Microsoft Thanksgiving turkeys: One patch disappears, another yanked
Credit to Author: Woody Leonhard| Date: Mon, 27 Nov 2017 06:37:00 -0800
For those of us keeping track of Windows patches, the long four-day weekend in the U.S. felt like another instantiation of Mr. Toad’s Wild Ride. Here are the developments, in more or less chronological (which is to say, not logical at all) order.
While many of you were sneaking out the door early on Wednesday, Microsoft released KB 4055038, a fix for bugs that clobbered Epson dot matrix printers, introduced in this month’s Patch Tuesday security patches. I talked about the bug two weeks ago. In short, a bug in all of this month’s Windows security patches caused Epson dot matrix printer drivers to fail. The bug appeared in:
No matter how you slice it, that’s one impressive list of buggy Windows versions. As I explained at the time, the bug isn’t in Epson’s printer drivers. The bug’s in Microsoft’s security patches. All 11 of them.
Microsoft released a fix for the bug just as many of us were off to visit family, friends and others with malfunctioning printers. The fix, called KB 4055038, only applies to these six products:
Of course, Microsoft didn’t document the rollout on its official Windows Update page. (Still hasn’t, far as I can tell.) But apparently KB 4055038 went out the Automatic Update chute on or around Nov. 21. Those of you who use Epson dot matrix printers on Win7 or 8.1, and have Automatic Update enabled, would’ve been without a printer for a week.
Raise your hand if you bought a new printer over the weekend because the old one wouldn’t work.
Microsoft’s fix for older versions of Windows didn’t plug the printer hole in more recent versions of Windows. For that, we had two patches released on Nov. 22.
KB9999786 was accidently published as a test package to WSUS/Catalog. This package has been removed from WSUS/Catalog. Customers who downloaded KB9999786 should delete/remove this package.
So at this point we still don’t have Epson dot matrix printer support for:
Epson has kindly provided a matrix listing some of the outstanding problems with Microsoft’s updates. It managed to keep the verbiage civil, possibly because the sudden failure of so many old printers must’ve contributed to the bottom line. Ka-ching.
As if that weren’t enough to make you choke on your cranberry sauce, we had a second, separate row with .Net updates. Günter Born picked it up on his Tech and Windows World blog. Microsoft officially released these four .Net updates on Patch Tuesday:
Now, it looks as if all of those have been pulled. Although all of the patches still appear in the official Windows Update list, none are available in the Update Catalog, and there’s no indication in either the Update list or in the individual KB articles that explain why.
If you want to find out why, you need to unravel a comment posted by Microsoftie Rich Lander on an obscure MSDN Technet entry. Lander describes Microsoft’s quandary on releasing .Net bug fixes (“quality only” updates) and security fixes, and how those fit into the Patch Tuesday model. Abbodi86 asks:
Why didn’t the November Rollup (quality-only) supersede October Rollup (quality-only)? i.e. for Windows 8.1, both November (KB4043767) and October (KB4049017) are requested
To which Lander replied:
Good question. That’s a mistake on our part. We will fix the supercedence so that November supercedes October. Because of the upcoming US holiday, we won’t be able to fix it until later in the month.
The, uh, net result to Windows users: You may or may not see the patch(es). Since it’s a “quality only” patch, it’s just a bug fix. There are no security issues lurking. Go back to sleep, but make sure Automatic Update is turned off.
So over the long weekend we discovered how Microsoft tests and fixes dot matrix printers, and how it stumbles over its own .Net patching regimen. Kinda makes you feel warm and fuzzy, yes?
The AskWoody Lounge is bobbing up and down as we roll in security patches. Join us if you can.