The July .NET patches are even worse than you think

Topic

New Reply

Earlier today, Microsoft posted this advisory on the official MSDN .NET blog: The July 2018 Security and Quality Rollup updates for .NET Framework was
[See the full post at: The July .NET patches are even worse than you think]

8 users thanked author for this post.

walker, Geo, mcbsys, SueW, geekdom, Elly, Cybertooth, ch100

Reply | Quote

Replies

Since these updates so often provide the opposite of either “security” or “quality,” perhaps Microsoft should take those words out of the name:

July 2018 Rollup for .NET Framework

More suitable names are possible. Here are a couple, using this month’s .NET patch as a model:

July 2018 Roll of the Dice for .NET Framework

July 2018 YMMV Rollup for .NET Framework

…

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

4 users thanked author for this post.

Charlie, HiFlyer, WildBill, SueW

Reply | Quote

Just ran Update again, and the .NET KB4043556 still shows up, but is now unchecked.

Does that qualify as “pulled”? More like Pulled Pork to me…  <:

what is going on up there in Redmond? Who’s running this circus, Elmer Fudd?

“When a thing gives you more trouble than it’s worth, it becomes expendable.” (Heinlien?)

We’re getting there.

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"...all the people, all the time..."Peter Ustinov ad-lib in "Logan's Run"

3 users thanked author for this post.

Charlie, WildBill, Cybertooth

Reply | Quote

If an update has become unchecked it generally means it’s suspended while being reviewed or “fixed”. It won’t get automatically installed, and so far as manual installation is concerned you should never check an unchecked update and install it – at least without very good reason, and there is no good reason to install any of the July updates at the present time.

1 user thanked author for this post.

SueW

Reply | Quote

What an extraordinary turn of events this month.

Perhaps they should just announce the immediate end of support for all versions of Windows. That way we could all just get on with using our computers in peace, almost certainly without any increased risk to our systems, the biggest threat by far coming from Microsoft these days.

Either that or we just give up on July and see what happens in August. It’s looking increasingly unlikely that we’re going to get to Defcon 3 with this month’s hotchpotch of messery.

1 user thanked author for this post.

Cybertooth

Reply | Quote

So, they’ve stopped distributing them? Maybe, expect 4340558 then, and why are they (re)releasing a brand new hotfix with the same bug?!

Reply | Quote

Does Microsoft ever TEST their patches before they release them for their customers or do they just expect us to do their testing for them?

1 user thanked author for this post.

WildBill

Reply | Quote

Roger that, you just hit the nail on the head. That’s exactly what’s going on.

2 users thanked author for this post.

Charlie, WildBill

Reply | Quote

I imagine their QA Department consists these days of a couple of interns, one with Windows 10 and the other with a placebo.

Reply | Quote

We’ve had a lot of “banner months” this year, eh? It seems to be getting worse. These occurrences are getting more frequent and more ridiculous.

If this is what we can look forward to in Windows as a Service, then count me out. What on earth is happening up in Redmond?

Reply | Quote

They show up listed and under important but unchecked on my system.  A lot of unaware people out there are going to : OH! these are important, check, check, install. How about just getting them the heck OFF of there. Maybe they sit back and take bets with each other on how many systems they can **** up by unsuspecting people who have no idea what they are reading, except the important part. Good example of just plain don’t give a ____.

Edit for content

1 user thanked author for this post.

Cybertooth

Reply | Quote

With each new patching debacle the irony of Microsoft calling patches a “Security and Quality Rollup” increases!

Reply | Quote

As cautionary advice, be very careful with any .NET Framework patches, versions, and updates. Different versions work for different software and the software will cease to work entirely if you futz with the .NET Framework versions. Further, .NET Frameworks are chained together in the registry and if you uninstall one of them, any that follow may not work correctly either.

You may think everything is running fine, until you run a program several weeks later that won’t run because that particular .NET Framework is missing.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox115.0b2 MicrosoftDefender

2 users thanked author for this post.

walker, GoneToPlaid

Reply | Quote

A couple of years ago, I ran into a similar issue with the Visual C++ Redistributables. Google Earth kept crashing on one of my machines. The solution was to uninstall all of them, and then to reinstall the needed versions in the proper order.

1 user thanked author for this post.

geekdom

Reply | Quote

I did not know that about these two products, seems like that is very bad design or caused by feature creep.

Reply | Quote

“About Visual C++ Redistributable Packages
Visual C++ Redistributable Packages install runtime components of Visual C++ Libraries on a computer that does not have Visual C++ installed. The libraries are required to run applications that are developed by using the corresponding version of Visual C++.”

These packages are built over time. Here are the redistributables you may need:
https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads

The quote above is from “More Information” provided in the link.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox115.0b2 MicrosoftDefender

1 user thanked author for this post.

GoneToPlaid

Reply | Quote

Hi Geekdom,

Thank your for that handy dandy link.

Best regards,

–GTP

 

Reply | Quote

Thanks for the clarity, needing libraries for different C++ versions is okay. Still weird that those C++ runtimes needed to be installed in a specific order.

.NET as you have revealed its cumulative interdependant nature is very complex now; Do you have to find and install the correct framework version or run a repair utility to fix errors?

1 user thanked author for this post.

walker

Reply | Quote

Is there a pattern here? Nominally every March and October a new version of 10 is released to the unfortunate and unwary. Four months later in January and July the patching is complete disaster not just the normal monthly fiasco.

Reply | Quote

From the “advisory”:

As a team, we regret that this release was shipped with this flaw. This release was tested using our regular and extensive testing process. We discovered while investigating this issue that we have a test hole for the specific combination of COM activation and restricted permissions, including impersonation. We will be mitigating that gap going forward. Again, we are sorry for any inconvenience that this product flaw has caused.

Nice that they “regret” & “are sorry”… but it’s lame. “… our regular and extensive testing process” isn’t that extensive if they release software with bugs. Fortunately, we can rely on Woody’s MS-DEFCON system. A maximum of 16 days before the jump to DEFCON 3… I’ll be amazed if the fixes result in MS-DEFCON 4!

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

Reply | Quote

It’s rumored that there were a lot of bricks and excrement all over the MS Update & Patch dept. when Woody’s site went down!

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Have never had problems with .NET Framework patches before and have never uninstalled a .NET patch for any reason being that MS once had reliable and safe patching. When WinUpdate first offered Kb4340556 it was unchecked. Yesterday it was checked and I was not worried about installing it, did the deed and we have not had any issues opening any programs up to now. That being said, with this new post and MS admitting they really messed up, I am not sure if I should go ahead and uninstall or leave it be. Am wondering if problems will start creeping up later. Any thoughts? KB338818 remains unchecked however.

1 user thanked author for this post.

geekdom

Reply | Quote

Interesting.  The KB4340556 version Windows Update is pushing now (is unchecked) has a 07/10/2018 publish date.

The KB4340556 version the Update Catalog has listed has a 07/20/2018 publish date.  As near as I can tell the only difference is in the “Known Issues” text.

Reply | Quote

This from my point of view as a Windows 7 Pro, Group B user:

So far the BSOD problem with both the Security &Q Rollup and the Security Only patches first distributed by MS on July 10th has been, allegedly, fixed with a later release of a patch that (as I understand it, and correct me if I am wrong) is meant to fix both the S&Q Rollup and the Security Only patches.

The Master Patch List, still to be updated this weekend, so far has Office (all versions) listed with no known problems and, based on previous experience, that is not likely to change, as MS seems to have been putting greater care in the updates to Office than to Windows itself.

The main problem, right now, might be with the .NET updates, which (depending on the user’s type of work) probably can wait, as (to the home or small business user) they may not be the most critical of the lot.

We are still less than two weeks from Patch Tuesday, and individual users like myself, at least, particularly those who are up to date with patches through June with no issues, have no reason to rush and start patching until another week, at least, or DEFCON 3, whichever comes first, those items without any “Known Problems” mentioned in the Master Patch List at that time.

Again, all this from the point of view of a Windows 7, Group B non-SysAdmin, non-gaming user. Windows 10 and those who install Rollups probably face a different situation at this time, as usual.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

This just in – the July Security and Quality Rollup for .NET (KB 4340556) has disappeared from Windows Update on my Win 7 x64 system.  Instead, June .NET Preview (KB 4291493) has reappeared.

 

3 users thanked author for this post.

walker, geekdom, Kirsty

Reply | Quote

Same here. Date: July 24th, 16.00 GMT+1

Reply | Quote

Re:July patches. In the immortal words of Donnie Brasco “Forghedaboudit”.

Win 7 Pro x64 i7core, Haswell

Reply | Quote

Here are .NET Framework downloads:
https://www.microsoft.com/net/download/archives

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox115.0b2 MicrosoftDefender

1 user thanked author for this post.

walker

Reply | Quote

Huh. It appears that MS has removed the offline installers for the 4.6 branch of .NET. Users will have to Google to find the offline installers.

Reply | Quote

Any port in the storm.

Carpe Diem {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1778 x64 i5-9400 RAM16GB HDD Firefox115.0b2 MicrosoftDefender

Reply | Quote

Is anyone away if this comes both the Security/Quality Rollup and the Security updates ie this effects BOTH or just the Quality rollup.  The wording of their patches makes things confusing as it is, but the notice makes it sound like the Security Only maybe fine?

1 user thanked author for this post.

walker

Reply | Quote

I am not willing to test the July Security Only update. I am holding at June, and I recommend that you do the same for the time being.

1 user thanked author for this post.

Charlie

Reply | Quote

Hide and seek updates: the latest rage! Of bewildered, flabbergasted and bemused users!

And nobody ever gets to touch base! Because there isn’t one!

So nobody can ever be “free”! Of this albatross!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Charlie

Reply | Quote

I always wait until Woody gives a go ahead, and even then wait longer before getting these “updates” nowadays.  I don’t like being a Crash Test Dummy!

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

2 users thanked author for this post.

columbia2011, Cybertooth

Reply | Quote

The “fixes” for the July .NET updates are out:
https://blogs.msdn.microsoft.com/dotnet/2018/07/30/net-framework-july-2018-update/

You have to manually download or check in to WSUS.

And asking us to close all .NET apps before applying?  Cripes, Microsoft

Reply | Quote

The .NET Update is available by manual download only via Microsoft Update Catalog.

Reply | Quote

columbia2011 wrote:

The .NET Update is available by manual download only via Microsoft Update Catalog.

WSUS has a facility to check patches in from the update catalog(ue).  That’s what I was referring to.

Reply | Quote