News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – to patch or not to patch?

    Posted on March 31st, 2018 at 13:18 Susan Bradley Comment on the AskWoody Lounge

    I am cringing as I’m typing this – as I hate it when I tell people to roll back on updates.  But after reading this and especially Kevin Beaumont’s tweet about the risk of Spectre/Meltdown [low risk] versus the risk of the bug introduced by ALL of the updates released since January,  [high risk] one is kinda stuck between a rock and a hard place.

    The problem is between January and March there are a lot of OTHER updates released in addition to the Spectre and Meltdown that are bundled in the Windows 7/Server 2012 R2 updates.  For those following the Woody patching recommendations I think I’m going to go even farther out on a limb and propose that if you are holding off on the March updates, you need to roll all the way back to pre-January and hold tight.

    Me personally, I still would determine how paranoid of a user base you have.  If there are users in your patching environment that they surf and click on ANYTHING, I’d hope you’d make them do their random surfing on an ipad, not a Windows machine (probably still with local admin rights) until this Windows 7 patching mess gets straightened out.  I don’t like telling people to roll back to pre-January updates, but neither do I appreciate Microsoft having constant side effects that are measurable and impactful and all that happens is that they keep on telling us that they are working on the issues and this will be fixed in a future release.  That SMB memory leak has been happening since January.  And in the Security triad of (Confidentiality, Integrity, and Availability)  information security, availability is important.  On servers in particular that SMB memory leak has availability side effects.

    I see many of you asking for the order of updates to install and right now my recommendation is:

    If you have any January through March update installed, make sure KB4100480 is installed.

    Otherwise go into add/remove programs and roll back to December’s KB4054521 (security only) or KB4054518 (rollup) and then hang tight and keep our fingers crossed that April’s updates will resolve these issues.

    And then Microsoft please please please, do something about these known issues and fix them, because it pains me greatly to publically type this.

    (Edit, please note that this only applies to 64bit not 32bit, apologies for not noting that. Also be aware that if you see any patch with AMD64 in the name, it applies to Intel 64 as well.)


  • Sorting through the Patch Thursday and Friday offerings

    Posted on March 31st, 2018 at 07:34 woody Comment on the AskWoody Lounge

    My head is still spinning. Over the past two days (in addition to learning that Windows honcho Terry Myerson is leaving, and the Windows team is being scattered to the winds) we’ve had an enormous number of poorly documented, overlapping, and completely inscrutable patches.

    Let me see if I can bring some sanity to the mess.

    A destructive fix for Total Meltdown

    KB 4100480 kicked off the two days from patching purgatory with a Windows 7/Server 2008R2 kernel update for CVE-2018-1038, the “Total Meltdown” bug Microsoft introduced in Win7 back in January and kept re-installing ever since, most recently with the March Patch Tuesday Monthly Rollup KB 4088875 and Security-only patch KB 4088878. Susan Bradley immediately jumped into the fray with an initial warning Thursday afternoon. Microsoft’s documentation was so bad we had no idea what was being fixed, which bugs were being passed along — and whether this fix introduced even more bugs in the original Meltdown/Spectre January patch.

    Just a reminder that there are NO known exploits of Meltdown or Spectre in the wild.

    Ulf Frisk, the guy who discovered this gaping security hole (where a program can read or write data essentially everywhere on Intel PCs running 64-bit Win7/Server 2008R2), said on Wednesday that this month’s Monthly Rollup fixes the hole. The next day he said that, oops, this month’s Monthly Rollup doesn’t fix the hole and Microsoft revealed that, uh, this month’s Monthly Rollup actually introduces the hole.

    How bad is the hole? Kevin Beaumont (@GossiTheDog) says:

    An anonymous poster says:

    Ah, yeah… we’ve produced at least 11 botched up hotfixes in a row which made a gaping security hole out of a theoretical exploit, the most recent of them not even one week old yet, but 12th time’s the charm… absolutely trust us.

