSUS detects this update now as "needed".

    As "Security Only" updates are not distributed with Microsoft Update directly, bypassing WSUS, and the June Security Monthly Quality Rollup includes KB4230450 fully, this update is not offered for installation by Microsoft Update.

    <If you like this answer, please feel free to vote as helpful, thank you.>


    • Bearbeitet YellowShark Freitag, 15. Juni 2018 09:28
    • Als Antwort markiert Scott Kraft Freitag, 15. Juni 2018 16:32
    Freitag, 15. Juni 2018 09:27
  • Yes, I saw with a sync late yesterday these packages were updated. Also as clients reported in with WSUS overnight, I can confirm that the revision by Microsoft fixed this detection problem.

    • Als Antwort markiert Scott Kraft Freitag, 15. Juni 2018 16:32
    Freitag, 15. Juni 2018 16:32