Patch Lady – KB4088875 side effects to watch out for @ AskWoody

Patch Lady – KB4088875 side effects to watch out for

Posted on March 28, 2018 at 21:15 CDT by Susan Bradley • Comment in the Forums

Following up on the March Windows 7/Server 2008 R2 patch situation of KB 4088875 …. uh ..mess, I saw another side effect of the known issues.

First off a bit of background, as Woody pointed out we are in a darned if we do/darned if we don’t mode right now in Windows 7/Server 2008 R2 updating. On Windows 7 and Server 2008 R2 Microsoft is still “throttling” this update when offered up from Microsoft update – that is it’s still offered up but unchecked and thus it won’t automatically install, however it has not been pulled of the Catalog site, nor expired from WSUS (Windows Server Update Service) which is my benchmark for being “pulled”. Therefore it’s not been officially pulled by Microsoft but it sure is in this limbo state.

There is a new script that is recommended to be run on machines with static IPs before installing – and yes you can run the script ahead of time.

Based on what I’ve seen the issues and side effects are more critical on Server 2008 R2:

Reputable reports from several consultants that are monitoring and patching Small Business Server 2011 machines that the “memory leak” side effect will cause remote web access to time out and fail to work.

After you install this update, SMB servers may leak memory.

Microsoft is working on a resolution and will provide an update in an upcoming release.

For now the consultants are removing this update and holding off to see what Microsoft does to fix this hopefully in April.

A couple of other reports of blue screens of death that were resolved after uninstalling the update.

Also for those in the B patching category, be aware of a new side effect showing up today so if you have installed the March updates, you may want to install the March 23 IE update. If you have not installed these March updates, hang loose until April’s updates.

After you install this update, security settings in some organizations that are running Windows 7 SP1 or Windows Server 2008 R2 may prevent Internet Explorer 11 from starting because of an invalid SHA1 certificate.

Whitelist the SHA1 certificate to allow Internet Explorer 11 to start.

– OR –

Install Cumulative update for Internet Explorer: March 23, 2018.

To all of this, I’m just wincing and hoping that we can get back to a bit more normal in April (I’m an optimist). While patching an older operating system does get a bit more bumpy as we get to it’s end of life, 41% is still a lot of boxes that are sitting out there possibly unpatched.

Windows Patches/Security KB 4088875, Patch Lady Posts

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

S	M	T	W	T	F	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31