Windows API broken after July cumulative update?

Topic

New Reply

We use Kaseya VSA Software Management do control our patching (for better or worse). After the July cumulative update the Windows API is broken, which we had confirmed by Kaseya support. That means a patch scan no longer finds new Windows Security updates like the August and September cumulative updates or the August .NET cumulative update.

This issue doesn’t come up if you just run Windows Update from a machine, as Windows API is not used in that scenario. We manage thousands of machines for hundreds of customers, making it a problem to run all this manually. So, there is a ‘fix’ by pushing the August cumulative update for Win11, KB5041585, using WUSA, which does seem to work, but not every time.

After pushing KB5041585 and checking locally with get-hotfix, we get a lot of machines showing they installed KB5041584 and Windows API isn’t fixed. Searching for KB5041584 just gets you a link to KB5041585, which is confusing. Troubleshooting did find 2 reboots might be needed to get the update installed correctly, but even that isn’t always enough. We are looking for reliable ways to get back on track. Does someone recognize this issue and maybe know an alternative method to fix the Windows API?

Reply | Quote

Replies

https://www.askwoody.com/forums/topic/omg-they-just-confirmed-that-repair-is-the-best-way-to-fix-this/

See if that jives with what you are seeing?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Sorry Susan,

I expected to get an email for any updates, so thought nobody had our issue. We are still trying to get to the bottom of this. It seems several options might be an influence. Some Windows update logs point to the Windows RE partitition being to small or maybe corrupt, which was an issue earlier this year.

We were able to resolve a few by resetting Windows Update, so cache folder and services/processes. Enough examples exist and have circulated for years. Using SFC /scannow and DISM options don’t seem to make a difference here.

About 80% or so can be fixed by manually (in our case through Kaseya agent procedures) installing KB5041585 and/or KB5043076, the cumulative Win11 updates for August or September. The rest tend to install the Stack updates as part of these updates, so KB5041584 and KB5043937 (I didn’t know that at the time of posting). At this time we do think having used Intune in the past on the machines causing issues and update rings might be a big factor here. But, that’s not easy to be sure about.

There is a solution, but that will cost the most time to do. Use an ISO file to run the setup.exe to do an install and keep personal applications and files, not a great option for around a thousand machines….

We can always hope that 24H2 might solve some of these cases where our best efforts just don’t cut it. But, that’s not something to do lightly.

Regards,
Eric.

Reply | Quote

When windows update has mangled itself the only way to fix it is via a repair install.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote