• MS-DEFCON 4: Protect yourself with patches

    Home » Forums » Newsletter and Homepage topics » MS-DEFCON 4: Protect yourself with patches

    Author
    Topic
    #2442001

    ISSUE 19.17.1 • 2022-04-26 By Susan Bradley I’ve been holding my breath. For the past few weeks, I’ve been watching for attacks that researchers indic
    [See the full post at: MS-DEFCON 4: Protect yourself with patches]

    Susan Bradley Patch Lady

    7 users thanked author for this post.
    Viewing 17 reply threads
    Author
    Replies
    • #2442006

      There are still problems with installing KB5012599

      Windows 10 Update KB5012599 stalls with install error 0x8024200B and 0x800F0831

      As of April 12, 2022, Microsoft has released security updates for Windows 10 and Windows Server. I have received information via user comments that the update KB5012599 for Windows 10 version 20H2-21H2 causes problems with some installations. The installation aborts with error code 0x800F0831 or error code 0x8024200B. In the meantime, I have done some research and summarized the issue in the following article…

      Issue: Install error 0x8024200B
      Regarding the update KB5012599, however, there are various user reports that it cannot be installed, but is aborted with the error code 0x8024200B…

      Problem: Installation error 0x800f0831
      In the Microsoft Answers forum, there is this thread, where a user complains about installation error 0x800f0831. The error 0x800f0831 stands for CBS_E_STORE_CORRUPTION, and can have several causes. One cause, according to Microsoft, is that Windows has lost access to the Microsoft update servers (because, for example, a VPN, proxy or virus scanner blocks this access)…

      1 user thanked author for this post.
      • #2442013

        Not seeing it widespread in consumer or even businesses.  I think it’s something unique in their deployment.  It’s a unique bug, not something that will be seen by Askwoody readership.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
        • #2442086

          It’s a unique bug, not something that will be seen by Askwoody readership.

          I had no issue with KB5012599.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          We all have our own reasons for doing the things that we do. We don't all have to do the same things.

      • #2445336

        Windows Update KB5012599: Microsoft plans fix for install error 0x8024200B and 0x800F0831

        Security update KB5012599, released by Microsoft on April 12, 2022, for Windows 10 and Windows Server causes issues on some systems. The installation aborts with the error code 0x800F0831 or the error code 0x8024200B..

        On May 4, 2022, blog reader Sherman reported that Microsoft had told his company that a fix was planned for the May 2022 patchday. Blog reader Harris followed up with more concrete information on May 5, 2022, writing:Just got the same confirmation today.

        Root Cause Category: Code Defect
        Root Cause Details: “This is a regression caused by SSU changes made in ioT DCR change.”
        Mitigation Steps: “Fix has been checked in and on track for 5B”..

        The cause is a broken code that was distributed to the Windows 10 clients by a Servicing Stack Update (SSU)…

    • #2442045

      Last month I had read (I forget where) that Office update KB5002160 could cause problems with Access databases, so I did not install it on the server then.  Does anyone know if this month’s Office updates KB5002141 and/or KB5002143 take care of those problems?

      • #2442088

        This is another one that I didn’t see widespread and impacting everyone. Fortunately that patch is a non security one so if you are impacted you can uninstall it.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2442023

      Should I also install the Optional Quality Update that is usually a Cumulative Update Preview (KB5011831 in this case)?

      • #2442071

        Never install a preview unless you want to test it and have a good image backup.

        cheers, Paul

        2 users thanked author for this post.
    • #2442079

      Typo in patch list-

      For office 2016 non-security updates:

      5002188 (incorrect patch) links to 5002141 (correct patch)

      5002185 (incorrect patch ) links to5002132 (correct patch)

       

      1 user thanked author for this post.
    • #2442105

      I have an issue which I hope you guys can help me with:
      KB5012117 .NET 3.5 and 4.8 April does not want to install. (KB5012599 installed without problem.)

      I always download updates from MS Update Catalog once Susan gives the all clear, and now I see 2 almost indentical updates for my Win10 x64 21H2 but whichever I try, they both give “The update is not applicable to your computer.”
      When you look at the screenshot, you’ll see that the first of the two seems to be the right one (because of the ‘x64’ in the description), the second one does not show any architecture specifics.

      What to do?

      • #2442107

        KB5012599 is the 2022-04 Cumulative Update for Windows.

        Usually, updates with x64 are for 64-bit, ones without are usually x86 (32-bit). Look for the one with x64 in the name in the Catalog for the KB5012117 .NET update.

    • #2442111

      I solved it.

      I suddenly remembered that I recently had to install MS Windws Desktop runtime 6 for an app that I later uninstalled.
      After uninstalling the runtime, KB5012117 installed fine.

      Thanks anyway

      • This reply was modified 3 weeks, 2 days ago by TJ. Reason: Call me stupid
      • #2442145

        I have updated Windows 10 21H2 with .net 3.5 and 4.8 as well as .net 5.0.16 and .net 6.04

        1 user thanked author for this post.
        • #2442157

          @Alex5723, I updated similarly with no problem.

          Dell Inspiron 7580 i7 16GB Win 10 pro 21H2 19044.1645 Microsoft 365

          1 user thanked author for this post.
    • #2442212

      Issue: Office 2016 Retail (C2R) updated to Preview version

      Windows 10 21H2 Build 19044.1586, Office 2016 Retail (C2R) V2203 Build 15028.20160, updated 3/25/2022, one version newer than the approved version in the Master Update List (MPL) because C2R updates are restricted to “Enable Updates” and “Update Now”, which is a typical issue every month.

      The MPL approved update as of today (04/26/2022) is V2203 Build 15028.20204, but after performing the same update procedure “About Outlook” tells me I now have Version 2204 Build 15128.20178 C2R.  The only info I could find is that this is a “Current Channel (Preview) update.

      I have no experience nor interest in testing a preview update, so where do I go from here?  What could possibly go wrong?

      1 user thanked author for this post.
      LH
      • #2442259

        “About Outlook” tells me I now have Version 2204 Build 15128.20178 C2R.  The only info I could find is that this is a “Current Channel (Preview) update.

        That build was released to the Current Channel yesterday:

        Release notes for Current Channel

        Windows 10 Pro version 21H2 build 19044.1682 + Microsoft 365 (group ASAP)

        1 user thanked author for this post.
        • #2442336

          Thank you, b.

          When I checked online for Office 2016 C2R Update History at around 7:30 PM EDT yesterday, Microsoft listed “April 20, 2022   Version 2203 (Build 15028.20228)” as the latest version.  I see now that the list has been updated, so it’s business as usual: When a C2R update gets deemed safe by the Woody group and entered into the Master Patch List, Microsoft has already made one to two additional updates, and I have no choice but to use the latest one.

          At any rate, I guess I don’t need to worry about the”Preview” status I had found in the very limited search results last night.

      • #2442382

        Same here, but with MS365.  Wondered what was going on!

        Dell Precision 3630 w/32 GB RAM, 500 GB (C:), 1 TB (D:)
        Window 10 Pro x64
        Internet: FTTC (Fibre to the Kerb)

        • #2442413

          This is at least the second time over the past couple years that I have updated Office 2016 C2R and the automatically installed version was not yet listed in the “Update history for Office 2016 C2R and Office 2019” document at

          https://docs.microsoft.com/en-us/officeupdates/update-history-office-2019

          When I Google searched the version number last night there were only a couple results, and I was concerned that the results referred to it as a Preview Update.  Tonight there are a multitude of Google results, but no mention of Preview until the 19th result.

        • #2442414

          This “Guest” reply 2442413 should be from STBC Mapper; I forgot to log in before making the reply.

    • #2442372

      hello, english is not my first language so im kinda confused here

      so for CVE-2022-26809, if im installing the april patch, is it gonna fix this problem or is it gonna make me vulnerable to it?

      do i need to do the port block like what microsoft suggested here or not?

      https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809

      im just a home user using my pc win10 pro, for gaming

    • #2442384

      KB5012599 (Win CU) and KB4012117 (.NET 3.5/4.8) installed successfully on Win 10 21H1 Home x64. Both done manually (from MS Catalog). No install issues and no other issues found so far.

      1 user thanked author for this post.
    • #2442452

      Updated my two machines with the following April patches using WUMgr. No issues to report as far as I can tell:

      1) Windows 10 Pro 21H2
      – KB5012599 (Win CU)
      – KB5012117 (.NET 3.5/4.8)
      – KB890830 (MSRT)

      2) Windows 10 Home 21H2
      – KB5012599 (Win CU)
      – KB5012117 (.NET 3.5/4.8)
      – KB890830 (MSRT)
      – Office 2013 April security patches

      BTW, on both machines I was also offered, but did not install yet another release of the pesky KB4023057 update.

      On the Home 21H2 machine only (apparently), I was also offered a new version of KB5005463, i.e. PC Health Check Application, which I did not install: no need for yet another tool that tries to mess with my updates seeing that the KB article mentions that “ PC Health Check application … will automatically install important application updates when they become available. PC Health Check users will not be able to turn off automatic updates.“.

      • This reply was modified 3 weeks ago by Berserker79. Reason: Fixed KB number of .NET framework update
      1 user thanked author for this post.
    • #2442453

      Windows 8.1 Pro x64. Installed the following without any apparent problems.

      .NET Framework (KB5012331) followed by Restart (Restart not required)

      The latest Security Stack Update (SSU), KB5012672, followed by Restart (again, the Restart is not required). Manually downloaded and installed from the MS update catalog.

      April Rollup (KB5012670), followed by Restart (required).

      I’m in the habit of restarting (as opposed to shutdown and subsequent start) after every update even if it’s not required.

      The latest SSU is required this month for installing the Rollup.

      1 user thanked author for this post.
      JD
    • #2442463

      Just received and installed KB5005463 PC Health Check Application for W10 Pro 21H2.

      2 users thanked author for this post.
      • #2442514

        Just received and installed KB5005463 PC Health Check Application for W10 Pro 21H2.

        And so you are now not able to turn off automatic updates? See post #2442452. My bold in the quote below.

        On the Home 21H2 machine only (apparently), I was also offered a new version of KB5005463, i.e. PC Health Check Application, which I did not install: no need for yet another tool that tries to mess with my updates seeing that the KB article mentions that “ PC Health Check application … will automatically install important application updates when they become available. PC Health Check users will not be able to turn off automatic updates.“.

      • #2442654

        Further to my post above, I confirm that KB5005463 (PC Health Check Application) is now offered also on my Windows 10 Pro 21H2 machine.

        BTW, I still prefer to hide this and avoid installation: even if it updates “only” important application (PC Health) updates, rather than providing Windows updates, I just have to take care of a couple of PCs and I can well decide on my own when to install updates for Windows and other programs, without being forced to accept automatic updates.

    • #2442536

      And so you are now not able to turn off automatic updates?

      The bold text has nothing to do with monthly Windows update. Running the tool will update important application (PC Health) updates not Windows updates.

      4 users thanked author for this post.
    • #2442563

      April patches installed with no problems to report on Win 8.1.  🙂

      Installation Successful: Windows successfully installed the following update: 2022-04 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 for x64 (KB5012331)

      Installation Successful: Windows successfully installed the following update: 2022-04 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB5012670)

      Installation Successful: Windows successfully installed the following update: 2022-04 Servicing Stack Update for Windows 8.1 for x64-based Systems (KB5012672)

      Group "A"- Win 8.1 x64
      Win 10 ver. 21H2 x64

      1 user thanked author for this post.
    • #2442597

      Sigh!

      On reading this post I updated my Dell’s Win10  straight away… or attempted to.

      Windows seemed to be doing fine but the update stalled. I gave it half an hour. No go. Windows being the boy that cried ‘wolf’ (stalled updates with no reason provided by Windows) I thought this was a regular stall that would fix with a restart. Windows woke up very sick. I decided to perform a system restore (Windows not Dell). Windows woke up dead!

      My account as well as Windows was unrecoverable using Dell’s recovery option. {Dell has a monstrous set of support assist remediation backups.  What a waste of disk space they turned out to be!}

      My choice was to reset the laptop to original. The laptop is aging so had an old version of Windows 10. It had to go through a couple of rounds of update and restart before deciding Stick with 10 or “Windows 11 time” and via upgrade rather than clean install (which I suspect would wipe Dell’s useful recovery options as well Dell’s unwanted trash and I did not wish to toss the baby out with the bath water). Windows would not let me upgrade to 11 before upgrading to something more recent. Sigh!

      Hours later, Windows 11 is running. Hours later, regular programs are installed and most problems are resolved (the big one was Defender interface would not load – reset via powershell cured it) and I desperately need sleep. To do list: Tweak, tweak, tweak.

      So, why did it break, you ask. I discovered later when Windows awoke sick that Internet was down. My guess is that update wanted something it could not fetch. My impatience and lack of a simple check contributed.

      Moral of the story. If update stalls, check internet status as well as giving it the usual long wait before trying a restart.

      PS  I use a cloud service to store data (including desktop where current things reside) so absolutely nothing of any importance was lost. (I also have a thumb drive that Windows backs data to continuously and an offline disk used periodically).

      PPS Rather than Powershell, Ipossibly could have right-clicked the Windows Security icon, chosen ‘Settings’ and used Repair then the option to Reset if that failed.

      Finally: It will take a while to get used to the changes (e.g. locating different settings) but so far my experience with Windows 11 indicates the change is positive.

       

      Group A (but Telemetry disabled Tasks and Registry)
      Win 7 64 Pro desktop
      Win 10 64 Home portable

      1 user thanked author for this post.
      • #2442690

        The advantage of a system / image backup to local USB disk is being able to restore in about 15 minutes.
        Cheap and easy backup should be on everyone’s monthly to do list.

        cheers, Paul

        2 users thanked author for this post.
        • #2442720

          Amen to that

          [] 🌹 #нетвойнесУкраиной 🌹 #不与乌克兰开战 🌹 []
          2 users thanked author for this post.
    • #2442762

      I consider Windows Update to be fragile. Having the Internet go down or a power loss or re-booting or canceling at the wrong moment may prevent Windows from recovering. So my recommendations include:
      1) Follow MS-DEFCON recommendations.
      2) Make sure your security software is up to date.
      3) Do image backups. Have at least an incremental backup before doing Windows Update.
      4) Have a recent re-boot and an idle system before starting.
      5) Require good weather when running Windows Update to reduce the likelihood of power failure.
      6) Have a strong known working Internet connection. Do a quick browsing sanity check before starting.
      7) Do not update while traveling.
      8) Have a lot of patience. Don’t be quick to cancel. Some Windows Update processes like TiWorker.exe can run slowly for long periods and some machines are under-powered for Windows 10+, such as my laptop, which takes many hours to update.
      9) Don’t re-boot until Windows Update shows it’s really finished installing all permitted updates.

      4 users thanked author for this post.
      • #2442808

        I consider Windows Update to be fragile …

        How about adding
        10) If there is more than 1 update, do them one at a time. If you are using WUMgr or WUSHOWHIDE, unhide and install them one at a time. Let one finish and let the system restart, before unhiding and installing another one ?

        4 users thanked author for this post.
        • #2442874

          …If there is more than 1 update, do them one at a time…install them one at a time. Let one finish and let the system restart, before unhiding and installing another one…

          AMEN!!! That exact procedure has kept me safe and sane with regards to WU since 2004 after witnessing a good friend’s unit succumb to excessive updates trying to individually reboot the computer when the others weren’t done installing. My friend and I were partly to blame, as we told WU to install all of the updates in the rather lengthy list, trusting it (WU) to make the right decision(s) with regards to timely rebooting during the updates’ installation routines.

          The computer (with Windows XP) blue screened while we had gone out to get a bite to eat. We returned after about an hour to the blue screen. Several attempts were made to resurrect the computer, but to very limited success…half the hard drive was unusable due to excessive errors from what I recall.

          After that fiasco/debacle/(pick your own very strongly phrased word of choice to express extreme disappointment), I decided that I would NEVER allow WU to go it alone with regards to installing a list of more than one update. I have since then insisted on having WU install updates one at a time in numerical order (with regards to the assigned KB number of each update), rebooting if requested after the update’s installation. The only exception I’ve made is to the now-monthly MSRT…I’ll let it install and if its log indicates that it didn’t find anything, I’ll proceed to install the next update and then reboot the machine. And so on and so on.

          This month for the April updates, I rebooted twice, first after installing MSRT and the .NET update and a second time after installing the monthly parch for Windows, KB5012599. WU did not prompt me for a reboot after installing the .NET update, but I did so anyway in keeping with my policy as stated above.

          2 users thanked author for this post.
        • #2442875

          Back in 2016 Brian Krebs wrote “Anytime there’s a .NET Framework update available, I always uncheck those updates to install and then reboot and install the .NET updates; I’ve had too many .NET update failures muddy the process of figuring out which update borked a Windows machine after a batch of patches to do otherwise”.
          I’ve always followed this advice.

          Windows 10 Home 21H2, Acer Aspire TC-1660 desktop, non-techie

          1 user thanked author for this post.
    • #2443357

      Updated my two machines with the following April patches one by one, creating a restore point each time before using WUSHOWHIDE to unhide, then download and install, in the following order. No issues to report:

      Windows 10 Pro 21H
      – KB5012117 (.NET 3.5/4.8) – requires a restart. 2 minutes
      – KB KB5013354 (.NET 5.0.16) – no restart required. 1 minute
      – KB890830 (MSRT) – no restart required. 1 minute

      – Powershell’s sfc /verifyonly afterward – no integrity errors

      – KB5012599 (Win CU)
      …..download (7 min)
      …..install (10 min)
      …..restart to finish (3 min) = 20 min total

      sfc /verifyonly afterward – no integrity errors

      1 user thanked author for this post.
    • #2444035

      Another reminder to never install optional updates.  Microsoft does it again.

       

      https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-kb5012643-update-will-break-some-apps/

      1 user thanked author for this post.
    Viewing 17 reply threads
    Reply To: MS-DEFCON 4: Protect yourself with patches

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.