MS Patch day brings bug warnings, another version of Office Click-to-Run, and the return of KB 2952664

Topic

New Reply

It’s been a messy patching month. Post coming in Computerworld.
[See the full post at: MS Patch day brings bug warnings, another version of Office Click-to-Run, and the return of KB 2952664]

4 users thanked author for this post.

JDeC, AJNorth, Tiernan, SueW

Reply | Quote

Replies

Woody,

Thanks for the update. KB2952664 showed up AGAIN this morning for me, too. Will probably get hidden again later today.

Dave

Reply | Quote

Hmm, not wishing to pass up on a good conspiracy theory, the following is a completely scurrilous and unfounded rumour. But…

I wonder if the reason that MS keep pushing out KB 2952664 and KB 2976978 is because they know everyone knows about it, so really the snooping is hidden elsewhere.

Maybe that’s why the patches are always broken now.

Grab your tinfoil here 🙂

Sorry, couldn’t resist, feel free to delete

4 users thanked author for this post.

Cascadian, lurks about, JDeC, WildBill

Reply | Quote

If they are hiding new ones  you can be-sure  the ask woody sleuths will find them out and report them to us.  That`s what the defcon  numbers are for.

1 user thanked author for this post.

Jan K.

Reply | Quote

That’s why you should have a layered defense against malware your trusted OS vendor.

2 users thanked author for this post.

Microfix, WildBill

Reply | Quote

When you are watching the magician twirl his fingers and smile so broadly, you have already missed the trick. It happened in the other hand.

Reply | Quote

On my Windows 8.1 system, MS has been playing “3-card KB” with me this month. As of 02/07/18, KB2976978 was “Optional”. When the “Official” Patch Tuesday on 02/13/18 rolled around, it was “Important” & checked. Well, that booger was getting Unchecked when I was updating in March! As of early this morning, 02/28/18, it was Gone. Later, it’s back in the “Optional” bucket, now dated 02/26/18. BTW, KBNew links to this:

This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program. The diagnostics evaluate the compatibility status of the Windows ecosystem, and help Microsoft to ensure application and device compatibility for all updates to Windows. There is no GWX or upgrade functionality contained in this update.

Either the Meltdown/Spectre functionality under Windows Analytics isn’t ready for primetime, it’s no longer a priority, or it was a blind in the 1st place to convince Win 7/Win 8.1 users to install the “compatibility” update. Also, the KB2952664/KB2976978 patch was supposed to ensure “compatibility” for upgrading to Windows 10, but now it doesn’t?! If you’re staying with Windows 7 or Windows 8.1 until their end-of-life, avoid these patches like the Plague!

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

It will be changed to a CHECKED important update on Patch Tues. (unless you already hid it)

2 users thanked author for this post.

Cascadian, JDeC

Reply | Quote

I never hide updates. Is that why MS is playing “3-card KB” (their version of 3-card monte) with me?

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

First the release the update for “testing” as optional, then on patch day they release it for everyone checked & critical (telemetry warrants the same priority as critical security updates for some reason). Then when they are making changes it disappears briefly. Then repeat.

Reply | Quote

Enterprises are still moving to 10 and are using this to guide them as to what line of business programs still suck.  We in the consumer/SMB are not the target of this update even though we still get it offered up.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

jburk07, woody

Reply | Quote

In those immortal words of Yogi Berra, “When you come to a fork in the road, take it.”

2 users thanked author for this post.

SueW, Elly

Reply | Quote

‘It’s been a messy patching month.’ well bless my PC circuits, surely a special thanks is credited to microsoft for their outstanding work in keeping us all and the website busy.

Windows - commercial by definition and now function...

1 user thanked author for this post.

Elly

Reply | Quote

There’s a new bug posted for KB 4077525, the second Monthly Rollup this month for Win10 1607:

After installing this update, servers where Credential Guard is enabled may restart unexpectedly

I can’t find this listed as a known issue on the page that the KB 4077525 link takes me to. Am I missing something? Also, since this seemingly only affects 1607 Server, and since I’m running 1607 Pro, should this be a concern if I apply the Update? I was planning on running 1607 Pro until MS stops issuing security updates, which I think is sometime in April. I then plan to apply the 1709 Pro Upgrade. Then repeat the process with 1709 Pro until MS stops issuing security updates, then upgrade to the latest Semi-Annual Channel release, whatever that might be, then “Pete and repeat”.  This way, I’m extending the time between upgrades as long as possible.

But, if KB 4077525 causes issues with 1607 Pro, I’ll have to decide whether to stop applying updates until I’m ready to upgrade, or go ahead and upgrade a couple of months earlier than planned. As a matter of principle, I’d hate to give in to MS and their stupid WaaS! Even for just a couple of months.

Reply | Quote

You’re quite correct. It’s listed as a known issue with the FIRST cumulative update for 1607 this month.

https://support.microsoft.com/en-us/help/4074590

1 user thanked author for this post.

dononline

Reply | Quote

OKey doeky … So that should mean that the issue is solved in the second Cumulative Update to the first Cumulative Update — I guess. Who can keep up anymore? Woody, if it wasn’t for you and the MVPs helping me plug the holes in the bottom of this sinking ship, I’d be using Linux right now. I hate Linux. Thank you for the lifeline you all provide to help us survive the Wonderful World of Windows as a Service!

Reply | Quote

“Servers”  that patch is for both 1607 workstations and Windows 2016 servers.  This side effect only occurs on Servers where credential guard is installed.  If you are running Windows 10 you won’t hit this.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

dononline

Reply | Quote

I think I’m finally getting a sense of how to use this site to save my non-tech user bacon, running W7 HP 64 bit on Dell desktop.  But, a question- Here we are into March, and I see discussion here about Feb. updates.  Currently MS is offering me KB4074598, KB3021917, KB3068708, KB3080149, and KB915597.  Are these Feb. updates, for which the DEFCON number is currently 2?  Also, I have warnings from elsewhere to avoid the three listed above that are KB30xxxxx.  Don’t exactly get “group A” vs. “group B” but hope to avoid disasters when updating.

Help! What should I do?  (Thanks for not laughing at my ignorance)

Reply | Quote

You can read about the DEFCON system using the button at the top of the blog.

Basically, the DEFCON system is about not installing updates when they are first released. Since MS has been issuing many problematic patches lately, it is about waiting until the public has essentially beta tested the updates so we know where the pit falls are. Given time, reports will tell us what we need to avoid.

When Woody deems we have sufficient knowledge, he will raise the DEFCON number to 3-5 and publish guidance for patching on AskWoody and in a ComputerWorld article.

Wait for it, and patch safely.

Reply | Quote

@ Slowpoke47-

About the Groups:

Group A is willing to take all of Microsoft’s new telemetry systems, along with potentially useful nonsecurity updates. It installs the Monthly rollup (in Microsoft parlance the “Security Monthly Quality Rollup” patch).

Group B doesn’t want any more snooping than absolutely necessary and doesn’t care about improvements like daylight saving time zone changes. But it does want to keep applying security patches. It installs Security-only patches (Microsoft-speak “Security Only Quality Update”). Group B might also be for people that have to avoid a particular patch problem on their system, since the rollup is designed to eventually install all the patches and bring you up to date.

If you want a little more information overall, you might check out How to hang on to Windows 7 for the long run… a Computer World Article by Woody.

So… Microsoft usually has what is called Patch Tuesday, when it rolls out the new month’s patches. The Defcon system takes that into consideration, but it may not, for example, clear February patches until just before the March patches are released. There have been a lot of patch problems, and fixes for problems, so there has been no Defcon change for February, yet…

Wait for the Defcon level to change. The last time it cleared was February 5th, and that was for January patches. Here is a link to that change, so you can get an idea of the format: MS-DEFCON 3: Lots of caveats, but it’s time to get patched

Within that topic, there is a link to the Computer World article… and that will have details on the months problems, current status, and what to do now. There are further links to follow, but that is because there is just too much to put in one article to cover all operating systems. You would choose your Windows version, and updating style… and go from there.

More on the telemetry issue can be found at 2952664: Telemetry in Win7/8.1 – KB2952664, KB2977759, KB2976978, & KB3150513

Hope that is helpful.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

Hi Woody, are we going to MS-DEFCON 3-5 today? about to leave my parents’ place this PM and wanted to know if I can go ahead and update their computer, which I skipped updating January updates. Thanks as always!

Reply | Quote