News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Daily Archives: October 3, 2019

  • Patch Lady – Internet Explorer out of band

    Posted on October 3rd, 2019 at 21:59 Susan Bradley Comment on the AskWoody Lounge

    Stay tuned.  We’re in the process of updating the master Patch Lists.  I’ve been testing the out of band Internet Explorer update and I’m not seeing any start menu issues.

    I’m giving the go ahead to roll it out in my office, stay tuned there’s a special edition coming to you soon.

    This time it’s really an out of  band update.  And that’s good for all of us.

  • Reported problem with Start menu after installing today’s out-of-band IE patch

    Posted on October 3rd, 2019 at 15:30 woody Comment on the AskWoody Lounge

    This from Reddit poster pyork211099:

    Broke my Start Menu immediately… It gives me critical error when i click start menu button…

    StartMenuExperienceHost.exe not running. Nor is ShellExperienceHost.exe, actually.

    All users that log in, multiple computers, Domain joined.

    Got a response back from poster apsolutiNN, who describes the same problem. He was running Win10 1903 with the August cumulative update, build 18362.295. He apparently installed KB4524147, skipping the three September cumulative updates, and today’s patch froze his Start button. Rolling back KB4524147 brought the Start button back to life.

    The original poster says:

    18362.356 working fine. [That’s the first September cumulative update. -WL]

    18362.388 breaks start menu. Uninstalling KB4524147 fixes that start menu issue.

    I rolled back the KB4517211 through WSUS.

    Looking for more confirmation.

  • Heads up! 50 new security patches just pushed to the Update Catalog

    Posted on October 3rd, 2019 at 13:10 woody Comment on the AskWoody Lounge

    Sometime in the past hour-or-so we got 50 new patches in the Catalog. They’re marked:

    IMPORTANT This is a required security update that expands the out-of-band update dated September 23, 2019. This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent printing issue some users have experienced. Customers using Windows Update or Windows Server Update Services (WSUS) will be offered this update automatically. To help secure your devices, we recommend that you install this update as soon as a possible and restart your PC to fully apply the mitigations. Like all cumulative updates, this update supersedes any preceding update.

    Note This update does not replace the upcoming October 2019 monthly update, which is scheduled to release on October 8, 2019.

    According to @EP, we’re being treated to:

    KB4524135 IE update for IE9/IE10/IE11
    KB4524147 CU for 1903 (build 18362.388)
    KB4524148 CU for 1809 (build 17763.775)
    KB4524149 CU for 1803 (build 17134.1040)
    KB4524150 CU for 1709
    KB4524151 CU for 1703
    KB4524152 CU for 1607
    KB4524156 Rollup for Win8.1
    KB4524157 Rollup for Win7

    More info as we find out what the Sam Hill is going on.

    UPDATE: The KB article also says that it fixes the .NET 3.5 installation problem introduced in both the second and third September cumulative updates for all Win10 versions:

    This security update includes quality improvements. Key changes include:

    Addresses an intermittent issue with the print spooler service that may cause print jobs to fail. Some apps may close or generate errors, such as the remote procedure call (RPC) error.

    Addresses an issue that may result in an error when you install Features On Demand (FOD), such as .Net 3.5. The error is, “The changes couldn’t be complete. Please reboot your computer and try again. Error code: 0x800f0950.”

    That tells me somebody’s listening – but it also tells me that MS is doing a very poor job of updating their Windows Release Information page. I think I’ll write about that in Monday’s Plus Newsletter.

    By the way… depending on your definition, the September 23 cumulative update was absolutely NOT an out-of-band patch. A real out-of-band patch goes out to everybody (the Sept. 23 patch was download only), gets distributed through the update servers, and it’s reasonably well documented. This patch is an out-of-band update — except we still don’t know much about the zero day.

  • Windows TenTen

    Posted on October 3rd, 2019 at 10:31 woody Comment on the AskWoody Lounge

    So… if the iPhone X is pronounced “iPhone 10,” shouldn’t Win10 X be pronounced “WinTenTen”?

    Sorry. Asking for a friend.

  • Managing Windows updates… for regular people

    Posted on October 3rd, 2019 at 08:06 woody Comment on the AskWoody Lounge

    Just got a great question from a new Plus member:

    I’ve just read a bunch of your articles providing detailed steps on how to manage the Windows Update process through what to me amounts to controlled postponements. But from your articles it sounds like with Windows 10 you’re only delaying the inevitable – that you can postpone them but can’t avoid eventually relinquishing control to a forced update at some point in the relatively near future.

    And that’s where I have a disconnect. Because there are numerous articles on the Web advising how one can ‘disable Windows 10 Updates permanently.’ I have followed the most commonly offered advice – basically to disable the Windows Update through the policy editor. I did that immediately after purchasing my first Windows 10 computer last week (running Windows Pro V1809).

    And it appears to have worked. The computer still has version 1809 on it, and I have not experienced any forced updates or even received any notifications from Microsoft about available updates. So I’m really confused at the moment about this: have I really turned off Windows Update permanently? Or am I going to wake up one morning only to discover that my copy of Windows was updated overnight, and that I was living under a false expectation?

    By the way, don’t take any of this to mean that I don’t EVER want to update my computer. I just would like to be able to turn Windows Update on only when I choose – namely after receiving a MS-DEFCON 4 or MS-DEFCON 5 alert from you!

    I bet a whole bunch of folks have the same question. There are lots and lots of opinions about controlling updates (and I’m sure more than a few alternative recommendations will appear in the comments to this post!). Many ways to thread the needle. Here’s what I’ve found works best for me and the folks I help all the time….

    First of all, you have to install patches sooner or later. There have been (rare) occasions when the patches are so bad I’ve advised folks to skip a month, but almost always you should install one month’s patches before the next Patch Tuesday rolls around. If you’re setting up a new machine, I recommend that you install all of the outstanding patches right away, even if they’re known to create problems.

    Second, I never turn off the Windows Update service (wuauserv). Disabling Windows Updates permanently is potentially fraught with all sorts of problems. Even if you’re fastidious about re-enabling the Windows Update service from time to time, there’s no telling what might slip through the cracks. I don’t know all of the ramifications of turning off wuauserv, and I doubt that anybody does.

    Third, I don’t recommend third-party utilities that block patches simply because I’d hate to recommend something that ends up messing up your system. There are several excellent Windows Update blockers out and about, and many people here use them. I’m just skittish about recommending something that could be used to blast away your PC. (Kind of like Windows Update, if you know what I mean.)

    Which leaves me with the patchwork of recommendations that I publish every month in Computerworld.

    Fortunately, Win10 version 1903 (finally!) has the tools for everyone to delay patches according to a rational schedule. There are tricks — for example, if you pause updates for 35 days, you’ll get stuck with the next month’s cumulative updates shortly after they’re released — but by and large, the settings in Win10 1903 make the labyrinthine techniques I’ve cobbled together obsolete. Assuming Microsoft sticks to their promises, anyway.

    We still don’t know exactly how the 1903 settings will be implemented — how, precisely, do you block a new version that’s disguised as a cumulative update? when a version hits end of life, how do you get kicked off? will we always see a polite offer to “download and install now”? and many more — but they’re a huge improvement over the blind Win10 patch pushing we’ve suffered for four years.

    The Win10 1903 settings aren’t as good as Win7 and 8.1’s simple choices, but I guess that’s progress.