• MS-DEFCON 4: Closing out the year of patching

    Home » Forums » Newsletter and Homepage topics » MS-DEFCON 4: Closing out the year of patching

    • This topic has 39 replies, 17 voices, and was last updated 6 months ago.
    Author
    Topic
    #2408954

    ISSUE 18.50.1 • 2021-12-28 By Susan Bradley The end of 2021 brings the final updates for Windows 10 2004. Meanwhile, most of us are planning not to in
    [See the full post at: MS-DEFCON 4: Closing out the year of patching]

    Susan Bradley Patch Lady

    Viewing 17 reply threads
    Author
    Replies
    • #2408974

      Is it just me or did they start ignoring TargetReleaseVersionInfo registry?

      Even though I had set “TargetReleaseVersionInfo”=”20H2”, after clicking the dreaded “check for updates”, 21H2 started downloading & installing…
      Fingers crossed nothing breaks.

    • #2408985

      Dashboard still shows Defcon 2…….

      Chris
      Win 10 Pro x64 Group A

      • #2408997

        Sorry, getting old.  Forgot to change it before going to bed last night.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2408984

      I just installed Cum. December 5008212 on my Win10 Pro 21H1 and after that 4023057 (which never gave ME any problem) to make sure the upgrade to 21H2 would work well.

      Updating to 21H2 went well through “Update now” – while on vpn. (Seems that vpns using OpenVPN don’t create problems.)
      The 21H2 update needed a few restarts to get fully incorporated.

      Cheers

    • #2408986

      So have most of the printing issues finally been squared away with the December patch?

    • #2409032

      Hello,

      I installed KB5008212,  KB890830 on 12/23/21 and KB5007289 on 12/09/21 and then my printer/scanner would not work. I emailed “askwoody” for help and downloaded an update but, when I turn on my printer, I have orangy-red l warning lights on it.  Could someone help in how to get rid of them?  My printer/scanner is working but w/those warning lights.

      Thank you.

       

    • #2409270

      Windows 10 20H2 Home: I installed without any apparent issue the 2021-12 CU (KB5008212), the MSRT update (KB890830) and the Office 2013 security updates released in December, including KB5002104 which is noted as the culprit of the error seen in Access by some users.

      I’m not an Access user, so I can’t say that KB5002104 had no negative issue on my system. I understand that a fix to solve the problem for Office 2013 has been released today (29 December 2021) by MS as manual download only update, i.e. KB2965317.

    • #2409275

      (11, 21H2) I do appreciate these reminders. Put up the one cumulative and 2 intel things and 2 WD things. No problems!

      - ThinkPad T570-20HA, i7-7600U, 2.8GHz, UEFI/GPT, 16GB, Sammy 256GB M.2 NVMe PM961. HP laserjets (M254dw, P1606dn), Epson 2480 scanner -

    • #2409227

      Is the AppX vulnerability now covered by the December Cumulative Update, or do I have to get the AppX fix from the Microsoft Store, as mentioned in AskWoody on 19/12/2021?

      Appreciate any advice on this.

      regards

       

      GeoffB
      (Win 10 Home 21H1)

      • #2409297

        Do you block the Microsoft store?

        Susan Bradley Patch Lady

        • #2409335

          Susan:  no, I don’t block the MS store,  I allow updates ‘from anywhere’ so that I can get updates to Chrome or Lenovo as I choose, but I don’t access the MS store  either.

           

          GeoffB

      • #2409364

        I think the AppX vulnerability mentioned was covered here:

        Tips for the week – what about the AppX vulnerability?
        ——————————————————
        https://www.askwoody.com/forums/topic/tips-for-the-week-what-about-the-appx-vulnerability/

        FYI,

        2 Windows 10 Home 21H2 systems – Both “Pause Update” and “Metered Connections” – ON
        ——————————————————————————–
        Although the Microsoft Store setting is set to update apps automatically, it does not install store updates automatically for both my systems. Might be because of the other settings on my systems as mentioned above.I need to run the “Get Updates” manually each time in order to get store updates via Microsoft Store.

        A quick check on the version of Appx (Microsoft.DesktopAppInstaller) installed can be done either:

        Powershell (Admin):
        ——————-
        Get-AppxPackage –Name *Microsoft.DesktopAppInstaller*

        Settings:
        ——–
        Going to Settings > Apps & Features > App Installer > Advance options and check on the version listed therein.

        Then run the Microsoft Store’s “Get Updates” manually to get the latest required version.

        If for some reasons we cannot use the Microsoft Store update mechanism, the appropriate App Installer can also be downloaded separately from the links provided by:

        Windows AppX Installer Spoofing Vulnerability
        ——————————————–
        https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890

        HTH

        Cheers

      • #2409422

        FYI

        Norton Community – Windows AppX Installer Vulnerability Patched Via Microsoft Store (14-Dec-2021)
        ——————————————
        https://community.norton.com/en/forums/windows-appx-installer-vulnerability-patched-microsoft-store-14-dec-2021

        HTH

        Cheers.

        • #2409533

          Susan & Anonymous responder:  I was able to log into the Microsoft Store and download/install the appropriate update.

          Thanks to all.

           

          GeoffB

           

    • #2409259

      Upgrading to 21H2 wiped out Blur, all my passwords, cookies, add-ons, and history in Chrome.

      • #2409362

        Were your passwords/etc etc all hooked into Blur?  As I know every time I’ve upgraded, Chrome has never lost anything.  What do the folks at Blur say?

        Susan Bradley Patch Lady

    • #2409317

      Well, it is the quiet time of the year and while our HP workstations are inactive we are going to the HP Customer Support web page and allowing HP to detect our systems, identify our current drivers, and list the critical and recommended drivers that are available for download.

      We are finding that BIOS and hardware diagnostic software is available.

      We have downloaded and installed the software with no problems.

      Hopefully, we are ready for the New Year.

    • #2409324

      Upgrading to 21H2 wiped out Blur, all my passwords, cookies, add-ons, and history in Chrome.

      Never happened to me with any feature updates since 1803.

      Restore from image backup.

      • #2409336

        Upgrading to 21H2 wiped out Blur, all my passwords, cookies, add-ons, and history in Chrome.

        Never happened to me with any feature updates since 1803.

        Do you use Blur, Alex? Have you been using it since 1803?

        If so, maybe you might have some Blur-specific advice to help the unfortunate poster with the upgrade problem? Maybe something more specific – and less obvious – than a generic “restore from image backup”?

    • #2409346

      Upgraded from 20H2 to 21H2 here on Windows 10 Pro yesterday, without issues. Changed my gpedit settings to target release 21H2, and then checked for updates.

      However, I did uninstall my VPN and 3rd party firewall first, had a fresh image backup handy, and the only security running at the time of the feature upgrade was Windows Defender.

      Re-installed the VPN and firewall afterwards, and all is good! 🙂

    • #2409318

      Upgraded three machines to 21H2 from 21H1 over roughly the last week.

      No problems noted.

      I’ve never had any printing issues with my 10+ year old networked Brother multifunction machine since the whole print nightmare thing began so can’t offer any insight about that.

    • #2409372

      I am Win 10/Pro 21H1. My last .NET Framework update was KB5004331 (12-08). It’s Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H1 for x64. It was not a security update, but I downloaded and installed it to keep up with reliability fixes. (There have been no security updates for a very long time).

      I noticed at Windows 10 update history .NET Framework – 2004, 20H2, & 21H1 that there is nothing released since Nov 22, 2021. I haven’t seen any “Windows 10, Versions 21H2, 21H1, 20H2, 2004” .NET patches listed on the Master Patch List since November, 2021 (KB5006365) either. So is .NET Framework 3.5 and 4.8 at the end of the road?

      I have just noticed in the December Patch List that there’s a .NET 5.0. What is .NET 5.0 in comparison to .NET Framework 3.5 and 4.8? Is it something that’s applicable to 21H2, but not 21H1? (I intend on upgrading to 21H2 after I install the December patches.)

