Microsoft Patch Alert: January patches include a reprisal of KB 4023057 and a swarm of lesser bugs

Credit to Author: Woody Leonhard| Date: Wed, 30 Jan 2019 09:12:00 -0800

In general, the January patches look relatively benign, but for some folks in some situations they can bite. Hard.

On the surface we’ve seen the usual Patch Tuesday Cumulative Updates and secondary Cumulative Updates for all versions of Windows 10. Microsoft calls the secondary Cumulative Updates “optional” because you only get them if you click “Check for updates.”

Windows 7 and 8.1 got their usual Monthly Rollups, but there’s a problem. Specifically, this month’s Win7 Monthly Rollup has a couple of bugs that are only fixed if you install the preview of February’s Monthly Rollup. Which makes no sense at all, but that’s Microsoft. There’s another Win7 Monthly Rollup bug that’s fixed by installing a different “silver bullet” patch.

To read this article in full, please click here

Read more

Microsoft Patch Alert: Mystery patches for IE and Outlook 2013 leave many questions, few answers

Credit to Author: Woody Leonhard| Date: Fri, 21 Dec 2018 08:21:00 -0800

Just when you’re ready to settle in for some egg and nog and whatever may accompany, Windows starts throwing poison frog darts. This month, a fairly boring patching regiment has turned topsy turvey with an unexplained emergency patch for Internet Explorer (you know, the browser nobody uses), combined with an Outlook 2013 patch that doesn’t pass the smell test.

Mysterious bug fix for IE

Microsoft set off the shower of firecrackers on Dec. 19 when it released a bevy of patches for Internet Explorer:

Win10 1809KB 4483235 – build 17763.195

To read this article in full, please click here

Read more

Microsoft Patch Alert: After months of bad news, November’s patching seems positively serene

Credit to Author: Woody Leonhard| Date: Thu, 29 Nov 2018 08:30:00 -0800

By far the most important reason for this month’s relative patching calm: Microsoft decided to wait and get the Windows 10 (version 1809) patch right instead of throwing offal against a wall and seeing what sticks.

What remains is a hodge-podge of Windows patches, some mis-identified .NET patches, a new Servicing Stack Update slowly taking form, a bunch of Office fixes – including two buggy patches that have been pulled and one that’s been fixed – the usual array of Flash excuses and Preview patches.

To read this article in full, please click here

Read more

Microsoft yanks two buggy Office patches but keeps pushing one that crashes

Credit to Author: Woody Leonhard| Date: Mon, 19 Nov 2018 08:15:00 -0800

Two related Office 2010 non-security patches issued on Nov. 6 were pulled on Nov. 17. KB 4461522 and KB 2863821 are both related to changes coming in the Japanese calendar next month attributed to the abdication of Emperor Akihito in favor of his son, Naruhito. The event has been compared to the Y2K problem in the west. It’s not clear why two patches were released on Nov. 6 to accommodate that calendar change, but both KB articles now sport the admonition:

To read this article in full, please click here

Read more

Who Is Agent Tesla?

Credit to Author: BrianKrebs| Date: Mon, 22 Oct 2018 19:55:32 +0000

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malware’s apparent creator seems to have done little to hide his real-life identity.

Read more

Microsoft Patch Alert: October’s been a nightmare

Credit to Author: Woody Leonhard| Date: Wed, 17 Oct 2018 10:30:00 -0700

This month’s bad patches made headlines. Lots of headlines. For good reason.

You have my sympathy if you clicked “Check for updates” and got all of the files in your Documents and Photos folders deleted. Even if you didn’t become a “seeker” (didn’t manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers — and Edge and your UWP (“Metro” Store) apps might have been kicked off the internet.

You didn’t need to lift a finger.

Worst Windows 10 rollout ever

Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked “Check for updates” wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their Documents, Pictures, Music, Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:

To read this article in full, please click here

Read more

Microsoft Patch Alert: Despite weird timing, September’s Windows and Office patches look good

Credit to Author: Woody Leonhard| Date: Thu, 20 Sep 2018 08:40:00 -0700

As we near the end of patching’s “C Week” (which is to say, the week that contains the third Tuesday of the month), there are no show-stopping bugs in the Windows and Office patches and just a few gotchas. As long as you avoid Microsoft’s patches for Intel’s Meltdown/Spectre bugs, you should be in good shape.

Why a Patch Monday?

On Sept. 17, Microsoft released two very-out-of-band cumulative updates for Windows 10:

To read this article in full, please click here

Read more

Get caught up on your July and August Windows/Office patches

Credit to Author: Woody Leonhard| Date: Wed, 05 Sep 2018 12:29:00 -0700

With the arrival of “Fourth Week” patches on the last working day of August, and having had a few days to vet them, it looks as if we’re ready to release the cracklin’ Kraken.

The steaming pile of Windows Intel microcode patches

Microsoft continues to unleash microcode patches for Meltdown and Spectre (versions 1, 2, 3, 3a, 4, n for n >=4). You won’t get stung by any of them, unless you specifically go looking for trouble.

To read this article in full, please click here

Read more

Microsoft Patch Alert: Mainstream August patches look remarkably good, but watch out for the bad boys

Credit to Author: Woody Leonhard| Date: Thu, 23 Aug 2018 14:01:00 -0700

So far this month we’ve only seen one cumulative update for each version of Windows 10, and one set of updates (Security only, Monthly Rollup) for Win7 and 8.1. With a few notable exceptions, those patches are going in rather nicely. What a difference a month makes.

We’ve also seen a massive influx of microcode updates for the latest versions of Windows 10, running on Intel processors. Those patches, released on Aug. 20 and 21, have tied many admins up in knots, with conflicting descriptions and iffy rollout sequences.

Big problems for small niches

At this point, I’m seeing complaints about a handful of patches:

  • The original SQL Server 2016 SP2 patch, KB 4293807, was so bad Microsoft yanked it — although the yanking took almost a week. It’s since been replaced by KB 4458621, which appears to solve the problem.
  • The Visual Studio 2015 Update 3 patch, KB 4456688, has gone through two versions — released Aug. 14, pulled, then re-released Aug. 18 — and the re-released version still has problems. There’s a hotfix available from the KB article, but you’d be well advised to avoid it.
  • Outlook guru Diane Poremsky notes on Slipstick that the version of Outlook in the July Office 365 Click-to-Run won’t allow you to start Outlook if it’s already running. “Only one version of Outlook can run at a time” — even if the “other version” is, in fact, the same version.
  • The bug in the Win10 1803 upgrade that resets TLS 1.2 settings persists, but there’s an out-of-the-blue patch KB 4458116 that fixes the problem for Intuit QuickBooks Desktop.
  • The Win10 1803 cumulative update has an acknowledged bug in the way the Edge browser interacts with Application Guard. Since about two of you folks use that combination, I don’t consider it a big deal. The solution, should you encounter the bug, is to uninstall the August cumulative update, manually install the July cumulative update, and then re-install the August cumulative update — thus adding a new dimension to the term “cumulative.”
  • The Win7 Monthly Rollup has an old acknowledged bug about “missing file (oem<number>.inf).” Although Microsoft hasn’t bothered to give us any details, it looks like that’s mostly a problem with VMware.

The rest of the slate looks remarkably clean. Haven’t seen that in a long while.

To read this article in full, please click here

Read more

Microsoft Patch Alert: Still reeling from one of the worst patching months ever

Credit to Author: Woody Leonhard| Date: Thu, 26 Jul 2018 14:31:00 -0700

If you ever wondered why people — and organizations — are taking longer and longer to willfully install patches, take a look at what happened this month. After a disastrous start, Windows 10 patches seem to be OK, but .NET and Server patches still stink.

For most of the year, we’ve seen two big cumulative updates every month for each of the supported Win10 versions. This month, so far, we’ve had three. Microsoft’s claim that it will install the Win7 and Win8.1 Monthly Rollups defies logic. The .NET patches are in such bad shape that the .NET devs have thrown in the towel. And here we sit not knowing exactly which way is up.

Three Win10 cumulative updates for each version in July

On Patch Tuesday, July 10, as usual, Microsoft rolled out cumulative updates for all of the supported versions of Windows 10. Almost immediately we heard screams of pain as four big bugs, later officially acknowledged, hit the fan. Six days later, Microsoft released a second set of cumulative updates, again for all versions of Win10. Those updates were specifically designed to fix the bugs introduced by the original updates. The build numbers in the Knowledge Base articles didn’t match the build numbers that people actually installed but, well, that’s Microsoft.

To read this article in full, please click here

Read more

Microsoft Patch Alert: Some bugs in Win 10 (1803) fixed, others persist

Credit to Author: Woody Leonhard| Date: Wed, 27 Jun 2018 13:23:00 -0700

Microsoft’s patches in June took on some unexpected twists.

Windows 7 owners with older, 2002-era Pentium III machines got their patching privileges revoked without warning or explanation (and a documentation cover-up to boot), but there’s little sympathy in the blogosphere for elderly PCs.

Win10 1803 was declared fully fit for business, a pronouncement that was followed weeks later by fixes for a few glaring, acknowledged bugs — and stony silence for other known problems.

To read this article in full, please click here

Read more