MS-DEFCON 4: Protect yourself with patches

Topic

New Reply

ISSUE 19.17.1 • 2022-04-26 By Susan Bradley I’ve been holding my breath. For the past few weeks, I’ve been watching for attacks that researchers indic
[See the full post at: MS-DEFCON 4: Protect yourself with patches]

Susan Bradley Patch Lady

7 users thanked author for this post.

jburk07, WCHS, abbodi86, SueW, Mr. Austin, Fred, Alex5723

Reply | Quote

Replies

There are still problems with installing KB5012599

Windows 10 Update KB5012599 stalls with install error 0x8024200B and 0x800F0831

As of April 12, 2022, Microsoft has released security updates for Windows 10 and Windows Server. I have received information via user comments that the update KB5012599 for Windows 10 version 20H2-21H2 causes problems with some installations. The installation aborts with error code 0x800F0831 or error code 0x8024200B. In the meantime, I have done some research and summarized the issue in the following article…

Issue: Install error 0x8024200B
Regarding the update KB5012599, however, there are various user reports that it cannot be installed, but is aborted with the error code 0x8024200B…

Problem: Installation error 0x800f0831
In the Microsoft Answers forum, there is this thread, where a user complains about installation error 0x800f0831. The error 0x800f0831 stands for CBS_E_STORE_CORRUPTION, and can have several causes. One cause, according to Microsoft, is that Windows has lost access to the Microsoft update servers (because, for example, a VPN, proxy or virus scanner blocks this access)…

1 user thanked author for this post.

Fred

Reply | Quote

Not seeing it widespread in consumer or even businesses.  I think it’s something unique in their deployment.  It’s a unique bug, not something that will be seen by Askwoody readership.

Susan Bradley Patch Lady

1 user thanked author for this post.

bbearren

Reply | Quote

Susan Bradley wrote:

It’s a unique bug, not something that will be seen by Askwoody readership.

I had no issue with KB5012599.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do to our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

Windows Update KB5012599: Microsoft plans fix for install error 0x8024200B and 0x800F0831

Security update KB5012599, released by Microsoft on April 12, 2022, for Windows 10 and Windows Server causes issues on some systems. The installation aborts with the error code 0x800F0831 or the error code 0x8024200B..

On May 4, 2022, blog reader Sherman reported that Microsoft had told his company that a fix was planned for the May 2022 patchday. Blog reader Harris followed up with more concrete information on May 5, 2022, writing:Just got the same confirmation today.

Root Cause Category: Code Defect
Root Cause Details: “This is a regression caused by SSU changes made in ioT DCR change.”
Mitigation Steps: “Fix has been checked in and on track for 5B”..

The cause is a broken code that was distributed to the Windows 10 clients by a Servicing Stack Update (SSU)…

Reply | Quote

Last month I had read (I forget where) that Office update KB5002160 could cause problems with Access databases, so I did not install it on the server then.  Does anyone know if this month’s Office updates KB5002141 and/or KB5002143 take care of those problems?

Reply | Quote

This is another one that I didn’t see widespread and impacting everyone. Fortunately that patch is a non security one so if you are impacted you can uninstall it.

Susan Bradley Patch Lady

1 user thanked author for this post.

Matthew

Reply | Quote

Should I also install the Optional Quality Update that is usually a Cumulative Update Preview (KB5011831 in this case)?

Reply | Quote

Never install a preview unless you want to test it and have a good image backup.

cheers, Paul

2 users thanked author for this post.

Tchalms, Fred

Reply | Quote

Typo in patch list-

For office 2016 non-security updates:

5002188 (incorrect patch) links to 5002141 (correct patch)

5002185 (incorrect patch ) links to5002132 (correct patch)

 

1 user thanked author for this post.

KevinTMC

Reply | Quote

Thanks!  I’ll update it.

Susan Bradley Patch Lady

2 users thanked author for this post.

KevinTMC, sheldon

Reply | Quote

I have an issue which I hope you guys can help me with:
KB5012117 .NET 3.5 and 4.8 April does not want to install. (KB5012599 installed without problem.)

I always download updates from MS Update Catalog once Susan gives the all clear, and now I see 2 almost indentical updates for my Win10 x64 21H2 but whichever I try, they both give “The update is not applicable to your computer.”
When you look at the screenshot, you’ll see that the first of the two seems to be the right one (because of the ‘x64’ in the description), the second one does not show any architecture specifics.

What to do?

Reply | Quote

KB5012599 is the 2022-04 Cumulative Update for Windows.

Usually, updates with x64 are for 64-bit, ones without are usually x86 (32-bit). Look for the one with x64 in the name in the Catalog for the KB5012117 .NET update.

Reply | Quote

[TJ]

I solved it.

I suddenly remembered that I recently had to install MS Windws Desktop runtime 6 for an app that I later uninstalled.
After uninstalling the runtime, KB5012117 installed fine.

Thanks anyway

• This reply was modified 1 year, 1 month ago by TJ. Reason: Call me stupid

Reply | Quote

I have updated Windows 10 21H2 with .net 3.5 and 4.8 as well as .net 5.0.16 and .net 6.04

1 user thanked author for this post.

jburk07

Reply | Quote

@Alex5723, I updated similarly with no problem.

Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.2728), Microsoft 365 Version 2302 (16130.20332)

1 user thanked author for this post.

jburk07

Reply | Quote

Issue: Office 2016 Retail (C2R) updated to Preview version

Windows 10 21H2 Build 19044.1586, Office 2016 Retail (C2R) V2203 Build 15028.20160, updated 3/25/2022, one version newer than the approved version in the Master Update List (MPL) because C2R updates are restricted to “Enable Updates” and “Update Now”, which is a typical issue every month.

The MPL approved update as of today (04/26/2022) is V2203 Build 15028.20204, but after performing the same update procedure “About Outlook” tells me I now have Version 2204 Build 15128.20178 C2R.  The only info I could find is that this is a “Current Channel (Preview) update.

I have no experience nor interest in testing a preview update, so where do I go from here?  What could possibly go wrong?

1 user thanked author for this post.

LH

Reply | Quote

STBC Mapper wrote:

“About Outlook” tells me I now have Version 2204 Build 15128.20178 C2R.  The only info I could find is that this is a “Current Channel (Preview) update.

That build was released to the Current Channel yesterday:

Release notes for Current Channel

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

1 user thanked author for this post.

STBC Mapper

Reply | Quote

Thank you, b.

When I checked online for Office 2016 C2R Update History at around 7:30 PM EDT yesterday, Microsoft listed “April 20, 2022   Version 2203 (Build 15028.20228)” as the latest version.  I see now that the list has been updated, so it’s business as usual: When a C2R update gets deemed safe by the Woody group and entered into the Master Patch List, Microsoft has already made one to two additional updates, and I have no choice but to use the latest one.

At any rate, I guess I don’t need to worry about the”Preview” status I had found in the very limited search results last night.

Reply | Quote

Same here, but with MS365.  Wondered what was going on!

Dell Precision 3630 w/32 GB RAM, 500 GB (C:), 1 TB (D:)
Window 10 Pro x64
Internet: FTTC (Fibre to the Kerb)

Reply | Quote

This is at least the second time over the past couple years that I have updated Office 2016 C2R and the automatically installed version was not yet listed in the “Update history for Office 2016 C2R and Office 2019” document at

https://docs.microsoft.com/en-us/officeupdates/update-history-office-2019

When I Google searched the version number last night there were only a couple results, and I was concerned that the results referred to it as a Preview Update.  Tonight there are a multitude of Google results, but no mention of Preview until the 19th result.

Reply | Quote

This “Guest” reply 2442413 should be from STBC Mapper; I forgot to log in before making the reply.

Reply | Quote

hello, english is not my first language so im kinda confused here

so for CVE-2022-26809, if im installing the april patch, is it gonna fix this problem or is it gonna make me vulnerable to it?

do i need to do the port block like what microsoft suggested here or not?

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809

im just a home user using my pc win10 pro, for gaming

Reply | Quote

The FAQ at that link says just patch it for the fix:

Apply the April 2022 security updates to fully address this issue.

CVE-2022-26809 Remote Procedure Call Runtime Remote Code Execution Vulnerability

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

Reply | Quote

KB5012599 (Win CU) and KB4012117 (.NET 3.5/4.8) installed successfully on Win 10 21H1 Home x64. Both done manually (from MS Catalog). No install issues and no other issues found so far.

1 user thanked author for this post.

jburk07

Reply | Quote

[Berserker79]

Updated my two machines with the following April patches using WUMgr. No issues to report as far as I can tell:

1) Windows 10 Pro 21H2
– KB5012599 (Win CU)
– KB5012117 (.NET 3.5/4.8)
– KB890830 (MSRT)

2) Windows 10 Home 21H2
– KB5012599 (Win CU)
– KB5012117 (.NET 3.5/4.8)
– KB890830 (MSRT)
– Office 2013 April security patches

BTW, on both machines I was also offered, but did not install yet another release of the pesky KB4023057 update.

On the Home 21H2 machine only (apparently), I was also offered a new version of KB5005463, i.e. PC Health Check Application, which I did not install: no need for yet another tool that tries to mess with my updates seeing that the KB article mentions that “ PC Health Check application … will automatically install important application updates when they become available. PC Health Check users will not be able to turn off automatic updates.“.

• This reply was modified 1 year, 1 month ago by Berserker79. Reason: Fixed KB number of .NET framework update

1 user thanked author for this post.

jburk07

Reply | Quote

Windows 8.1 Pro x64. Installed the following without any apparent problems.

.NET Framework (KB5012331) followed by Restart (Restart not required)

The latest Security Stack Update (SSU), KB5012672, followed by Restart (again, the Restart is not required). Manually downloaded and installed from the MS update catalog.

April Rollup (KB5012670), followed by Restart (required).

I’m in the habit of restarting (as opposed to shutdown and subsequent start) after every update even if it’s not required.

The latest SSU is required this month for installing the Rollup.

1 user thanked author for this post.

JD

Reply | Quote

Thank you!

1 user thanked author for this post.

DrBonzo

Reply | Quote

Just received and installed KB5005463 PC Health Check Application for W10 Pro 21H2.

2 users thanked author for this post.

jburk07, oldfry

Reply | Quote

Alex5723 wrote:

Just received and installed KB5005463 PC Health Check Application for W10 Pro 21H2.

And so you are now not able to turn off automatic updates? See post #2442452. My bold in the quote below.

Berserker79 wrote:

On the Home 21H2 machine only (apparently), I was also offered a new version of KB5005463, i.e. PC Health Check Application, which I did not install: no need for yet another tool that tries to mess with my updates seeing that the KB article mentions that “ PC Health Check application … will automatically install important application updates when they become available. PC Health Check users will not be able to turn off automatic updates.“.

Reply | Quote

Further to my post above, I confirm that KB5005463 (PC Health Check Application) is now offered also on my Windows 10 Pro 21H2 machine.

BTW, I still prefer to hide this and avoid installation: even if it updates “only” important application (PC Health) updates, rather than providing Windows updates, I just have to take care of a couple of PCs and I can well decide on my own when to install updates for Windows and other programs, without being forced to accept automatic updates.

Reply | Quote

WCHS wrote:

And so you are now not able to turn off automatic updates?

The bold text has nothing to do with monthly Windows update. Running the tool will update important application (PC Health) updates not Windows updates.

4 users thanked author for this post.

jburk07, 280park, Berserker79, WCHS

Reply | Quote

April patches installed with no problems to report on Win 8.1.  🙂

Installation Successful: Windows successfully installed the following update: 2022-04 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 for x64 (KB5012331)

Installation Successful: Windows successfully installed the following update: 2022-04 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB5012670)

Installation Successful: Windows successfully installed the following update: 2022-04 Servicing Stack Update for Windows 8.1 for x64-based Systems (KB5012672)

Win 10 ver. 22H2 x64

1 user thanked author for this post.

DrBonzo

Reply | Quote

Sigh!

On reading this post I updated my Dell’s Win10  straight away… or attempted to.

Windows seemed to be doing fine but the update stalled. I gave it half an hour. No go. Windows being the boy that cried ‘wolf’ (stalled updates with no reason provided by Windows) I thought this was a regular stall that would fix with a restart. Windows woke up very sick. I decided to perform a system restore (Windows not Dell). Windows woke up dead!

My account as well as Windows was unrecoverable using Dell’s recovery option. {Dell has a monstrous set of support assist remediation backups.  What a waste of disk space they turned out to be!}

My choice was to reset the laptop to original. The laptop is aging so had an old version of Windows 10. It had to go through a couple of rounds of update and restart before deciding Stick with 10 or “Windows 11 time” and via upgrade rather than clean install (which I suspect would wipe Dell’s useful recovery options as well Dell’s unwanted trash and I did not wish to toss the baby out with the bath water). Windows would not let me upgrade to 11 before upgrading to something more recent. Sigh!

Hours later, Windows 11 is running. Hours later, regular programs are installed and most problems are resolved (the big one was Defender interface would not load – reset via powershell cured it) and I desperately need sleep. To do list: Tweak, tweak, tweak.

So, why did it break, you ask. I discovered later when Windows awoke sick that Internet was down. My guess is that update wanted something it could not fetch. My impatience and lack of a simple check contributed.

Moral of the story. If update stalls, check internet status as well as giving it the usual long wait before trying a restart.

PS  I use a cloud service to store data (including desktop where current things reside) so absolutely nothing of any importance was lost. (I also have a thumb drive that Windows backs data to continuously and an offline disk used periodically).

PPS Rather than Powershell, Ipossibly could have right-clicked the Windows Security icon, chosen ‘Settings’ and used Repair then the option to Reset if that failed.

Finally: It will take a while to get used to the changes (e.g. locating different settings) but so far my experience with Windows 11 indicates the change is positive.

 

Group A (but Telemetry disabled Tasks and Registry)
Win 7 64 Pro desktop
Win 10 64 Home portable

1 user thanked author for this post.

jburk07

Reply | Quote

The advantage of a system / image backup to local USB disk is being able to restore in about 15 minutes.
Cheap and easy backup should be on everyone’s monthly to do list.

cheers, Paul

2 users thanked author for this post.

jburk07, SueW

Reply | Quote

Amen to that

* _ the metaverse is poisonous _ *

2 users thanked author for this post.

jburk07, SueW

Reply | Quote

I consider Windows Update to be fragile. Having the Internet go down or a power loss or re-booting or canceling at the wrong moment may prevent Windows from recovering. So my recommendations include:
1) Follow MS-DEFCON recommendations.
2) Make sure your security software is up to date.
3) Do image backups. Have at least an incremental backup before doing Windows Update.
4) Have a recent re-boot and an idle system before starting.
5) Require good weather when running Windows Update to reduce the likelihood of power failure.
6) Have a strong known working Internet connection. Do a quick browsing sanity check before starting.
7) Do not update while traveling.
8) Have a lot of patience. Don’t be quick to cancel. Some Windows Update processes like TiWorker.exe can run slowly for long periods and some machines are under-powered for Windows 10+, such as my laptop, which takes many hours to update.
9) Don’t re-boot until Windows Update shows it’s really finished installing all permitted updates.

Windows 10 22H2 desktops & laptops on Dell, HP, ASUS; No servers, no domain.

4 users thanked author for this post.

jburk07, opti1, rontpxz81, Fred

Reply | Quote

oldfry wrote:

I consider Windows Update to be fragile …

How about adding
10) If there is more than 1 update, do them one at a time. If you are using WUMgr or WUSHOWHIDE, unhide and install them one at a time. Let one finish and let the system restart, before unhiding and installing another one ?

4 users thanked author for this post.

jburk07, rontpxz81, samak, Bob99

Reply | Quote

…If there is more than 1 update, do them one at a time…install them one at a time. Let one finish and let the system restart, before unhiding and installing another one…

AMEN!!! That exact procedure has kept me safe and sane with regards to WU since 2004 after witnessing a good friend’s unit succumb to excessive updates trying to individually reboot the computer when the others weren’t done installing. My friend and I were partly to blame, as we told WU to install all of the updates in the rather lengthy list, trusting it (WU) to make the right decision(s) with regards to timely rebooting during the updates’ installation routines.

The computer (with Windows XP) blue screened while we had gone out to get a bite to eat. We returned after about an hour to the blue screen. Several attempts were made to resurrect the computer, but to very limited success…half the hard drive was unusable due to excessive errors from what I recall.

After that fiasco/debacle/(pick your own very strongly phrased word of choice to express extreme disappointment), I decided that I would NEVER allow WU to go it alone with regards to installing a list of more than one update. I have since then insisted on having WU install updates one at a time in numerical order (with regards to the assigned KB number of each update), rebooting if requested after the update’s installation. The only exception I’ve made is to the now-monthly MSRT…I’ll let it install and if its log indicates that it didn’t find anything, I’ll proceed to install the next update and then reboot the machine. And so on and so on.

This month for the April updates, I rebooted twice, first after installing MSRT and the .NET update and a second time after installing the monthly parch for Windows, KB5012599. WU did not prompt me for a reboot after installing the .NET update, but I did so anyway in keeping with my policy as stated above.

2 users thanked author for this post.

jburk07, samak

Reply | Quote

Back in 2016 Brian Krebs wrote “Anytime there’s a .NET Framework update available, I always uncheck those updates to install and then reboot and install the .NET updates; I’ve had too many .NET update failures muddy the process of figuring out which update borked a Windows machine after a batch of patches to do otherwise”.
I’ve always followed this advice.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

1 user thanked author for this post.

jburk07

Reply | Quote

Updated my two machines with the following April patches one by one, creating a restore point each time before using WUSHOWHIDE to unhide, then download and install, in the following order. No issues to report:

Windows 10 Pro 21H
– KB5012117 (.NET 3.5/4.8) – requires a restart. 2 minutes
– KB KB5013354 (.NET 5.0.16) – no restart required. 1 minute
– KB890830 (MSRT) – no restart required. 1 minute

– Powershell’s sfc /verifyonly afterward – no integrity errors

– KB5012599 (Win CU)
…..download (7 min)
…..install (10 min)
…..restart to finish (3 min) = 20 min total

–sfc /verifyonly afterward – no integrity errors

1 user thanked author for this post.

jburk07

Reply | Quote

Another reminder to never install optional updates.  Microsoft does it again.

 

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-kb5012643-update-will-break-some-apps/

1 user thanked author for this post.

jburk07

Reply | Quote