![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
A panoply of problems with this week’s 210 critical Windows and Office patches
Home › Forums › AskWoody blog › A panoply of problems with this week’s 210 critical Windows and Office patches
Tagged: April 2017 Black Tuesday
- This topic has 33 replies, 12 voices, and was last updated 3 years, 9 months ago.
Viewing 13 reply threads-
AuthorPosts
-
-
April 13, 2017 at 11:23 am #108281
woody
Manager -
April 13, 2017 at 11:33 am #108285
anonymous
GuestI maintain a client-server database app written in VB6 that uses ADO and COM+/DCOM. After installing the “April, 2017 Security Monthly Quality Rollup,” the VB6 app crashes in msado15.dll and ntdll.dll when trying to write to to the database. Uninstalling the update restores full write functionality. This is verified on Windows 7 x86 and Windows 8.1 x64. The issue is also present in Windows 10 x64 but I’m not testing that further. Details:
http://www.mcbsys.com/blog/2017/04/april-2017-monthly-rollup-breaks-vb6-app/
1 user thanked author for this post.
-
April 13, 2017 at 11:40 am #108295
TheSuffering
AskWoody Lounger-
April 13, 2017 at 12:12 pm #108304
-
April 13, 2017 at 12:25 pm #108309
TheSuffering
AskWoody Lounger
-
-
-
April 13, 2017 at 2:19 pm #108334
The Surfing Pensioner
AskWoody PlusHi, I am Running Windows 7 Home Premium with Microsoft Office 2010 installed. As I am in Group B, I have avoided installing any updates so far this month. But I understand from Woody’s article that it would be prudent for me to instal KB3141538 and so I have downloaded this update. Can someone please give me reassurance that it is safe for me to instal without unwanted consequences? With many thanks.
-
April 13, 2017 at 2:33 pm #108340
Bill C.
AskWoody PlusI installed the MS Word patch KB3141538 from Windows Update. I installed ONLY THAT PATCH. I have WU set to never check so it is a manual check. I am Group B.
So far on my Windows 7-64 Pro SP1 machine there have been no adverse effects. However, as always and depending on your system configuration your mileage may vary (YMMV).
It is also unfortunate that my Malwarebytes v.2 is approaching EOL. The newer version 3 is still problematic from the many posts on the Malwarebytes forum.
-
April 13, 2017 at 2:49 pm #108347
The Surfing Pensioner
AskWoody Plus -
April 13, 2017 at 4:05 pm #108367
-
April 14, 2017 at 2:18 am #108478
anonymous
GuestI thought I had read somewhere in the A.W.-forums that you had to install both the Office-patch and a Windows-patch. Someone had looked into it and found that for Vista and one of the server-versiosn, that do not get roll-ups, indeed there was a seperate Windows-update as well, from which he concluded that …. let me look it up. I’m confusing myself. https://www.askwoody.com/forums/topic/booby-trapped-word-documents-in-the-wild-exploit-critical-microsoft-0day/#post-107678, that is the one.
Annemarie
-
April 14, 2017 at 7:37 am #108507
MrBrian
AskWoody_MVPThat appears to be correct. See https://www.askwoody.com/forums/topic/a-panoply-of-problems-with-this-weeks-210-critical-windows-and-office-patches/#post-108385.
-
-
-
-
April 13, 2017 at 3:14 pm #108349
TheSuffering
AskWoody Lounger -
April 13, 2017 at 4:34 pm #108377
anonymous
GuestJust to add to the information: Office 2010 installed on remote terminal server. I applied Office patches and Office broke. Uninstalled 3118388 (because I thought Outlook patch was the problem) and 3141538 to get it running again. Full disclosure the terminal server is 2003 and it’s replacement is being prepared for deployment.
-
April 13, 2017 at 5:15 pm #108385
MrBrian
AskWoody_MVPThere is a very important detail about the vulnerability CVE-2017-0199 | Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API that I missed at first, but later noticed:
“The update addresses the vulnerability by correcting the way that Microsoft Office and WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft Office and WordPad will leverage to resolve the identified issue.”
It seems that both the Windows and Office update are needed to make Office invulnerable to this vulnerability. If you install just the Office update, you apparently are still vulnerable!
4 users thanked author for this post.
