February 2022 Patch Tuesday early reports

Topic

New Reply

It’s that time of the month again that we wait on news of update side effects. It’s my philosophy that you shouldn’t rush into anything and patching (
[See the full post at: February 2022 Patch Tuesday early reports]

Susan Bradley Patch Lady

6 users thanked author for this post.

GreatAndPowerfulTech, MrToad28, CAS, DaisyMay, abbodi86, Alex5723

Reply | Quote

Replies

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on Feb 8, 2022.

There is a Security-only Update for those with Win7 ESU subscriptions.
There was no Feb. IE11 CU  for Win7.

February Rollup KB5010404 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

There is a February 2022 Servicing Stack KB5010451– Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

There are .NET updates listed for Win7. See #2424003.

5 users thanked author for this post.

rick41, SueW, Microfix, jburk07, abbodi86

Reply | Quote

Note for ESU (Windows 7 extended security update) folks, you need to have the year three ESU installed in order to receive these updates.

Susan Bradley Patch Lady

Reply | Quote

No problems with ESUbypass on Win7 Pro February’s patches SSU/SMQR/.NET
Win8.1 Pro on three devices, SMQR/.NET clean as a whistle no problems this month either yawwwn

Keeping IT Lean, Clean and Mean!

2 users thanked author for this post.

jburk07, DrBonzo

Reply | Quote

Ghacks : Microsoft Windows Security Updates February 2022 overview

1 user thanked author for this post.

DrBonzo

Reply | Quote

On my daily driver dual boot:

KB5009467 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 for x64
KB5010342 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems

KB5010386 Cumulative Update for Windows 11 for x64-based Systems

No hiccups on either side.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do to our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

2022-02 .NET 5.0.14 Security Update for x64 Client (KB5011093)

2022-02 .NET 6.0.2 Security Update for x64 Client (KB5011094)

2022-02 Cumulative Update for Windows 11 for x64-based Systems (KB5010386)

Installed with no problems on Win11 Pro.

--Joe

2 users thanked author for this post.

deuxbits, Alex5723

Reply | Quote

.NET update 2-8 for Windows 8.1 installed with no problems.  It seemed to install faster than normal.

I will wait to install the security-only 2-8 update for Windows 8.1.

 

1 user thanked author for this post.

DrBonzo

Reply | Quote

KB5010395 Windows 8.1 64bit installed OK. Feb.14 2022.

 

1 user thanked author for this post.

DrBonzo

Reply | Quote

Roses are red
Violets are blue
Turning on 2FA
Is good for me and you

2FA is very easy to bypass. Hackers found ways to get around. Now a days, 2FA has no security values at all. It is very easy to clone SIM with just being around 10′ of it using very cheap devices.

Reply | Quote

It takes time/energy/targeting.  Multi factor means the bad guys go after someone else without it.  Multi factor still has value.  Seriously.  When only 22% of Azure admins use it (if I remember my stats correctly) the attackers will go after the 80 someodd percent that don’t as the easier target.

Susan Bradley Patch Lady

5 users thanked author for this post.

GerryH89, KevinTMC, TechTango, grant.gardner, Kranium

Reply | Quote

I’m an amateur with limited time on my hands, so I’ve long since given up on the idea that I could keep a motivated and skilled bad actor at bay through my own efforts.

At the risk of repeating some of the things Susan and others have been pointing out in this thread, here’s the general strategy I’ve adopted to improve my odds while saving my sanity:

1. Try not to be the slowest gazelle in the herd, or even in the slowest two-thirds of the herd. (Usually the latter is not very hard.)
2. Take comfort in the fact that I’m an inherently boring target with not much to offer. (And don’t do anything unnecessary that might change that.)
3. Don’t do anything seriously stupid. (Anyone who hangs out on this site ought to have a good feel for what sorts of things those might be.)
4. Relax. Computers are more awesome than ever and still pretty darned fun; take advantage and enjoy!

---
Home machines: Windows 10 Pro (21H2), Windows 7 Home (Group B)
Work machines: Windows 10 Enterprise (21H2)

Reply | Quote

You don’t have to out run the bear, just be faster than the guy next to you.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

If he’s the guy next to you its BOGO for the bear!

Reply | Quote

Very little time is need. When you clone the SIM card, you gain access to everything. 2FA has become obsolete now just like the credit card chips that were suppose to be more secure than the magnetic stripes. There is no security since most companies to not care about people’s safety.

Reply | Quote

This is alarmist nonsense.  You’d have to be specifically physically targeted.  Hate to break it to you, nobody is following you around trying to clone your MFA.

Reply | Quote

I’m also referring to authentication apps on your phone.  While I know that certain people ARE targeted, the vast majority of us do not have attackers cloning our SIM chips.  Just because something is theoretically possible doesn’t mean that someone actually does it.

Attackers go after low hanging fruit:  reuse of the same password on multiple web sites.  If a two factor/multi factor slows them down they are on to the next victim.

Here at askwoody.com we are realists, not conspiracy theorists.

Susan Bradley Patch Lady

1 user thanked author for this post.

GerryH89

Reply | Quote

Who got Windows Malicious Software Removal Tool kb890830?

Reply | Quote

Installed Windows Malicious Software Removal Tool x64 – v5.98 (KB890830) this morning on Win11 Pro.

 

--Joe

1 user thanked author for this post.

Sailor

Reply | Quote

No problems here.

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Win10 AMD 5 4500 Minisforum HM-50

Three downloaded updates on 2/28/2022 and my system came to a crawl after rebooting.

Reimaged from backup, delayed updates and everything is back to normal.

Reply | Quote

21H2?  Do you remember exactly what got installed?    Would you mind a bit more detail as I’m not seeing anything here in my early testbeds.

Susan Bradley Patch Lady

1 user thanked author for this post.

deuxbits

Reply | Quote

I still get the Out-of-band Update KB5010798 as an optional Update offered, although the latest rollup KB5010404 (which includes the Ofb) has been installed.

Does anyone else have this “problem”?

1 user thanked author for this post.

deuxbits

Reply | Quote

Yes, they did not add supersedence metadata for it yet

1 user thanked author for this post.

deuxbits

Reply | Quote

Oops..I neglected to pause after Jan update installed and the Feb update has downloaded and is pending restart..Which I have delayed..any suggestions on how I can prevent potential damage?

Win10 Pro 21H2.

Thanks in advance

Reply | Quote

While it is too late to prevent the updates completing, it isn’t too late to take a backup. An image backup will however back up your system still pending updates, so a full restore would get you back to your current situation, but as your restored system boots, it will complete the updates.

So, first take a backup, then allow the updates to complete. If they prove to be a problem, you can probably uninstall them (problem updates don’t usually prevent that.) If that doesn’t produce a working system, go back to a previous backup, restore that, then restore your important files from the latest backup.

1 user thanked author for this post.

MrToad28

Reply | Quote

bbearren wrote:

KB5009467 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H2 for x64

I got the Jan Net Frmwk Update BUT it’s interesting that the Catalog shows 21H2 ONLY for Win 10 LTSB (Long Term Servicing Branch for Config Mgr) that I’m not aware I have.

bbearren must have it, and I assume my missing it is correct.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

Reply | Quote

The catalog has ‘Windows 10’  in the name for KB5009467, as well as Windows 10 LTSB.  Same goes for CU KB5010342.  See attachments.

1 user thanked author for this post.

CraigS26

Reply | Quote

CraigS26 wrote:

bbearren must have it, and I assume my missing it is correct.

Nope, just Windows 10 Pro 21H2.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do to our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

MrToad28 wrote:

any suggestions on how I can prevent potential damage?

You can clear the updates and defer again.
See https://www.askwoody.com/forums/topic/how-to-delete-driver-updates-downloaded-by-windows-update-but-not-installed/

1 user thanked author for this post.

MrToad28

Reply | Quote

Getting rid of downloaded but not yet installed updates:

I went to Alex5273 link above and followed this method:

“Actually, the downloaded updates are stored in the C:\Windows\SoftwareDistribution\Download folder and they can be deleted without needing to stop any of those services.
Deleted all the contents of the downloads folder “except” for the SharedFileCache folder.
Then delete the contents of the SharedFileCache folder.
As noted above, when you restart Windows, it’ll automatically restore any info required in those folders for the installed updates.”

I paused updates then followed the instructions..it looked like the PC was installing updates, but when I finished restarting the history showed the 2/8 updates had not installed..Yea!!

When I checked C:\Windows\SoftwareDistribution\Download folder it was empty just the SharedFileCache subfolder which was also empty. Maybe pausing update prevented repopulation. Anyway all is good till all clear is given for Feb updates.

Grateful Toad

Reply | Quote

anonymous wrote:

This is alarmist nonsense.  You’d have to be specifically physically targeted.  Hate to break it to you, nobody is following you around trying to clone your MFA.

When I was out of work, I was hired to ride the train with a small device to get sim cards info. I was paid $100 per hour  plus the cost of  train tickets for two weeks but no more than 4 hours since the device had battery that lasted only about 5 hours.  If the device captured more than 400 numbers, I would get a $50 per ever 100. On busy days, I got over 800 numbers. Some days that were slow only got 200. The group that hired me did not care whose phone they got. I need the money to buy food. I know that this exists.

1 user thanked author for this post.

deuxbits

Reply | Quote

We’re not saying it doesn’t exist.  But it also takes time and effort to go after each one of those numbers. In addition for many on this site they aren’t riding trains every day.

Especially in California where I live our train service is not great.  So set the risk of these type of attacks based on where you are and what you do.  The risk of SIM attacks is not the same across the world.

And I hope you find a better way to earn money as it puts you at risk as well.

Susan Bradley Patch Lady

2 users thanked author for this post.

deuxbits, WCHS

Reply | Quote

So I guess some anonymous poster is a security expert and the team at Google is just a bunch of knuckleheads.  Hmmm.

Google says default 2FA cut account breaches in half :

https://www.engadget.com/google-says-2fa-default-cut-account-breaches-193745716.html

Note: An anonymous poster with a legitimate evidence is a bit more creditable than one with a single conspiracy theory account.

 

Reply | Quote

The anonymous poster point to something that existing in the world.

Read these for more info:

FBI alert backs up Microsoft’s call to avoid using phone numbers for two-factor authentication.

T-Mobile confirms SIM swapping attacks led to breach

SIM swap horror story: I’ve lost decades of data and Google won’t lift a finger

1 user thanked author for this post.

deuxbits

Reply | Quote

Hello there.

Win11 here!

This morning when I opened Outlook 2016 with Axigen Outlook Connector installed, my Explorer was crushing and restarting every second.

I uninstalled KB5010386 and restarted and I’m good.

Meantime I reinstalled the update to be sure that the issues comes from there, but it didn’t occur again…

 

This was the error from IE

Faulting application name: explorer.exe, version: 10.0.22000.120, time stamp: 0xe846e749
Faulting module name: ExplorerExtensions.dll, version: 421.22500.575.0, time stamp: 0x6168bd7e
Exception code: 0xc000027b
Fault offset: 0x000000000026d5b2
Faulting process id: 0x22ac
Faulting application start time: 0x01d81e460395788d
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ExplorerExtensions.dll
Report Id: da35c025-435d-452d-ae3d-438a9318b5b1
Faulting package full name:
Faulting package-relative application ID:

Reply | Quote

Explorer extensions implies a third party menu program?

Susan Bradley Patch Lady

Reply | Quote

Just FileLocator Pro that I haven’t touch and still works.

Reply | Quote

So far I have updated x3 Win10 Pro to v21H2 Build 19044.1526 and x2 Win8.1 Pro with Feb. patches without any problems.

4 users thanked author for this post.

jburk07, MrToad28, Alex5723, DrBonzo

Reply | Quote

Additional updates 2/11/22 without problems:

Win11 on ARM Pro Insider, v21H2 Build 22000.526
x2 Win10 Pro to v21H2 Build 19044.1526
x1 Win8.1 Pro
x2 Win7 (1 Ultimate, 1 Home Premium) using W7ESUI, SSU, Rollup, .NET 4,8

4 users thanked author for this post.

jburk07, SueW, Fred, DrBonzo

Reply | Quote

This morning outlook 2019 could not send mail.  Nothing changed from yesterday except the microsoft update.  My ISP is Earthlink.  Earthlink checked all the settings and the IP address for blacklist.  Nothing on their end.  I did all the diagnostics and Microsoft and Office and scans and repairs to no avail.  The exact error is ox800ccc69 server responded 550.5.7.1 connection refused oxsus003_101 and then an address for postmaster at vadsecure.  Any ideas on the cause?

Reply | Quote

I have not seen this reported elsewhere.  The error code acts like it can’t connect to the mail server. I’d reboot your pc, reboot your router and try it again tomorrow.

Susan Bradley Patch Lady

Reply | Quote

Blocked by a particular recipient’s content filter?

Fix email delivery issues for error code 550 5.7.1 in Exchange Online

https://www.vadesecure.com

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

Reply | Quote

Currently Win 10 v21H2 Build 19044.1466 (i.e., have not installed Feb 2022 KB5010342 / OS Build 19044.1526) and use Microsoft Defender as my AV.

I have a question regarding Sergiu Gatlan’s 10-Feb-2022 Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans. That article suggests this vulnerability was “silently” patched by the Feb 2022 Patch Tuesday updates, but I noticed my Windows Update history shows my antimalware platform (client) was updated to v4.18.2201.10 on 10-Feb-2022.

Does anyone know if the latest antimalware platform v4.18.2201.10 will patch this vulnerability if the Feb 2022 Patch Tuesday updates haven’t been applied? I checked the release notes for the latest January-2022 | Platform: 4.18.2201.10 | Engine: 1.1.18900.2 (rel. 09-Feb-2022) update at https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-worldwide#monthly-platform-and-engine-versions but the What’s New section only mentions a vague “Tamper protection improvements“.
———–
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1466 * Firefox v97.0.0 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.2.157-1.0.1562

Reply | Quote

lmacri wrote:

Does anyone know if the latest antimalware platform v4.18.2201.10 will patch this vulnerability if the Feb 2022 Patch Tuesday updates haven’t been applied?

Extremely likely in my opinion:

On the other hand, Will Dormann, a vulnerability analyst for CERT/CC, noted that he received the permissions change without installing any updates, indicating that the change could be added by both Windows updates and Microsoft Defender security intelligence updates.

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

1 user thanked author for this post.

lmacri

Reply | Quote

https://www.neowin.net/news/microsoft-finally-makes-bypassing-defender-scans-harder-by-changing-exclusions-permission/

1 user thanked author for this post.

lmacri

Reply | Quote

Windows 10 Pro 21H2.

Installed Feb CU KB5010342
Servicing Stack 10.0.19041.1525
MSRT KB890830
.NET 5.0.14 KB5011093

winver : 19044.1526

All is well.

Reply | Quote

AMD FX 8350 with Gigabyte 970Ad3P

Windows 10 Business 10.0.19044 Build 19044

2/13/2022 woke up powered on PC. Sound icon bottom right showed Red X no speakers or headphones connected.

Rebooted PC. Same issue

Sound troubleshooter launched after trying to open a video I created yesterday.

It walked me through reinstalling the sound driver. The troubleshooter then reboot the PC

Problem persisted.

I powered down machine and powered back up. Same.

Checked for windows update. No new updates.

Rebooted PC

Sound back to normal

No obvious changes other then Defender AV update KB2267602

This is happening throughout the organization. Ranging from Home built  PC’s to Dell T3500 workstations. It seems to just happen to all of them.

Jeremiah

 

 

Reply | Quote

Win 10 21H1 64 bit.  Downloaded and installed Feb CU KB5010342 with WUMgr, installed OK and stable on test machine for 2 days.

Reply | Quote

I have Win 10 Pro v21H2 and the following Feb 2022 Patch Tuesday updates installed without any problems:

• KB5010342: 2022-02 Cumulative Update for Win 10 v21H2 (OS Build 19044.1526)
• KB890830 : Windows Malicious Software Removal Tool x64 – v5.98
• KB4023057: Windows Update Service Components (a.k.a Microsoft Update Health Tools v3.65.0.0)

As expected, I didn’t receive this month’s KB5009467 .NET Framework 3.5 and 4.8 for Windows 10 (no security update included) because I have my Local Group Policy Editor option at Computer Configuration | Administrative Templates | Windows Components| Windows Update | Windows Update for Business | Select When Preview Builds and Feature Updates Are Received enabled and set to Semi-Annual Channel. The odd glitch I saw last month when I tried to install my Jan 2022 Cumulative Update (see post # 2418118) didn’t re-occur in Feb 2022, but that might be because I edited my power plan to increase the time before my computer goes into sleep mode (Control Panel | Hardware and Sound | Power Options | Change Plan Settings) to give my updates a bit of extra uninterrupted time to download and install.
———-
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1526 * Firefox v97.0.0 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.2.157-1.0.1562

Reply | Quote

[lmacri]

lmacri wrote:

Does anyone know if the latest antimalware platform v4.18.2201.10 will patch this vulnerability if the Feb 2022 Patch Tuesday updates haven’t been applied?

Hi Alex5723 / b:

There seemed to be conflicting opinions in the articles you referenced as to which “silent” update fixes this MS Defender vulnerability, so I ran my own test and found that my MS Defender antimalware platform (client) update to v4.18.2201.10 on 10-Feb-2022 didn’t patch this MS Defender vulnerability – at least not by itself. The fix was not applied until I installed my Feb 2022 Patch Tuesday updates.

To test I created a new local user account with standard permissions called StandardTester, and when I signed in with this account on 13-Feb-2022 (Win 10 Pro v21H2 build 19044.1466 / MS Defender v4.18.2201.10-1.1.18900.3) I was still able to view my scan exclusions for Malwarebytes Premium at Settings | Update & Security | Windows Security | Virus & Threat Protection | Virus & Threat Protection Settings | Manage Settings | Exclusions; entering reg query “HKLM\Software\Microsoft\Windows Defender\Exclusions” /s in a command prompt as suggested in one of those articles also displayed my scan exclusions.

I then installed my February Patch Tuesday updates on 14-Feb-2022 and signed in with the same StandardTester account (Win 10 Pro v21H2 build 19044.15266 / still MS Defender v4.18.2201.10-1.1.18900.3) and I now see the expected message “You don’t have proper permissions to view this page” at Settings | Update & Security | Windows Security | Virus & Threat Protection | Virus & Threat Protection Settings | Manage Settings | Exclusions (*** see note below); entering reg query “HKLM\Software\Microsoft\Windows Defender\Exclusions” /s in a command prompt now reports “ERROR: Access is denied“.

I can view and add/remove scan exclusions without any restrictions in my MS Defender settings and view those exclusions from a command prompt as long as I am signed in with a user account that has Administrator rights.

*** Note that when I’m signed in as StandardTester with standard user permissions and try to view my Exclusions in my MS Defender settings, I now see a prompt that gives me the option of entering the username and password of the Administrator account on my laptop. If I choose to do this I am given temporary access to my Exclusion list and I can view and add/remove exclusions while I’m still signed in as StandardTester.
———-
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1526 * Firefox v97.0.0 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.2.157-1.0.1562

• This reply was modified 1 year, 3 months ago by lmacri.
• This reply was modified 1 year, 3 months ago by lmacri. Reason: Corrected format of command used in cmd prompt

2 users thanked author for this post.

abbodi86, b

Reply | Quote

Windows 7 SP1 Pro x64. I normally wait for Defcon 3 or better to apply the patches, but wanted to try out abbodi86’s W7ESUI and dotNetFx4_ESU installers. Using these (highly appreciated!) installers and instructions, I successfully installed the Feb rollup (KB5010404), Feb SSU (KB5010451) and Feb dotNet 4.8 rollup (KB5010457).  Used Windows Update to install the MSRT. This was all done several days ago, and I haven’t experienced any problems.

2 users thanked author for this post.

jburk07, abbodi86

Reply | Quote

Helpful hint:

If you install the MSRT first, before the updates, it will create a Restore Point for you before you install the patches.

2 users thanked author for this post.

jburk07, Alex5723

Reply | Quote