Here we go again with a bundle of updates. Remember our mantra – to pause, ponder, wait and in general see what the side effects are first. Windows se
[See the full post at: Here comes February’s valentines of patches]
Susan Bradley Patch Lady
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Home » Forums » Newsletter and Homepage topics » Here comes February’s valentines of patches
Here we go again with a bundle of updates. Remember our mantra – to pause, ponder, wait and in general see what the side effects are first. Windows se
[See the full post at: Here comes February’s valentines of patches]
Susan Bradley Patch Lady
https://www.catalog.update.microsoft.com/Search.aspx?q=2023+Embedded-7+Updates
updates are not changed or restricted to Embedded and Server, they apply to Windows 7 too
they only require non-released ESU Year 4 activated key for Client
Abbodi86? “they only require non-released ESU Year 4 activated key for Client”
Unless you are pulling that from some unknown source – that isn’t available to John Q Public or even John Q. ESU purchaser.
When you say “updates can be installed manually” let’s be clear about the requirements.
Susan Bradley Patch Lady
Fair enough 🙂
That’s what I actually meant.
2023-02 updates require Windows 7 Client ESU key for Year 4 (or 5 or 6) but that key is not created or sold by Microsoft, hence the updates are not officially supported or installable
However, the workaround I use in W7ESUI script is still working and it can be used to install 2023-02 updates for Windows 7 Client
Or more accurately, this link:
https://www.catalog.update.microsoft.com/Search.aspx?q=2023-02%20embedded%207
This link shows a list of Windows Embedded 7 updates specifically for February 2023
Also included are new .NET updates for 2/2023
Guinea Pig Update
Version and build after update: Win11Pro 22H2.22621.1265
Used WUMgr for all:
All installed without error and the system rebooted without error.
W10 Pro 22H2 x64 and x86
February CU kb5022834 & NET kb5022729 updates applied:
Edge re-introduced this month, ran a couple of scripts..ta ta chredge, Shutup10++ checked over and reset to my previous config.
No errors encountered in event viewer or sfc verification, dism healthcheck good..
Note: iexplorer error appeared but that was to be expected upon removal of chredge
FWIW, I got the Malicious Software Removal Tool through WU and installed it. That’s it; no .Net or other updates for Windows 8.1. I looked at the update for Internet Explorer on Microsoft Update Catalog, but it said the updates were for Windows 8.1 Embedded. It probably would have worked for me, but I didn’t want to try it. I don’t use Internet Explorer.
Mark
I have a question about Susan’s statement where she said:
Remember Windows 7 is officially out of support so if you are still using it, please do not be using it to surf, browse, etc ensure that you are using it in isolation away from the Internet. 0Patch is an option for those of you.
I would like a clarification of the wording of the last sentence. Does this mean that for those of us who use 0Patch for Windows 7, we can go ahead and browse the web?
Personally I wouldn’t. I don’t recommend surfing on platforms that are no longer supported.
Ultimately you have to make your own risk assessment. (Lord knows I can’t convince some of you folks in the forums who state that they are still using Windows XP)
Susan Bradley Patch Lady
Hardened Windows user
Desktop:
KB890830 Windows Malicious Software Removal Tool x64 – v5.110
KB5022845 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems
KB5022497 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64
Now running Windows 11 Pro Version 22H2 (OS Build 22621.1265)
NAS:
KB890830 Windows Malicious Software Removal Tool x64 – v5.110
KB5022834 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems
KB5022279 Cumulative Update for .NET Framework 3.5 4.8 and 4.8.1 for Windows 10, version 22H2 for x64
Now running Windows 10 Pro Version 22H2 (OS Build 19045.2604)
No hiccups except for the reinstall of WebView2 on my desktop (now uninstalled) and the OOBE for my NAS wanting me to change my default browser to Edge and import everything from IE. I use Firefox, I declined the offer, uninstalled Edge and WebView2, and Firefox is still my default browser.
Does this mean that for those of us who use 0Patch for Windows 7, we can go ahead and browse the web?
Sites are starting to block browsers running on the “dead” Windows 7.
You should change your browser agent to Windows 10
https://www.askwoody.com/forums/topic/firefox-and-firefox-esr-updates/#post-2530458
Maybe luck of the draw, but I actually have several sites refusing to serve me because I have an “outdated browser,” while none (thus far) have refused service due to my using Windows 7. That “outdated browser” is a fully up-to-date Firefox 102.8esr. Despite the fact that 102.8esr has the latest Firefox security updates, I think some sites don’t know know from esr and think I’m 8 versions behind in my browser update. Regardless, sending a Win 10 user agent probably wouldn’t help in these cases. Ironically these same sites have no complaint (yet) if I use Chrome, which has ceased updating in Win 7.
KB5022834 and KB5022729 installed last night. This morning the ” (Shift-2) and @ (Shift-‘) keys on my keyboard have been swapped. Very annoying. Cannot put it right. Only 1 language selected (English UK). Tried uninstalling and reinstalling keyboard driver but that didn’t fix it.
In the end I have uninstalled the 2 updates and all ok again. Is this a known issue?
Dell XPS 8700 Win 10 Home 22H2.
Hi
It would seem the error may be related to the keyboard setting having been switched and swapped between a US keyboard and a UK keyboard during the Feb 2023 patch install.
The Are the @ & ” Keys Swapped On Windows 10? – How To Fix It may of help in fixing the issue.
HTH.
Not the ’embeded’ script, testing my preferred R2 endurance route…not my place to name and wouldn’t want to jeapordise it’s future development on a PUBLIC fora as it’s not publicly available at source, membership access only, got to respect that!
IT psalm 13:4:12
Note:
.NET update patch for 2012 R2 does not contain an esu block (yet?) so these should install on Win8.1 at default.
(2012/ Win8 untested but should be the same for NET updates)
You can get these from the MS catalog..
Trying out the bypass, I went a stage further on the test device and manually deleted the software distribution folder so nothing shows as I’m bang up to date. Actually killing off WU completely still gets Microsoft Defender definition updates 🙂
To me, the overall system performance seems a lot snappier after a complete cleanout, sfc, dism clean and SSD trim using the bypass and with WU switched OFF! 🙂 WOW!!!
As I noted in a message that seems to have been deleted, my Windows 8.1 security-only update was not completed and was rolled back. I never tried the .NET updates since they are for Windows 8.1 embedded (so is the security-only update).
Mark
Windows 11 Pro 22H2 now on build 22621.1265
Windows Malicious Software Removal Tool x64 – v5.110 (KB890830)
2023-02 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5022845)
2023-02 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5022497)
2023-02 .NET 6.0.14 Security Update for x64 Client (KB5023288)
2023-02 .NET 7.0.3 Security Update for x64 Client (KB5023286)
All were installed without an issue. Everything is running normally.
--Joe
I can personally report that the removal of Internet Explorer in Edge is breaking remote deposit with the Bank of America website. It doesn’t recognize the scanner driver on Edge, it does on Chrome.
I saw this for the first time about 3 years ago when the bank my HomeOwner Assn. was using insisted that the remote check deposit machine had to use IE11 with special settings in the security section to make the deposit software work. The computer was on Win10. Even at that time we sent warnings about mandatory use of IE, that it was on its way out.
Looks like the chickens have finally come home to roost.
WSUS might not offer updates to Windows 11, version 22H2
Last updated: 2023-02-15
Updates released February 14, 2023 or later might not be offered from some Windows Server Update Services (WSUS) servers to Windows 11, version 22H2. The updates will download to the WSUS server but might not propagate further to client devices. Affected WSUS servers are only those running Windows Server 2022 which have been upgraded from Windows Server 2016 or Windows Server 2019. This issue is caused by the accidental removal of required Unified Update Platform (UUP) MIME types during the upgrade to Windows Server 2022 from a previous version of Windows Server. This issue might affect security updates or feature updates for Windows 11, version 22H2. Microsoft Configuration Manager is not affected by this issue.
