Massive March Patch Tuesday relaxes antivirus restrictions, but there are problems

Topic

New Reply

With 74 separately identified plugged holes, every version of Windows and Office gets goosed. No known exploits for any “Critical” vulnerabilities, bu
[See the full post at: Massive March Patch Tuesday relaxes antivirus restrictions, but there are problems]

3 users thanked author for this post.

JDeC, MrBrian, zeuswoz

Reply | Quote

Replies

UPDATE: Win7/Win2008 R2 Monthly Rollup KB 4088875 and Security-only KB 4088878 are causing problems on Server 2008 R2 because it blows away virtual Network Interface Cards and on Win7 because it overwrites static IP addresses. Discussion on Reddit and an apprently related post on KB 3125574.

Thx @SwiftOnSecurity

https://twitter.com/SwiftOnSecurity/status/973916018996400128

 

3 users thanked author for this post.

JDeC, HiFlyer, zeuswoz

Reply | Quote

As an average Jane, what are the chances that this applies to my pc? Win 32bit, about 7 or 8 years old? Have no idea what PAE and SSE2 are and how to check if I have those enabled/disabled enz. Any light on the matter would be much appreciated.

A Stop error occurs if this update is applied to a 32-Bit (x86) machine with the Physical Address Extension (PAE) mode disabled

A Stop error occurs on machines that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2)

Annemarie

Reply | Quote

You can download Speccy to determine if your CPU has SSE2.
https://www.ccleaner.com/speccy
SSE2 is an instruction set that will be listed under CPU > Instructions. (see attached screenshot)

Most likely your CPU has both of these, as PAE has been around since the Pentium Pro and SSE2 has been around since the Pentium 4 days.

Between the 2 issues, you’re more likely to have the PAE one but I would assume a machine 7-8 years old would have PAE enabled (as that’s when 4GB+ machines were becoming common). You’d have to check your PC’s BIOS to make sure, as neither Speccy (nor CPU-Z) indicate whether PAE is enabled or disabled. I would say it’s safe to assume that it’s enabled, and therefore you wouldn’t have the first problem you listed.

1 user thanked author for this post.

MrBrian

Reply | Quote

Thank you @zero2dash. Checked and it is a intel core i7 870. So probably in the clear.

Reply | Quote

Hi, for this known issue

A Stop error occurs on machines that don’t support Streaming Single Instructions Multiple Data (SIMD) Extensions 2 (SSE2)

by stop error, is it mean there will error prompt/notification pop up when im using the computer? i want to install KB4100480 but i read the new post and looks like only this one have probability  to be happen on my pc.

1 user thanked author for this post.

Microfix

Reply | Quote

Stop error = blue screen error (reference)

2 users thanked author for this post.

heybengbeng, Microfix

Reply | Quote

Your best bet, average Jane, is to leave well alone until Woody reports that this update has been replaced with a fully working version and raises the DefCon rating to 3 or higher. There is unlikely to be any compelling reason for you to install any updates just yet.

10 users thanked author for this post.

OscarCP, Cascadian, JDeC, Elly, SueW, HiFlyer, woody, zero2dash, PKCano

Reply | Quote

**Definitely** agree with this.
Don’t even touch these updates **especially** on Win7.
Wait for Woody to sound the trumpets and give the ‘all clear’ first before doing anything.
Again, you’re probably fine (re: your concerns), but yeah – leave these updates in the crock pot for a few weeks still.

2 users thanked author for this post.

Charlie

Reply | Quote

@seff and @zero2dash: since discovering this site (in the time of the fullforce Windows 10-push whilst I NEEDED to stay on W7) I have never, ever installed updates within at least a week of their release 🙂

Reply | Quote

ANOTHER UPDATE: It looks like the Word 2016 security patch KB 4011730 causes Word 2016 to crash when you double-click on a file with a DOCX filename extension. Uninstalling the patch fixes the problem.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Woody, did you mean to say that it’s Word 2016 that crashes when KB 4011730 is installed? The way it’s written, it sounds like it’s the patch itself that crashes (?!?) when you double-click on a .DOCX file.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

woody

Reply | Quote

I don’t recall seeing all of these problems with Office 2010 or 2007. Did I miss them, or were there just not so many problems with those two versions of Office?

Group "L" (Linux Mint)
with Windows 8.1 running in a VM

Reply | Quote

Only problem I’ve seen so far is with Word 2016.

The Fixes or workarounds site hasn’t been updated.

https://support.office.com/en-us/article/fixes-or-workarounds-for-recent-issues-in-outlook-for-windows-ecf61305-f84f-4e13-bb73-95a214ac1230?ui=en-US&rs=en-US&ad=US.,.;/’./l;,l

The KB is still available through the catalog.

Reply | Quote

I can’t repro the crashing Word here, so there may be something else in the mix as a root cause.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

@Susan Bradley

we know Da Boss uses perpetual Office (not ClickToRun) – curious which edition(s) you use and test:  perpetual, C2R, or both?

Reply | Quote

I have Win7, Office 2010, running 64bit: should I still wait on these latest updates? I’ve waited quite awhile, since February to download/install any updates. I also have Norton AV.
Thanks, your advice is always appreciated

Reply | Quote

The February 2018 updates are ok to install per Woody.

2 users thanked author for this post.

walker, woody

Reply | Quote

I might have replied to the wrong post. In checking my updates, I have not installed any in January or February. Last updates were installed end of Dec. on my Win7, 64bit. Running Norton as noted in previous post. After reading comments here throughout the March “madness” cycle for updates, I’m holding off until all is clear per Woody and friends. Thanks everyone, I get dizzy with this stuff, as the average user on the homefront it’s nice to have your help. You’re the best thanks. Cate

Reply | Quote

An issue was added to KB4011730: “After you install this security update, you may be unable to open or save a Word document.”

2 users thanked author for this post.

walker, woody

Reply | Quote

Thank you Mr Brian! And thanks Mr Woody 😉 I will do that

Reply | Quote

ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities was revised at least twice on March 13.

2 users thanked author for this post.

Elly, woody

Reply | Quote

I see this:

3. Removed references in FAQ #14 describing microcode updates from Intel. These updates are not yet available.

How ’bout that.

I’m running an updated KBNew. Should have it posted in the next few minutes.

1 user thanked author for this post.

MrBrian

Reply | Quote

I hoped that you would notice that part indeed :). Changes to https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 won’t be listed in KBNew though because it’s not a KB article. The change is listed at http://seclists.org/microsoft/, but its second change on March 13 isn’t listed there, at least for now.

3 users thanked author for this post.

walker, woody, Elly

Reply | Quote

ADV180002 was revised again on March 14, 2018.

2 users thanked author for this post.

walker, woody

Reply | Quote

I guess the dust won’t settle soon

2 users thanked author for this post.

Charlie, woody

Reply | Quote

Another KB2976978? It’s dated March 13th, 2018…

Antec P7 Silent * Corsair RM550x * ASUS TUF GAMING B560M-PLUS * Intel Core i5-11400F * 4 x 8 GB G.Skill Aegis DDR4 3200 MHz CL16 * Sapphire Radeon 6700 10GB * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit

Reply | Quote

No, it’s the same second one from February, revised as Important

1 user thanked author for this post.

walker

Reply | Quote

Uhoh. I have static IP, and network settings set manually. Not a virtual NIC and not an Intel network chipset either (the Reddit thread seemed to indicate it’s an issue with Intel NICs), but… Am I likely to see trouble?

— Cavalary

Reply | Quote

If you do have trouble, uninstalling the patch is supposed to fix it.
Make a note of your static IP, subnet mask, etc before you install.

Reply | Quote

The reddit thread is pointing to VMware interaction causing the issue.  If you are not running VMware you won’t see issues with networking.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

walker, woody

Reply | Quote

Kevin Beaumont says

Nothing official. I’ve heard it also happens on some POS devices with Intel (physical) NICs.

I’ll keep you updated.

 

1 user thanked author for this post.

MrBrian

Reply | Quote

KB4088875 caused my Windows 7 32Bit to reboot in a loop as soon as the “updates are configured” dialog should appear after the first reboot thst´s following the installation.
I had to reboot in safe mode and uninstall KB4088875.

3 users thanked author for this post.

walker, MrBrian, woody

Reply | Quote

I’m showing KB4088875 under important updates, but it showed up with the box unchecked ?

1 user thanked author for this post.

woody

Reply | Quote

Did they pull KB4088875? I’m not seeing it in the updates available for Windows 7 (not that I will install it yet)… although KB2952664 is back as checked and important.

1 user thanked author for this post.

woody

Reply | Quote

anonymous wrote:

Did they pull KB4088875?

Looks like KB 4088875 is showing up in Windows Update as Important, but unchecked. It’s still available in the Microsoft Update Catalog.

https://www.catalog.update.microsoft.com/Search.aspx?q=4088875

That’s typical first-step behavior when MS pulls a patch. Not definitive, but certainly indicative.

 

1 user thanked author for this post.

walker

Reply | Quote

(Same anon as #175662)
Thanks for the response! It’s strange, though, because I don’t see KB4088875 at all; it’s under neither Important nor Optional updates, and I’ve checked for updates a few times today. Ah well, perhaps my update got pulled early, or maybe it will show back up in the next day or so…

Reply | Quote

Since I have Win 7 Home, I was curious at what you were finding. I had hidden KB4088875 after it showed up. I unhid it… and ran Window Updates twice. It isn’t showing up anywhere, now.

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

woody

Reply | Quote

Here’s a patch pulling data point for Win7 Pro SP1 x64 Intel i3-5005U Group B:

The Feb Rollup and MSRT along with the .NET 4.7.1 install update and what I’ll simply call an ‘old’ KB 2952664 were offered through Windows Update until about noon on Tuesday, March 13. Then for about 8 hours they all disappeared except for the .NET 4.7.1. After that I got the March Rollup and MSRT and a ‘new’ KB 2952664 (still had the .NET 4.7.1).

Then, late afternoon today (March 14), the March Rollup was replaced by the FEBRUARY Rollup! Still have the ‘new’ KB 2952664, MSRT and .NET 4.7.1.

So, for me at least, the March Rollup has been pulled.

2 users thanked author for this post.

Charlie, MrBrian

Reply | Quote

I still have that “New” KB 2952664 “Update” under Important and checked.  The topic 2000003 warns those with Win 7 to not install 2952664.  Has this changed?  Have I missed some info. about it?

Being 20 something in the 70's was much more fun than being 70 something in the 20's.

Reply | Quote

Hello Charlie,

KB 2952664 has been identified as a telemetry update, in all of its multiple appearances. If you are avoiding telemetry updates (probably why you are Group B), then you don’t want to install this one.

Non-techy Win 10 Pro and Linux Mint experimenter

1 user thanked author for this post.

Charlie

Reply | Quote

My KB 4088875 is showing up in Windows Update as Important, but was checked, I also hid it again.

1 user thanked author for this post.

woody

Reply | Quote

Looks like Windows 7 Important Updates (i.e. Quality/Security roll-ups) for March 2018 were not available yesterday using Windows Update. Only updates were Malicious Software Removal Tool and the usual update for Microsoft Security Essentials.

Yes, my registry has the required entries showing I have an acceptable malware software installed. No Flash updates, no IE updates, no Framework updates…. go figure!

The Optional updates still showed Preview Roll-up and Scurity Updates for 2018-2 (which I take to mean February).

Reply | Quote

The KB articles for the March 13, 2018 security updates for Excel 2007, 2010, 2013, and 2016 note that: “A new registry key has been added to provide more control over object macros security.”

1 user thanked author for this post.

woody

Reply | Quote

Susan Bradley wrote:

I can’t repro the crashing Word here, so there may be something else in the mix as a root cause.

Win7 32bit Group A Fully updated with this months patches
In my test box Im not seeing any problems with opening docx files within Word 2016.

1 user thanked author for this post.

woody

Reply | Quote

Hi Woody, Just after reading your comment about the Kb4088875 being unchecked, I looked at my  Windows 7 windows update and found it was checked.  I decided to see what would happen if I checked for updates now.  After Update finished checking, I looked at the updates and found that KB4088875 was UNCHECKED.  At least that solves a potential issue for now.

Reply | Quote

Looks like KB4088875 may have been pulled?  I was looking over the list of important updates and when I pressed the back button to take me to the main Windows Update screen, it showed one less important update that needed to be installed. 
It was also gone from the list when I clicked back to important updates.

EDIT html to text

Reply | Quote

KB4088875 is currently listed in Windows Update as unticked by default. It may have been temporarily unavailable while its metadata was revised to change its listing from ticked by default to unticked by default.

1 user thanked author for this post.

woody

Reply | Quote

Wish I’d known about this site yesterday! As you can see, I’m not an expert, but maybe this will be of help.

around 9am [UK time] I installed the proffered updates [2952664, 4088875, 890830 & 4011720]  for Win 7 32bit.

Windows restarted fine, I could login and then after 2 or 3 min the system closed down  – no BSOD. Monitor just showed ‘power saving’ mode sign. It then restarted and the whole process repeated – going down 2 or 3 mins after login. 🙁

If I tried safe mode it failed even earlier – a few seconds after the login screen appeared.

Given the crash regularity I dared not uninstall from within windows.

Eventually [with help of a more knowledgeable friend] and a PC restore disc, we managed to return to the previous ‘safe configuration’.  Still crashed.

So used the Win 7 disc to ‘repair windows’ and that seemed to do the trick.

Interestingly, yesterday evening KB 4011720 and KB890830 were shown as having installed successfully, but KB4088875 and KB2952664 are marked as failed.

During the crashing stage, I used the few minutes of grace to look at the updates and at that point KB4088875 and KB2952664 are marked as pending…

Now all 4 are back for installation, but KB4088875 is unchecked.

 

1 user thanked author for this post.

woody

Reply | Quote

Welcome to the Lounge!

Sounds like a good to reason to simply avoid updating for now….

1 user thanked author for this post.

walker

Reply | Quote

Indeed – a rather brutal lesson! Having a couple of cloned drives which I deliberately keep a couple of weeks out of date did give me some security whilst trying to correct it.

Thanks too for the nice welcome and your hard work! much appreciated!

Reply | Quote

Anytime I see KB 2952664 I avoid it like the plague.  This month (March) when the new updates came in to my WU I saw that 2952664 was in there as important and checked.  This is the first time I personally have had this happen since Win 10 was released.

There’s no way I’m going to install 2952664!  It has been in my Optional list for at least a year, probably much longer.  I’m pretty sure Woody will agree with me about this.  Beware.

Being 20 something in the 70's was much more fun than being 70 something in the 20's.

Reply | Quote

When I started reading this thread again this morning I checked my Updates and found KB4088875 checked still. Partway through reading it I double-checked my Updates and it’s now unchecked.

All I have now on one Windows 7 machine is the MSRT plus the usual MSE update (which I always install from MSE, never from Windows Updates), and I also had a Nvidia display update yesterday which I hid as always. When I last looked yesterday, the other Windows 7 machine also had 4 Office 2010 updates – one of which, KB4018314, was unchecked. Nothing installed yet, of course!

Reply | Quote

One thing I noticed is that the March update dramatically slowed down (4-5 times) Windows 10 (1709). After checking task manager, it turned out that Windows Defender was the culprit. In the past, Windows Defender did not cause much load when reading text files (txt file extension), but now, it’s through the roof. In order to work around, I had to add the txt extension to the Windows Defender exclusion list. See also this old thread at answers.microsoft.com/en-us/windows/forum/windows_10-performance/windows-defender-real-time-protection-service/fda3f73e-cc0a-4946-9b9d-3c05057ef90c for details about how Windows Defender can cause performance issues and how to deal with.

1 user thanked author for this post.

woody

Reply | Quote

I have a strange situation going on with my two 64 bit, Win 7 SP1 computers, both with MS Security Essentials as my anti-virus.  One is a desktop and the other is a laptop.  Windows Update on the laptop showed KB4088875 as checked and available for installation.  I deferred as usual waiting for MS-Defcon 3 to appear on your website.  I checked my desktop and all it showed as available were three optional updates: a .NET Framework 4.7.1 update, Windows MSRT, and a definition update for MS Security Essentials.  I remembered the advice about checking for the QualityCompat subkey in the registry since MS won’t allow security updates on Win7 if this key is not present.  I checked and sure enough, the key was not present in the registry of my desktop but it was present in the registry of my laptop.  Strange, since both computers have MS Security Essentials installed.  I edited the registry for the desktop and imported the QualityCompat subkey.  I rebooted and checked the registry and the QualityCompat subkey was in the registry.  I ran Windows Update and KB4088875 was not showing up, neither as checked or unchecked.  I checked the registry and the QualityCompat subkey had been removed.  What could be going on here?  Is it possible that Windows Update is removing the subkey for some reason?  The subkey should be there since I’m not using a third party anti-virus but it will not stay no matter how much I edit the registry.  In any case, KB4088875 is not available.  I downloaded KB4088875 from the MS Update Catalog but I’m not going to try installing it until MS-Defcon 3.

Reply | Quote

KB4088875 has been demoted to UNCHECKED or pulled because it is buggy. I would delete the one you downloaded from the Catalog and wait for it to be re-released in Windows Update.

Try updating MSE. If it is out of date it may not set the Regkey.

1 user thanked author for this post.

walker

Reply | Quote

On the Norton-forum, there were several people complaining about the registry key disappearing over and over again. This happened prior to Patch Tuesday. See here (Norton)  and here (Wilders Security).

 

~ Annemarie

Reply | Quote

I don’t remember any “Security” Monthly Rollup ever got pulled

they get metdata revisions to postpone the auto deploy, or to exclude certain machines (i.e. AMD cpus in January)
and they get fixes for their issues in preview rollups or OOB updates

Reply | Quote

I updated MS Security Essentials on both computers.  I then ran Windows Update on both computers.  KB4088875 is missing from both computers, neither checked nor unchecked.  The laptop has the QualityComp subkey and the desktop does not have the QualityComp subkey.  When I edit the registry and put the subkey back in, something comes behind me and removes it.  This behavior is only happening on my desktop PC.

Reply | Quote

Two issues have been added to the Windows 7 March 2018 Windows monthly rollup and Windows 7 March 2018 Windows security-only update.

Reply | Quote

MS seem to have fixed the bug I found in search that was driving me crazy for months since they forced Cortana as the search interface. The post from which the quote comes from is dated March 9, 2018. But you need Fall Creator update for it, according to what is written. That terrible bug only took many many months to fix on rapid development cycle after what appears to be many insiders feedback.

Search is no longer limited to your User Profile directory

“Many Insiders have pointed out that Search was limited to certain folders on their PC (see Searching all files and folders with Cortana in the Feedback Hub). And they were right. Previously, Search would only cover the personal User Profile directory (e.g., C:\Users\MyName) by default. To expand the search, you’d need to filter your results to a specific type, such as Documents.

Maintaining the balance between real-time search results and relevance can be tricky. However, we’re now able to search all indexed locations by default, as soon as you start typing. Want to expand which folders are indexed? Open the ‘Indexing Options’ tool and select ‘Modify’ to add additional locations. Note that adding additional locations may have performance implications on your PC and will impact battery life, depending on the size of the folder and frequency of changes.”

It is interesting to note that this bug was actually a feature to speed up search. In what world would you provide the ability to modify indexing locations and expect that the system would just ignore all that when doing a general search and limits itself to the user profile directory???

Reply | Quote

Issue added to March 13, 2018—KB4088875 (Monthly Rollup) and Cumulative security update for Internet Explorer: March 13, 2018: “After installing this update, Internet Explorer 11 may not launch for some users.”

1 user thanked author for this post.

The Surfing Pensioner

Reply | Quote

That issue has since been removed from both articles.

1 user thanked author for this post.

walker

Reply | Quote

?

Reply | Quote

Microsoft updated those two articles again. Now the issue “After installing this update, Internet Explorer 11 may not launch for some users.” is not listed in either article.

3 users thanked author for this post.

walker, The Surfing Pensioner, woody

Reply | Quote