    Many folks were wondering how this patch stacks up with all of the (many!) other problems we’ve seen with this month’s Win7 Monthly Rollup and Security-only patches. The Folks Who Know Such Things now say that this patch does, indeed, introduce all of those problems — the SMB server memory leak that brings down servers, random re-assignment of static IP addresses, and three separately triggered bluescreens.

    A fix for patches that don’t have problems

    Also on Thursday afternoon, Microsoft dropped a handful of patches that fix other bad bugs in previous patches. Susan Bradley has a short list that includes KB 4096309 for Win10 1607/Server 2016 that “Addresses an issue that can cause operational degradation or a loss of environment because of connectivity issues in certain environment configurations after installing KB4088889 (released March 22, 2018) orKB4088787 (released March 13, 2018).” As Susan notes, both of the referenced fixes are still listed in the KB articles as “Microsoft is not currently aware of any issues with this update.”

    Bluescreen stoppers

    Then there are the patches that fix bluescreens generated by earlier botched patches:

    • KB 4099467 – Stop error 0xAB when you log off a Windows 7 SP1 or Windows Server 2008 R2 SP1 session. That’s a bug introduced in this month’s Win7/Server2008R2 patches.
    • KB 4099468 – Stop error 0xAB when you log off a Windows Server 2012 session. That bug was introduced in this month’s Server 2012 patches
    • KB 4096310 -Stop error 0xAB when you log off a Windows Server 2008 session. Ditto ditto ditto.

    Save your IP if you’re prescient

    And then there’s KB 4099950, Network Interface Card settings can be replaced, or static IP address settings can be lost, released Friday, chronicled by MrBrian. Ends up this is just a package for the (modified) VBScript that, when run prior to installing this month’s patches for Win7, avoids the static IP busting nature of the patch. I talk about the VBScript program in my Computerworld Patch Alert article.

    Abbodi86 describes it:

    So it’s the easy automated version of the VBscript. It checks if KB2550978 hotfix is installed (or any superseder). [Note: KB 2550978 is a many-year-old hotfix, last updated more than a year ago.] The hotfix actually describe the mess with NIC and March updates in very informative way

    I wonder why Microsoft didn’t roll out that important fix years ago through Windows Update

    The important note is that you have to run KB 4099950 before you install this month’s Win7/Server 2008R2 patches.

    MrBrian goes on to note that the KB article for 4099950 contains this gem:

    Important:  This update must be installed prior to installing KB408875 or KB408878

    Which is hogwash, of course. Microsoft’s missing an “8” or two.

    What else?

    So what did I miss?

  • Happy Passover

    Posted on March 30th, 2018 at 21:28 woody Comment on the AskWoody Lounge

    As we’re about to enter into the Passover season, I want to wish all of you “Happy Pesach!”

    Sorry, my Hebrew’s rusty.

  • Microsoft re-issues KB 3125574, the “Service Pack 2” Convenience rollup for Win7 and Server 2008 R2

    Posted on March 30th, 2018 at 06:26 woody Comment on the AskWoody Lounge

    It’s now available as KB 3125574.

    Look at the first known issue:

    A new Ethernet Network Interface Card (NIC) that has default settings may replace the previous NIC and cause network issues. Any custom settings on the previous NIC persist in the registry but aren’t used.

    You cain’t win, you cain’t get ahead, and you cain’t even get out of the game.

    P.S. I found this by looking at the latest KBNew list.. Microsoft has updated 1,826 KB articles so far this month.

  • Patch Lady – More updates released to fix March patches

    Posted on March 30th, 2018 at 01:25 Susan Bradley Comment on the AskWoody Lounge

    I’m seeing more updates released to fix side effects introduced into the March updates.

    First up is Server 2016/Windows 10 1607:

    Addresses an issue that can cause operational degradation or a loss of environment because of connectivity issues in certain environment configurations after installing KB4088889 (released March 22, 2018) or KB4088787 (released March 13, 2018).

    Keeping in mind that BOTH updates that are referred to above, KB4088889 and KB4088787 state that “Microsoft is not currently aware of any issues with this update.”  Well if you are not aware of any issues with those updates, how are you then releasing an update to fix issues that you clearly know about?

    Then I’m seeing releases fixing BSOD issues:

    I’m still not seeing any confirmation that the Windows 7/Server 2008 R2 release earlier today KB4100480 has also fixed the SMB memory leak and the networking issues introduced in the prior March updates.  Based on what I’ve seen stated on twitter by various folks it appears the updates released will still cause memory leaks and need the script run ahead of time in order to ensure no loss of networking/static IP upon install.

    Here’s hoping April patching is better than March.

  • Patch Lady – new update for Windows 7 KB 4100480

    Posted on March 29th, 2018 at 16:41 Susan Bradley Comment on the AskWoody Lounge

    Just sync’d up to my WSUS server is KB4100480.  Based on trying to follow the KB I can’t tell if this fixes the Spectre/Meltdown fix that introduced new vulnerabilities, fixes our known issues introduced by the prior updates or anything other than confuse me more.  What I can tell you is that while it does say in the KB link that Microsoft is not aware of any issues…. the KB links to all the prior updates that DID have known issues.  For now, stick your head under the sand until further notice until we figure out what this update is doing.

    It is being flagged as a security update as I got a security notification for it, so if you have automatic updates enabled (because you love to live on the edge), be aware that you’ll probably get it installed tonight.

    Microsoft update now shows it checked for KB4100480.

    Update:  Yes it fixes the vulnerability introduced by the prior updates as per However it’s unknown if the known issues are fixed.

  • Cloud is in, desktop is uh …. well?

    Posted on March 29th, 2018 at 11:25 Susan Bradley Comment on the AskWoody Lounge

    Susan here with a non patching post:  My Wall Street Journal tech alert just came in pointing to an email from Satya Nadella about a big shake up in the Windows organization that really showcases that Microsoft’s focus is the cloud.

    Terry Myerson (desktops/Windows 10) is transitioning out of the company and Scott Guthrie (developer focused and Azure) is moving to a role more focused on cloud and artificial intelligence called Core OS.  In the email Satya notes that Terry …”Over the past several years, Terry and the WDG team transformed Windows to create a secure, always up-to-date, modern OS.

    I just had a yin/yang discussion the other day with a good tech friend where I argued that what we have now with Windows 10 patching isn’t good enough.  From 1709 getting three updates/reboots in a single month, to updates coming out nearly any day of the week these days, to the January/February race condition of Windows 10, all of these should be a wake up call to Microsoft that Windows foundation needs work.  I opened up several support cases on behalf of impacted customers and short of a refresh or reinstall, once the operating system was nailed by the race condition which was [apparently] caused by the servicing stack update, those computers were toast.  Going forward with artificial intelligence, we have to have an operating system that can self heal.  Right now I still have several customers who are scared to install updates on Windows 10 for fear that they will have a recurrence of the Inaccessible boot device.  That’s not a good place to be in.  I fear that we’ve lost trust in patching, and the idea that we’re all up to date with our operating system, is still a dream, not reality, even on Windows 10.

    One comment is interesting in the email:  “Having a deep sense of customers’ unmet and unarticulated needs must drive our innovation.

    When we still have enterprises dragging their feet on feature releases, still have issues even with LTSB updating, there’s a lot of things unmet.

    I think a focus still needs to be made on the platform and get that right before cloud is 100% Microsoft’s focus.

    If you had Mr. Nadella’s ear for a moment, what would you say is unmet?

  • A few improvements at AskWoody

    Posted on March 29th, 2018 at 05:59 woody Comment on the AskWoody Lounge

    You may have noticed that the site’s faster today. That’s because of some very remarkable programming from our devs at Fantasktic. Highly recommended.

    Also, if you’ve been having problems getting email notifications when you “Subscribe” to certain topics, that problem’s been solved (or at least ameliorated), also thanks to Fantasktic.

    I’m still seeing some odd problems — the “welcome” email, in at least one case, points to links on the site that don’t work; caching is still not quite right — but by and large, I’m very happy.

    Have you seen any problems?