News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • New versions of buggy March Win7 patches are out

    Posted on April 5th, 2018 at 02:53 woody Comment on the AskWoody Lounge

    I have no idea what changed, but Günter Born reports (and a check of the Update Catalog confirms) that there are new versions of:

    KB 4088875 – Win7 March Monthly Rollup (dated, in the Update Catalog, as April 4)

    KB 4088878 – Win7 March Security-only patch (also April 4)

    KB 4088881 – Preview of the Win7 April Monthly Rollup (also April 4)

    KB 4090450 – Spectre V2 patch for Server 2008 (dated April 3)

    Looking at the KBNew page, I also see new versions of:

    KB 4099950 – the hotfix patch for bugs in the March Win7 patches (now dated April 4) – I talked about this fix of a fix of a … earlier this week in Computerworld.

    KB 4088879 – the Win8.1 Security-only patch (still dated March 10)

    And, as noted in several places on AskWoody, there’s a new version of the old favorite KB 2952664 — the patch that so helpfully makes it easier to upgrade Win7 to Win10 — and its Win8.1 cohort, KB 2976978.

    Born identifies new notes in the KB articles for the Win7 Monthly Rollup and the Preview Monthly Rollup that say:

    Important Please apply KB4100480 immediately after applying this update. KB4100480 resolves vulnerability in the Windows kernel for the 64-bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038 .

    You may recall that KB 4100480 is the “OMG” patch issued by MS when they figured that all of this year’s Win7 patches opened a huge “Total Meltdown” security hole in Win7.

    In addition, the description of the KB 4088875 Monthly Rollup patch and the KB 4088878 Security-only patch now advise:

    After you install this update, you may receive a Stop error message that resembles the following when you log off the computer:

    SESSION_HAS_VALID_POOL_ON_EXIT (ab)

    The solution on offer is KB 4099467, which is a single-shot hotfix for Win7 designed specifically to fix this bluescreen.

    How about them apples….

    Can any of you shed light on the reasons for the changes — in particular, do they fix any of the gazillion security holes in last month’s patches? If so, care to speculate on why Microsoft just slipped this stuff out without any announcement?

    And… when will it be safe to get back in the Win7 patching water?

  • Sorting through the Patch Thursday and Friday offerings

    Posted on March 31st, 2018 at 07:34 woody Comment on the AskWoody Lounge

    My head is still spinning. Over the past two days (in addition to learning that Windows honcho Terry Myerson is leaving, and the Windows team is being scattered to the winds) we’ve had an enormous number of poorly documented, overlapping, and completely inscrutable patches.

    Let me see if I can bring some sanity to the mess.

    A destructive fix for Total Meltdown

    KB 4100480 kicked off the two days from patching purgatory with a Windows 7/Server 2008R2 kernel update for CVE-2018-1038, the “Total Meltdown” bug Microsoft introduced in Win7 back in January and kept re-installing ever since, most recently with the March Patch Tuesday Monthly Rollup KB 4088875 and Security-only patch KB 4088878. Susan Bradley immediately jumped into the fray with an initial warning Thursday afternoon. Microsoft’s documentation was so bad we had no idea what was being fixed, which bugs were being passed along — and whether this fix introduced even more bugs in the original Meltdown/Spectre January patch.

    Just a reminder that there are NO known exploits of Meltdown or Spectre in the wild.

    Ulf Frisk, the guy who discovered this gaping security hole (where a program can read or write data essentially everywhere on Intel PCs running 64-bit Win7/Server 2008R2), said on Wednesday that this month’s Monthly Rollup fixes the hole. The next day he said that, oops, this month’s Monthly Rollup doesn’t fix the hole and Microsoft revealed that, uh, this month’s Monthly Rollup actually introduces the hole.

    How bad is the hole? Kevin Beaumont (@GossiTheDog) says:

    An anonymous poster says:

    Ah, yeah… we’ve produced at least 11 botched up hotfixes in a row which made a gaping security hole out of a theoretical exploit, the most recent of them not even one week old yet, but 12th time’s the charm… absolutely trust us.

    Many folks were wondering how this patch stacks up with all of the (many!) other problems we’ve seen with this month’s Win7 Monthly Rollup and Security-only patches. The Folks Who Know Such Things now say that this patch does, indeed, introduce all of those problems — the SMB server memory leak that brings down servers, random re-assignment of static IP addresses, and three separately triggered bluescreens.

    A fix for patches that don’t have problems

    Also on Thursday afternoon, Microsoft dropped a handful of patches that fix other bad bugs in previous patches. Susan Bradley has a short list that includes KB 4096309 for Win10 1607/Server 2016 that “Addresses an issue that can cause operational degradation or a loss of environment because of connectivity issues in certain environment configurations after installing KB4088889 (released March 22, 2018) orKB4088787 (released March 13, 2018).” As Susan notes, both of the referenced fixes are still listed in the KB articles as “Microsoft is not currently aware of any issues with this update.”

    Bluescreen stoppers

    Then there are the patches that fix bluescreens generated by earlier botched patches:

    • KB 4099467 – Stop error 0xAB when you log off a Windows 7 SP1 or Windows Server 2008 R2 SP1 session. That’s a bug introduced in this month’s Win7/Server2008R2 patches.
    • KB 4099468 – Stop error 0xAB when you log off a Windows Server 2012 session. That bug was introduced in this month’s Server 2012 patches
    • KB 4096310 -Stop error 0xAB when you log off a Windows Server 2008 session. Ditto ditto ditto.

    Save your IP if you’re prescient

    And then there’s KB 4099950, Network Interface Card settings can be replaced, or static IP address settings can be lost, released Friday, chronicled by MrBrian. Ends up this is just a package for the (modified) VBScript that, when run prior to installing this month’s patches for Win7, avoids the static IP busting nature of the patch. I talk about the VBScript program in my Computerworld Patch Alert article.

    Abbodi86 describes it:

    So it’s the easy automated version of the VBscript. It checks if KB2550978 hotfix is installed (or any superseder). [Note: KB 2550978 is a many-year-old hotfix, last updated more than a year ago.] The hotfix actually describe the mess with NIC and March updates in very informative way

    I wonder why Microsoft didn’t roll out that important fix years ago through Windows Update

    The important note is that you have to run KB 4099950 before you install this month’s Win7/Server 2008R2 patches.

    MrBrian goes on to note that the KB article for 4099950 contains this gem:

    Important:  This update must be installed prior to installing KB408875 or KB408878

    Which is hogwash, of course. Microsoft’s missing an “8” or two.

    What else?

    So what did I miss?