|
There are isolated problems with current patches, but they are well-known and documented on this site. |
Business patchers: Right now you should still be in “test” mode in installing patches, not production roll out mode. For those that install the Wind[See the full post at: Patch Lady – B patchers need a pre patch]
Susan Bradley Patch Lady/Prudent patcher
No, KB4093118 is not including the KB4099950 hotfix.
Straight from MS themselves (got this email this morning in our org):
I am sending this email to you as I have just become aware of a possible issue when using Windows Update (WU) or WSUS to install the March and/or April updates. It seems that when WU or WSUS downloads the updates, which are supposed to contain the fix to the NIC issue (KB4099950 – the standalone fix we released as a pre-req for the March updates or KB4093118 – the April Monthly Rollup), the EXE package that contains the fix is NOT being downloaded. As such, the issue may not be properly mitigated, and the customer could still run into issues when they install the April update.
To avoid this issue, customers can download the full MSU packages from the Microsoft Update Catalog and use these to install the update as they WILL contain the EXE package which will mitigate the issue. This is true for both KB4099950 and KB4093118.
Please know that if your customer has already mitigated the issue, it won’t reoccur, and they CAN use WU or WSUS to download and apply all updates. If your customer skipped the March updates and are looking to install the April rollup via WU or WSUS to mitigate the issue, they could be impacted. If your customer is NOT using WU or WSUS for updates, they need to ensure that the product they use to push updates DOES download the full MSU package from the Microsoft Update Catalog and distribute the full package to clients to mitigate the issue.
The safest and confirmed way to fully mitigate this issue for good is:
– Download the April 2018 from catalog directly (MSU file) – https://www.catalog.update.microsoft.com/Search.aspx?q=4093118
– Download KB4099950 from catalog directly (MSU file) before applying other updates -https://www.catalog.update.microsoft.com/Search.aspx?q=4099950
(other updates can be from WU/WSUS)
The reason this appears to be happening seems to be due to the fact that WU and WSUS only download the CAB files associated with the update and not the full MSU package. As such, the EXE containing the fix never gets downloaded and run properly.
Aprils monthly does include the workaround but it is not downloading in some instances when you use WSUS to download the update.
Did you mean Server 2018 R2 or Server 2008 R2? 
~ Group "Weekend" ~
Susan “B patchers”, with the users here, would likely relate that to the “Group B – Security Only” patch crowd. For business patchers I would like to suggest “Bis-Patchers” to avoid confusion.
I believe your advice on installing KB4099950 before Aprils Security Only updates would apply to both “Bis-Patchers “and “Group B Patchers” equally.
Thanks for the Heads Up
Viper
I still mean B patchers – those that only install the security only updates.
Susan Bradley Patch Lady/Prudent patcher
Hi… Just a quick question on the SMB Memory leak on Windows 2008R2.
Is there any information on the extent of the memory leak?
How much memory is it leaking?
Has anyone applied it?
How bad was the impact?
Thanks
Adam
See https://www.askwoody.com/forums/topic/april-2018-patch-tuesday-is-here-and-its-a-biggie/#post-183508
KB4093118 and KB4093108 contain v6.1.7601.24093 of file win32k.sys, which is newer than the v6.1.7601.24061 file win32k.sys contained in KB4099467. (abbodi86’s analysis of KB4099467.) Thus, KB4093118 and KB4093108 very likely fix the same issue fixed by KB4099467 without needing to install KB4099467.
These links may help you
https://www.askwoody.com/forums/topic/april-2018-patch-tuesday-is-here-and-its-a-biggie/#post-183434
https://www.askwoody.com/forums/topic/april-2018-patch-tuesday-is-here-and-its-a-biggie/#post-183508
and from here down a ways
https://www.askwoody.com/forums/topic/april-2018-patch-tuesday-is-here-and-its-a-biggie/#post-183548
That one didn’t cause errors, it fixed them. If you logged off your Win7 would bsod. This patch fixes that issue but as Woody pointed out is now put in the April Security only and rollup patches.
Susan Bradley Patch Lady/Prudent patcher
April is shaping up to be no less complicated than March. Susan, you say that it is still necessary to install KB4099950 first before the March security update or the new April rollup patch. KB4099950 is still Optional and unchecked. Woody in his last posting on March updates said, “if you were feeling lucky” only install the checked updates. This would exclude KB….9950. When it’s time to install, do we install KB…9950 or not?
iPhone 13, 2019 iMac(SSD)
On two VMware virtual machines I was able to test with today, installing 4099950 via our patching tool which uses Windows Update, rebooting (for good measure), and then installing 4093118 via Windows Update resulted in a reset NIC.
If I installed 40999950 via the downloaded MSU, and then installed 4093118 via Windows Update, I avoided the NIC problem. The email from MS seems to indicate that you should install both patches via MSU, but since 4099950 doesn’t need a reboot and 4093118 does, it’s a little more practical for those of us in an enterprise environment to only install the one manually.
Hello OscarCP,
When we first changed servers I was seeing very different pages whether logged in or anonymous. It hasn’t happened to me for a while…
I trashed your anonymous question, because your logged in version has already been answered.
Hopefully the problem that caused the difference won’t reoccur, or if other people are experiencing similar problems, they will report them, and it can be tracked down and fixed.
Happy browsing…
Elly
Non-techy Win 10 Pro and Linux Mint experimenter
Elly, I’ve definitely been seeing problems with posts, its like the pages gets stuck in time for hours or even a day or so, then suddenly will update with all these new posts I haven’t read, most of the time the latest posts column on the right does show the list of new comments, but the actual articles haven’t updated with them. I tried different browsers and devices, with the same results, I’ve been viewing and posting anonymously, this has been happening for 2 – 3 days. I hope this can be looked into.
Encountered this ever since the recent host change and thought it was quiet, so moved onto other sites.
If it’s a security feature by the devs, there’s something wrong with it!
Can confirm. Site seems stuck here as well. Trick: after the url, put a /?=a random number (i.e. /?=123). Thus it will do a refresh and gets the most actual page.
~ Annemarie
It looks like there’s a bug in the caching algorithm. Usually you can dislodge the bug by navigating to just about any page (say, click one of the links on the right, even an old one), then using your browser’s back button, and Ctrl+F5 refreshing the page.
Sorry about that. We have some problems still. But at least the site’s staying up most of the time….
From the sounds of some posts above, sounds like it’s getting confusing for some folks with regards to KB4099950, the NIC patch.
If someone installed it via Windows Update before this past Tuesday, the 10th, are they protected, or do they need to go get it from the Catalog and “reinstall” it “from scratch”?
The rather frank post from @zero2dash above (#183647) seems to suggest that the only way to fix this issue is to, indeed, download BOTH KB4099950 and KB4093118 from the catalog and install them in that order. It makes no mention of a prior installation of KB4099950 via either the Catalog or Windows Update, thereby potentially leading to confusion on the part of some folks.
Please check out this post above for a real world example of what happened to someone already.
Not exactly similar, but odd Windows Update behavior… there are replies from three different people regarding their experience starting here.
Non-techy Win 10 Pro and Linux Mint experimenter
It is called “throttling” and was documented many years ago among others by Susan Bradley.
Nothing weird by the way. Can have 2 different meanings:
– The original meaning was to reduce the load on Windows Update servers in the first few days after release
– The modern meaning is that Microsoft considers the update subject to this treatment as being somewhere between an Important and an Optional patch, only for a while. Leaves the decision to the user, at least for a while. Office non-security updates are offered in such a way to Windows 7 and 8.1 clients, but pushed to Windows 10 clients immediately. This behaviour does not make those patches optional.
Please be aware that those in the habit of hiding patches, any patches, even 1 patch, are more likely to experience unusual and unpredictable behaviour. Essentially they run Windows Update in an unsupported configuration.
I confirm Bob99’s observation that KB4093118 is unticked by default.
Behind the scenes, a given update has a property called AutoSelection that is one factor in whether a given update is ticked or not by default in Windows Update. I believe that AutoSelection has the same value for all users for a given update. I believe that throttling is a separate factor that Microsoft can use on a per-user basis to override the AutoSelection property for the purposes of reducing load on Microsoft’s servers.
I just ran the first script at https://www.askwoody.com/forums/topic/how-to-view-detailed-information-about-a-given-windows-update/#post-176216. KB3021917 has AutoSelection=1, which is not typical for Windows 7.
“Please be aware that those in the habit of hiding patches, any patches, even 1 patch, are more likely to experience unusual and unpredictable behaviour. Essentially they run Windows Update in an unsupported configuration.”
For the record, I don’t agree. I have seen no evidence to support this assertion, while there are reproducible examples of issues caused in Windows 7 (and I assume also Windows 8.1) by not hiding updates that one doesn’t want to install at a given time.
updates that one doesn’t want to install at a given time
This makes that configuration unsupported by default. 
@ch100: Ok, but I believe that the vast majority of Windows 7 users would be considered unsupported according to your criteria because – correct me if I am mistaken – Windows 7 users that use default Windows Update settings (such as Windows automatic updates on) don’t have Optional updates installed.
“I think it is relatively obvious that here we discuss about all updates offered under Important and Recommended and less so about the Optional updates, which have their role but have more limited applicability.”
I found a case recently in which not hiding a Windows preview monthly rollup – an Optional update – results in a Windows non-preview monthly rollup not being listed in Windows Update.
@ch100: Furthermore, for Windows 7 users that don’t use Windows automatic updates, but instead use Windows Update, Optional updates are always unticked by default. Thus, it seems likely that most Windows 7 users that don’t use Windows automatic updates don’t have at least some Optional updates installed, which by your criteria means they would also be considered unsupported.
Have to say that I agree with @MrBrian here, but I sure wish Microsoft would clarify this stuff. We’ve seen too many odd behaviors, especially lately.
@ Ch100, since those using automatic updating, as you suggest, would have been moved to W10, in the GWX period, there shouldn’t be Windows 7 users left to support, at all…
Non-techy Win 10 Pro and Linux Mint experimenter
“To hide (patches), or not to hide, that is the question:
Whether ’tis nobler in the mind to suffer
The slings and arrows of outrageous (MS),
Or to take arms against a sea of troubles
And by opposing end them.”
Please forget my latest post. It is a small difference between 93108 and 93118, but a giant leap for a computer-illiterate who was not wearing have her reading glasses .
That’s actually a good observation. More about it coming up in my Computerworld post — if I ever get the ^%$#@! thing written.
@ch100: Ok, but I believe that the vast majority of Windows 7 users would be considered unsupported according to your criteria because – correct me if I am mistaken – Windows 7 users that use default Windows Update settings (such as Windows automatic updates on) don’t have Optional updates installed.
I suspect that M$ considers any Win7 user who does not allow themselves to be led by the nose through the Windows Updates ‘chutes’ to be “unsupported.” For the last two years M$ has been moving directly towards eliminating choice and increasing demanding uniformity that suits their corporate purposes. There’s only 1 reason we even have “Security-Only” updates: “the only ‘people’ that count” — Enterprise customers — would revolt. <rant = off>
And does this criteria mean those who hide e.g. kb2952664 are equally to be considered unsupported?
This is definitely the case.
If you don’t install Recommended updates, you have a custom installation and cannot pretend the manufacturer to bail you out when you have problems. Instead you can take care by yourself in such situations.
Well, that lets everyone know where they stand. Of course, we already appreciate what will happen if we ask MS to “bail us out” – WX, with its neverending succession of unstoppable and often unpredictable upgrades! It was escaping MS’ bail conditions that got most of us here.
See post #185284 immediately above.
The NIC issue affects physical boxes and VMs.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Notifications
