Here comes February’s valentines of patches

Topic

New Reply

Here we go again with a bundle of updates. Remember our mantra – to pause, ponder, wait and in general see what the side effects are first. Windows se
[See the full post at: Here comes February’s valentines of patches]

Susan Bradley Patch Lady

5 users thanked author for this post.

lmacri, L95, abbodi86, Alex5723, Pim

Reply | Quote

Replies

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on Feb 13, 2023.

See #2534438 and #2534439 for information on Win7 and Win8.1 updates (Logged in Member access).

4 users thanked author for this post.

Steve, jburk07, SueW, abbodi86

Reply | Quote

No Windows 7 and 8.1

https://www.ghacks.net/2023/02/14/microsoft-windows-security-updates-february-2023-overview/

Reply | Quote

Updates can be installed manually on Win7 / (using Bypass or W7ESUI)

5 users thanked author for this post.

TaskForce141, jburk07, SueW, L95, Alex5723

Reply | Quote

abbodi86 wrote:

Updates can be installed manually on Win7 / (using Bypass or W7ESUI)

What is the updates source ?

Reply | Quote

#2533069 this post may explain (or not)?? who knows, it’s microsoft

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Kirsty

Reply | Quote

https://www.catalog.update.microsoft.com/Search.aspx?q=2023+Embedded-7+Updates

updates are not changed or restricted to Embedded and Server, they apply to Windows 7 too
they only require non-released ESU Year 4 activated key for Client

3 users thanked author for this post.

TaskForce141, jburk07, Alex5723

Reply | Quote

Abbodi86?  “they only require non-released ESU Year 4 activated key for Client”

Unless you are pulling that from some unknown source – that isn’t available to John Q Public or even John Q. ESU purchaser.

When you say “updates can be installed manually” let’s be clear about the requirements.

 

Susan Bradley Patch Lady

1 user thanked author for this post.

Kirsty

Reply | Quote

Fair enough 🙂

That’s what I actually meant.

2023-02 updates require Windows 7 Client ESU key for Year 4 (or 5 or 6) but that key is not created or sold by Microsoft, hence the updates are not officially supported or installable

However, the workaround I use in W7ESUI script is still working and it can be used to install 2023-02 updates for Windows 7 Client

2 users thanked author for this post.

TaskForce141, Kirsty

Reply | Quote

Or more accurately, this link:

https://www.catalog.update.microsoft.com/Search.aspx?q=2023-02%20embedded%207

This link shows a list of Windows Embedded 7 updates specifically for February 2023

Also included are new .NET updates for 2/2023

Reply | Quote

See #2534438 and the one below it (Logged in Member access).

Reply | Quote

See my comment in the Admin/mod hangout please?

Susan Bradley Patch Lady

Reply | Quote

Guinea Pig Update
Version and build after update: Win11Pro 22H2.22621.1265

Used WUMgr for all:

• 22023-02 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5022497)
• Windows Malicious Software Removal Tool x64 – v5.110 (KB890830)
• 2023-02 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5022845)

All installed without error and the system rebooted without error.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1413 x64 i5-9400 RAM16GB HDD Firefox112.0b3 MicrosoftDefender

2 users thanked author for this post.

arbrich, fernlady

Reply | Quote

W10 Pro 22H2 x64 and x86
February CU kb5022834 & NET kb5022729 updates applied:
Edge re-introduced this month, ran a couple of scripts..ta ta chredge, Shutup10++ checked over and reset to my previous config.
No errors encountered in event viewer or sfc verification, dism healthcheck good..

Note: iexplorer error appeared but that was to be expected upon removal of chredge

Keep IT Lean, Clean and Mean!

3 users thanked author for this post.

CAS, geekdom, deuxbits

Reply | Quote

Microfix and bbbearen are my update bellweathers. Thank you, both.

I’ll update later today, after backing up my PC, and report back tomorrow.

Peace, CAS

1 user thanked author for this post.

Microfix

Reply | Quote

All downloads completed. Now on Win 10 22H2 (OS Build 19045.2604. The only hiccup was several restarts to download cumulative update. Everything working just fine except for the persistent DeviceManagement-Enterprise error 2445.

Peace, CAS

 

 

1 user thanked author for this post.

Microfix

Reply | Quote

FWIW, I got the Malicious Software Removal Tool through WU and installed it.  That’s it; no .Net or other updates for Windows 8.1.  I looked at the update for Internet Explorer on Microsoft Update Catalog, but it said the updates were for Windows 8.1 Embedded.  It probably would have worked for me, but I didn’t want to try it.  I don’t use Internet Explorer.

 

Mark

 

2 users thanked author for this post.

Douglas, geekdom

Reply | Quote

Thank you. I was considering posting about the Malicious Software Removal Tool update my Win8.1 alerted me too quite unexpectedly. I thought there would be NO updates coming through. I plan to install it also, as usual.

Reply | Quote

I have a question about Susan’s statement where she said:

Remember Windows 7 is officially out of support so if you are still using it, please do not be using it to surf, browse, etc ensure that you are using it in isolation away from the Internet. 0Patch is an option for those of you.

I would like a clarification of the wording of the last sentence.  Does this mean that for those of us who use 0Patch for Windows 7,  we can go ahead and browse the web?

Reply | Quote

Personally I wouldn’t.  I don’t recommend surfing on platforms that are no longer supported.

Ultimately you have to make your own risk assessment.  (Lord knows I can’t convince some of you folks in the forums who state that they are still using Windows XP)

Susan Bradley Patch Lady

1 user thanked author for this post.

deuxbits

Reply | Quote

Hardened Windows user

Desktop:

KB890830 Windows Malicious Software Removal Tool x64 – v5.110
KB5022845 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems
KB5022497 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64

Now running Windows 11 Pro Version 22H2 (OS Build 22621.1265)

NAS:

KB890830 Windows Malicious Software Removal Tool x64 – v5.110
KB5022834 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems
KB5022279 Cumulative Update for .NET Framework 3.5 4.8 and 4.8.1 for Windows 10, version 22H2 for x64

Now running Windows 10 Pro Version 22H2 (OS Build 19045.2604)

No hiccups except for the reinstall of WebView2 on my desktop (now uninstalled) and the OOBE for my NAS wanting me to change my default browser to Edge and import everything from IE.  I use Firefox, I declined the offer, uninstalled Edge and WebView2, and Firefox is still my default browser.

Create a fresh drive image before making system changes/Windows updates, in case you need to start over!

We all have our own reasons for doing the things that we do. We don't all have to do the same things.

Computer Specs

6 users thanked author for this post.

Vallee, Microfix, RetiredGeek, CAS, geekdom, deuxbits

Reply | Quote

Updated to W11 21H2 22000.1574

Nothing to report. Went back to  …

1 Desktop W11
1 Laptop W10
Both tweaked to look, behave and feel like Windows 95

1 user thanked author for this post.

geekdom

Reply | Quote

L95 wrote:

Does this mean that for those of us who use 0Patch for Windows 7,  we can go ahead and browse the web?

Sites are starting to block browsers running on the “dead” Windows 7.
You should change your browser agent to Windows 10

https://www.askwoody.com/forums/topic/firefox-and-firefox-esr-updates/#post-2530458

2 users thanked author for this post.

TaskForce141, Pim

Reply | Quote

Maybe luck of the draw, but I actually have several sites refusing to serve me because I have an “outdated browser,” while none (thus far) have refused service due to my using Windows 7.  That “outdated browser” is a fully up-to-date Firefox 102.8esr.   Despite the fact that 102.8esr has the latest Firefox security updates, I think some sites don’t know know from esr and think I’m 8 versions behind in my browser update.  Regardless, sending a Win 10 user agent probably wouldn’t help in these cases.  Ironically these same sites have no complaint (yet) if I use Chrome, which has ceased updating in Win 7.

1 user thanked author for this post.

TaskForce141

Reply | Quote

Susan….do you have a more current update on Ventura 13.2 and iOS 16.3 and now 16.3.1? Still on defer status. Thank you.

Reply | Quote

There are links to articles for information on AKB2000014.

1 user thanked author for this post.

pmcjr6142

Reply | Quote

BTW, I received another Security Intelligence update through WU for Windows 8.1.  That makes two in a day.

Mark

 

Reply | Quote

KB5022834 and KB5022729 installed last night. This morning the ” (Shift-2) and @ (Shift-‘) keys on my keyboard have been swapped. Very annoying. Cannot put it right. Only 1 language selected (English UK). Tried uninstalling and reinstalling keyboard driver but that didn’t fix it.

In the end I have uninstalled the 2 updates and all ok again. Is this a known issue?

Dell XPS 8700 Win 10 Home 22H2.

Reply | Quote

Hi

It would seem the error may be related to the keyboard setting having been switched and swapped between a US keyboard and a UK keyboard during the Feb 2023 patch install.

The Are the @ & ” Keys Swapped On Windows 10? – How To Fix It may of help in fixing the issue.

HTH.

Reply | Quote

I’ll let my screenshots do the talking..
the afterlife, lives on! 🙂

Keep IT Lean, Clean and Mean!

3 users thanked author for this post.

TaskForce141, abbodi86, DrBonzo

Reply | Quote

Curious minds want to know: did you install from the MS Catalog, through Windows Update, or through some other means such as a script from abbodi86?

Reply | Quote

See #2534450.

1 user thanked author for this post.

DrBonzo

Reply | Quote

Not the ’embeded’ script, testing my preferred R2 endurance route…not my place to name and wouldn’t want to jeapordise it’s future development on a PUBLIC fora as it’s not publicly available at source, membership access only, got to respect that!
IT psalm 13:4:12

Keep IT Lean, Clean and Mean!

Reply | Quote

[Microfix]

Note:
.NET update patch for 2012 R2 does not contain an esu block (yet?) so these should install on Win8.1 at default.
(2012/ Win8 untested but should be the same for NET updates)
You can get these from the MS catalog..
Trying out the bypass, I went a stage further on the test device and manually deleted the software distribution folder so nothing shows as I’m bang up to date. Actually killing off WU completely still gets Microsoft Defender definition updates 🙂
To me, the overall system performance seems a lot snappier after a complete cleanout, sfc, dism clean and SSD trim using the bypass and with WU switched OFF! 🙂 WOW!!!

Keep IT Lean, Clean and Mean!

• This reply was modified 1 month ago by Microfix. Reason: flatulent comment strikeout

1 user thanked author for this post.

TaskForce141

Reply | Quote

Windows 8.0 was discontinued before the concept of ESU invented 😀
all Server 2012 / Embedded 8.0 updates are not blocked or contain ESU component “yet”

2 users thanked author for this post.

TaskForce141, Microfix

Reply | Quote

my bad, brain flatulence at work 🙂

Keep IT Lean, Clean and Mean!

Reply | Quote

As I noted in a message that seems to have been deleted, my Windows 8.1 security-only update was not completed and was rolled back.  I never tried the .NET updates since they are for Windows 8.1 embedded (so is the security-only update).

Mark

1 user thanked author for this post.

DrBonzo

Reply | Quote

Windows 11 Pro 22H2 now on build 22621.1265

Windows Malicious Software Removal Tool x64 – v5.110 (KB890830)

2023-02 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5022845)

2023-02 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5022497)

2023-02 .NET 6.0.14 Security Update for x64 Client (KB5023288)

2023-02 .NET 7.0.3 Security Update for x64 Client (KB5023286)

All were installed without an issue. Everything is running normally.

--Joe

1 user thanked author for this post.

geekdom

Reply | Quote

I can personally report that the removal of Internet Explorer in Edge is breaking remote deposit with the Bank of America website.  It doesn’t recognize the scanner driver on Edge, it does on Chrome.

I saw this for the first time about 3 years ago when the bank my HomeOwner Assn. was using insisted that the remote check deposit machine had to use IE11 with special settings in the security section to make the deposit software work. The computer was on Win10. Even at that time we sent warnings about mandatory use of IE, that it was on its way out.

Looks like the chickens have finally come home to roost.

Reply | Quote

WSUS might not offer updates to Windows 11, version 22H2

Last updated: 2023-02-15

Updates released February 14, 2023 or later might not be offered from some Windows Server Update Services (WSUS) servers to Windows 11, version 22H2. The updates will download to the WSUS server but might not propagate further to client devices. Affected WSUS servers are only those running Windows Server 2022 which have been upgraded from Windows Server 2016 or Windows Server 2019. This issue is caused by the accidental removal of required Unified Update Platform (UUP) MIME types during the upgrade to Windows Server 2022 from a previous version of Windows Server. This issue might affect security updates or feature updates for Windows 11, version 22H2. Microsoft Configuration Manager is not affected by this issue.

Workaround: To mitigate this issue, please see Adding file types for Unified Update Platform on premises.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Affected platforms:

​Client: Windows 11, version 22H2
​Server: Windows Server 2022..

Reply | Quote

rick41 wrote:

Maybe luck of the draw, but I actually have several sites refusing to serve me because I have an “outdated browser,” while none (thus far) have refused service due to my using Windows 7.

The site probably refuse because you are on Windows 7.
Try by changing FF esr Browser agent to Windows 10.

Reply | Quote

VM with Windows Server 2022 KB5022842 secure boot not booting

Virtual Machine with Windows Server 2022 KB5022842 (OS Build 20348.1547) configured with secure boot enabled not booting up (90947)

After installing Windows Server 2022 update KB5022842 (OS Build 20348.1547), guest OS can not boot up when virtual machine(s) configured with secure boot enabled running on vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x.

In VM vmware.log, there is ‘Image DENIED’ info like the below:
2023-02-15T05:34:31.379Z In(05) vcpu-0 – SECUREBOOT: Signature: 0 in db, 0 in dbx, 1 unrecognized, 0 unsupported alg.
2023-02-15T05:34:31.379Z In(05) vcpu-0 – Hash: 0 in db, 0 in dbx.
2023-02-15T05:34:31.379Z In(05) vcpu-0 – SECUREBOOT: Image DENIED.

To identify the location of vmware.log files:

Establish an SSH session to your host. For ESXi hosts
Log in to the ESXi Host CLI using root account.
To list the locations of the configuration files for the virtual machines registered on the host, run the below command:
#vim-cmd vmsvc/getallvms | grep -i “VM_Name”

The vmware.log file is located in virtual machine folder along with the vmx file.
Record the location of the .vmx configuration file for the virtual machine you are troubleshooting. For example:
/vmfs/volumes/xxxxxxxx-xxxxxxx-c1d2-111122223333/vm1/vm1.vmx
/vmfs/volumes/xxxxxxxx-xxxxxxx-c1d2-111122223333/vm1/vmware.log

Resolution

Currently there is no resolution for virtual machines running on vSphere ESXi 6.7 U2/U3 and vSphere ESXi 7.0.x. However the issue doesn’t exist with virtual machines running on vSphere ESXi 8.0.x.

Note: vSphere ESXi 6.7 is End of general Support. For more information, see The End of General Support for vSphere 6.5 and vSphere 6.7 is October 15, 2022.

Workaround

There are three methods to avoid this issue

Upgrade the ESXi Host where the virtual machine in question is running to vSphere ESXi 8.0
Disable “Secure Boot” on the VMs.
Do not install the KB5022842 patch on any Windows 2022 Server virtual machine until the issue is resolved….

