Newsletter Archives

  • MS-DEFCON 3: Get your September patches installed — but stick to the mainstream patches

    Lots of people will tell you that you need to install strange (very strange!) patches to protect yourself from the “Exploited: Yes” zero day patch for CVE-2019-1367. I say meh. Stick to this month’s normally distributed patches and you’ll be OK.

    Details and step-by-step instructions in Computerworld Woody on Windows.

  • Where we stand with the September 2019 patches

    It’s a mess, folks.

    I can’t recall the last time Patch Lady Susan Bradley recommended that you pass on a zero-day patch. (A note for those of you who don’t get the AskWoody Plus Newsletter: You need to become an AskWoody Plus Member in order to receive or view the Newsletter. It’s easy, and you get to decide how much you want to donate. See the notice on the right side of this page.)

    Somebody please tell me again how Windows patching is getting better.

    Details in Computerworld Woody on Windows.

  • Confusion reigns supreme for admins facing this month’s patches

    Site admins I know are livid about this month’s mess-ups. Read this Twitter thread from Bryan Dam:

    There are thousands of threads (especially on Reddit) from people shaking their fists at Microsoft. And these are Microsoft supporters!

  • Three known bugs in the latest build of Win10 version 1903

    Microsoft is supposed to be keeping us informed of bugs in Win10 versions, and you’d think they’d be particularly on-the-spot about following up on bug reports in the newly christened “ready for broad deployment” version of their flagship product.


    I know of three bugs — all documented on this site — that bedevil both the current release of Win10 version 1903, build 18362.387, and its predecessor, the undistributed 18362.357:

    • The latest versions of Win10 1903 block installation of .NET 3.5. You may scoff that it’s an old version of .NET, but at least one large package — part of the ERP package known as SAP — requires .NET 3.5. Per Günter Born:

    [.NET 3.5] installation fails with the error:

    Microsoft-Windows-NetFx3-OnDemand-Package: 0x800f0954

    I installed the updated Sept 2019 Cumulative Update for Win10 x64 [1903] and it broke me printing to a network HP Color LaserJet Pro MFP M180NW… What happens in my case is the screen will flash, I hear the printer start, but then nothing. And then Windows closes any open windows. Almost like Windows Explorer restart. Job is not being held in the queue, printer is not offline (but HP software monitor says it is), this is a network printer I am testing on.

    • The latest versions of Win10 1903 trigger black screens when running RDP. Per an anonymous poster:

    We have HP z2 g4 mini PCs – Windows 10 Pro 1903 – we have installed the updates above and we still get a black screen on remote desktop. We tried changing the systems we are remoting to to use the MS Basic Display Driver but that did not resolve the issue. Rebooting allows the system to work for an unknown amount of time before it stops working again until the next reboot.

    And confirmation, again anonymously:

    I installed KB4517211 (OS Build 18362.387) and still have the RDP black screen on HP EliteDesk 800 G5 SFF and HP 800 G3 Mini desktops. I ran HP SDM on both models to ensure all OEM drivers are current as of 9/27.

    Those last two may be driver problems — hard to say — but a “ready for broad distribution” build shouldn’t trigger new bugs in longstanding drivers, eh?

    In all cases, rolling back the latest updates fixes the problem.

  • Reports of problems with HP printers after installing the second Sept Win10 1903 cumulative update, KB 4522016

    From the Patch Management mailing list:

    FYI: I installed the updated Sept 2019 Cumulative Update for Win10 x64 [1903] and it broke me printing to a network HP Color LaserJet Pro MFP M180NW.

    Since I also installed the Adobe Flash update, along with the .NET update for Sept 2019 at the same time, I thought it may be one of those, but through uninstalling all, and installing 1 at a time (Cumulative last) and testing printing between reboots, it was isolated to this update.

    I have since uninstalled KB4522016 (the update with the IE Zero-Day patch) and installed the KB4515384 predecessor and all is well.

    The problem’s been confirmed.

    That’s the second problem I’ve seen with the stunted IE-only patch KB 4522016.

    We’re still waiting to see if the third September cumulative update for 1903 will have the same problems.

  • What do we know about the big, scary, exploited, emergency patched Internet Explorer security hole CVE-2019-1367?


    Well, almost nothing.

    Do you think that Microsoft’s cleaned up its Windows patching mess?

    Details in Computerworld Woody on Windows.

  • Microsoft clarifies (?) its CVE-2019-1367 release method

    From the Windows Message Center:

    Update: Starting September 24, 2019, mitigation for this vulnerability is included as part of the 9C optional update, via Windows Update (WU) and Microsoft Update Catalog, for all supported versions of Windows 10, with the exception of Windows 10, version 1903 and Windows 10, version 1507 (LTSB). For devices running Windows 10, version 1903, mitigation for this vulnerability will be included as part of the 9D optional update via WU, WSUS and the Microsoft Update Catalog (targeted for September 26, 2019.) To apply this update, go to Settings > Windows Update > Check for Updates. (Note Because this update requires a reboot, we are making it optional to give customers and administrators a choice to install/deploy the update now.)

    For customers running Windows 8.1/ Windows Server 2012 R2 or below, the 9C update is also available on Windows Server Update Services (WSUS). For other supported versions, IT admins using WSUS can import this update into WSUS/SCCM manually. See instructions on the WSUS and the Catalog Site.

    For those of you who don’t speak, you know, insider hep talk, “9C” is shorthand for “the third week in September that includes a Tuesday.”

    This seems to imply that the second monthly cumulative update for Win10 1903 is scheduled to arrived on Sept. 26 (tomorrow), and that it will include the fix for CVE-2019-1367.

    You have to wonder if MS could come up with a Cortana translator for this stuff. I mean, it’s cool that the cognoscenti can all use their own language and all… but some normal people have to understand this, too.

    Thx @teroalhonen

  • Heads up! Many “optional non-security” updates are on the way

    These aren’t the wimpy download-only IE patches from yesterday. They’re the whole nine yards.

    Here’s what I see:

    Win10 version 1809 and Server 2019 – KB 4516077 – big bunch of fixes, apparently including yesterday’s IE patch (because they’re both cumulative)

    Win10 version 1803KB 4516045 – another big bunch.

    Win10 1709, 1703, 1607/Server 2016 patches also released.

    Win7KB 4516048 – Monthly Rollup Preview. Not much:

    Addresses an issue that may cause an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in the Event Log related to cryptnet.dll.

    Win8.1KB 4516041 – Monthly Rollup Preview. Fixes the bug that prevented IE 11 from running on RT devices.

    “Group B” patchers note that the IE zero-day fix only appears in the separate IE cumulative update, KB 4522007. You’ll need to hop over to “Group A” to get the IE fix.

    Details in Computerworld Woody on Windows.

  • More on the unexpected manual-install-only Win10 cumulative updates and IE patch

    As Susan Bradley details (see next post), in the past few hours Microsoft released a bunch of new Win10 cumulative updates:

    In addition there’s a single standalone patch, KB 4522007, that applies to IE in Win7, 8.1, Server 2012 and Server 2012 R2. It’s a plain-vanilla IE patch (which means it’s a rollup), arriving at a weird time. It’s NOT a Windows patch.

    Microsoft has released very little info about the security hole, identified as CVE-2019-1367, but apparently it’s been found in the wild, and it can be very nasty.

    If you don’t use Internet Explorer, you can safely ignore all of the hoopla. If you do use IE, rap yourself on the knuckles, click on those links and go diving for the update: You’ll only get it if you manually download and install it.

    At the same time, Microsoft released a notification of another security hole, CVE-2019-1255, that can conceivably be used to block Windows Defender updates. There’s no separate patch. You don’t need to worry about installing the fix, because Defender will patch itself.

    Perhaps this is why we didn’t see any Win10 cumulative updates last week – the “Week C” that usually brings at least a handful of them.

  • New complaints about Search in Win10 1903 with the September cumulative update

    After first warning that there were Start and Search problems with the latest Win10 version 1903 cumulative update, KB  4515384, MS then said that it couldn’t find any problems.

    Over on the mailing list, I see a documented problem:

    In a 3 monitor setup. Search works as expected on Monitor 1. On monitor 2 and 3, searching blanks the menu and disappears instead of populating with results.

    and confirmation:

    I’m seeing the same issue

    and a possible workaround:

    We were seeing start menu issues until we updated the administrative templates in GP.
    You can find new templates here:

    Can anybody else confirm?

  • MS says there’s no Start/Search bug in this month’s Win10 1903 cumulative update

    The official Release Status Info page was recently updated to say:

    Some users report issues related to the Start menu and Windows Desktop Search

    Microsoft has received reports that a small number of users are having issues related to the Start menu and Windows Desktop Search.
    Affected platforms:

    Client: Windows 10, version 1903

    Resolution: At this time, Microsoft has not found a Search or Start issue significantly impacting users originating from KB4515384. We will continue monitoring to ensure users have a high-quality experience when interacting with these areas. If you are currently having issues, we recommend you to take a moment to report it in via the Feedback Hub (Windows + F) then try the Windows 10 Troubleshoot settings (found in Settings). If you are having an issue with search, see Fix problems in Windows Search.

    Can anybody confirm or deny?

  • Microsoft tries to fix the sfc /scannow bug introduced by a patch in July, ends up clobbering Defender Malware

    @DrBonzo reports here on AskWoody:

    I’m running Win 7 Pro, SP1, x64. I just updated (actually about an hour ago by now) the definitions in MS Security Essentials to 1.301.1608.0. I tried a Full Scan and it quit scanning after 29 files. Tried a Quick Scan and it also stopped after 29 files. It’s not throwing any error codes and says that no threats were found after scanning 29 files. Gives me the big green checkmark. So, it looks just like a normal Full Scan except it only scans 29 files.

    I shut down the computer, restarted and attempted another definition update but was told I was already up to date. Tried another Full Scan with the same results as above.

    I’m now seeing reports from all over.

    Günter Born published an explanation in German (translated by Google):

    Earlier this week, Microsoft announced a silent update of the Defender Antimalware engine to version 4.18.1908.7. The update was long expected by me to fix the issue in the System File Checker caused by July 2019 updates…

    Microsoft has smuggled a friendly bug on the system. If you open up Windows security and have the system checked with a quick scan, after a few seconds and five files is over.

    Looks like the problem’s widespread. The solution? Roll back the silent update!

    There’s a reason why I’m not optimistic that MS has fixed its patching problems.