• Patch Lady – issues with out of band on 1607

    Home » Forums » Newsletter and Homepage topics » Patch Lady – issues with out of band on 1607

    Author
    Topic
    #241926

    While Woody is still holding back, me and my test machines are reporting no issues on the out of band updates on both 7 and 10’s. That said on the 160
    [See the full post at: Patch Lady – issues with out of band on 1607]

    Susan Bradley Patch Lady

    5 users thanked author for this post.
    Viewing 6 reply threads
    Author
    Replies
    • #241951

      I am wondering why this post does not have enough following. 🙂
      Totally agree with you Susan!

    • #241954

      Not sure this problem is specific to the out-of-band IE fix.  KB4467691 is the November 2018 security update for 1607 and Server 2016.

    • #241955

      It would be helpful if Susan and Woody addressed the two schools of thought on to-patch or not-to-patch and when as a separate thread. This out-of-band patch is specific, but a general discussion on patching would be helpful to many people here. Right now, this discussion is spread over two threads.

      There are advantages to patching immediately. There are advantages to waiting to patch.

      Patch-immediately advantages and patch-immediately disadvantages need to be laid out clearly and explicitly.

      Wait-to-patch advantages and wait-to-patch disadvantages need to be laid out clearly and explicitly.

      On hiatus {with backup and coffee}
      offlineâ–¸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
      offlineâ–¸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
      onlineâ–¸ Win11Pro 21H2.22000.675 x64 i5-9400 RAM16GB HDD Firefox101.0b6 MicrosoftDefender WuMgr
      • #241967

        We’ll be addressing that in the site re-design (say, in the next month or so). There are different needs for different groups of users — most people need a green light/red light system, while advanced users and admins face a more nuanced situation.

        We’ll make that more explicit.

        As for the advantages/disadvantages of patching immediately right now, I think I covered that here. It’s an ongoing theme in my Computerworld Faustian drama….

        2 users thanked author for this post.
        • #241977

          We’ll be addressing that in the site re-design (say, in the next month or so). There are different needs for different groups of users — most people need a green light/red light system, while advanced users and admins face a more nuanced situation. 

          Different skill sets.

          As for the advantages/disadvantages of patching immediately right now, I think I covered that here.

          Actually, I wondered if more general guidelines might be provided — not so much for this specific case, but referring more to “different needs for different groups of users” to use your phrase.

          On hiatus {with backup and coffee}
          offlineâ–¸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
          offlineâ–¸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
          onlineâ–¸ Win11Pro 21H2.22000.675 x64 i5-9400 RAM16GB HDD Firefox101.0b6 MicrosoftDefender WuMgr
          1 user thanked author for this post.
        • #241979

          Sounds like an excellent topic for an AKB article. Want to write it?

          1 user thanked author for this post.
        • #241981

          Let me first see if I can write it, then I’ll let you know. This one would take a lot of back story.

          On hiatus {with backup and coffee}
          offlineâ–¸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
          offlineâ–¸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
          onlineâ–¸ Win11Pro 21H2.22000.675 x64 i5-9400 RAM16GB HDD Firefox101.0b6 MicrosoftDefender WuMgr
          2 users thanked author for this post.
        • #242195

          The information might best created as a series of questions (ten) scaled from easier to harder.

          For example, the first question would be:
          Do you understand such computer terms as:

          • boot
          • update
          • version

          Upon answer of all questions, the user would total the ayes and nays.

          There would be an unchanging graph at the bottom with:
          x-axis: Risk Level that the user is willing to take (0-100)
          y-axis: Skill Level (0 to 10)

          The graph might be banded on the diagonal red, yellow, green and depending on user skill and risk, and would provide a ballpark suggestion of patch, don’t patch, maybe patch.

          If you like this suggestion, I’ll set it up in the test form thread as a post which can be tweaked until it is an effective tool.

          Or five graphs, one for each DEFCON level.

          On hiatus {with backup and coffee}
          offlineâ–¸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
          offlineâ–¸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
          onlineâ–¸ Win11Pro 21H2.22000.675 x64 i5-9400 RAM16GB HDD Firefox101.0b6 MicrosoftDefender WuMgr
        • #242172

          But really how hard can it be to go to the Patch List, compare your KB or Windows make and model and ……………. ah    OK or  WAIT (ok soooo maybe Green or Red)

          That would allow different versions to move at different paces vs one version’s problems holding up all versions.

        • #242342

          Great idea in theory, but in practice, most folks just want a “Go/No-go”

          If you combine the major, supported versions of Windows, Office, and .NET, you have … what?… 100 combinations?

          2 users thanked author for this post.
        • #242436

          Plan B explanation needs to be simpler than Plan A explanation.

          Most people are yes/no with less emphasis on technology and more emphasis on doability. People tend to push buttons first and ask questions afterward.

          Perhaps emphasis needs to be on preparedness on digging out if there’s a problem with updating:

          • backups and usage
          • restore points
          • rebooting

          If you can’t do these steps, don’t patch until DEFCON number is friendly and green.

          On hiatus {with backup and coffee}
          offlineâ–¸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
          offlineâ–¸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
          onlineâ–¸ Win11Pro 21H2.22000.675 x64 i5-9400 RAM16GB HDD Firefox101.0b6 MicrosoftDefender WuMgr
          1 user thanked author for this post.
    • #241963

      Whatever MS do to erase icons from my desktop, every week; hasn’t happened for a while. HURRAH !

    • #241980

      On a related note… I still don’t see an explanation about the emergency IE patch. Microsoft has basically said, “Trust us and apply it.” Google hasn’t said anything, as best I can tell. I don’t see any reports of attacks.

      Either people are afraid to talk about it (many possible reasons), or it isn’t nearly as scary as one would assume. In either case, the lack of communication is astounding, especially given Microsoft’s track record with emergency patches.

      Have any of you seen details?

    • #242026

      Just keep following our  Group A results for  home users to know if the patches and updates are working.  Enterprise is a different story.

      2 users thanked author for this post.
      • #242030

        Yep. In fact Group A is applicable to anyone who isn’t connected to an Update Server.

    • #242051

      GĂĽnter Born just posted an update to his warning (German language only at this point). He points out that the latest Dec. 19 update to Win10 1607/Server 2016, KB 4483229, now lists all of these acknowledged problems:

      Known issues in this update


      Symptom Workaround

      After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:

      4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

      Microsoft is working on a resolution and will provide an update in an upcoming release.
      System Center Virtual Machine Manager (SCVMM) managed workloads are noticing infrastructure management issues after VMM refresh as the Windows Management Instrumentation (WMI) class around network port is being unregistered on Hyper-V hosts. Run mofcomp for the scvmmswitchportsettings.mof, VMMDHCPSvr.mof, and other relevant SCVMM MOF Files. Please upgrade thru the SCVMM 2016 Update Rollup 6 (UR6) to expedite the Host Refresh activities after running mofcomp command.

      After installing this update on Windows Server 2016, instant search in Microsoft Outlook clients fail with the error, “Outlook cannot perform the search”.

      To alleviate the symptoms, run sfc /scannow as described in step 3 of Use the System File Checker tool to repair missing or corrupted system files. Then restart Microsoft Outlook.

      Microsoft is working on a resolution and will provide an update in an upcoming release.

      After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

      Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

      Microsoft is working on a resolution and will provide an update in an upcoming release.

      After installing KB4467691, Windows may fail to startup on certain Lenovo laptops that have less than 8 GB of RAM.

      Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.

      If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

      Microsoft is working with Lenovo and will provide an update in an upcoming release.

       

      Looking back, I see that the patches for Dec. 11, Dec. 9, and Nov 27 all list the known bugs. In addition, the Nov.13 cumulative update also lists the Lenovo 8 GB bug.

      I sure hope none of you Server 2016 admins expected to spend Christmas at home…

      3 users thanked author for this post.
    Viewing 6 reply threads
    Reply To: Patch Lady – issues with out of band on 1607

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.