Workaround: To mitigate this issue, please see Adding file types for Unified Update Platform on premises.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
Affected platforms:
Client: Windows 11, version 22H2
Server: Windows Server 2022..
Maybe luck of the draw, but I actually have several sites refusing to serve me because I have an “outdated browser,” while none (thus far) have refused service due to my using Windows 7.
The site probably refuse because you are on Windows 7.
Try by changing FF esr Browser agent to Windows 10.
VM with Windows Server 2022 KB5022842 secure boot not booting
Virtual Machine with Windows Server 2022 KB5022842 (OS Build 20348.1547) configured with secure boot enabled not booting up (90947)
After installing Windows Server 2022 update KB5022842 (OS Build 20348.1547), guest OS can not boot up when virtual machine(s) configured with secure boot enabled running on vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x.
In VM vmware.log, there is ‘Image DENIED’ info like the below:
2023-02-15T05:34:31.379Z In(05) vcpu-0 – SECUREBOOT: Signature: 0 in db, 0 in dbx, 1 unrecognized, 0 unsupported alg.
2023-02-15T05:34:31.379Z In(05) vcpu-0 – Hash: 0 in db, 0 in dbx.
2023-02-15T05:34:31.379Z In(05) vcpu-0 – SECUREBOOT: Image DENIED.To identify the location of vmware.log files:
Establish an SSH session to your host. For ESXi hosts
Log in to the ESXi Host CLI using root account.
To list the locations of the configuration files for the virtual machines registered on the host, run the below command:
#vim-cmd vmsvc/getallvms | grep -i “VM_Name”The vmware.log file is located in virtual machine folder along with the vmx file.
Record the location of the .vmx configuration file for the virtual machine you are troubleshooting. For example:
/vmfs/volumes/xxxxxxxx-xxxxxxx-c1d2-111122223333/vm1/vm1.vmx
/vmfs/volumes/xxxxxxxx-xxxxxxx-c1d2-111122223333/vm1/vmware.logResolution
Currently there is no resolution for virtual machines running on vSphere ESXi 6.7 U2/U3 and vSphere ESXi 7.0.x. However the issue doesn’t exist with virtual machines running on vSphere ESXi 8.0.x.
Note: vSphere ESXi 6.7 is End of general Support. For more information, see The End of General Support for vSphere 6.5 and vSphere 6.7 is October 15, 2022.
Workaround
There are three methods to avoid this issue
Upgrade the ESXi Host where the virtual machine in question is running to vSphere ESXi 8.0
Disable “Secure Boot” on the VMs.
Do not install the KB5022842 patch on any Windows 2022 Server virtual machine until the issue is resolved….
Just a note that Martin Brinkmann, of ghacks net (usually a reliable resource), has on February 15, 2023 posted: “A Serious Security Risk: Three Zero-Day Vulnerabilities You Need to Patch Now!”
https://www.ghacks.net/2023/02/15/windows-security-time-to-patch-these-three-zero-day-vulnerabilities/
I remember Woody’s and Susan’s advice about these “Patch Now” (Sky is Falling ?) notices, and I prefer to wait until our experienced Patch Lady gives advice to ‘Update now’ with the DEFCON rating. If it is Super Important, I think Susan Bradley will let us know to update immediately, otherwise it is best to wait and see what happens. Thank you to all the early patchers that tell us your results, whether it is safe to update, or if there are some problems. Much appreciated, and very helpful to non professional home users such as myself.
Publisher – patched via click to run. You probably already have it installed. Furthermore it’s only at risk for those skus that have publisher and thus M365 apps for enterprise is the only one listed.
Common log file – it’s an elevation of privilege attack meaning more geared towards business users and blended attacks.
Windows Graphics components – this is confusing https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823 is it a Onenote vulnerability or a Windows graphics?
Bottom line zero days should be evaluated no matter what.
Susan Bradley Patch Lady
Furthermore it’s only at risk for those skus that have publisher and thus M365 apps for enterprise is the only one listed.
Microsoft 365 Personal/Family still get Publisher (for PC only).
Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge
Windows 11 22H2 driver updates are failing left and right with 0x80070103 error
…many users across various online forums are reporting about driver update failures when trying to install them via the Windows Update. Such affected users say they are encountering driver update failures with the error code “0x80070103”. The issue seems to be affecting Surface devices, though other reports show all sorts of drivers, from Realtek. to Intel, to Dolby, to Dell, and many more, are failing to install, all exhibiting similar symptoms, ie, failing with the 0x80070103 error. The error message essentially says “Install error – 0x80070103” with an option to “Retry” the installation of the failed update…
Microsoft were aware of this 18 hours ago and people seem to be saying it has been fixed on the update servers. Those retrying within the last 12 hours now get no error (which referred to trying to install something that’s already installed).
[Gleaned from Twitter, Microsoft Community and Feedback Hub.]
Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge
Updated 7 Win 10 Pro 21H2 x64 “Guinea Pig”/”Canary” machines:
Desktops: Dell – 5)Precision T3500(2011), 1)Precision T3600(2012), 7)Precision 5820(2017).
Laptop/Tablets: Dell – 2)XPS 13 9360(2017), 6)XPS 15 9560(2017), 4)Latitude 5591(2019), 3) Microsoft Surface Pro(2014)
With these 4 updates:
KB5022834 2023-02 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems
KB5022728 2023-02 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64
KB4023057 2023-01 Update for Windows 10 Version 21H2 for x64-based Systems
KB890830 Windows Malicious Software Removal Tool x64 – v5.110
No Problems seen yet.
As always, YMMV, particularly since we mostly run in an MS based ecosystem
Basic research is what I am doing when I don't know what I am doing - Werner Von Braun
Anyone noticing issues deploying this month’s patches to Server 2012R2 systems?
I have a good number of systems in my enviornment that have seem to have frozen during patching and required a reboot, before the patches being rolled back as failed. All of these were Server2012R2 systems – with the issue not being seeing in the rest of the Server 2019 systems
I am still trying to analyze what may of caused this issue but it does appear it may be after installing either KB5022894 or KB5022899.
Server Essentials 2012 R2 is accidentally blocked with Windows 8.1 in 2023-02 updates
https://learn.microsoft.com/en-us/answers/questions/1181682/windows-server-essentials-2012-r2-cant-install-kb5
ironically, “Windows 8.1 Enterprise Evaluation” is not blocked
Hi Susan:
Windows Update successfully installed the following February 2023 Patch Tuesday updates on my Win 10 Pro v22H2 laptop and I haven’t noticed any negative effects so far:
The only minor glitch I noticed during the update process was that Windows Update prompted me to “Restart Now” as soon as my .NET Framework (KB5022729) finished installing, even though my monthly Cumulative Update for Win 10 Version 22H2 (KB5022834) was only partially installed – see attached image. However, it’s not unusual for me to see that happen on a Patch Tuesday if a .NET Framework update is offered (for example, see my 14-Nov-2022 post # 2497973 in November Updates Are Here) and I always check now to ensure all my updates have finished installing before I restart my system.
———-
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.2604 * Firefox v110.0.0 * Microsoft Defender v4.18.2301.6-1.1.200000.2 * Malwarebytes Premium v4.5.22.236-1.0.1915 * Macrium Reflect Free v8.0.7279
rick41
I’ve answered this a number of times in the past.
See https://www.askwoody.com/forums/topic/april-patching-showers-here-we-go/#post-2439684 and https://www.askwoody.com/forums/topic/several-windows-10-versions-affected-by-blue-screen-issue/#post-2515022.
Was anyone successful installing the 8.1 February updates with the script?
I had problems getting the script to run until I moved the update files into the same folder as the script files. But then it just ground away so I aborted in case something was amiss. It made me laugh to see a notice to make a backup while I was in the middle of the update. I don’t know where it came from.
I was able to install the .Net updates without the script.
Mark
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.