Patch Alert: There are still lots of problems with the January patches

Topic

New Reply

Post coming in Computerworld.
[See the full post at: Patch Alert: There are still lots of problems with the January patches]

9 users thanked author for this post.

Microfix, JDeC, SueW, Sessh, Noel Carboni, MrBrian, Elly, WildBill, AJNorth

Reply | Quote

Replies

UGHHHh~! CAN WE JUST GET A CLEAR like back in February 2017 when we didn’t have to install any updates due to issues!? I mean if January patches are causing issues can we just get a FULL CLEAR not to install them!

Reply | Quote

You seem to want things to be cut and dried.

Unfortunately that’s not the way the tech world turns. Nowadays new information becomes available all the time and one must re-evaluate options virtually continuously, with unknown and varying consequences.

We’re lucky to have a community of folks around here who are also thinking about these issues, and who share their experiences.

I know a brilliant software developer who as a matter of policy NEVER updates any Windows system. I know another with a lifetime of tech experience who – even to this day – updates the moment updates become available. Both continue to be able to use their computers.

The paths of what to do have been placed before you. Others may presume to advise, but you are the one who has to decide how, when, or whether to move forward.

Regarding the January patches… There is a good and pertinent line from the novel Stranger in a Strange Land: “Waiting is.”

-Noel

10 users thanked author for this post.

jburk07, Danster, Sueska, WildBill, HiFlyer, SueW, mulletback, AJNorth, Elly, Sessh

Reply | Quote

Or as I like to say “Waiting is doing nothing, but with a purpose.”

Reply | Quote

Well, automatic Windows Update has not pushed any but the Flash player update here this month (Windows 10 1709). Obviously, not hitting the ‘Check for Updates’ make sense, right?

Reply | Quote

Has your anti-virus set the ALLOW Regkey? If it has not, you will not get Windows or .NET updates therough Windows Update.

2 users thanked author for this post.

Sueska, HiFlyer

Reply | Quote

Yup, Microsoft did it and all Windows 10 boxes here have that key set.

Reply | Quote

Update: As per support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in, Microsoft labels the 3rd January updates as preview and due to group policy settings on machines here, those updates won’t get applied. So, all works as expected and as soon Microsoft mark the patches stable (maybe next month), Windows Updates will spit them out.

1 user thanked author for this post.

Danster

Reply | Quote

Here’s Woody’s article:

Microsoft Patch Alert: Lots of lingering problems in a very messy month

5 users thanked author for this post.

walker, HiFlyer, woody, Elly, MrBrian

Reply | Quote

Ending line for Woody’s Article: “Group therapy for patchers continues on the AskWoody Lounge.”

Noting how accurate it is by Noel Carboni’s response to annonymous post #162111…

All the MPVs give solid, fact based help, still,

This whole month has stressed me out, and I took to the Rants forum. AskWoody Lounge therapy is so effective!

… and I haven’t touched my computer to update it… and it is still working fine…

It is actually hard to wait for Defcon clearance with all the vulnerabilities, rushing patches out, and bugs, even though I have never had a problem since following Woody’s advice…

Thank you, Woody… was almost feeling I had to do something… needed the consice review of this month’s history and current status just to make it to the next change of Defcon Level. Sometimes it is harder to do nothing…

 

Non-techy Win 10 Pro and Linux Mint experimenter

5 users thanked author for this post.

jburk07, Danster, Charlie, Cybertooth, AJNorth

Reply | Quote

Patience is a Virtue.  As a former New Yorker, that quality is lacking in me especially in driving.  However, working with computers requires lots of patience and so it is a good idea when I am working on many machines to have distractions also like reading technology magazines.  It just depends how complicated the problems are at present.

Reply | Quote

I’m Win7 x64.  received KB4074906 today 25 Jan.  Didn’t down load.  fix it tool for KB4055002.

1 user thanked author for this post.

woody

Reply | Quote

I did. So far nothing out of the blue.

1 user thanked author for this post.

Danster

Reply | Quote

Issue: Jan 2018 Windows Updates (KB4056898) causing Hyper-V guests crash. I’m not sure if this update fixes the issue.

2 users thanked author for this post.

walker, woody

Reply | Quote

Notice how few of this month’s updates are listed at https://support.microsoft.com/en-us/help/894199/software-update-services-and-windows-server-update-services-changes-in :(.

6 users thanked author for this post.

walker, Danster, HiFlyer, AJNorth, woody, Elly

Reply | Quote

Yes, it hasn’t been updated since Jan 9, in spite of all the re-releases, and re-re-ireleases, and new releases.

