• Various out of band updates out to fix January patch issues

    Home » Forums » Newsletter and Homepage topics » Various out of band updates out to fix January patch issues

    • This topic has 43 replies, 16 voices, and was last updated 4 months ago.
    Author
    Topic
    #2418995

    When Microsoft has issues with updates, it normally takes until Fridayish before they identify a root cause and then it’s Mondayish of the following w
    [See the full post at: Various out of band updates out to fix January patch issues]

    Susan Bradley Patch Lady

    9 users thanked author for this post.
    Viewing 15 reply threads
    Author
    Replies
    • #2419060

      https://www.ghacks.net/2022/01/18/kb5010795-out-of-band-update-for-windows-11-10-and-windows-server-released/

      https://www.neowin.net/news/oob-updates-for-several-windows-versions-released-fixes-vpn-connection-issues-and-more/

      “Windows 11, version 21H1 (original release): KB5010795

      Windows Server 2022: KB5010796

      Windows 10, version 21H2: KB5010793

      Windows 10, version 21H1: KB5010793

      Windows 10, version 20H2, Windows Server, version 20H2: KB5010793

      Windows 10, version 20H1, Windows Server, version 20H1: KB5010793

      Windows 10, version 1909, Windows Server, version 1909: KB5010792

      Windows 10, version 1607, Windows Server 2016: KB5010790

      Windows 10, version 1507: KB5010789

      Windows 7 SP1: KB5010798

      Windows Server 2008 SP2: KB5010799”

      I just got KB5009194 update to .NET 5.0.13

      1 user thanked author for this post.
    • #2419062

      See this thread for Win7 ESU/ ESUb OoB January 2022 Patch and info.

       

      "-rw-rw-rw-" extreme computing
    • #2419034

      Do I need to get the update for Windows 8.1 if I don’t have a VM?

       

      • #2419077

        No. If Windows is behaving do not do anything until Susan says it’s safe to patch.

        cheers, Paul

    • #2419114

      KB5010793 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems

      was waiting to be downloaded and installed when I signed in on the Windows 10 side of my dual boot daily driver.

      No hiccups.

      Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
      We all have our own reasons for doing the things that we do. We don't all have to do the same things.

      1 user thanked author for this post.
    • #2419120

      --Joe

    • #2419123

      Will they replace the bad updates with new ones for WSUS users?

      • #2419140

        No you’ll have to manually import them.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2419124

      This patch is worthless. If you’re experiencing the boot loop issue, you’ve already uninstalled the cumulative update – this patch is useless. If you haven’t installed the cumulative update to prevent a dead server – this patch is useless. So, I guess we need to wait for the February cumulative update and skip January? Nice.

      • #2419126

        Thats what I was thinking.  I thought they would issue a replacement patch, maybe they still will?

      • #2419128

        The Windows 10 & 11 patches are cumulative updates. See the file information section at the end of the KB article.

        --Joe

        • #2419133

          The out of band update for Server 2012 R2  must be downloaded manually and is not cumulative and in fact is substantially smaller than the cumulative update it’s fixing.   I think (but I’m not sure) that the out of band updates for Server 2019 and 2022 are cumulative (they’re available via Windows Update), the sizes are about the same and Microsoft states “If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.”

      • #2419141

        Which patch?

        Windows 10/11 patches (and related Server OS) are cumulative updates.  Server 2012 R2 however is not.  If you do the monthly rollup, later on this one (don’t reboot inbetween). When I raise the MS-DEFCON on 1/25 I’ll explain how to install updates on 2012 R2.  If you HAVE to patch, you’ll need to do both the main patch for January -AND- this out of band on the 2012 R2 platform.

        If you are patching any of the Windows 10ish era stuff (and later) they are cumulative so you only need to install the later patch.

        Susan Bradley Patch Lady

        4 users thanked author for this post.
        • #2419144

          Thank You Susan.  I don’t plan to update Server 2012 R2 until you provide an all clear with instructions.  Thank you for your reply. 🙂

          1 user thanked author for this post.
        • #2419799

          Regarding Server2012R2 and the new Out of Band patch.

          Once this KB5010794 fix (out of band patch) was released for Windows Server 2012R2 I waited a day or so to see if any reports of problems surfaced. Then I did the cumulative update KB5009624 for January, stopped the VMs, restarted the host but did not restart the VMs, then I did the OOB patch, restarted, and then restarted the VMs. ~12hours later it’s all working as it should. Phew!

          Thanks to everyone, particularly Susan, for supplying relevant and timely information. I hope your experience is as good as mine was. (Note that I did not have the boot loop problem… Host was not a DC )

          Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

          1 user thanked author for this post.
    • #2419159

      Did Microsoft fix 0-day “RemotePotato0” with Jan. OOB?