Reply | Quote

Just a note that Martin Brinkmann, of ghacks net (usually a reliable resource), has on February 15, 2023 posted: “A Serious Security Risk: Three Zero-Day Vulnerabilities You Need to Patch Now!”
https://www.ghacks.net/2023/02/15/windows-security-time-to-patch-these-three-zero-day-vulnerabilities/
I remember Woody’s and Susan’s advice about these “Patch Now” (Sky is Falling ?) notices, and I prefer to wait until our experienced Patch Lady gives advice to ‘Update now’ with the DEFCON rating. If it is Super Important, I think Susan Bradley will let us know to update immediately, otherwise it is best to wait and see what happens. Thank you to all the early patchers that tell us your results, whether it is safe to update, or if there are some problems. Much appreciated, and very helpful to non professional home users such as myself.

1 user thanked author for this post.

geekdom

Reply | Quote

Closing Words
…
The severity rating of important suggests that Microsoft does not see the security issues as a major threat to a large percentage of the Windows population.

Windows 11 Pro version 22H2 build 22621.1483 + Microsoft 365 + Edge

Reply | Quote

Publisher – patched via click to run.  You probably already have it installed.  Furthermore it’s only at risk for those skus that have publisher and thus M365 apps for enterprise is the only one listed.

Common log file – it’s an elevation of privilege attack meaning more geared towards business users and blended attacks.

Windows Graphics components  – this is confusing https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823 is it a Onenote vulnerability or a Windows graphics?

Bottom line zero days should be evaluated no matter what.

Susan Bradley Patch Lady

1 user thanked author for this post.

jburk07

Reply | Quote

Susan Bradley wrote:

Furthermore it’s only at risk for those skus that have publisher and thus M365 apps for enterprise is the only one listed.

Microsoft 365 Personal/Family still get Publisher (for PC only).

Windows 11 Pro version 22H2 build 22621.1483 + Microsoft 365 + Edge

Reply | Quote

Windows 10 22H2.
February updates.
All is well.

Updates took more than an hour on i7 gen8 with 32GB of RAM.

3 users thanked author for this post.

deuxbits, geekdom, jburk07

Reply | Quote

I just noticed the installer for Windows 8.1 updates.  Where does it come from and how do you use it or is it self-explanatory?  I am not on Windows 8.1 now, but on Ubuntu where I do most of my activities.  Thanks.

Mark

P.S.  Going to Windows 11 Pro real soon now. Oh boy!

Reply | Quote

The procedure is at the top of the thread. It applies to both.
If you are not on Win8.1, you don’t need it.

Reply | Quote

Thanks.  I think I know what to do.  Should I install the SSU first?

Still on Windows 8.1.  Not on Windows 11 yet.

Mark

Reply | Quote

See #2534450.

Reply | Quote

???

 

Reply | Quote

Updated one Win 10 22H2 system after doing a full disk image.

No issues so far.

Have used Windows Automatic Update Manager for several years with no issues.

 

1 user thanked author for this post.

deuxbits

Reply | Quote

Windows 11 22H2 driver updates are failing left and right with 0x80070103 error

…many users across various online forums are reporting about driver update failures when trying to install them via the Windows Update. Such affected users say they are encountering driver update failures with the error code “0x80070103”. The issue seems to be affecting Surface devices, though other reports show all sorts of drivers, from Realtek. to Intel, to Dolby, to Dell, and many more, are failing to install, all exhibiting similar symptoms, ie, failing with the 0x80070103 error. The error message essentially says “Install error – 0x80070103” with an option to “Retry” the installation of the failed update…

3 users thanked author for this post.

deuxbits, oldfry, rick41

Reply | Quote

Microsoft were aware of this 18 hours ago and people seem to be saying it has been fixed on the update servers. Those retrying within the last 12 hours now get no error (which referred to trying to install something that’s already installed).

[Gleaned from Twitter, Microsoft Community and Feedback Hub.]

Windows 11 Pro version 22H2 build 22621.1483 + Microsoft 365 + Edge

3 users thanked author for this post.

rick41, Alex5723, deuxbits

Reply | Quote

Updated 7 Win 10 Pro 21H2 x64 “Guinea Pig”/”Canary” machines:
Desktops: Dell – 5)Precision T3500(2011), 1)Precision T3600(2012), 7)Precision 5820(2017).
Laptop/Tablets: Dell – 2)XPS 13 9360(2017), 6)XPS 15 9560(2017), 4)Latitude 5591(2019), 3) Microsoft Surface Pro(2014)

With these 4 updates:
KB5022834 2023-02 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems
KB5022728 2023-02 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64
KB4023057 2023-01 Update for Windows 10 Version 21H2 for x64-based Systems
KB890830 Windows Malicious Software Removal Tool x64 – v5.110

No Problems seen yet.

As always, YMMV, particularly since we mostly run in an MS based ecosystem

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

TaskForce141

Reply | Quote

Anyone noticing issues deploying this month’s patches to Server 2012R2 systems?

I have a good number of systems in my enviornment that have seem to have frozen during patching and required a reboot, before the patches being rolled back as failed.  All of these were Server2012R2 systems – with the issue not being seeing in the rest of the Server 2019 systems

I am still trying to analyze what may of caused this issue but it does appear it may be after installing either KB5022894 or KB5022899.

Reply | Quote

Server Essentials 2012 R2 is accidentally blocked with Windows 8.1 in 2023-02 updates
https://learn.microsoft.com/en-us/answers/questions/1181682/windows-server-essentials-2012-r2-cant-install-kb5

ironically, “Windows 8.1 Enterprise Evaluation” is not blocked

1 user thanked author for this post.

Microfix

Reply | Quote

nothing like breaking one’s own updates in an attempt to exclude alternative methodologies /s

Keep IT Lean, Clean and Mean!

Reply | Quote

Hi Susan:

Windows Update successfully installed the following February 2023 Patch Tuesday updates on my Win 10 Pro v22H2 laptop and I haven’t noticed any negative effects so far:

• KB5022834: 2023-02 Cumulative Update for Win 10 Version 22H2 for x64 (OS Build 19045.2604)
• KB5022729: 2023-02 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Win 10 Version 22H2
• KB5023288: 2023-01 .NET 6.0.14 Update for x64 Client
• KB890830 : Windows Malicious Software Removal Tool x64 – v5.110

The only minor glitch I noticed during the update process was that Windows Update prompted me to “Restart Now” as soon as my .NET Framework (KB5022729) finished installing, even though my monthly Cumulative Update for Win 10 Version 22H2 (KB5022834) was only partially installed – see attached image. However, it’s not unusual for me to see that happen on a Patch Tuesday if a .NET Framework update is offered (for example, see my 14-Nov-2022 post # 2497973 in November Updates Are Here) and I always check now to ensure all my updates have finished installing before I restart my system.
———-
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.2604 * Firefox v110.0.0 * Microsoft Defender v4.18.2301.6-1.1.200000.2 * Malwarebytes Premium v4.5.22.236-1.0.1915 * Macrium Reflect Free v8.0.7279

4 users thanked author for this post.

TaskForce141, rick41, geekdom, Microfix

Reply | Quote

I encounter the same thing frequently, and also wait for all the updates to finish before restarting.  But I wonder what would happen if one *did* click Restart Now when the cumulative update was still downloading.

Reply | Quote

rick41

I’ve answered this a number of times in the past.

See https://www.askwoody.com/forums/topic/april-patching-showers-here-we-go/#post-2439684 and https://www.askwoody.com/forums/topic/several-windows-10-versions-affected-by-blue-screen-issue/#post-2515022.

 

1 user thanked author for this post.

rick41

Reply | Quote

lmacri wrote:

Windows Update prompted me to “Restart Now”

This will never happen using WUmgr.

Reply | Quote

Was anyone successful installing the 8.1 February updates with the script?

I had problems getting the script to run until I moved the update files into the same folder as the script files.  But then it just ground away so I aborted in case something was amiss.  It made me laugh to see a notice to make a backup while I was in the middle of the update.  I don’t know where it came from.

I was able to install the .Net updates without the script.

Mark

 

 

Reply | Quote

Please direct your questions to this Topic.

Reply | Quote