{"id":13614,"date":"2018-10-17T10:30:07","date_gmt":"2018-10-17T18:30:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/10\/17\/news-7381\/"},"modified":"2018-10-17T10:30:07","modified_gmt":"2018-10-17T18:30:07","slug":"news-7381","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/10\/17\/news-7381\/","title":{"rendered":"Microsoft Patch Alert: October\u2019s been a nightmare"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 17 Oct 2018 10:30:00 -0700<\/strong><\/p>\n

This month\u2019s bad patches made headlines. Lots of headlines. For good reason.<\/p>\n

You have my sympathy if you clicked \u201cCheck for updates\u201d and got all of the files in your Documents and Photos folders deleted. Even if you didn\u2019t become a \u201cseeker\u201d (didn\u2019t manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers \u2014 and Edge and your UWP (\u201cMetro\u201d Store) apps might have been kicked off the internet.<\/p>\n

You didn\u2019t need to lift a finger.<\/p>\n

Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked \u201cCheck for updates\u201d wound up with a brand spanking new copy of Win10 version 1809 \u2014 and all of the files in their Documents, Pictures, Music, Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:<\/p>\n

Word to the Win10 wise: Don\u2019t click ‘Check for updates’<\/a><\/strong> \u2014 Microsoft has unilaterally given itself permission to upgrade your Win10 PC to the brand-new version 1809, if you have the temerity to click \u201cCheck for updates.\u201d<\/p>\n

How to block the Windows 10 October 2018 Update, version 1809, from installing<\/strong><\/a> \u2014 the best ways to ensure you install 1809 when you\u2019re ready, even in the face of recent forced updates from Microsoft.<\/p>\n

Did you upgrade to Win10 1809 and lose all of your documents and pictures?<\/a><\/strong> \u2014 If, in spite of my warnings, you upgraded to the latest version of Win10, and you lost all of your Documents, Pictures, Music, Videos or other folders, DON\u2019T DO ANYTHING until you\u2019ve tried this fix.<\/p>\n

Microsoft yanks buggy Win10 1809 upgrade, leaving zapped files in its wake<\/strong><\/a> \u2014 It took four days of complaints about deleted Documents, Photos and other files and late Friday, Microsoft finally pulled the Win10 1809 upgrade. Microsoft has known about the bug for months.<\/p>\n

Now that we\u2019re in October\u2019s \u201cC Week\u201d \u2014 the week containing the third Tuesday of the month \u2014 version 1809 is back in beta testing<\/a>, there are new patches<\/a> for those who want to continue with 1809, Microsoft hasn\u2019t come up with a fix for the deleted files, and a whole lot of people are in a whole lot of hurt.<\/p>\n

Rule #1: Don\u2019t trust Microsoft.<\/p>\n

Rule #2: Don\u2019t click \u201cCheck for updates.\u201d In Microsoft-speak, \u201ccheck for updates\u201d means \u201cinstall most (but not necessarily all) available updates.\u201d<\/p>\n

Rule #3: Refer to Rule #1.<\/p>\n

Microsoft vowed that it would fix the bizarre error where the patch installer isn\u2019t smart enough<\/a> to update itself prior to installing new patches. The primary symptom is an Error 0x8000FFF when installing the Monthly Rollup.<\/p>\n

The Servicing Stack Update sequencing problem is so bad, it looks like Microsoft stopped pushing<\/a> the Monthly Rollup at the end of \u201cB Week.\u201d<\/p>\n

We\u2019ve had many conflicting reports<\/a> about the Monthly Rollup itself, KB 4462923, appearing in the Windows Update list checked (and thus pushed through Windows Update), unchecked and, in some cases, missing entirely. WSUS has been spinning. Patch Lady Susan Bradley puts it succinctly<\/a>:<\/p>\n

Metadata and patch dependency is totally screwed up on Windows 7 platform and because of that the October security updates detection are screwed up.<\/p>\n

I still see reports that Microsoft pushed a buggy update to Win10 version 1809 that caused the WDF_VIOLATION blue screens<\/a> that brought some systems to their knees. That\u2019s not true. The blue screens are triggered by a bad HP keyboard driver, version 11.0.3.1, which was distributed via Windows Update to Win10 version 1803 and 1809 machines. The buggy driver causes blue screens on the latest builds of 1803 and 1809, although it\u2019s unclear whether the driver triggers BSODs on earlier builds.<\/p>\n

Microsoft released a \u201csilver bullet\u201d update<\/a> that deletes the driver if it\u2019s sitting in your PC\u2019s queue waiting for reboot \u2014 which doesn\u2019t do a whole lot of good, especially if you\u2019re stuck in a BSOD loop.<\/p>\n

As if the pushed buggy HP keyboard driver weren\u2019t enough, Microsoft also pushed a second bad driver. Some folks running Win10 1709, 1803 or 1809 with Automatic Update turned on discovered that after installing this month\u2019s updates, the sound stopped working<\/a>, with the message \u201cNo Audio Output Device Is Installed.\u201d<\/p>\n

Fer heaven\u2019s sake. Why let Windows Update push its buggy drivers onto your machine? There\u2019s a fairly straightforward procedure<\/a> for telling Windows to stop pushing drivers along with its other dicey updates. At least, the steps are straightforward for those who own Win10 Pro or Education. Home users get to futz with a Registry setting.<\/p>\n

Speaking of weird Win10 version 1809 behavior… if you\u2019re trying to run Edge (I know, I know) in Win10 version 1809, you may not be able to connect to the internet. UWP (\u201cMetro\u201d Store) apps might not be able to connect, either. This happens even if you have a working internet connection.<\/p>\n

The problem? You need to turn on IPv6. Lawrence Abrams on Bleepingcomputer<\/a> has a step-by-step solution.<\/p>\n

Some day this will all go away. The latest version of the dominant Chrome browser doesn\u2019t have that IPv6 problem, and with newfound, fledgling support for Progressive Web Apps<\/a>, we\u2019re likely looking at the beginning of the end of UWP apps. I, for one, won\u2019t miss them.<\/p>\n

Trend Micro\u2019s Zero Day Initiative found a bug<\/a> in the Jet Database Engine \u2014 an ancient (early \u201890s) bug-ridden database precursor to today\u2019s SQL Server. Microsoft didn\u2019t fix it in the ZDI-allotted 120-day fix window, so they published full details. On Day 154, this month\u2019s Patch Tuesday, Microsoft released a fix for what is now known as CVE-2018-8423.<\/p>\n

Except Microsoft\u2019s CVE-2018-8423 fix doesn\u2019t fix the whole problem. You can read the gory details on Mitja Kolsek\u2019s 0patch Team blog<\/a>.<\/p>\n

0patch is in the business of providing short-term \u201cmicropatches\u201d for bugs that Microsoft doesn\u2019t fix. They initially published a micropatch when Microsoft missed the ZDI deadline. Now they\u2019ve issued a re-patch for the still-unfixed CVE-2018-8423 bug.<\/p>\n

I rarely recommend third-party fixes for Microsoft bugs because of the potential for problems. But when Microsoft can\u2019t fix its own bugs, well, it gives me pause.<\/p>\n

The past four months have shown, repeatedly, that you\u2019d have to be crazy \u2014 or ignorant of the past \u2014 to continue applying Windows patches as soon as they\u2019re released. July patching was an unmitigated disaster<\/a>. After some initial missteps, August fared substantially better<\/a>. September saw a bunch of \u201cv2\u201d patches that got yanked suddenly, but it all worked out in the end<\/a> \u2014 if you waited long enough. Now October is back to the same-old same-old.<\/p>\n

If you\u2019re in charge of protecting state secrets, the pressure\u2019s on to get the patches installed come hell or high water. But for most folks, there\u2019s precious little reason to subject your machine to patching problems right away. That said, Susan Bradley\u2019s Master PatchList<\/a> remains relatively calm, if you take into consideration the problems explored in this article.<\/p>\n

As best I can tell, the biggest threat at this point lies in a resurgence in Equation Editor exploits<\/a>. That particular Office bug was fixed (and re-fixed) almost a year ago<\/a>. Yes, you have to install security patches sooner or later.<\/p>\n

This month is the first month with an \u201cE Week\u201d \u2014 there are five Tuesdays in October. It\u2019ll be the first \u201cE Week\u201d since Microsoft adopted the \u201cA Week\u201d \/ \u201cB Week\u201d bafflegab<\/a>. With five Tuesdays now open to official attack, we may be entering a new stage of enlightenment.<\/p>\n

Patching problems? Join us on the AskWoody Lounge<\/a>.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 17 Oct 2018 10:30:00 -0700<\/strong><\/p>\n

\n
\n

This month\u2019s bad patches made headlines. Lots of headlines. For good reason.<\/p>\n

You have my sympathy if you clicked \u201cCheck for updates\u201d and got all of the files in your Documents and Photos folders deleted. Even if you didn\u2019t become a \u201cseeker\u201d (didn\u2019t manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers \u2014 and Edge and your UWP (\u201cMetro\u201d Store) apps might have been kicked off the internet.<\/p>\n

You didn\u2019t need to lift a finger.<\/p>\n