Daily Archives: September 26, 2019
-
Patch Lady – the optional 1903 that includes the IE patch is out
Posted on September 26th, 2019 at 16:44 Comment on the AskWoody Lounge…and I’m not installing it. Which is saying a lot since I’m an Enterprise Security MVP and normally understand why Microsoft does what they do to keep us safe even though I don’t agree with it all the time.
Microsoft just released https://support.microsoft.com/en-us/help/4517211/windows-10-update-kb4517211
And released a servicing stack update https://support.microsoft.com/en-us/help/4520390/compatibility-update-for-installing-windows-10-version-1903
For those keeping track this is the “D” week release, meaning it’s optional…. HOWEVER…. this INCLUDES the out of band IE update released on 9/23 which was not released on Windows update or WSUS and is only available on the catalog site. There are two side effects that have been noted and reproduced by several on the patching community (can’t install .net 3.5, and early reports of printing issues). Support cases are still in the process of being set up so it will take a bit of time to get these documented as known issues or at least better understood if there are interactions going on with something else.
I still can’t figure out why the out of band update is NOT on Windows update or WSUS and if Microsoft is THAT worried about it being a risk for all of us, then I’d say they need to get their act together and fix WU and WSUS as deployment mechanisms.
This time I do not understand why Microsoft is not doing what they should do if they truly think we are at risk. All they have done is let the attackers get the ability to understand the vulnerability and have not done their part to keep the masses safe from this risk. Given that I do not see evidence of anything but targeted specific attacks and not rank and file mass attacks, I’m recommending that you not install anything that includes these out of band IE updates at this time.
In the meantime, I too am starting to sound more and more like … “hey… you there.. get off my lawn”
-
The inside story on Win10 rollouts – the machine learning engine that throttles
Posted on September 26th, 2019 at 16:06 Comment on the AskWoody LoungeBy Conrad_von_Soest,_’Brillenapostel’_(1403).jpg, Public Domain
If you don’t mind graphs without axis labels, you might find this post from Microsoft interesting.
Regular Microsoft updates to your Windows 10 PC help ensure that it’s kept secure from possible threats and empowered with the latest features for peak performance and productivity. Because of the wonderful diversity of hardware, devices and applications available to Windows customers, each PC’s update experience may be slightly different. To ensure that all PCs have a seamless update experience—regardless of their differences—we use a combination of testing, close partner engagement, feedback, diagnostic data, and real-life insights to manage quality.
To help with the complexity of the aspects we need to evaluate, we are increasing our investments in machine learning (ML) technologies. Machine learning helps us detect potential issues more quickly and helps us decide the best time to update each PC once a new version of Windows is available.
Compare and contrast to, say, the Win7 rollout experience. MS tests and tests and tests, then throws the gate open for anybody to manually install. If something goes kablooey (as it frequently did), the ‘Softies would scramble like crazy to fix things up. If you were smart, you waited for Service Pack 1.
Back then, MS didn’t presume to have enough “intelligence” to push new operating systems onto customers.
Times change, eh?
Or do I sound like an old man yelling at the kids to get off his lawn?
-
Reports of problems with HP printers after installing the second Sept Win10 1903 cumulative update, KB 4522016
Posted on September 26th, 2019 at 15:42 Comment on the AskWoody LoungeFrom the Patch Management mailing list:
FYI: I installed the updated Sept 2019 Cumulative Update for Win10 x64 [1903] and it broke me printing to a network HP Color LaserJet Pro MFP M180NW.
Since I also installed the Adobe Flash update, along with the .NET update for Sept 2019 at the same time, I thought it may be one of those, but through uninstalling all, and installing 1 at a time (Cumulative last) and testing printing between reboots, it was isolated to this update.
I have since uninstalled KB4522016 (the update with the IE Zero-Day patch) and installed the KB4515384 predecessor and all is well.
The problem’s been confirmed.
That’s the second problem I’ve seen with the stunted IE-only patch KB 4522016.
We’re still waiting to see if the third September cumulative update for 1903 will have the same problems.
-
Installing the Win10 1903 second Sept cumulative update, KB 4522016, prevents installation of .NET 3.5
Posted on September 26th, 2019 at 09:13 Comment on the AskWoody LoungeLooks like our Keystone Kops patches are turning into bumper cars.
You may recall that MS has released “optional non-security” third monthly cumulative updates for all versions of Win10 except 1903. Presumably, 1903 will be blessed with its third cumulative update today.
I’m seeing reports on patchmanagement.org that installing the second cumulative update — you know, the one that’ll protect you from the big, scary, exploited, emergency-patched IE security hole CVE-2019-1367 — makes it impossible to install .NET 3.5.
Uninstalling KB 4522016, installing .NET 3.5, then re-installing KB 4522016 seems to do the trick.
-
Hedge your bets: Download an official, clean copy of Win10 version 1903 (build 18362.356) and save it for a rainy day
Posted on September 26th, 2019 at 08:58 Comment on the AskWoody LoungeYou can get a copy of Win10 1903 whether you’re running Windows or not. Might prove nice to have on a rainy day.
Full step-by-step instructions in Computerworld. Woody on Windows