      If I should be moving from .NET Framework 3.5 and 4.8 to .NET 5.0, how is that done?

      As you can read here, I am in the dark about .NET 5.0 — I need some guidance here.

      • #2409534

        @WCHS

        I’m hazarding a guess here, but since the .net 3.5 and 4.8 platforms for Windows 10 haven’t had a security update since February of this year (KB4601050, as mentioned by @Alex5723 below), that’s probably why Susan hasn’t really paid much attention to those platforms. They are still current since they’re getting monthly patches that improve performance or fix one or more reported bugs that aren’t security threats.

        As far as .net 5.0 goes, if you don’t have an application that tells you that it requires the use of .net 5.0, no need to worry about it for now. I have a feeling that if MS decides that 5.0 is going to replace 3.5 and 4.8 on Windows 10-based platforms (I really doubt it), we’ll hear about it right here for starters.

        As a side note, when I had Windows 7 SP1 Pro 64 bit and needed .net 4.5.2 for one of my installed programs to use, it installed alongside .net 3.5.1 that came bundled with Windows 7 at the time instead of automatically replacing it. The same might hold true for .net 5.0, however since you probably don’t need it right now, don’t worry about it for now.  🙂

        I hope this answers your questions.

        • This reply was modified 6 months, 1 week ago by Bob99. Reason: Edited .net 4.8 for Windows 7 to .net 4.5.2. I never installed .net 4.8 for Windows 7
        • #2409540

          Hi Bob99,

          ….we’ll hear about it right here for starters.

          I hadn’t seen anything here, but then I often miss things, because sometimes I am not reading in places where I should be reading.

          Thanks for the guidance. I read here that .NET 5.0 is a “step up” but not necessary unless an app calls for it. I don’t see “Framework” in the 5.0 name, whereas it is in the 3.5/4.8 name, so that prompted me to ask about 5.0

        • #2409547

          They seem to have done away with the “Framework” moniker with the advent of .NET 5, which began calling things “Core”. That naming convention is currently in use. However, the first versions after 4.8 were called .NET Core 1.0, 2.0, and 3.0, but they seem to have been superseded by .NET 5.0 and .NET 6.0 for now. This is based upon my own observations of the MS pages dealing with .NET releases.

          We need to end this discussion of .NET on this thread, because otherwise it might seem as if we’ve hijacked it, and that definitely wasn’t my intent by answering your questions.

          Any further discussion relating to .NET can be had by please starting a thread at the location below:

          https://www.askwoody.com/forums/forum/developers-developers-developers/other-ms-software-updates-net-runtimes/

          Thanks to one and all!

          • This reply was modified 6 months, 1 week ago by Bob99. Reason: Added link for .NET forum
          1 user thanked author for this post.
    • #2409378

      I had patched my Windows 8.1 systems from August 2021 to December 2021 patch level by using the Security-only updates. All seem to work without problems. I don’t print from them so did not test for any printing problems that may still be there.

      As a test I also patched Windows 10 1507 LTSB, Windows 10 1607 LTSB and Windows 10 1809 LTSC to the December 2021 patch level (VMware virtual machines and test systems) using the cumulative updates manually downloaded from the Update Catalog and they also seem to work without issues.

      As far as I can see it is safe to patch to the current patch level.

      Hope for the best. Prepare for the worst.

    • #2409390

      I haven’t seen any “Windows 10, Versions 21H2, 21H1, 20H2, 2004” .NET patches listed on the Master Patch List since November, 2021 (KB5006365) either. So is .NET Framework 3.5 and 4.8 at the end of the road?

      I haven’t received any .NET updates since February 21.

      Windows 10 Pro 21H2 .NET 6.

      • #2409539

        Windows 10 Pro 21H2 .NET 6.



        @Alex5723

        I hope you’ve updated your brand new (since November’s release anyway) .net 6.0 to 6.0.1. The .1 release was made on about the 14th of December and is labeled as a security release for .net 6.0 installations to help rectify CVE-2021-43877. Hopefully, Windows Update was able to get the update for you via your use of WUMgr.

