Patch Lady: Many updates this month… including one for XP

Urp! Yes, XP.

Here’s how to see if your Win7 or XP computer (or related Servers) is highly susceptible to the “wormable” Remote Desktop bug.

Loads of new information about this month’s ground-breaking (and system-breaking) patches.

All of the patching news from Susan Bradley, the inimitable Patch Lady, in this morning’s AskWoody Plus Newsletter 16.18.0.

“Side channel” vulnerabilities and Windows

I’ve avoided talking much about Spectre, Meltdown and the like because there’s an endless succession of patches to Windows and the hardware – and registry changes to go with them – and we still haven’t seen a real-world exploit.

If you’re running a high profile server, though, you should keep up on this stuff.

Karl Wester-Ebbinghaus (@alqmar) has come up with an exhaustive list of patches, patches to patches, BIOS updates and registry settings, all related to the “side channel” vulnerabilities. Click on the comment link at the top to see the results of his extensive investigation.

Patch Watch: A Japanese era begins – in Windows, over and over again

Patch Lady Susan Bradley steps you through all of the April patches — and gives you a look at all of the problems coping with the change in the Japanese calendar to the new “Reiwa” era.

Succinct patch-by-patch advice for the April (and even early May!) patching mess.

Out this morning to Plus members in AskWoody Plus Newsletter 16.16.0.

Patch Watch: April patches plays a late joke on Win7 and 8.1

Talk about April Fools….

Patch Lady Susan Bradley takes you through the current sorry state of affairs with the April patches — catastrophic differences of opinion between Windows updates and several big-name antivirus packages. Win10 version 1809 is waiting in the wings. There are lots of creepy-crawlies out there.

Details in this week’s AskWoody Plus Newsletter 16.14.0, out this morning to AskWoody Plus Members.

Avira confirms that this month’s Win7 and Win10 version 1809 patches slow down PCs running their AV products

Details on this are a bit sketchy, but Avira just posted an explanation saying:

Why does my system run very slow?
We could reproduce the described behavior.
This is occurring because of a current Windows Update.

… and goes on to specify the Win10 version 1809 cumulative update KB 4493509, and the Win7 updates KB 4493472 (April Monthly Rollup) and KB 4493448 (Security-only) can lead to the slowdowns.

As was the case with the first mea culpa from Sophos, I have to wonder if that’s the full list of bad patches.

I also wonder why Avira’s reporting a slowdown, whereas Sophos and Avast report freezes on startup.

There are no other details I can find. Microsoft certainly hasn’t acknowledged anything other than a slight misunderstanding with Sophos. C’mon, Softies. You say you’re going to give us better accountability for patches and improved guidance when things turn for the worse. We could use a big dose of that right now.

The next time somebody tells you that you have to install Microsoft patches as soon as they’re available… oh, nevermind. I guess it’s good that some folks volunteer to test this stuff.

Good synopsis from Lawrence Abrams on BleepingComputer.

Widespread reports of freezing with this month’s Win7 Monthly Rollup, KB 4493472, and Win8.1 Monthly rollup KB 4493446

Spiceworks has a nearly-feature-length litany of problems with KB 4493472.

DON’T let Windows Automatic Update get to your Windows 7 or 8.1 (or Server 2008 R2 or Server 2012 R2) machines. But you knew that already.

Thx @BoltsfanKevin (that’s Kevin Hughes)

UPDATE: Server 2008 R2 machines are falling left and right. From the Sophos Endpoint Security blog:

SAV service was logging lots of error messages in event log. Event IDs : 7022 (service hang), 80, 81, 83, 85, 82, 566, 608, 592.

The server became unresponsive, no rdp, no file share access, Ctrl Alt Delete not working.

Only solution is to uninstall the patch. Which may be difficult.

ANOTHER UPDATE: Sophos has posted an official acknowledgment, putting the blame on both the Win7 Monthly Rollup and the Win 8.1 Monthly Rollup, KB 4493467:

If you have not yet performed the update we recommend not doing so.

If you have performed the update but not yet rebooted we recommend removing the update prior to rebooting.

If you have performed the update and have rebooted, triggering the issue:

Boot into safe mode
Disable the Sophos Anti-Virus service
Boot into normal mode
Uninstall the Windows KB
Enable the Sophos Anti-Virus service

It’s still much, much too early to tell if the same change in Win7 and 8.1 will also clobber other software. Just sit tight and wait for the MS-DEFCON level to change.

More details (including a question about precisely which patches are breaking Sophos) in Computerworld Woody on Windows.

UPDATE: We’ve had several reports that Avast customers are experiencing the same symptoms. Avast has a mea culpa:

Windows machines (particularly those running Windows 7) are becoming locked or frozen on startup after Microsoft updates KB4493472, KB4493448, and KB4493435.

April Patch Tuesday Windows and Office patches are out

Martin Brinkmann has posted his synopsis on ghacks.net:

• Microsoft released security updates for all client and server versions of Windows.
• Other Microsoft software with security updates: Microsoft Edge, Internet Explorer, Microsoft Exchange Server, Team Foundation Server, Azure DevOps Server, Windows Admin Center, Microsoft Office
• Microsoft fixed many long standing known issues.

Dustin Childs’s usual pack-leading analysis on the Zero Day Initiative blog paints a tolerable picture: 74 separately identified security holes. Two actively exploited, both of which seem to be used by nation-state attackers.

Worthy of note: Win10 1903 — which hasn’t been released yet to the hoi polloi — has its own security cumulative update.

As expected, Win10 1607 and 1703 are getting their last patches.

The sole new Security Advisory, ADV190011, talks about the April 2019 Adobe Flash Security Update.

Looks like a dull one. Leave your blocks in place, there’s nothing much to see here.

We’re staying at MS-DEFCON 2.

Patch Lady: Preparing for Microsoft’s patch-security changes

Are you running Windows 7 or Server 2008? There are some important updates coming down the pike, and you need to install them if you want to keep getting security patches.

Patch Lady Susan Bradley takes you through the why’s and wherefore’s of the massive change from SHA-1 to SHA-2, and why it’s important for all Win7 and Server 2008 machines (and WSUS 3.0 update servers).

Details in this week’s AskWoody Plus Newsletter 16.13.0, out this morning to AskWoody Plus Members.