-
April 13, 2017 at 9:54 pm #108449
lizzytish
AskWoody LoungerYes…….. as everyone is saying…….. WHAT A MESS – ye-gads!! I have the mentioned security fix for Office 2007 sitting in my Important updates (Win7 Pro 64bit – Group B)……….. was reading Woody’s article on InfoWorld and was about to install the patch for the ZeroDay effecting Office, but now I see that possibly it’s only half a fix. Also mentioned that there were another 2 bugs relating to ZeroDay….. would those be the ones relevant to the Win Security Patch………. or would it just be the Office one, that you are referring to Mr. Brian ? Guess the Game Plan would be to NOT open any Office/word files in an email until all this is sorted. I’m trying to sit tight and think of pleasant things!!!! LT
“To waste one second of one’s life is a betrayal of one’s self! I wonder what’s on television?”
Tony Hancock-
April 13, 2017 at 10:03 pm #108452
MrBrian
AskWoody_MVPI was referring to just this vulnerability.
1 user thanked author for this post.
-
-
April 14, 2017 at 3:14 am #108481
MrBrian
AskWoody_MVPI have confirmed by testing on Windows 7 that with just the relevant Office 2007 update installed, Office 2007 remains vulnerable. With both the relevant Office 2007 update and the April 2017 Windows update installed, Office 2007 is not vulnerable. I would expect the same is true for other Office versions and other Windows operating systems.
-
April 14, 2017 at 8:55 am #108519
MrBrian
AskWoody_MVPWhat I tested was, for a Word 2007 document, whether double-clicking an embedded object linking to a “.hta” file hosted online causes the code in the “.hta” file to run (in process mshta.exe) or not.
There are additional steps to get the “.hta” code to run automatically when opening an Office document, but I could not get those additional steps to work, so I did not test that aspect.
There’s a webpage that shows how to do these things, but I probably shouldn’t give the link because it could be used for evil.
Technical reference: Vulnerability Note VU#921560 – Microsoft OLE URL Moniker improperly handles remotely-linked HTA data.
1 user thanked author for this post.
-
-
-
April 13, 2017 at 9:04 pm #108444
Noel Carboni
AskWoody_MVPNot to make light of the many reported problems, but I just finished updating another Windows 8.1 x64 test system, this one with Office 2010 on it. I started the Windows Update service and did a full “Group A” update on it (with the exception of the optional telemetry update which I hid – again), and I’m not able to find problem number one so far with the updated system. I even did performance benchmarking and found the speed of every major subsystem about the same as before.
Of course the number of tests I’ve subjected it to over the past couple of hours is necessarily limited, but it seems like there’s hope that the patches aren’t all bad!
I’m typing this on a tweaked and fully up-to-date Win 10 version 1703 build 15063.138 Creator’s test system, and it’s been running pretty well too, other than failures I saw yesterday with Adobe’s Creative Cloud.
-Noel
-
April 13, 2017 at 11:37 pm #108440
anonymous
GuestSo far installed the IE and .NET (the full one, via Windows Update) patches, things seem fine. Waiting on the April security-only bundle, but getting awfully anxious about it. Bar that tiny January update that I didn’t see as exactly relevant to my computer and therefore waited (and installed it only alongside the March bundle), it’s definitely the only time in the past several years when I waited over 48 hours to install security updates, and may well be the only time in 15 years.
Scared of either possibility now, both installing that and waiting longer. Gah.-
April 15, 2017 at 5:30 am #108706
anonymous
GuestReporting in, DEFCON 1 is right. Double reboot, but that seemed all right, what definitely is not all right after applying the April security-only patch (4015546) is that once again fan speeds no longer change according to temperature. Win 7 32-bit, AsRock Fatal1ty B85 Killer as motherboard.
Happened once before, after installing the September patches, and uninstalling didn’t fix it, and was noticing other issues too then, so ended up taking computer to the shop I got it from, thinking some hardware issue that may have just coincidentally triggered then. They said they fixed it by updating BIOS. But now there’s no newer update available.Wonder what’s common between April and September to mess with BIOS…
-
-
April 14, 2017 at 6:12 am #108484
_Reassigned Account
AskWoody LoungerI’ve resorted to running Office online only until this is fixed. Cautioned everyone to be careful what you open. Just the shear amount of patches themselves is scary. As with any thing the focus on the weakest link is always the target. Office to me is a mess, and has been for some time. Its the Windows 95, 98 of Office document creation.
-
April 14, 2017 at 12:26 pm #108588
arfurdent
AskWoody Plus-
April 14, 2017 at 2:31 pm #108616
The Surfing Pensioner
AskWoody Plus -
April 14, 2017 at 2:40 pm #108615
anonymous
GuestThat’s because kb3141538 is for Office 2010. I believe you need kb3178710.
Having said that, I am today feeling slightly uneasy. I’ve had no problems since installing kb3141538 yesterday, but have just checked and it is nowhere listed in my update history or indeed as an installed update – so I could not uninstal it if I wanted to. But I note that the installation date of ALL my historical Office patches has changed to 13/4/17 – which is more than slightly weird, given that kb3141538 was the only patch I installed yesterday and moreover installed manually. Has anyone got an explanation for all this?
-
-
April 16, 2017 at 10:40 am #108963
b
AskWoody PlusThere’s one exception, though. The Word zero-day vulnerability that I talked about over the weekend is being actively used to infect machines. Lots and lots of machines, according to Dan Goodin at Ars Technica. If you’re concerned about that zero-day — and you should be, if you open documents attached to email messages — you should apply one or all of these patches, depending on which version of Office you use:
How do you reconcile that with MS-DEFCON 1: Don’t apply ANY Windows or Office patches posted within a couple of hours?
Which should be believed, MS-DEFCON 1 or InfoWorld?
1 user thanked author for this post.
-
April 16, 2017 at 1:15 pm #108983
woody
ManagerAs stated, if you’re concerned about opening Word documents attached to email messages, it would be wise (but possibly not sufficient) to install the listed Word Security updates.
Worthwhile alternatives here: https://www.howtogeek.com/302740/how-to-open-office-files-without-being-hacked/
-
April 16, 2017 at 1:52 pm #108988
MrBrian
AskWoody_MVPUnfortunately that’s indeed probably not sufficient. See https://www.askwoody.com/forums/topic/a-panoply-of-problems-with-this-weeks-210-critical-windows-and-office-patches/#post-108385.
1 user thanked author for this post.
-
April 16, 2017 at 3:38 pm #108996
-
-
-
-
April 19, 2017 at 7:50 am #109524
anonymous
GuestI discovered yesterday that Active Directory Replication is failing since 4/16/17 (when I installed the latest round of updates). What turned me on to it is I am getting an “access denied” error when trying to open Group Policy from another subnet to my primary domain controller. Using my laptop, if I am on the same subnet it opens just fine, however when I move my laptop to a different subnet, that is when it fails.
-
April 19, 2017 at 7:53 am #109526
PKCano
Manager-
April 19, 2017 at 8:20 am #109532
anonymous
GuestI am narrowing it down to my main site I believe. When I run “repadmin /replsum” on one of my remote sites domain controllers, it shows that all of the remote sites replicate fine, with the exception of the “main site”. My laptop is Win 10, but that doesn’t seem to matter.
The main site has 2 – 2012 DC’s and 1 2008r2 DC. The remote sites are a mix of the two, and like I said seem to be replicating fine. So, I am narrowing it down to either a DNS issue (everything looks fine here) and potentially a site trust problem.
-
April 19, 2017 at 8:20 am #109534
-
-
-
April 24, 2017 at 6:16 pm #110617
MrBrian
AskWoody_MVPA known issue was recently added to April 11, 2017—KB4015547 (Security-only update) (for Windows 8.1 and Windows Server 2012 R2):
“[Symptom] After installing this update on Windows Server 2012 R2 DC, you may notice Kerberos Key Distribution Center (KDC) service fails to start and error events are logged in the System Event log with Event ID: 7023 – The parameter is incorrect.
[Workaround / Resolution] Install the April 2017 Monthly Rollup Update KB4015550 or Install the March 2017 Security-only update KB4012213.”
1 user thanked author for this post.
-
-
AuthorPosts
Viewing 13 reply threads -
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
Nathan Parker on iOS/iPadOS and WatchOS Updates
1 hour, 37 minutes agoanonymous on Websites that still require Flash after EOL
1 hour, 58 minutes agoKirsty on iOS/iPadOS and WatchOS Updates
2 hours, 7 minutes agoNathan Parker on iOS/iPadOS and WatchOS Updates
2 hours, 25 minutes agoCADesertRat on Susan recommending version 2004
2 hours, 54 minutes agoBob99 on Susan recommending version 2004
3 hours, 9 minutes agoBob99 on Mozilla Thunderbird Update
3 hours, 18 minutes agoRoger on Which version of MS Office should we buy and where can we get it?
3 hours, 26 minutes agoBigBadSteve on Which version of MS Office should we buy and where can we get it?
3 hours, 43 minutes agoPaul T on Very slow and erratic data transfer to and from NAS used for backup
6 hours, 41 minutes agoanonymous on passwords disappearing in Outlook and Chrome in Win10
6 hours, 50 minutes agoanonymous on Click on Start button and Search Window opens
6 hours, 53 minutes agoKirsty on Firefox 85 released
6 hours, 58 minutes agoNASAndSlow on Very slow and erratic data transfer to and from NAS used for backup
7 hours, Just nowb on Zero day Windows 10 bug
7 hours, 10 minutes agob on Susan recommending version 2004
7 hours, 36 minutes agoareader on Fiber optic not available; options please
8 hours, 10 minutes agoKen on Susan recommending version 2004
8 hours, 57 minutes agoWCHS on Comments on AKB 2000016: Guide for Windows Update Settings for Windows 10
9 hours, 6 minutes agoAlex5723 on Zero day Windows 10 bug
9 hours, 8 minutes agob on Outlook 365 – Title bar – Folder Name
9 hours, 28 minutes agoAlex5723 on iOS/iPadOS and WatchOS Updates
9 hours, 49 minutes agodeuxbits on Windows Defender False Positives?
10 hours, 1 minute agob on Windows 10 2004/20H2 Not Being Offered Due to Conexant HD Audio Issue
10 hours, 2 minutes agob on Can’t install program on 2004 build
10 hours, 9 minutes agoRick Corbett on Can’t install program on 2004 build
10 hours, 10 minutes agoKen on Windows 10 2004/20H2 Not Being Offered Due to Conexant HD Audio Issue
10 hours, 10 minutes agoPFC on Firefox 85 released
10 hours, 14 minutes agoAlex5723 on iOS/iPadOS and WatchOS Updates
10 hours, 40 minutes agoTex265 on Comments on AKB 2000016: Guide for Windows Update Settings for Windows 10
10 hours, 41 minutes ago
Recent Topics
-
You should update your iDevice now
4 hours, 3 minutes ago
-
How to find the most recent transaction date of a unique item
8 hours, 37 minutes ago
-
Mozilla Thunderbird Update
3 hours, 19 minutes ago
-
Can’t install program on 2004 build
10 hours, 10 minutes ago
-
Outlook on Vista
13 hours, 16 minutes ago
-
Latest increase in no. of Win 10 services
13 hours, 44 minutes ago
-
Outlook 365 – Title bar – Folder Name
9 hours, 29 minutes ago
-
Office 365 Outlook getting rejected by some servers
20 hours, 48 minutes ago
-
Firefox 85 released
6 hours, 59 minutes ago
-
Video & Sound Cards ?
1 day, 6 hours ago
-
newsd process on Big Sur downloading MASSIVE amounts of traffic
1 day, 13 hours ago
-
No bootable device (sometimes!)
1 day, 13 hours ago
-
email providers
1 day, 14 hours ago
-
Legacy Teams Client Download
1 day, 14 hours ago
-
Accidentally hit “Pause Updates” , now what?
1 day, 11 hours ago
-
My neighbours’ media devices
1 day ago
-
Links not working in some e-mails
20 hours, 12 minutes ago
-
Excess heat during laptop recharging?
1 day, 1 hour ago
-
Hackers are running your smart home
1 day, 9 hours ago
-
Freeware Spotlight – Immunet 7
12 hours, 29 minutes ago
-
Schrödinger’s Bill
1 day, 6 hours ago
-
Sorting alphanumeric text
21 hours, 23 minutes ago
-
Potential for iPhone 12 and MagSafe to Interfere With Medical Devices
1 day, 18 hours ago
-
Computer running slowly when using Wi-Fi since last Windows update
10 hours, 58 minutes ago
-
Websites that still require Flash after EOL
1 hour, 59 minutes ago
-
WinSlap (Windows 10 Privacy tool)
2 days, 9 hours ago
-
Using USB flash drive for both windows and on a Chromebook
21 hours, 43 minutes ago
-
Chrome browser stopped playing video
1 day, 15 hours ago
-
Apple News Wrap Up: January 23, 2020
2 days, 22 hours ago
-
Tasks for the Weekend – January 23, 2021
1 day, 12 hours ago
Search for Topics
Recent blog posts
Key Links
Copyright © 2004 – 2021 AskWoody Tech LLC. All rights reserved.