    • #2419299

      OoB WIN8.1 UPDATE:
      kb5010794 is also available via WU (MSFT have now added it)

      Checked WU on our Win8.1 Pro x64 earlier to find kb5010794
      sitting in the ‘Optional’ section of WU.
      As this device is already fully (everything) up-to-date, I downloaded and installed, instant restart required.
      SFC scan all good, Event viewer no errors and system working good here.

      NOTE: This is not my test device, it’s our Haswell system, imaged prior to January patchmess.

      Update: no affects on this Haswell system 22/01/22

      "-rw-rw-rw-" extreme computing
      • This reply was modified 4 months ago by Microfix. Reason: Update added
      4 users thanked author for this post.
      • #2419585

        While managing a fully patched and fully functioning (as of Dec 31, 2021) Win8.1 Pro x64 system, after the January 2022 updates (KB5009624 monthly roll-up, KB5009721 .NET Framework roll-up) suddenly “something” got broken: pieces of software and core parts of the O.S. itself (e.g. Computer Management) began throwing an error complaining about the (now) missing ‘vcruntime140_1.dll’ library.

        Rolling back to a previous backup image (as of Dec 31, 2021) restored the system stability (got the missing library back and everything else working normally, again). Can’t tell for sure if the culprit is either KB5009624, KB5009721 or an unexpected interaction between the two (haven’t had time to try uninstalling only one of them in turns, to be sure) but uninstalling both updates also worked (same as restoring back the system to the Dec 31, 2021 backup image).

        I am guessing here that Redmond messed up (again) while packaging the updates and used the wrong versions of the Visual C++ Runtime libraries, because another option that also worked out well was to keep both updates (KB5009624 and KB5009721) installed and simply update the Visual C++ 2015 runtime libraries (as of Dec 31, 2021 that Win8.1 system had v14.0.24212 installed) to v14.30.30704, which were the latest available redistributable packages (signed October 5, 2021) here (“Visual Studio 2015, 2017, 2019, and 2022” section):

        https://docs.microsoft.com/en-us/cpp/windows/latest-supported-vc-redist?view=msvc-170

        For now I am not installing the optional KB5010794 update yet (I’ll just wait for the February updates) but I am assuming that this optional update will do exactly that (update the Visual C++ 2015 runtime libraries) because as I am writing this (Jan 20, 2022) the above webpage is now offering v14.30.30708 (signed January 6, 2022) of the Visual C++ 2015 runtime libraries… 😉

        Just my 2 cents,

        • This reply was modified 4 months ago by Speccy. Reason: The site doesn't like UNDERLINED text anymore? And editing and submitting back the post will also DELETE IT? What the heck?
        4 users thanked author for this post.
        • #2419607

          Nice detective work, @Speccy and thanks for sharing.

          Too bad Microsoft isn’t as thoughtful and thorough in their testing as you.

          1 user thanked author for this post.
        • #2419709

          We have ten Win8.1 workstations and haven’t experienced this issue.

          3 users thanked author for this post.
        • #2419852

          Thanks for sharing, @Intrepid. Just out of curiosity, may I ask if any of your ten workstations also had that exact same version (v14.0.24212) of the Visual C++ 2015 runtime libraries installed?

        • #2419855

          No, we have 14.0.24215 and 14.0.23026

          1 user thanked author for this post.
        • #2419903

          Visual C++ Redistributable Runtimes are never included in any Windows updates

          Win 7/8/8.1 Monthly Rollup only include the Universal C Runtime (ucrtbase.dll along with CRT Api set), and it’s not had been updated since 2019

          4 users thanked author for this post.
        • #2420673

          @abbodi86, you’re absolutely right. Thank you!
          Last week was a busy one and I didn’t pay enough attention… my bad. I went back to that system over this weekend to figure out what happened and the culprit seem to have been (might have been?) a hardware driver update (indeed, uninstalling KB5009624 and KB5009721 was not the same as restoring back the Dec 31, 2021 image: they were both installed on Jan 6, 2022 but that driver had been automatically installed on patch Tuesday [Jan 4, 2022] but went unnoticed and that’s probably what caused the unexpected interaction that lead to the missing runtime library situation).
          Updating the C++ runtime libraries “fixed” the situation, yes, but the situation itself wasn’t caused neither by the KB5009624 or the KB5009721 roll-up updates. My bad, sorry.

          2 users thanked author for this post.
    • #2419382

      somehow, someway – somebody forgot to mention this out-of-band update:

      Windows 10, version 1809, Windows Server, version 1809, Windows Server 2019: KB5010791

      https://support.microsoft.com/help/5010791

      this one can be installed onto Windows Server 2019 or Windows 10 Enterprise LTSC 2019 (v1809)

    • #2419401

      That’s what I’m doing.  I have 2019 and still looping and the “fix” doesn’t want to apply to 2019.  Uninstalling, Disapproving update and waiting till February.  Microsoft failed on this one.

      • #2419407

        When you attempt to install it, what does the error message say?