        2 users thanked author for this post.
        • #2409541

          So, if you upgrade to 21H2, does .NET 5 and/or .NET 6 come with it automatically??

        • #2409546

          So, if you upgrade to 21H2, does .NET 5 and/or .NET 6 come with it automatically??

          No .NET does not come with 21H2. I’m currently on 21H2 and have .NET 3.5 (turned off) and .NET 4.8 (partially enabled, default setting) on my system.

          This should end all discussion of .NET on this thread, as it’s now been going just long enough to possibly be considered as having “hijacked” this thread. Any future .NET discussion should be carried over to the forum meant for .NET right here:

          https://www.askwoody.com/forums/forum/developers-developers-developers/other-ms-software-updates-net-runtimes/

          Thank you!

          • This reply was modified 6 months, 1 week ago by Bob99. Reason: Added link for .NET forum
    • #2409568

      I hope you’ve updated your brand new (since November’s release anyway) .net 6.0 to 6.0.1

      Thanks. I will check it out.
      Microsoft hasn’t updated .NET 6 via Dec. CU on my 21H2.

      Updated : https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.1/6.0.1.md

      • #2409627

        OK, one final blurb about .NET, since this blurb DOES involve a security patch for.NET and doesn’t deal with actually installing or changing versions of .NET.



        @Alex5723

        I don’t remember ever seeing a .NET security or monthly update ever included within the month’s cumulative update for Windows itself. This includes going all the way back to July 2010 when I got my Windows 7 machine.

        Even back then, and every time since then, the .NET monthly rollups and/or security updates that have been released have been separate from the monthly Windows update(s). Even within WU on Windows 7, they had their own separate entry with a check box to download them separately from the monthly Windows updates.

        So, same goes for Windows 10. I have an entry from this past February that is only for the .NET security rollup being installed separate from the entry for that month’s Windows rollup.

        What I was trying to say in my post above is that at the time, I thought you should have been offered the separate .NET security update from 6 to 6.0.1 via Windows Update, and that behavior should have manifested itself by the .NET update showing up in WUMgr’s listings of what was available to either hide or install. However, after visiting the MSRC page about the CVE that was repaired by the security release on the 14th, I realized that a separate KB article for the CVE repair wasn’t developed…the links in the MSRC article to download the security update go to the Github file repository for .NET 6.0.1 to download the fixed version in its entirety, either the whole suite or just the desktop runtime, rather than just a patch. This explains why you weren’t offered the update via WU/WUMgr this time: There was no patch so no KB article and no release to WU. Instead the fix was incorporated into a revised version of the suite and released that way instead.

        Kinda goes to show that communication with end users sometimes isn’t exactly MS’s strong suit. Many end users who have installed .NET 6 probably haven’t thought to look back at the Github site to see if there are any new releases for security issues within their .NET setup since it was installed.  🙁

        2 users thanked author for this post.
    • #2409605

      Happy New Year to everyone!   Let’s hope it’s a healthier one [sigh…]

      Does anyone know if the Windows 8.1 NETWORK printing problems were resolved with the Microsoft December updates?

       

      • #2409624

        Well, I’ve never had any printing problems with 8.1, but I have updated 2 8.1 x 64 machines with the December rollup (KB5008263) with no issues.

        • #2409756

          Thanks, but – I also have never had printing problems with 8.1 – with the printer(s) connected directly to the PCs via USB.   My question is regarding NETWORK printing problems where one PC can print on the other PC’s printer over LAN, one PC being the client and the other PC the print server.   Do you have a printer setup like that – and is it still working?  This stopped working for me when the MS printing issues started late last year.   It is not a critical issue – but it’s something that was working, and now it’s still not working (I haven’t done the MS December updates yet).

        • #2409758

          Sorry, too much egg nog. I’ve only got direct usb printer to PC connections.

        • #2410877

          Question answered: I installed the MS December 2021 updates on both my PCs today – and now the “network printing” is working again!  Successful printing from one PC to the other PC’s printer.

    Viewing 17 reply threads
    Reply To: MS-DEFCON 4: Closing out the year of patching

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: