AskWoody

More WSUS Sync failures

Those of you working on update servers over the weekend have my sympathy.

There’s a lot of confusion over last Thursday’s KB 4458469 cumulative update for Win10 1803, KB 4457136 for 1709, KB 4457141 for 1703, and KB 4457127 for 1607. As best I can tell, all of those patches have been pulled — except they’re still in the Update Catalog.

To add to the mayhem, we have this report from @nazzy:

Getting intermittent sync failures again starting 9/17 for both scheduled AND manual syncs.  Can anyone else confirm?

and from an anonymous poster:

I can confirm that It was working up until 9/21/2018 then all day today (22 Sept) fails WSUS sync

Of course, a big chunk of Microsoft staff is in Orlando, getting ready for Ignite. Are we going to see any sort of resolution on this in the near term?

Great way to treat your corporate customers….

The Windows ALPC security hole CVE-2018-8440 is now readily exploitable

One of this month’s security patches has taken on a more prominent position.

CVE-2018-8440 — the ALPC privilege escalation bug — has just been added to the Metasploit trove.

No, the sky isn’t falling. Yes, you’re going to see the ALPC exploit more frequently.

Remember, CVE-2018-8440 is a privilege escalation security hole, which means it only comes into play if your machine is already running an invasive program.

This just turns up the pressure to get this month’s patches installed. Which means I’m looking hard at the MS-DEFCON 2 setting, and cursing the fickle Win10 cumulative update gods, who gave us three cumulative updates in the past 10 days. The third of which may well be malfunctioning and pulled already.

No rest for the weary.

Win7 Servicing Stack updates: Managing change and appreciating cumulative updates

You may recall the problem we had earlier this month with Error 0x8000FFFF in the Win7 Cumulative Update?

John Wilcox has just posted an item in the Windows IT Pro Blog with some (eminently readable!) details:

Some Windows 7 devices recently experienced issues installing either the August or September 2018 Monthly Rollups or Security-only updates. The intent of this blog is to share why these issues occurred, what we are doing about it, and how this relates to Windows 10 cumulative updates.
To tell this story, we need to travel back to October of 2016, when we released the Windows 7 Service Pack 1 (SP1) servicing stack update (KB 3177467). Servicing stack updates, or SSUs, are periodic updates released to specifically service or update the software stack for Windows platforms. These are fixes to the code that process and manage updates that need separate servicing periodically to improve the reliability of the update process, or address issue(s) that prevent patching some other part of the OS with the monthly latest cumulative update (LCU).

It’s an interesting tale, well worth reading.

Has Microsoft moved the cumulative update cheese?

UPDATE: There’s another possibility. Is it possible that Microsoft has pulled KB 4458469 (and possibly the other cumulative updates released yesterday) from Windows Update? It’s still available from the Catalog, but apparently has never been in WSUS. Big problems with the patch? Is MS waiting for a Friday Night News Dump opportunity?

I’m trying to figure out whether yesterdays Win10 patches are installed automatically by Windows Update. Could use some crowdsourced intelligence. (Or any intelligence, for that matter.)

Many people are complaining that they don’t see the 1803 patch even if they manually invoke Windows Update. It’s possible (as @PKCano notes) that the difference lies in whether Win10 Pro users have Semi-Annual Channel or Semi-Annual Channel (Targeted) selected. Home users don’t have the option of course.

It’s also possible that KB 4458469 is being rolled out verrrrrrrry slowly.

There’s another possibility.

The terminology in the KB article has changed. The Sept. 17 patch says:

This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Which is what you would expect. On the other hand, the Sept. 20 patch says:

Install this update

To download and install this update, go to Settings > Update & Security > Windows Update and select Check for updates.

To get the standalone package for this update, go to the Microsoft Update Catalog website.

That seems to imply that only “seekers” — people who click on Check for updates — will get the patch. But, demonstrably, not all Win10 1803 “seekers” — users who check for updates — actually get it. There’s no reference to SAC/SAC(T).

Can anyone shed some light on the availability of any of yesterday’s patches, based on:

• Whether you’re using Pro or Home. (Both Home and Pro users have confirmed that they’re getting the 1803 update — but both Home and Pro users have said they aren’t getting KB 4458469 .)
• If Pro, whether you’re set for SAC or SAC(T)
• Whether you’re a seeker — you manually click on Check for Updates, or just let the Windows Update steamroller jugger your naut.
• Any other chicken entrails you can discern.

FWIW, my 1803 machine is Pro, SAC(T) — I have it intentionally at the default update settings — and even when I seek I don’t see the update.

Observations greatly appreciated.

Patch Lady – would you fall for this?

Chantal Bosse posted this up on a forum I’m a member of and it’s the first time I’ve seen a scam site use Microsoft logos so overtly.

Chantal indicated that she was doing research on Edge and followed a forum link to find out more.  The link sent her to a bogus pop up web site.

She was able to get into the task manager and kill Edge and get her machine back without harm.  Another way to reset the browser is to follow this advice in resetting and deleting certain files.  That’s one very nice thing about Edge, it’s much easier to nuke it out, kill the instance and not get taken over.

But seeing this site use the logos and fonts of Microsoft so successfully makes me wonder how many of us would fall for this?

Massive bug fixes for Win10 1803, 1709, 1703 and 1607

A bunch of cumulative updates for Win10 just hit:

• KB 4458469 takes Win10 version 1803 to build 17134.319
• KB 4457136 turns Win10 1709 into build 16299.697
• KB 4457141 moves 1703 to build 15063.1358
• KB 4457127 transforms Win10 1607 and Server 2016 to build 14393.2517

Each of the cumulative updates includes dozens of patches for what appear to be minor bugs.

We were also graced with the Preview Monthly Rollups for Win7 and 8.1:

• KB 4457139 Win7 Preview of next month’s Monthly Rollup
• KB 4457133 Win8.1 Preview of next month’s Monthly Rollup

All of them — which is to say, all of the Win10 cumulative updates and the Win7/8.1 Monthly Rollup Previews — include this little telemetry gem:

Addresses an issue with evaluating the compatibility status of the Windows ecosystem to help ensure application and device compatibility for all updates to Windows.

Let’s see. This is “C Week” Patch Thursday, right?

There’s a reason why we’re still at MS-DEFCON 2.

Looks like the regular team got back from vacation….

Patch Alert: September patches look good — but why the out-of-band stuff?

Hard to believe after the July mayhem, but this month it looks like the patches are quite benign. A bit mixed up, perhaps, but there are no loud screams of pain.

Computerworld Woody on Windows.

Keizer: Win10’s new 30-month Enterprise support policy is a slap to SMBs

Yet another excellent article from Gregg Keizer (see the entry below). He make an excellent point — that the new 30-month lifetimes for “09” or “H2” versions of Win10 don’t mean squat to those of us who run Win10 Pro.

He quotes Susan, our Patch Lady, extensively.

Keep in mind that this only applies to those who have purchased Enterprise and Educational versions. I’m a SMB (small- or medium-sized business). We buy Windows 10 from Dell and HP… This change doesn’t do anything to our support cadence

Precisely.

Win10 Home users have always been second class citizens. Increasingly, Pro users are feeling the shade, too.