alert banner

ISSUE 20.43.1 • 2023-10-24
MS-DEFCON 3: Should you patch? It depends.


By Susan Bradley Comment about this alert

The October updates have been either mildly annoying or downright hostile.

Stop the presses: I’m urging caution by lowering the MS-DEFCON level to 3.

A big reason for this is that many folks are experiencing multiple reboots after patches are applied. We normally expect one reboot — one reboot only — when we patch. In theory, all updates should download the parts they need, install the updates, and then reboot. Only when all are installed and the system is ready should it reboot.

But not this month. Some of us received three updates, each of which triggered a reboot.

Business patchers saw some updates triggering an issue where Hyper-V client servers would fail to start after the installation of updates. The issue appears to be related to Veeam Backup & Replication software, which uses Hyper-V’s Resilient Change Tracking (RCT) and results in virtual machines’ failure to start. You then must decide whether to uninstall the update or rename or delete MRT/RCT files.

If you had a Windows 10 machine and removed the desktop search box (or made it smaller), the October updates arbitrarily reset your change and turned on a notification about it.

Consumer and home users

Most of the issues I’m tracking are (thankfully) in the business patching space, not the consumer space. So if you are a patcher in a home or standalone setting, I recommend that you install updates. Just be careful.

I do want to stress that you must have backed up your system, just in case. As with anything, having a backup ensures that you can recover from ransomware, a failed hard drive, or even a misbehaving update.

Microsoft acknowledged that some machines might fail to install KB5031356, the October Windows 10 update. Microsoft fixed the issue with a known-issue rollback but didn’t explain why some machines were hitting error 8007000D (ERROR_INVALID_DATA). Normally, that means some sort of problem with the update package.

KB5001716 reminds you that your machine needs updates. Given that I recommend that you stay updated, I don’t see a need for this update. If you have already installed the update, leave it installed — I don’t see it triggering abnormal behavior.

Business users

Business patchers this month have to tiptoe a bit more carefully. In addition to the possible failure of Hyper-V clients to boot after installing updates, we have several other business-only patching issues.

VMware ESXi servers with the latest updates are seeing blue screens of death after the October updates. The trigger appears to be Windows Server 2022 with VBS enabled on AMD servers which breaks after installation of KB5031364.

If you use Veeam software, be aware there is an interaction between services with Veeam and the October server updates for 2019 and 2022. You will need to either not patch your Hyper-V hosts until this is rectified, or review this guidance. The fix is to delete the .mrt and .rct files in same directory as the VHDs.

Next, if you still run WSUS on your servers, note that it may not offer up May updates on Windows 11 22H2 machines. So you may have to change the group policy on the Windows 11 22H2 machines to a new group policy in order to get it to point to WSUS. Note that this may impact config manager as well.

Windows 11 machines with BitLocker may receive an error in Microsoft Intune after patches are installed, as noted by Microsoft. You can mitigate this issue by setting either the “Enforce drive encryption type on operating system drives” or the “Enforce drive encryption on fixed drives” policy to Not configured.

Got an HP?

If you’ve been installing updates since July on certain HP computers and have been able to boot each month, review this month HP’s list of impacted models. Without a needed BIOS update, you may brick the computers and need a replacement system board. Follow these steps to prevent any issues.

  • Navigate to the Official HP Support site.
  • Enter your serial number or product name.
  • Click Submit.
  • Click Software, Drivers, and Firmware.
  • Select your Operating System version and click Submit.
  • Click the plus sign (+) to expand All Drivers.
  • Select the appropriate SoftPaq.
  • Click on the Download button to the right.
  • Follow the onscreen instructions to download and install the driver.
Pre-patched devices?

If you’ve ever purchased a phone or a tablet and then had to wait to get it fully up to date, you may be in luck in the future. Apple appears to be testing a pad device that can turn on an iPhone or iPad and update it to the latest software. As noted in this Bloomberg post:

The company has developed a proprietary pad-like device that the store can place boxes of iPhones on top of. That system can then wirelessly turn on the iPhone, update its software and then power it back down — all without the phone’s packaging ever being opened. The company aims to begin rolling this out to its stores before the end of the year.

My hope is that this tool will be developed in such a way that it cannot be hijacked by attackers and used to inject something malicious, whereupon the device is sold to an unwitting consumer. But it sounds good — it could save the Apple Store from selling devices that must be patched out of the box, individually, and perhaps by the consumer. It would mean delivering fully patched devices every time.

Of course, time will tell.



Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2023 AskWoody Tech LLC. All rights reserved.