{"id":11936,"date":"2018-04-05T06:30:06","date_gmt":"2018-04-05T14:30:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/04\/05\/news-5705\/"},"modified":"2018-04-05T06:30:06","modified_gmt":"2018-04-05T14:30:06","slug":"news-5705","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/04\/05\/news-5705\/","title":{"rendered":"Microsoft jiggles \u2014 but doesn\u2019t fix \u2014 buggy Win7 patches KB 4088875, KB 4088878"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Thu, 05 Apr 2018 06:17:00 -0700<\/strong><\/p>\n

Last night we were treated to new versions of the badly banged-up March Win7 patches. It looks like the new ones are the same as the old ones, but the internal handling instructions (the metadata) now force installation of a \u201cTotal Meltdown\u201d fix-up patch prior to installing the old patch.<\/span><\/p>\n

Of course, none of this is documented anywhere.<\/span><\/p>\n

Starting with G\u00fcnter Born\u2019s <\/span>report<\/span><\/a>, and checking the Microsoft Update Catalog, I can see modified versions of:<\/span><\/p>\n

KB 4088875<\/strong> \u2013 Win7 March Monthly Rollup (dated, in the<\/span> Update Catalog<\/span><\/a>, as April 4)<\/span><\/p>\n

KB 4088878<\/strong> \u2013 Win7 March Security-only patch (<\/span>also April 4<\/span><\/a>)<\/span><\/p>\n

KB 4088881<\/strong> \u2013 Preview of the Win7 April Monthly Rollup (<\/span>also April 4<\/span><\/a>)<\/span><\/p>\n

MrBrian analyzed the content of those patches and <\/span>came to the conclusion<\/span><\/a>:<\/span><\/p>\n

Literally nothing has changed in the Catalog for the x64 versions of these updates (the only ones that I checked). I assume the same is true for the other versions of these three updates. One can see this by downloading the given updates and checking their digital signature dates. The reason that the date changed in the Catalog for these three updates is because their metadata changed. \u2026 [It appears as if] Microsoft is now bundling the download and installation of KB4099950 when one installs any of these three updates in Windows Update.<\/span><\/p>\n

You may recall that KB 4099950 is the fix for the bug, introduced in the March Win7 patches, that knocks out Network Interface Cards and static IP addresses. I <\/span>talked abou<\/span><\/a>t KB 4099950 earlier this week. It looks like the metadata has been jiggered so any attempt to install the buggy Win7 patches KB 4088875, 4088878, or 4088881, automatically bundles the fix KB 4099950 and runs it before the original patches are installed.<\/span><\/p>\n

Which means that these new versions of KB 4088875, 4088878, or 4088881 still have the same bugs as the old ones, except the NIC\/static IP bug is exterminated in advance because the KB 4099950 fix is <\/span>automatically run <\/span><\/a>before the original patch.<\/span><\/p>\n

Along with the horse-before-the-cart bundling, the KB articles for both of the Win7 March Monthly Rollup KB 4088875 and the Security-only patch KB 4088878 have yet another bug added to the officially acknowledged list:<\/span><\/p>\n

After you install this update, you may receive a Stop error message that resembles the following when you log off the computer:<\/span><\/p>\n

SESSION_HAS_VALID_POOL_ON_EXIT (ab)<\/span><\/p>\n

And they both now have this admonition:<\/span><\/p>\n

Important<\/strong> Please apply <\/span>KB4100480<\/span><\/a> immediately after applying this update. KB4100480 resolves vulnerability in the Windows kernel for the 64-bit (x64) version of Windows. This vulnerability is documented in <\/span>CVE-2018-1038<\/span><\/a> .<\/span><\/p>\n

KB 4100480 is the destructive fix for the Total Meltdown security hole \u2014 the one introduced by every Win7 patch this year \u2014 that I <\/span>talked about<\/span><\/a> earlier this week. For more details, see <\/span>abbodi86\u2019s description<\/span><\/a> and <\/span>MrBrian\u2019s analysis<\/span><\/a>.<\/span><\/p>\n

Remember: There are absolutely no known attacks for Meltdown or Spectre in the wild. But this Total Meltdown bug is a huge one, introduced while trying to fix Meltdown and Spectre.<\/span><\/p>\n

Several people are <\/span>now reporting <\/span><\/a>that Win7 March Monthly Rollup, KB 4088875, no longer appears in the Windows Update list, and the KB 4088881 Preview is no longer available. Of course there\u2019s no documentation about any of this, but it looks as if Microsoft \u2014 which changed KB 4088875 to \u201cimportant but not checked\u201d <\/span>a week after it was released <\/span><\/a>\u2014 has now yanked the patch, at least for Windows Update users.<\/span><\/p>\n

Sometimes I wonder if things could get even more screwed up.<\/span><\/p>\n

Thx MrBrian, PKCano, abbodi86, gborn, and the AskWoody Street Irregulars.<\/span><\/em><\/p>\n

Join us for KB 4090450, 4088879, 2952664, 2976978 and more senseless things on the <\/span><\/i>AskWoody Lounge<\/span><\/i><\/a>.<\/span><\/i><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Thu, 05 Apr 2018 06:17:00 -0700<\/strong><\/p>\n

\n
\n

Last night we were treated to new versions of the badly banged-up March Win7 patches. It looks like the new ones are the same as the old ones, but the internal handling instructions (the metadata) now force installation of a \u201cTotal Meltdown\u201d fix-up patch prior to installing the old patch.<\/span><\/p>\n

Of course, none of this is documented anywhere.<\/span><\/p>\n

Starting with G\u00fcnter Born\u2019s <\/span>report<\/span><\/a>, and checking the Microsoft Update Catalog, I can see modified versions of:<\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10525],"class_list":["post-11936","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11936","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11936"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11936\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11936"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11936"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}