        Susan Bradley Patch Lady

    • #2419597

      How does this effect Win 10 21H1 home users?

      • #2419629

        I’m not seeing major issues for home users.  Stay tuned for the alert/MS Defcon to change early next week.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2419602

      I received KB5010794 as an optional update on WU for Windows 8.1.

      I tried to install it, but it won’t install so I will leave it.

      • #2419628

        What error message did you receive?

        Susan Bradley Patch Lady

        • #2419652

          Hi Susan;

          “What error message did you receive?”

          None.  It just sits there.  There is no download activity.

          My disk light flashes a lot.

          Cheers.

           

        • #2419705

          Did you select it to install or was it just offered up to you?  It won’t be pushed, you have to select it.  Mind you I would only recommend it IF you are impacted by the business vpn issue.

          Susan Bradley Patch Lady

        • #2419771

          Hi Susan:

          It was an optional update that I selected to install.

          The problem doesn’t impact me at the moment but perhaps I will get a VM someday.

          I did finally get it to install.  My Windows 8.1 computer was running sluggishly, so I restarted and then ran a virus check.

          No viruses were found, but the check was slow.

          Things improved after that, and I was able to install the update very quickly.  No problems.

          Gremlins….

          Cheers.

    • #2419690

      Should we patch Servers (2012 R2, 2016, 2019) that are Stand Alone and NOT Domain Controllers or should we wait for the ALL Clear ??

      For Domain Controllers I get more confused the more I read and have NOT patched either of the Domain Controllers (2012R2) that I handle and I am looking for Guidance on exactly how to do this without having to worry about getting caught in a loop and having to run to customers far away and try to figure out how to back things out.

      I do all my updates remotely. I simply have whatever Microsoft has downloaded sitting in Que waiting to be installed and I am looking for step by step guidance on how to update for January.

      Thanks for any responses.

      • #2419702

        Susan Bradley said:  “When I raise the MS-DEFCON on 1/25 I’ll explain how to install updates on 2012 R2. If you HAVE to patch, you’ll need to do both the main patch for January -AND- this out of band on the 2012 R2 platform.”  I would wait to hear from Susan.  But I read both must be done without rebooting between them.
        See: https://www.askwoody.com/forums/topic/various-out-of-band-updates-out-to-fix-january-patch-issues/#post-2419141

        Personally, I may skip January and do the updates for February instead.

         

        • #2419800

          Because the February updates will be perfect…. 😉

          😀

          Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

    • #2420799

      I decided to try patching my 2012R2 test server this morning. It’s a Hyper-V guest, not host; domain-joined but not a DC.

      This article says that OOB KB5010794 is only available on Windows Catalog:

      https://support.microsoft.com/en-us/topic/kb5010794-out-of-band-update-for-windows-8-1-and-windows-server-2012-r2-january-17-2022-a92500fb-f227-400e-b70e-f7dd50386fd3

      My server, though, offered to install 0794 as an optional update at the same time it installed other January updates:

      20220124.Updates-1

      20220124.Updates-2

      After checking the optional 0794 update, I clicked install now. It said it was downloading 4 updates of 81MB (it had already downloaded the other 3). Then it confirmed it was installing 3 updates (not 4):

      20220124.Updates-3

      After the reboot, it tells me KB5009624 was installed and that 0794 is still available:

      20220124.Updates-4

      Installing it fails immediately:

      20220124.Updates-5

      Rather than try to diagnose corrupt update stores etc., I just downloaded 0794 from the Windows Catalog and installed it without incident. After the reboot:

      20220124.Updates-6

      So, got the updates, survived a reboot without the OOB patch, but still nervous about doing this on a remote customer’s DC server.

      • #2420810

        I don’t recommend rebooting the server until you install the Out of Band Update. If you do reboot, there is a chance you will be caught in the boot loop!  Susan Bradley said: “When I raise the MS-DEFCON on 1/25 I’ll explain how to install updates on 2012 R2″.  I may skip the January updates completely and wait until the February updates.

        • #2420815

          @Intrepid, that was exactly my concern, so it was nice to have both updates offered by WU at the same time. I was careful to check the optional update so they would install together. However, as you can see from the last screen shot, installing 0794 FAILED when installed together with 9624, then failed again when installed from WU after the reboot. Luckily, 0794 from Windows Catalog succeeded. But what if you install 9624 but can’t get 0794 installed?

    • #2420825

      “But what if you install 9624 but can’t get 0794 installed?”

      You would need uninstall it in safe mode without networking or boot normally and stop the net logon service immediately after login and then uninstall.  Some say the boot loop only happens if you have two domain controllers.
      Note: I have not tested any of these procedures.
      This is why I will probably just skip the January nonsense and wait for February updates.

      1 user thanked author for this post.
    Viewing 15 reply threads
    Reply To: Various out of band updates out to fix January patch issues

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.