Reply | Quote

“This information will be updated either during our regular update releases on the second and fourth Tuesday of every month or whenever an unscheduled update is released. This article lists changes that were made on or after January 9, 2018. It does not list changes that were made before that date. For more information about changes that occurred before January 9, 2018, see the “References” section.”

Was that the date after which the initial ‘whoops!’ of bad patches started being fixed?

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

“Was that the date after which the initial ‘whoops!’ of bad patches started being fixed?”

Woody’s article today has a list of dates. In my opinion Microsoft’s list has been unreliable since around mid-2017. Perhaps it was unreliable before that also but I just didn’t notice.

2 users thanked author for this post.

HiFlyer, Elly

Reply | Quote

Amazing, isn’t it? That’s one (of many) reasons why it was hard to pull together this post.

10 users thanked author for this post.

walker, JDeC, Cascadian, HiFlyer, SueW, Sessh, Elly, Noel Carboni, AJNorth, MrBrian

Reply | Quote

Thinking to Start 2018 I might have a little “Patch Holiday” this month until the current “Patch Storm” settles, just wondering if its not the right time for one of these?  🙁

3 users thanked author for this post.

Microfix, HiFlyer, Elly

Reply | Quote

I thought about going to MS-DEFCON 1 when we found out that the January patches were bricking AMD machines. Ultimately decided not to because (five days later) Microsoft stopped pushing the patches on AMD machines.

Sometimes it’s very hard to see what’s going on by looking at the battle dust.

9 users thanked author for this post.

jburk07, Microfix, Charlie, JDeC, WildBill, Cascadian, SueW, Elly, AJNorth

Reply | Quote

As abbodi86 and I have mentioned elsewhere, KB4077561 can be considered the latest version of the Windows 8.1 Windows security-only update, and KB4073578 can be considered the latest version of the Windows 7 Windows security-only update.

7 users thanked author for this post.

walker, JDeC, Cascadian, HiFlyer, SueW, AJNorth, woody

Reply | Quote

KB4073578 can be considered the latest version of the Windows 7 Windows security-only update

Really? So when it comes to installing the security-only we go with this rather than KB4056897? This is what confuses me, if KB4073578 is considered the latest then why hasn’t it replaced the other one which is dated january 3rd – here

ETA: even though i notice the file sizes appear to be exactly the same.

The .net framework patches are confusing me even more, i just don’t understand which we’re supposed to install when the time comes.

2 users thanked author for this post.

JDeC, Cascadian

Reply | Quote

It’s complicated. But Woody should have it all figured out by the time he gives the go-ahead.

Be patient and WAIT.

9 users thanked author for this post.

AJNorth, walker, Microfix, SueW, Elly, JDeC, WildBill, Cascadian, T

Reply | Quote

Oh, certainly, i am waiting but it gets to that time of the month when i start planning what i’m going to be installing and this month is an absolute headache of patches and re-released patches and dodgy patches and dodgy re-released etc… and it never ends.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Strange – I don’t have any problem waiting at all. Computer’s working just fine and virus scans all clear. What’s the rush?

2 users thanked author for this post.

SueW, Charlie

Reply | Quote

As i said, i am waiting as i do every month but you agree that this month’s patches are an absolute car crash? I feel like i’m going to be none the wiser when it comes time to wade through this mess.

Reply | Quote

I find that just waiting, watching and taking note of other people’s patching adventures on this website and sometimes others, helps to clarify the way forward. By the time the Defcon level changes, I always seem to know what I want on my PC – and what I don’t!

1 user thanked author for this post.

SueW

Reply | Quote

@ “T”:

I believe the KB# you linked to (KB4056894) in your post is the full Security and Quality rollup update for January: 2018-01 Monthly Rollup.

MrBrian was referring to a security-only update (KB4073578) for Windows 7.

PS: all these KB#’s make me crazy (ier)

5 users thanked author for this post.

AJNorth, SueW, Elly, T, MrBrian

Reply | Quote

Oops, so i did… well anyway, it’s too late to edit now but i meant this one – https://support.microsoft.com/en-gb/help/4056897

Reply | Quote

“Really? So when it comes to installing the security-only we go with this rather than KB4056897?”

I don’t know which updates Woody will recommend (when the time comes), but one sign that KB4073578 should be considered a newer version of KB4056897 is to compare the file sizes of the files at https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056897 vs. https://www.catalog.update.microsoft.com/Search.aspx?q=KB4073578. The contents of these files provide further evidence. I can go more details if you want.

1 user thanked author for this post.

walker

Reply | Quote

Yeah, as i said earlier i noticed the file sizes are exactly the same so there’s no real need for you to go into more details but i notice in the discussion about the 8.1 mess here that you and abbodi both seem to think it’s a good idea to install the original security only update anyway, after the PIC/APIC and AMD fixes. Have i got that right? Please correct me if not.

ETA: unless you just mean that only applies to 8.1 and 7 is a whole different kettle of stinking, rotten fish.

Reply | Quote

“i notice in the discussion about the 8.1 mess here that you and abbodi both seem to think it’s a good idea to install the original security only update anyway, after the PIC/APIC and AMD fixes. Have i got that right?”

No. My initial post there must have been the result of “tired poster syndrome.” In my opinion, either zero or at most one of the January 2018 Windows 7 or 8.1 security-only updates (or their newer counterpart(s)) should be installed.

In my case, on January 15 I installed the January 2018 Windows 7 monthly rollup via Windows Update (I’m in Group A). I didn’t install KB4073578 because I don’t have an AMD processor. But if I would have installed KB4073578, I would have installed it before installing either KB4056894 or the January 2018 Internet Explorer cumulative update.

1 user thanked author for this post.

T

Reply | Quote

Tired poster syndrome huh? I like that and we’ve all been there but yeah, i don’t have an AMD processor either so i’ll install the original security-only (group b forever!).

Reply | Quote

I revised my last post.

Reply | Quote

Do you suppose I should uninstall KB4074906, the .Net Framework’s fix-it tool?

Reply | Quote

If you’re not having any problems, I’d just sit tight until Woody issues his Jan instructions. You can make the decision at that point.

1 user thanked author for this post.

walker

Reply | Quote

As far as BIOS patches are concerned, Samsung computer owners have been abandoned for some time.

There is no support page for Samsung computers at all, and Samsung printers are covered by HP support.

I could get a BIOS update from a Samsung update service app on my computer, but it is older than the one I have.

Reply | Quote

We feel the same way about ACER laptops. They are a very good price, good quality and perform well. We have several, but it seems ACER stops making driver updates the day the PC is sold…

1 user thanked author for this post.

BobbyB

Reply | Quote

HP are abandon merchants too. My HP Elitebook 8470p hasn’t had a BIOS update since 2012. That’s the year it was built.

Reply | Quote

I would suggests that a temporary Group W position is warranted at this time. The immediate risks of the patches to the stability and continuous usability of your system probably exceeds the near term risk of the Meltdoen/Spectre vulnerabilties. Remember, there are old hunters and there are bold hunters, but there are very few old bold hunters! One must avoid underwriting uncompensated risks and being an unpaid beta tester falls in that category. The quality assurance testing at MS has been wanting for sometime now and I would hazard that if we were drafting a set of industry wide best practices on quality assurance protocols, the current MS approach to life would not make the cut. Stay cool and WAIT; after all these patches have a recent record of breaking things every month and waste an inordinate amount of users time sifting through the uneven and fragmented documentation.

3 users thanked author for this post.

Cybertooth, wdburt1, ryegrass

Reply | Quote

Last year, January passed without any security updates
no one have leaked anything about the cause of that skip? 😀

Reply | Quote

From Woody’s ComputerWorld article:
“the original .NET patches for .NET 4.6/4.6.1/4.6.2/4.7/4.7.1 were all bad, and have to be augmented by additional patches. The font problems in the original patches have been fixed in general, but only if you install these latest patches. [KB 4074880]

Then there’s the Fixit tool KB 4074906 that fixes “Windows Presentation Foundation (WPF) applications that request a fallback font or a character that is not included in the currently selected font.”

1) So for .NET v4.6.x/ v4.7.1 users, or those planning to eventually upgrade to .NET v4.7.1 on Win 7 SP1/ Win Server 2008 R2 SP1, are both of the 2 font-related patches (KB 4074880 vs KB 4074906) required ?

• KB 4074880: [Revised] Quality-Security Rollup for .NET v4.6.x & .NET v4.7.x on Win 7 SP1/ Win Server 2008 R2 SP1 [replaces Jan 2018’s .NET rollup KB 4055002]
  >> This seems to be only offered via Windows Update, but is not available via manual download. Why ?
• KB 4074906: “Fixit” for Windows Presentation Foundation fallback fonts problems caused by Jan 2018’s .NET rollup (KB 4055002) on Win 7 SP1/ Win Server 2008 R2 SP1

2) I notice that as of end 2017, the KB pages for .NET 4.6.x/4.7.x updates have been asking users to install d3dcompiler_47.dll  first before applying updates.

Since the .NET 4.7.1 installer (but not the .NET 4.6.x or .NET 4.7 installer) apparently comes with d3dcompiler_47.dll,  I suppose after installing .NET 4.7.1, there is no need to install d3dcompiler_47.dll  before proceeding to install either the latest .NET Quality-Security rollup or the Security Updates ?

Reply | Quote

KB4074906 apparently is only offered to those computers that installed the older update (KB4055002) and need further remediation. KB4074880 is the replacement for KB4055002. KB4074880 is available for manual download from its “parent” KB article KB4055532 – see https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-framework-january-2018-security-and-quality-rollup/.

Making things more complicated is that on my Windows 7 computer, only the .NET Framework “parent” KB articles (example: KB4055532) appear in Windows Update Update History, and only the .NET Framework “children” KB articles (examples: KB4074880 and KB4054998) appear in Windows Update Installed Updates!

 

5 users thanked author for this post.

walker, Cascadian, Elly, AJNorth, woody

Reply | Quote

The hits just keep rolling in (and people wonder why I talk to myself…).

2 users thanked author for this post.

JDeC, SueW

Reply | Quote

Hello, I know there are many .NET versions but I can not see adding more to my PC just because it is there. I only update the .Net that I have and never upgrade to a newer one.

Each person should do what they think is best, but I can not see having a stack of .NETs on my PC when I never use them.  I only have version 3.5.1 since that came with win 7. My PC runs fine.

Win 7 64 bit Group B

2 users thanked author for this post.

ryegrass, JDeC

Reply | Quote

@anonymous:  The NET Framework updates are a nightmare IMHO.  One can only wait until there is an “all clear” that is up-to-date to guide us.   Better to WAIT for the final verdict IMHO.

Reply | Quote

anonymous wrote:

Hello, I know there are many .NET versions but I can not see adding more to my PC just because it is there. I only update the .Net that I have and never upgrade to a newer one. Each person should do what they think is best, but I can not see having a stack of .NETs on my PC when I never use them. I only have version 3.5.1 since that came with win 7. My PC runs fine. Win 7 64 bit Group B

I discovered a robust Free App – Paint.Net – that lets me mark-up JPG’s w/ Text, shapes, arrows, colors, etc. The latest Paint.Net Update says it Relies on .Net 4.7.1, which will be installed WITH the update if not on computer. A first for seeing a use for .Net updates I’ve always done, mostly from naivete.

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

1 user thanked author for this post.

The Surfing Pensioner

Reply | Quote

Thanks for the hot tip. I have Paint, but am not ready to instal .Net 4.7 yet. I’ll wait awhile to update the program.

Reply | Quote

Hello Craigs26 and others that “thanked” me. For those interested in .NETs, Arron Stebner has a verification or cleanup tool. You can use it to see which version you have.

(One can also look for a registry key.   https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed   )

Arron does keep it updated. The cleanup tool is a last ditch uninstall if all else fails.

https://blogs.msdn.microsoft.com/astebner/2013/11/06/net-framework-setup-verification-tool-and-cleanup-tool-now-support-net-framework-4-5-1/

Hope this helps anyone with .NET issues and need to remove or re-install it.

 

 

Reply | Quote

Hi to ya all.

I found something which I think it’s very importent and the location is at this source:
https://www.sevenforums.com/news/412466-kb4073578-update-fix-unbootable-state-amd-devices-windows-7-a.html

I will also say a very big thanks to Woody for his extremely good work and his excellently information to all of us which doesn’t have that kind of space with extra computers, and all that time he’s using to ours benefits… Thank you so much!

I have not yet tried this by myself but I will try it, because I did get the position to not be able to boot my own computer after I tried KB4056897. I think definitely that this will work if you doing it in that two ways which is written in the text…

My System Specs:
2 Processor    AMD Athlon(tm) 64 X2 Dual Core Processor 5000+, 2600 Mhz
NVIDIA GeForce 7025 / NVIDIA nForce 630a
GeForce 7025 / nForce 630a, NVIDIA-kompatibel
NVIDIA GeForce 7025 / NVIDIA nForce 630a    256,00 MB (268 435 456 byte)

SCSI    1 TB    WDC
(RAM)    2,00 GB
Swap    24,0 GB

Best Regards, Christer
____________________________

EDIT removed copied text from linked web page; thks for your note re earlier posting issues

Reply | Quote

We have been aware of the problem the Jan. updates have caused for multiple versions of Windows on computers with some AMD processors since their issue in early Jan. See this blog post and this blog post and several later ones.

The download link to KB4073578, the fixit patch for Win7, as well as the Jan security-only update, have been available on this site in AKB2000003 since their release by Microsoft.

Reply | Quote