Newsletter Archives

  • MS acknowledges blue screen bug when installing the Aug or Sept cumulative update on Win10 version 2004 Lenovo machines

    Mayank Parmar at Windows Latest has the rundown on Microsoft’s latest confession:

    In a new support document that was quietly published over the weekend, Microsoft has warned that it has observed a number of other critical errors caused by KB4568831 or newer, which also includes the September 2020 patch…

    The problem appears to have been caused by a compatibility issue between Windows 10’s cumulative update, UEFI settings, and Lenovo’s Vantage app. With a cumulative update, Microsoft made a change that restricts how processes can access PCI device configuration and feature in UEFI could trigger this behaviour, which causes a Blue Screen.

    KB 4568831 is the Win10 version 2004 “optional, non-security, C/D/E Week” preview patch released in late July.

    Yes, the bug’s been around for six weeks. No, it hasn’t been fixed. But there is a manual workaround, discussed in Parmar’s article.

    Tell me again how version 2004 is ready for prime time.

  • Yes, you do need to patch sooner or later

    You know how I say that there’s no reason to patch as soon as the patches come out — but you need to patch sooner or later?

    Those of you running Windows Server as a domain controller just showed the rest of us how important that “sooner or later” can be.

    Microsoft patched CVE-2020-1472 last month. The security hole was (and still is) described as “2 – Exploitation Less Likely,” thus not of immediate concern. It wasn’t publicly disclosed or exploited at the time (it wasn’t a zero-day). If you followed along with the MS-DEFCON system (which, admittedly, isn’t designed for admins with Windows Server domain controllers) you would’ve installed the patch late last month or early this month.

    Good for you.

    Yesterday,the Dutch security company Secura B.V. released a full report of the security hole – and it’s a doozy. Catalin Cimpanu at ZDNet has a thorough description:

    According to Secura experts, the bug, which they named Zerologon, takes advantage of a weak cryptographic algorithm used in the Netlogon authentication process.

    This bug allows an attacker to manipulate Netlogon authentication procedures and:

    • impersonate the identity of any computer on a network when trying to authenticate against the domain controller
    • disable security features in the Netlogon authentication process
    • change a computer’s password on the domain controller’s Active Directory (a database of all computers joined to a domain, and their passwords)

    There are limitations to how a Zerologon attack can be used. For starters, it cannot be used to take over Windows Servers from outside the network. An attacker first needs a foothold inside a network.

    However, when this condition is met, it’s literally game over for the attacked company.

    It’s a bad one. But you got your Server patched a couple of weeks ago, yes?

    It’s rare to have a security hole erupt this quickly – although it does happen. We still haven’t seen widespread attacks. But it’s only a matter of time.

  • MS-DEFCON 4: Install the August updates, but avoid the Optional and non-security patches

    Now that we have the second cumulative update for Win10 version 2004, I feel confident in recommending that you install the August patches.

    Nope, Win10 version 2004 isn’t ready for prime time yet, but if the latest bumper crop of bug fixes work out OK – with few if any reported problems – we may be closer to having a stable version to jump to.

    Step-by-step details in Computerworld Woody on Windows.

  • Microsoft releases the “optional, non-security, C/D/E Week” patch for Win10 version 2004

    Microsoft just dropped the last “optional, non-security” August patch for a still-breathing Win10 version.

    Yep, the “optional, non-security, C/D/E Week” patch, KB 4571744, is now available via Windows Update – if you click the Download and install link.

    And look. At. All. The. Changes. I do believe that’s the longest list of changes in a Windows update that I’ve ever seen.

    Here’s the one I was waiting for:

    Addresses an issue that causes the Optimize Drives dialog to incorrectly report that previously optimized drives need to be optimized again.

    Microsoft’s way late in the game for Preview patches – Patch Tuesday is five days away – but at least we’re going to get a little bit of out-of-the-box testing.

    Of course you don’t want it. Of course.

  • Where we stand with the August patches

    Lenovo warns about Win10 version 2004 patch problems; Win8.1 plays catch up – but clobbers Cisco Anyconnect; the 50th reincarnation of an old “blast away the barnacles” Windows upgrade patch; and reported problems with printing in Win7 with the extra-cost Extended Servicing Updates.

    It’s a wild world out there – but Win10 version 2004 is starting to stabilize. Operative term: Starting.

    Details in Computerworld Woody on Windows.

  • Windows Latest: A fix for the broken Win10 version 2004 Drive Optimizer (Defrag) tool is being tested

    Just in from Mayank Parmar at Windows Latest:

    According to the changelog of Build 19042.487, this issue has now been resolved in Windows 10 20H2*. After beta testing the patch with Insiders, Microsoft plans to roll out the same update to those with Windows 10… version 2004 later this week or before September 1.

    So it looks like we may see an “optional, non-security, C/D Week” patch for Win10 version 2004 (no surprise there) that fixes the defrag/Drive Optimizer bug. (The bug shows an incorrect date for the last defrag run.)

    *In case you haven’t been following the latest obfuscating changes in Win10 numbering conventions, Win10 version 20H2 is the next version of Win10 – the one that follows Win10 version 2004. Version 2004 is still having teething problems, like this one.

  • Another grab bag of bugs in the Patch Tuesday crop

    As happens every month, there’s a laundry list of bugs that accompanied this month’s Patch Tuesday Win10 patches: Can’t install, Blue and Green Screens, system slowdowns and the like. Mayank Parmar at Windows Latest takes us through the litany:

    It appears that Windows 10’s August 2020 cumulative updates could be crashing some computers (mostly Lenovo ThinkPad hardware) when Hyper-V, Intel virtualization or Windows Sandbox features are enabled. Lenovo users have also flagged issues with Windows 10 August security patch and turning off virtualization feature resolves the problem for them.

    Are you hitting any problems?

  • Another round of “optional, non-security, C/D Week” patches for Win10 1909, 1903, 1809

    We just got another set of “optional, non-security, C/D Week” patches for Win10 versions 1903 and 1909 (KB 4566116) and 1809 (KB 4571748). There’s a long, long list of changes.

    Of course you don’t want to install them – unless you’re concerned about time zone information for Yukon Province Territory (see comments).

    As usual, the “optional, non-security, C/D Week” patch for Win10 version 2004 is still baking.

    In theory, the update appears as an “Optional updates available” update and if you want to get it, you need to specifically click Download and install. In practice, I still haven’t seen the notification – but it looks like the patch will be available even if you aren’t in the Windows Insider Preview ring.

    I don’t see it on my machines. Can you see it?

  • Krebs: This month’s code signing zeroday, CVE-2020-1464, has been around for two years

    This month we had two zero-days fixed in the Patch Tuesday crop. Several folks in the press screamed that the sky is falling and you have to get patched right now.

    Seems that the truth is a bit more prosaic. As truth frequently is.

    First we discovered that one of the zero-days, CVE-2020-1380, relies on Internet Explorer and it’s been used on an undisclosed South Korean company, in conjunction with other security holes. By itself, this zero-day doesn’t mean much.

    Now comes word from Brian Krebs that the other zero-day, CVE-2020-1464, was reported to Microsoft two years ago. It’s not exactly front-burner stuff:

    Asked to comment on why it waited two years to patch a flaw that was actively being exploited to compromise the security of Windows computers, Microsoft dodged the question, saying Windows users who have applied the latest security updates are protected from this attack.

    Moral of the story: It’s very, very rare that you need to patch immediately. Wait and see what problems crop up before you install the latest fare from Microsoft.

  • Minor problems with this week’s Win10 versions 1903/1909 and 2004 cumulative updates

    Mayank Parmar reports on Windows Latest:

    When installing Windows 10 KB4565351 (v1903/1909) and KB4566782 (v2004), users are saying that they are being greeted with unhelpful error messages, including 0x800f0988, 0x800f081f, and 0x800f08a.

    The most-reported error code is 0x800f081f and it could be related to missing files in the WinSXS folder that stores different copies of DLL and system files.

    [The Win10 version 1903/1909 cumulative update] is also breaking audio for some users and there are reports of Blue Screen of Death with “SYSTEM THREAD UNHANDLED EXCEPTION” error on Feedback Hub.

    I haven’t seen a lot of reports of those problems, but they’re irritating nonetheless.

    See Parmar’s article for descriptions and workaround.

  • Details from Kaspersky on this month’s IE 0day, CVE-2020-1380

    Boris Larin at Kaspersky has published details on one of the two “OMG! It’s a ZERO-DAY!” security holes plugged yesterday, CVE-2020-1380 – “Scripting Engine Memory Corruption Vulnerability”

    Looks like it’s Internet Explorer-only, JavaScript based, and used in an attack “on a South Korean company.”

    That’s pretty standard fare for Patch Tuesday zero-days. Yep, you have to patch eventually. Yep, if you’re defending state secrets you need to be aware of it. But for most of us it’s no big deal.

  • Report that this month’s Win10 version 2004 cumulative update, KB 4566782, is throwing error 0x800f0988

    Looks like the error also occurred in the preview, released July 31.

    From artins90 on Reddit:

    The update KB4566782 is not working 0x800f0988:

    Exec: Failed to pre-stage package: Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~~10.0.19041.1,
    component identity: amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_e190f18a08ed1a44,
    file: Flash.ocx, sandbox: \?\C:\WINDOWS\CbsTemp\30830624_112917922\,
    file format: 0 [HRESULT = 0x800f0988 – PSFX_E_INVALID_DELTA_COMBINATION]

    Anybody else see the same problem?