• Here comes February’s valentines of patches

    Home » Forums » Newsletter and Homepage topics » Here comes February’s valentines of patches

    Author
    Topic
    #2534320

    Here we go again with a bundle of updates. Remember our mantra – to pause, ponder, wait and in general see what the side effects are first. Windows se
    [See the full post at: Here comes February’s valentines of patches]

    Susan Bradley Patch Lady

    5 users thanked author for this post.
    Viewing 30 reply threads
    Author
    Replies
    • #2534450

      AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on Feb 13, 2023.

      See #2534438 and #2534439 for information on Win7 and Win8.1 updates (Logged in Member access).

      4 users thanked author for this post.
    • #2534341
    • #2534354

      Updates can be installed manually on Win7 / (using Bypass or W7ESUI)

      5 users thanked author for this post.
    • #2534357

      Updates can be installed manually on Win7 / (using Bypass or W7ESUI)

      What is the updates source ?

    • #2534370

      Guinea Pig Update
      Version and build after update: Win11Pro 22H2.22621.1265

      Used WUMgr for all:

      • 22023-02 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5022497)
      • Windows Malicious Software Removal Tool x64 – v5.110 (KB890830)
      • 2023-02 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5022845)

      All installed without error and the system rebooted without error.

      Carpe Diem {with backup and coffee}
      offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
      offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
      online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox115.0b2 MicrosoftDefender
      2 users thanked author for this post.
    • #2534383

      W10 Pro 22H2 x64 and x86
      February CU kb5022834 & NET kb5022729 updates applied:
      Edge re-introduced this month, ran a couple of scripts..ta ta chredge, Shutup10++ checked over and reset to my previous config.
      No errors encountered in event viewer or sfc verification, dism healthcheck good..

      Note: iexplorer error appeared but that was to be expected upon removal of chredge

      Keeping IT Lean, Clean and Mean!
      3 users thanked author for this post.
      • #2534654

        Microfix and bbbearen are my update bellweathers. Thank you, both.

        I’ll update later today, after backing up my PC, and report back tomorrow.

        Peace, CAS

        1 user thanked author for this post.
      • #2534830

        All downloads completed. Now on Win 10 22H2 (OS Build 19045.2604. The only hiccup was several restarts to download cumulative update. Everything working just fine except for the persistent DeviceManagement-Enterprise error 2445.

        Peace, CAS

         

         

        1 user thanked author for this post.
    • #2534398

      FWIW, I got the Malicious Software Removal Tool through WU and installed it.  That’s it; no .Net or other updates for Windows 8.1.  I looked at the update for Internet Explorer on Microsoft Update Catalog, but it said the updates were for Windows 8.1 Embedded.  It probably would have worked for me, but I didn’t want to try it.  I don’t use Internet Explorer.

       

      Mark

       

      2 users thanked author for this post.
      • #2534445

        Thank you. I was considering posting about the Malicious Software Removal Tool update my Win8.1 alerted me too quite unexpectedly. I thought there would be NO updates coming through. I plan to install it also, as usual.

    • #2534429

      I have a question about Susan’s statement where she said:

      Remember Windows 7 is officially out of support so if you are still using it, please do not be using it to surf, browse, etc ensure that you are using it in isolation away from the Internet. 0Patch is an option for those of you.

      I would like a clarification of the wording of the last sentence.  Does this mean that for those of us who use 0Patch for Windows 7,  we can go ahead and browse the web?

      • #2534431

        Personally I wouldn’t.  I don’t recommend surfing on platforms that are no longer supported.

        Ultimately you have to make your own risk assessment.  (Lord knows I can’t convince some of you folks in the forums who state that they are still using Windows XP)

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2534435

      Hardened Windows user

      Desktop:

      KB890830 Windows Malicious Software Removal Tool x64 – v5.110
      KB5022845 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems
      KB5022497 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64

      Now running Windows 11 Pro Version 22H2 (OS Build 22621.1265)

      NAS:

      KB890830 Windows Malicious Software Removal Tool x64 – v5.110
      KB5022834 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems
      KB5022279 Cumulative Update for .NET Framework 3.5 4.8 and 4.8.1 for Windows 10, version 22H2 for x64

      Now running Windows 10 Pro Version 22H2 (OS Build 19045.2604)

      No hiccups except for the reinstall of WebView2 on my desktop (now uninstalled) and the OOBE for my NAS wanting me to change my default browser to Edge and import everything from IE.  I use Firefox, I declined the offer, uninstalled Edge and WebView2, and Firefox is still my default browser.

      Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
      We were all once "Average Users". We all have our own reasons for doing the things that we do to our systems, we don't need anyone's approval, and we don't all have to do the same things.

      6 users thanked author for this post.
    • #2534466

      Updated to W11 21H2 22000.1574

      Nothing to report. Went back to 

      1 Desktop W11
      1 Laptop W10
      Both tweaked to look, behave and feel like Windows 95
      1 user thanked author for this post.
    • #2534552

      Does this mean that for those of us who use 0Patch for Windows 7,  we can go ahead and browse the web?

      Sites are starting to block browsers running on the “dead” Windows 7.
      You should change your browser agent to Windows 10

      https://www.askwoody.com/forums/topic/firefox-and-firefox-esr-updates/#post-2530458

      2 users thanked author for this post.
      • #2534923

        Maybe luck of the draw, but I actually have several sites refusing to serve me because I have an “outdated browser,” while none (thus far) have refused service due to my using Windows 7.  That “outdated browser” is a fully up-to-date Firefox 102.8esr.   Despite the fact that 102.8esr has the latest Firefox security updates, I think some sites don’t know know from esr and think I’m 8 versions behind in my browser update.  Regardless, sending a Win 10 user agent probably wouldn’t help in these cases.  Ironically these same sites have no complaint (yet) if I use Chrome, which has ceased updating in Win 7.

        1 user thanked author for this post.
    • #2534576

      Susan….do you have a more current update on Ventura 13.2 and iOS 16.3 and now 16.3.1? Still on defer status. Thank you.

    • #2534610

      BTW, I received another Security Intelligence update through WU for Windows 8.1.  That makes two in a day.

      Mark

       

    • #2534664

      KB5022834 and KB5022729 installed last night. This morning the ” (Shift-2) and @ (Shift-‘) keys on my keyboard have been swapped. Very annoying. Cannot put it right. Only 1 language selected (English UK). Tried uninstalling and reinstalling keyboard driver but that didn’t fix it.

      In the end I have uninstalled the 2 updates and all ok again. Is this a known issue?

      Dell XPS 8700 Win 10 Home 22H2.

    • #2534713

      I’ll let my screenshots do the talking..
      the afterlife, lives on! 🙂

      W81

      OMGupdates

      DISMclean

      Keeping IT Lean, Clean and Mean!
      3 users thanked author for this post.
      • #2534724

        Curious minds want to know: did you install from the MS Catalog, through Windows Update, or through some other means such as a script from abbodi86?

        • #2534748

          See #2534450.

          1 user thanked author for this post.
        • #2534946

          Not the ’embeded’ script, testing my preferred R2 endurance route…not my place to name and wouldn’t want to jeapordise it’s future development on a PUBLIC fora as it’s not publicly available at source, membership access only, got to respect that!
          IT psalm 13:4:12

          Keeping IT Lean, Clean and Mean!
          • #2535710

            Note:
            .NET update patch for 2012 R2 does not contain an esu block (yet?) so these should install on Win8.1 at default.
            (2012/ Win8 untested but should be the same for NET updates)
            You can get these from the MS catalog..
            Trying out the bypass, I went a stage further on the test device and manually deleted the software distribution folder so nothing shows as I’m bang up to date. Actually killing off WU completely still gets Microsoft Defender definition updates 🙂
            To me, the overall system performance seems a lot snappier after a complete cleanout, sfc, dism clean and SSD trim using the bypass and with WU switched OFF! 🙂 WOW!!!

            Keeping IT Lean, Clean and Mean!
            • This reply was modified 3 months, 2 weeks ago by Microfix. Reason: flatulent comment strikeout
            1 user thanked author for this post.
          • #2535713

            Windows 8.0 was discontinued before the concept of ESU invented 😀
            all Server 2012 / Embedded 8.0 updates are not blocked or contain ESU component “yet”

            2 users thanked author for this post.
      • #2534728

        As I noted in a message that seems to have been deleted, my Windows 8.1 security-only update was not completed and was rolled back.  I never tried the .NET updates since they are for Windows 8.1 embedded (so is the security-only update).

        Mark

        1 user thanked author for this post.
    • #2534736

      Windows 11 Pro 22H2 now on build 22621.1265

      Windows Malicious Software Removal Tool x64 – v5.110 (KB890830)

      2023-02 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5022845)

      2023-02 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5022497)

      2023-02 .NET 6.0.14 Security Update for x64 Client (KB5023288)

      2023-02 .NET 7.0.3 Security Update for x64 Client (KB5023286)

      All were installed without an issue. Everything is running normally.

      --Joe

      1 user thanked author for this post.
    • #2534846

      I can personally report that the removal of Internet Explorer in Edge is breaking remote deposit with the Bank of America website.  It doesn’t recognize the scanner driver on Edge, it does on Chrome.

      I saw this for the first time about 3 years ago when the bank my HomeOwner Assn. was using insisted that the remote check deposit machine had to use IE11 with special settings in the security section to make the deposit software work. The computer was on Win10. Even at that time we sent warnings about mandatory use of IE, that it was on its way out.

      Looks like the chickens have finally come home to roost.

    • #2534930

      WSUS might not offer updates to Windows 11, version 22H2

      Last updated: 2023-02-15

      Updates released February 14, 2023 or later might not be offered from some Windows Server Update Services (WSUS) servers to Windows 11, version 22H2. The updates will download to the WSUS server but might not propagate further to client devices. Affected WSUS servers are only those running Windows Server 2022 which have been upgraded from Windows Server 2016 or Windows Server 2019. This issue is caused by the accidental removal of required Unified Update Platform (UUP) MIME types during the upgrade to Windows Server 2022 from a previous version of Windows Server. This issue might affect security updates or feature updates for Windows 11, version 22H2. Microsoft Configuration Manager is not affected by this issue.

      Workaround: To mitigate this issue, please see Adding file types for Unified Update Platform on premises.

      Next steps: We are working on a resolution and will provide an update in an upcoming release.

      Affected platforms:

      ​Client: Windows 11, version 22H2
      ​Server: Windows Server 2022..

    • #2534931

      Maybe luck of the draw, but I actually have several sites refusing to serve me because I have an “outdated browser,” while none (thus far) have refused service due to my using Windows 7.

      The site probably refuse because you are on Windows 7.
      Try by changing FF esr Browser agent to Windows 10.

    • #2534968

      VM with Windows Server 2022 KB5022842 secure boot not booting

      Virtual Machine with Windows Server 2022 KB5022842 (OS Build 20348.1547) configured with secure boot enabled not booting up (90947)

      After installing Windows Server 2022 update KB5022842 (OS Build 20348.1547), guest OS can not boot up when virtual machine(s) configured with secure boot enabled running on vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x.

      In VM vmware.log, there is ‘Image DENIED’ info like the below:
      2023-02-15T05:34:31.379Z In(05) vcpu-0 – SECUREBOOT: Signature: 0 in db, 0 in dbx, 1 unrecognized, 0 unsupported alg.
      2023-02-15T05:34:31.379Z In(05) vcpu-0 – Hash: 0 in db, 0 in dbx.
      2023-02-15T05:34:31.379Z In(05) vcpu-0 – SECUREBOOT: Image DENIED.

