Replies

So far, I have updated four Win 10 Pro 22H2 “canary” machines, and one semi-canary machine with KB 5035845.

Two machines with Office Pro 2016 C2R also updated to v2402 (Build 17328.20184)

No obvious issues seen yet. Only one was semi-stress tested so far. If I see anything untowards I will update.

YMMV

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

Two canary 22H2 W10 Pro x64 machines updated so far. No issues seen other than the now standard premature restart notification when the .NET update is installed but the CU is still in the midst of installing. We always wait for all updates to show “Pending restart”

CU KB5034763

.NET KB5034685

Plus the WMSRT v 5.121 KB890830

However, not stress tested yet. More to come.

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

More Win10 Pro 22H2 x64 test results

Updated three older Win10 Pro x64 22H2 canary machine with KB5033372 –

No issues seen other than also missing  MSRT (Malicious Software Removal Tool) for December.

One more (4th) older Win10 Pro x64 22H2 canary machine (Dell Precision T3500) with KB5033372 seemed to get wrapped around a pole with multiple failed restarts when requested. However, eventually it seems to have worked once the Start->power button option ~”Apply Updates and Restart” was selected.

I’m about to try it on my two semi modern daily machines where I can test other possible impacts on our development environment. Fingers crossed.

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

TechTango

I like to read this forum thread on Wednesday so that I have an idea if anyone else is seeing issues before I start testing on our test machines. There seem to be less posts… What The Hey? Is everyone off in eggnog-land or otherwise enjoying seasonal festivities?

I guess it’s time to unleash the Kracken (aka WU) on a few test machines.

PS. Thank you to everyone who participates in this thread.

 

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

I think we need more quick emojis/replies other than “Thanks” – because your post/response made me laugh.

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

GeeBeeDee

We used to use PCTools and then Norton bought them and orphaned it. Norton/Symantec put up a big red flag in my neighborhood at that time. And I saw this purchase competition and disappear them repeated with other tools. Not a fan of Norton/Symantec for sure.

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1. I’ve had success with patching 4 Windows 10 22H2 test machines, then patching and testing my work machines (laptop and desktop) with these latest set of 4 Windows Updates since October.
   1. KB5032189 2023-11 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5032189) http://support.microsoft.com/kb/5032189
   2. KB4023057 2023-10 Update for Windows 10 Version 22H2 for x64-based Systems (KB4023057) http://support.microsoft.com/kb/4023057
   3. KB5032339 2023-11 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5032339) http://support.microsoft.com/kb/5032339
   4. KB890830 Windows Malicious Software Removal Tool x64 – v5.119 (KB890830) http://support.microsoft.com/kb/890830
2. Questions: Based on my above results, I’ve now authorized others in our group to apply these November updates. However: One user has reported an odd repeated installation of the September and October .NET Framework cumulative updates, KB5031224 and  KB5030180. Anyone else seeing this peculiarity? Fortunately the older cumulative .NET Framework updates preceded the install of the November .NET Framework cumulative update, but the meaning of cumulative seems “obscured” by this odd behavior. Anyone know what’s up with this?

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1. I’ve had success with patching 4 Windows 10 22H2 test machines, then patching and testing my work machines (laptop and desktop) with these latest set of 4 Windows Updates since October.
   1. KB5032189 2023-11 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5032189) http://support.microsoft.com/kb/5032189
   2. KB4023057 2023-10 Update for Windows 10 Version 22H2 for x64-based Systems (KB4023057) http://support.microsoft.com/kb/4023057
   3. KB5032339 2023-11 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5032339) http://support.microsoft.com/kb/5032339
   4. KB890830 Windows Malicious Software Removal Tool x64 – v5.119 (KB890830) http://support.microsoft.com/kb/890830
2. Questions: Based on my above results, I’ve now authorized others in our group to apply these November updates. However: One user has reported an odd repeated installation of the September and October .NET Framework cumulative updates, KB5031224 and  KB5030180. Anyone else seeing this peculiarity? Fortunately the older cumulative .NET Framework updates preceded the install of the November .NET Framework cumulative update, but the meaning of cumulative seems “obscured” by this odd behavior. Anyone know what’s up with this?<!–EndFragment –>

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

I have not seen this desktop icon problem yet on two Win 10 22H2 Pro machines updated with:

KB5030211

KB5030180

and

KB890830

One machine is a late 2017 Dell XPS 9360 laptop running a 13″ display with 175% scaling setting….

The desktop is significantly older… 2011 (although I seem to remember upgrading the graphics display adapter/card)

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

Am I reading this correctly? – The “fix” for the following vulnerability is to add registry keys? (we don’t have Intune, nor do we run Defender for Office)

Notice that Bleeping Computer’s article https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2023-patch-tuesday-warns-of-6-zero-days-132-flaws/

indicates that CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability  which is under active exploit does not have an associated security patch/fix?

Instead they talk about various methods to mitigate this attack. One of which is adding registry key(s)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION

Where one needs to add the names of various Office applications that one would want to block from creating a child process. And of course test this so that benign creation of child processes by these applications are not afflicted.

I do not have this registry key in HKLM. There is no “Internet Explorer” branch past …\Policies\Microsoft

Internet Explorer?!

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

Thank you PKCano. I’ve also found that close and reopen to work in the past. Did not work this time around….

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

I’ve also observed this premature/early restart when a .NET update is in the mix of updates.

And this month (April), several Win10 Pro 21H2 machines’ Settings->Update & Security->Windows Update panels exhibited the strange behavior of showing the update(s) available, downloading, then suddenly no longer reporting “installing” but instead reporting prematurely “You’re up to date” well before the cumulative update was done and a restart notification issued.

First time I saw it I thought I was mistaken about having seen the cumulative update briefly start installing. I thought maybe the cumulative update had failed?  I searched the update history, and the cumulative update was not present. Finally after some time, the restart notification showed up. And the cumulative update was done successfully.

I hypothesize this annoying update status/progress glitch is due to the new embedding of the Servicing Stack Update (SSU) in the cumulative update.

 

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

lmacri

This is also what I do. I use the DHCP server on the router to reserve some addresses for particular devices involved in providing shared resources. This way the mapping stays “static”.

Also, I think you do not want to just pick a previously assigned IP from the DHCP server’s space of dynamically assignable IP numbers. Often the DHCP server will leave some of the private IP space (192.168.x.y) alone and not assign numbers in that section of the private network space.  For example it will leave, 192.168.1.2-40 alone, and start assigning IP numbers “above” 192.168.1.40. In this example, the first dynamic assignment the DHCP server will make will start at 192.168.1.41 . Therefore you’d want to make your static IP assignments within this non-DHCP (2-40) available range to avoid potential future collisions.

There is a bit more to my madness as well. For WiFi and home (not business) devices I use a separate router in a slightly different IP space.

Ontop of that the WiFi router offers a separate vlan with a separate SSID for “guests” that can be isolated from the rest of the home network, and furthermore can optionally be set to not allow any device on that “guest” network the ability to contact/discover any other device on the “guest” network. Beyond the fact that I cannot control what security patches my visitors implement (I have one visitor that thinks they know better than to apply security patches – ever…) I’m also concerned about all the IoT devices hooked up via WiFi. This is because as the saying goes “The S in IoT stands for Security”*. Therefore I generally isolate all these connected devices from each other and the rest of the home network. (It’s a bit less convenient when you first attach a new device to your WiFi, since you often have to turn off this isolating rule on the router, but therein after the device is talking to a cloud account, and your phone app is talking to the same cloud account, and then all is good…. After a few extra incantations and other exclamations )

*Here’s an example of some fine IoT security (NOT) https://www.bleepingcomputer.com/news/security/hackers-can-open-nexx-garage-doors-remotely-and-theres-no-fix/

 

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

1 user thanked author for this post.

wavy

WSmeyerbos

Try to “Unblock” the file.

Right-click on the exe file that is the App and select Properties.

Switch to the General Tab and locate the Unblock option.

Check it and click Apply.

Or for more detail:

Bypass “Administrator Blocked You From Running This App” in Windows 10 (softwarekeep.com)

I hope it works for you. (I remember when I first saw this… )

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun

3 users thanked author for this post.

WSBirdLady, Lars220, Alex5723

I’ve seen this new behavior with the Windows Update interface on multiple Win10 21H2 machines. Downloading KB5023696, then pending install, then it appears that nothing is happening, then finally a pending restart, with restart notification.  It’s a little unnerving. Since I don’t have time to sit there and watch every test machine as it goes through its paces I thought I was missing something… Good to know others have seen this new behavior.

Like, I saw WU was going to install the update, what happened to the install phase status?

I suspect that this could be their fix to the glitch we’ve seen with premature restart notifications when there is a .NET update also. The .NET update would finish first, and before the normal OS Q&S update would finish, a restart notification was triggered…. If you did restart at that time, it would trash the normal OS Q&S update, requiring you still apply it after the restart. Correct but inefficient. Not sure I like this new method though.

Basic research is what I am doing when I don't know what I am doing - Werner Von Braun