![](\"https:\/\/images.idgesg.net\/images\/article\/2017\/09\/windows_patch_security8-100734737-large.3x2.jpg\"\/)
<\/p>\n
Credit to Author: Woody Leonhard| Date: Mon, 02 Apr 2018 07:33:00 -0700<\/strong><\/p>\n As many of us were getting ready for the holiday weekend, after the surprise announcement about Windows being torn into three pieces, Microsoft shoveled yet another load of patches out the Automatic Update chute. Think of it as the software equivalent of a Friday night news dump.<\/p>\n KB 4100480<\/a> kicked off the two days from patching purgatory with a Windows 7\/Server 2008R2 kernel update for CVE-2018-1038, the \u201cTotal Meltdown\u201d bug Microsoft introduced in Win7 back in January. Total Meltdown, you may recall, is a huge security hole implemented by all of these Microsoft security patches:<\/p>\n If you installed any of those 11 patches on your Intel 64-bit Windows 7\/Server 2008 R2 computer, you opened up a gaping hole known as \u201cTotal Meltdown,\u201d or CVE-2018-1038<\/a>, that allows any program running on your computer to run in kernel mode. Yes,\u00a0any <\/i><\/strong>program that\u2019s running can read or write into any part of memory.<\/p>\n Microsoft infected all of those machines to defend against the professionally marketed Meltdown\/Spectre vulnerability, which has never, ever been seen in the wild. Kevin Beaumont (@GossiTheDog on Twitter) said it best<\/a>:<\/p>\n The amazing thing is Meltdown is academic research, which is realistically very difficult to do at scale (ie nobody has managed it) whereas this introduced issue is trivial to exploit \u2014 even I can do. And I\u2019m thick.<\/p>\n Vess Bontchev goes on to say:<\/p>\n The single bug this [KB 4100480] update fixes is catastrophic. Basically a bug that negates the fundamental security protections of the OS and returns it to the times of MS-DOS.<\/p>\n Ulf Frisk, the guy who discovered this gaping security hole, said last Wednesday that the March Monthly Rollup, KB 4088875, plugs the hole. The next day he said that, oops, the March Monthly Rollup doesn\u2019t<\/i><\/strong> fix the hole. Microsoft has now confirmed that the March Monthly Rollup actually introduces<\/i><\/strong> the hole.<\/p>\n With the multitude of problems introduced by the March security patches, you may be wondering if this new (patch of a patch) ^ 12\u00a0brings along with it the bugs that have led to Microsoft \u201cunchecking\u201d the patch in Windows Update<\/a> \u2014 to put it bluntly, the March patches stink so badly that Microsoft stopped force-feeding them a week ago.<\/p>\n MrBrian has a step-by-step analysis<\/a> of the bugs in the March patches and whether they\u2019re inherited by KB 4100480. He concludes that the Internet Explorer, phantom NIC and reset manual IP bugs, and bluescreen VALID_POOL_ON_EXIT bugs in the March patches aren\u2019t present in this new patch. The SMB server memory leak bug may or may not be in this new patch, but the bug has been around since January. And the bluescreens for PAE and SIMD may or may not be in the new patch.<\/p>\n We\u2019ve had ongoing coverage<\/a> at AskWoody about the KB 4100480 patch and its mess. Susan Bradley, who has lots of experience with small business installations, has gone so far as to recommend SMEs with 64-bit Win7 machines roll them back to December:<\/p>\n If there are users in your patching environment that surf and click on ANYTHING, I\u2019d hope you\u2019d make them do their random surfing on an iPad, not a Windows machine (probably still with local admin rights) until this Windows 7 patching mess gets straightened out. I don\u2019t like telling people to roll back to pre-January updates, but neither do I appreciate Microsoft having constant side effects that are measurable and impactful and all that happens is that they keep on telling us that they are working on the issues and this will be fixed in a future release\u2026<\/p>\n If you have any January through March update installed, make sure KB4100480<\/a> is installed.<\/p>\n Otherwise go into add\/remove programs and roll back to December\u2019s KB4054521<\/a> (security only) or KB4054518<\/a> (rollup) and then hang tight and keep our fingers crossed that April\u2019s updates will resolve these issues.<\/p>\n And then Microsoft please please please, do something about these known issues and fix them, because it pains me greatly to publically type this.<\/p>\n Also, on Thursday afternoon, Microsoft dropped a handful of patches that fix other bad bugs in previous patches. Susan Bradley has a short list<\/a> that includes KB 4096309 for Win10 1607\/Server 2016 that \u201caddresses an issue that can cause operational degradation or a loss of environment because of connectivity issues in certain environment configurations after installing KB4088889<\/a> (released March 22, 2018) or KB4088787<\/a> (released March 13, 2018).\u201d<\/p>\n As Susan notes, both of the referenced fixed patches are still listed in their KB articles, as \u201cMicrosoft is not currently aware of any issues with this update.\u201d<\/p>\n Then there are the patches that fix bluescreens generated by earlier botched patches:<\/p>\n Then there\u2019s KB 4099950<\/a>, \u201cNetwork Interface Card settings can be replaced, or static IP address settings can be lost\u201d fix, released Friday, chronicled by MrBrian<\/a>. Per the KB article:<\/p>\n This update addresses issues introduced in KB4088875<\/a> and KB4088878<\/a> for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 where a new Ethernet Network Interface Card (NIC) with default settings may replace the previously existing NIC, causing network issues. Also addressed, is an issue where static IP address setting are lost after applying the update. These symptoms may be seen on physical computers and virtual computers running VMWare.<\/p>\n Ends up this is just a package for the (modified) VBScript that, when run prior to installing this month\u2019s patches for Win7, avoids the static IP busting nature of the patch. I talk about the VBScript program in my Patch Alert article<\/a> from last week.<\/p>\n Abbodi86 describes it<\/a>:<\/p>\n So it\u2019s the easy automated version of the VBscript. It checks if KB2550978 hotfix is installed (or any superseder). [Note:=KB 2550978<\/a> is a many-year-old hotfix, last updated more than a year ago.] …<\/p>\n I wonder why Microsoft didn\u2019t roll out that important fix years ago through Windows Update<\/p>\n The important note is that you have to run KB 4099950 before you install this month\u2019s Win7\/Server 2008R2 patches.<\/p>\n I can recall lots of bad Windows patches over the past couple of decades, but I\u2019d be hard-pressed to come up with any that approach this year\u2019s phalanx of Windows 7 screw-ups. It\u2019s as if Microsoft doesn\u2019t care about old multi-billion-dollar businesses.<\/p>\n For now, I continue to recommend that individuals stay put and don\u2019t install any of the March patches. For enterprises, follow\u00a0Bradley\u2019s advice<\/a>\u00a0and roll back to December if you have users with indiscriminate clicking fingers.<\/p>\n Join us for tea and sympathy on the<\/i> AskWoody Lounge<\/i><\/a>.<\/i><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Woody Leonhard| Date: Mon, 02 Apr 2018 07:33:00 -0700<\/strong><\/p>\n As many of us were getting ready for the holiday weekend, after the surprise announcement about Windows being torn into three pieces, Microsoft shoveled yet another load of patches out the Automatic Update chute. Think of it as the software equivalent of a Friday night news dump.<\/p>\n<\/p>\nA destructive fix for Total Meltdown<\/h2>\n