      To identify the location of vmware.log files:

      Establish an SSH session to your host. For ESXi hosts
      Log in to the ESXi Host CLI using root account.
      To list the locations of the configuration files for the virtual machines registered on the host, run the below command:
      #vim-cmd vmsvc/getallvms | grep -i “VM_Name”

      The vmware.log file is located in virtual machine folder along with the vmx file.
      Record the location of the .vmx configuration file for the virtual machine you are troubleshooting. For example:
      /vmfs/volumes/xxxxxxxx-xxxxxxx-c1d2-111122223333/vm1/vm1.vmx
      /vmfs/volumes/xxxxxxxx-xxxxxxx-c1d2-111122223333/vm1/vmware.log

      Resolution

      Currently there is no resolution for virtual machines running on vSphere ESXi 6.7 U2/U3 and vSphere ESXi 7.0.x. However the issue doesn’t exist with virtual machines running on vSphere ESXi 8.0.x.

      Note: vSphere ESXi 6.7 is End of general Support. For more information, see The End of General Support for vSphere 6.5 and vSphere 6.7 is October 15, 2022.

      Workaround

      There are three methods to avoid this issue

      Upgrade the ESXi Host where the virtual machine in question is running to vSphere ESXi 8.0
      Disable “Secure Boot” on the VMs.
      Do not install the KB5022842 patch on any Windows 2022 Server virtual machine until the issue is resolved….

    • #2535046

      Just a note that Martin Brinkmann, of ghacks net (usually a reliable resource), has on February 15, 2023 posted: “A Serious Security Risk: Three Zero-Day Vulnerabilities You Need to Patch Now!”
      https://www.ghacks.net/2023/02/15/windows-security-time-to-patch-these-three-zero-day-vulnerabilities/
      I remember Woody’s and Susan’s advice about these “Patch Now” (Sky is Falling ?) notices, and I prefer to wait until our experienced Patch Lady gives advice to ‘Update now’ with the DEFCON rating. If it is Super Important, I think Susan Bradley will let us know to update immediately, otherwise it is best to wait and see what happens. Thank you to all the early patchers that tell us your results, whether it is safe to update, or if there are some problems. Much appreciated, and very helpful to non professional home users such as myself.

      1 user thanked author for this post.
      • #2535064

        Closing Words

        The severity rating of important suggests that Microsoft does not see the security issues as a major threat to a large percentage of the Windows population.

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

      • #2535068

        Publisher – patched via click to run.  You probably already have it installed.  Furthermore it’s only at risk for those skus that have publisher and thus M365 apps for enterprise is the only one listed.

        Common log file – it’s an elevation of privilege attack meaning more geared towards business users and blended attacks.

        Windows Graphics components  – this is confusing https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823 is it a Onenote vulnerability or a Windows graphics?

        Bottom line zero days should be evaluated no matter what.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2535113

      Windows 10 22H2.
      February updates.
      All is well.

      Updates took more than an hour on i7 gen8 with 32GB of RAM.

      3 users thanked author for this post.
    • #2535209

      I just noticed the installer for Windows 8.1 updates.  Where does it come from and how do you use it or is it self-explanatory?  I am not on Windows 8.1 now, but on Ubuntu where I do most of my activities.  Thanks.

      Mark

      P.S.  Going to Windows 11 Pro real soon now. Oh boy!

    • #2535190

      Updated one Win 10 22H2 system after doing a full disk image.

      No issues so far.

      Have used Windows Automatic Update Manager for several years with no issues.

       

      1 user thanked author for this post.
    • #2535255

      Windows 11 22H2 driver updates are failing left and right with 0x80070103 error

      …many users across various online forums are reporting about driver update failures when trying to install them via the Windows Update. Such affected users say they are encountering driver update failures with the error code “0x80070103”. The issue seems to be affecting Surface devices, though other reports show all sorts of drivers, from Realtek. to Intel, to Dolby, to Dell, and many more, are failing to install, all exhibiting similar symptoms, ie, failing with the 0x80070103 error. The error message essentially says “Install error – 0x80070103” with an option to “Retry” the installation of the failed update…

      3 users thanked author for this post.
      • #2535268

        Microsoft were aware of this 18 hours ago and people seem to be saying it has been fixed on the update servers. Those retrying within the last 12 hours now get no error (which referred to trying to install something that’s already installed).

        [Gleaned from Twitter, Microsoft Community and Feedback Hub.]

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

        3 users thanked author for this post.
    • #2535310

      Updated 7 Win 10 Pro 21H2 x64 “Guinea Pig”/”Canary” machines:
      Desktops: Dell – 5)Precision T3500(2011), 1)Precision T3600(2012), 7)Precision 5820(2017).
      Laptop/Tablets: Dell – 2)XPS 13 9360(2017), 6)XPS 15 9560(2017), 4)Latitude 5591(2019), 3) Microsoft Surface Pro(2014)

      With these 4 updates:
      KB5022834 2023-02 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems
      KB5022728 2023-02 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64
      KB4023057 2023-01 Update for Windows 10 Version 21H2 for x64-based Systems
      KB890830 Windows Malicious Software Removal Tool x64 – v5.110

      No Problems seen yet.

      As always, YMMV, particularly since we mostly run in an MS based ecosystem

      Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

      1 user thanked author for this post.
    • #2535305

      Anyone noticing issues deploying this month’s patches to Server 2012R2 systems?

      I have a good number of systems in my enviornment that have seem to have frozen during patching and required a reboot, before the patches being rolled back as failed.  All of these were Server2012R2 systems – with the issue not being seeing in the rest of the Server 2019 systems

      I am still trying to analyze what may of caused this issue but it does appear it may be after installing either KB5022894 or KB5022899.

    • #2535532

      Server Essentials 2012 R2 is accidentally blocked with Windows 8.1 in 2023-02 updates
      https://learn.microsoft.com/en-us/answers/questions/1181682/windows-server-essentials-2012-r2-cant-install-kb5

      ironically, “Windows 8.1 Enterprise Evaluation” is not blocked

      1 user thanked author for this post.
      • #2535545

        nothing like breaking one’s own updates in an attempt to exclude alternative methodologies /s

        shootfoot

        Keeping IT Lean, Clean and Mean!
    • #2536955

      Hi Susan:

      Windows Update successfully installed the following February 2023 Patch Tuesday updates on my Win 10 Pro v22H2 laptop and I haven’t noticed any negative effects so far:

      • KB5022834: 2023-02 Cumulative Update for Win 10 Version 22H2 for x64 (OS Build 19045.2604)
      • KB5022729: 2023-02 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Win 10 Version 22H2
      • KB5023288: 2023-01 .NET 6.0.14 Update for x64 Client
      • KB890830 : Windows Malicious Software Removal Tool x64 – v5.110

      The only minor glitch I noticed during the update process was that Windows Update prompted me to “Restart Now” as soon as my .NET Framework (KB5022729) finished installing, even though my monthly Cumulative Update for Win 10 Version 22H2 (KB5022834) was only partially installed – see attached image. However, it’s not unusual for me to see that happen on a Patch Tuesday if a .NET Framework update is offered (for example, see my 14-Nov-2022 post # 2497973 in November Updates Are Here) and I always check now to ensure all my updates have finished installing before I restart my system.
      ———-
      Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.2604 * Firefox v110.0.0 * Microsoft Defender v4.18.2301.6-1.1.200000.2 * Malwarebytes Premium v4.5.22.236-1.0.1915 * Macrium Reflect Free v8.0.7279

      4 users thanked author for this post.
    • #2537059

      Windows Update prompted me to “Restart Now”

      This will never happen using WUmgr.

    • #2538624

      Was anyone successful installing the 8.1 February updates with the script?

      I had problems getting the script to run until I moved the update files into the same folder as the script files.  But then it just ground away so I aborted in case something was amiss.  It made me laugh to see a notice to make a backup while I was in the middle of the update.  I don’t know where it came from.

      I was able to install the .Net updates without the script.

      Mark

       

       

    Viewing 30 reply threads
    Reply To: Here comes February’s valentines of patches

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: