News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – issues with out of band on 1607

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – issues with out of band on 1607

    This topic contains 16 replies, has 7 voices, and was last updated by

     geekdom 5 months, 3 weeks ago.

    • Author
      Posts
    • #241926 Reply

      Susan Bradley
      AskWoody MVP

      While Woody is still holding back, me and my test machines are reporting no issues on the out of band updates on both 7 and 10’s. That said on the 160
      [See the full post at: Patch Lady – issues with out of band on 1607]

      Susan Bradley Patch Lady

      5 users thanked author for this post.
    • #241951 Reply

      ch100
      AskWoody_MVP

      I am wondering why this post does not have enough following. 🙂
      Totally agree with you Susan!

    • #241954 Reply

      warrenrumak
      AskWoody Plus

      Not sure this problem is specific to the out-of-band IE fix.  KB4467691 is the November 2018 security update for 1607 and Server 2016.

    • #241955 Reply

      geekdom
      AskWoody Plus

      It would be helpful if Susan and Woody addressed the two schools of thought on to-patch or not-to-patch and when as a separate thread. This out-of-band patch is specific, but a general discussion on patching would be helpful to many people here. Right now, this discussion is spread over two threads.

      There are advantages to patching immediately. There are advantages to waiting to patch.

      Patch-immediately advantages and patch-immediately disadvantages need to be laid out clearly and explicitly.

      Wait-to-patch advantages and wait-to-patch disadvantages need to be laid out clearly and explicitly.

      Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
      • #241967 Reply

        woody
        Da Boss

        We’ll be addressing that in the site re-design (say, in the next month or so). There are different needs for different groups of users — most people need a green light/red light system, while advanced users and admins face a more nuanced situation.

        We’ll make that more explicit.

        As for the advantages/disadvantages of patching immediately right now, I think I covered that here. It’s an ongoing theme in my Computerworld Faustian drama….

        2 users thanked author for this post.
        • #241977 Reply

          geekdom
          AskWoody Plus

          We’ll be addressing that in the site re-design (say, in the next month or so). There are different needs for different groups of users — most people need a green light/red light system, while advanced users and admins face a more nuanced situation. 

          Different skill sets.

          As for the advantages/disadvantages of patching immediately right now, I think I covered that here.

          Actually, I wondered if more general guidelines might be provided — not so much for this specific case, but referring more to “different needs for different groups of users” to use your phrase.

          Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
          1 user thanked author for this post.
          • #241979 Reply

            woody
            Da Boss

            Sounds like an excellent topic for an AKB article. Want to write it?

            1 user thanked author for this post.
            • #241981 Reply

              geekdom
              AskWoody Plus

              Let me first see if I can write it, then I’ll let you know. This one would take a lot of back story.

              Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
              2 users thanked author for this post.
            • #242195 Reply

              geekdom
              AskWoody Plus

              The information might best created as a series of questions (ten) scaled from easier to harder.

              For example, the first question would be:
              Do you understand such computer terms as:

              • boot
              • update
              • version

              Upon answer of all questions, the user would total the ayes and nays.

              There would be an unchanging graph at the bottom with:
              x-axis: Risk Level that the user is willing to take (0-100)
              y-axis: Skill Level (0 to 10)

              The graph might be banded on the diagonal red, yellow, green and depending on user skill and risk, and would provide a ballpark suggestion of patch, don’t patch, maybe patch.

              If you like this suggestion, I’ll set it up in the test form thread as a post which can be tweaked until it is an effective tool.

              Or five graphs, one for each DEFCON level.

              Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
        • #242172 Reply

          anonymous

          But really how hard can it be to go to the Patch List, compare your KB or Windows make and model and ……………. ah    OK or  WAIT (ok soooo maybe Green or Red)

          That would allow different versions to move at different paces vs one version’s problems holding up all versions.

          • #242342 Reply

            woody
            Da Boss

            Great idea in theory, but in practice, most folks just want a “Go/No-go”

            If you combine the major, supported versions of Windows, Office, and .NET, you have … what?… 100 combinations?

            2 users thanked author for this post.
            • #242436 Reply

              geekdom
              AskWoody Plus

              Plan B explanation needs to be simpler than Plan A explanation.

              Most people are yes/no with less emphasis on technology and more emphasis on doability. People tend to push buttons first and ask questions afterward.

              Perhaps emphasis needs to be on preparedness on digging out if there’s a problem with updating:

              • backups and usage
              • restore points
              • rebooting

              If you can’t do these steps, don’t patch until DEFCON number is friendly and green.

              Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta
              1 user thanked author for this post.
    • #241963 Reply

      anonymous

      Whatever MS do to erase icons from my desktop, every week; hasn’t happened for a while. HURRAH !

    • #241980 Reply

      woody
      Da Boss

      On a related note… I still don’t see an explanation about the emergency IE patch. Microsoft has basically said, “Trust us and apply it.” Google hasn’t said anything, as best I can tell. I don’t see any reports of attacks.

      Either people are afraid to talk about it (many possible reasons), or it isn’t nearly as scary as one would assume. In either case, the lack of communication is astounding, especially given Microsoft’s track record with emergency patches.

      Have any of you seen details?

    • #242026 Reply

      Geo
      AskWoody Plus

      Just keep following our  Group A results for  home users to know if the patches and updates are working.  Enterprise is a different story.

      2 users thanked author for this post.
      • #242030 Reply

        woody
        Da Boss

        Yep. In fact Group A is applicable to anyone who isn’t connected to an Update Server.

    • #242051 Reply

      woody
      Da Boss

      Günter Born just posted an update to his warning (German language only at this point). He points out that the latest Dec. 19 update to Win10 1607/Server 2016, KB 4483229, now lists all of these acknowledged problems:

      Known issues in this update


      Symptom Workaround

      After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:

      4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

      Microsoft is working on a resolution and will provide an update in an upcoming release.
      System Center Virtual Machine Manager (SCVMM) managed workloads are noticing infrastructure management issues after VMM refresh as the Windows Management Instrumentation (WMI) class around network port is being unregistered on Hyper-V hosts. Run mofcomp for the scvmmswitchportsettings.mofVMMDHCPSvr.mof, and other relevant SCVMM MOF Files. Please upgrade thru the SCVMM 2016 Update Rollup 6 (UR6) to expedite the Host Refresh activities after running mofcomp command.

      After installing this update on Windows Server 2016, instant search in Microsoft Outlook clients fail with the error, “Outlook cannot perform the search”.

      To alleviate the symptoms, run sfc /scannow as described in step 3 of Use the System File Checker tool to repair missing or corrupted system files. Then restart Microsoft Outlook.

      Microsoft is working on a resolution and will provide an update in an upcoming release.

      After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

      Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

      Microsoft is working on a resolution and will provide an update in an upcoming release.

      After installing KB4467691, Windows may fail to startup on certain Lenovo laptops that have less than 8 GB of RAM.

      Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.

      If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

      Microsoft is working with Lenovo and will provide an update in an upcoming release.

       

      Looking back, I see that the patches for Dec. 11, Dec. 9, and Nov 27 all list the known bugs. In addition, the Nov.13 cumulative update also lists the Lenovo 8 GB bug.

      I sure hope none of you Server 2016 admins expected to spend Christmas at home…

      3 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – issues with out of band on 1607

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel