![](\"https:\/\/images.idgesg.net\/images\/article\/2018\/08\/3_patch-training_update-software_band-aid_laptop-with-virus_binary-100768644-large.3x2.jpg\"\/)
<\/p>\n
Credit to Author: Woody Leonhard| Date: Thu, 13 Jun 2019 03:55:00 -0700<\/strong><\/p>\n I don\u2019t know about you, but I\u2019ve given up on Microsoft\u2019s ability to deliver reliable patches. Month after month, we\u2019ve seen big bugs and little bugs pushed and pulled and squished and re-squished. You can see a chronology from the past two years in my patching whack-a-mole columns starting <\/span>here<\/span><\/a>.<\/span><\/p>\n For the past few months, though, we\u2019ve seen some improvement. Microsoft has started identifying and publicly acknowledging big bugs, shortly after they\u2019re pushed. Consider:<\/span><\/p>\n Event Viewer may close or you may receive an error when using Custom Views<\/strong><\/p>\n When trying to expand, view or create <\/span>Custom Views <\/strong>in Event Viewer, you may receive the error, “MMC has detected an error in a snap-in and will unload it.” and the app may stop responding or close. You may also receive the error using <\/span>Filter Current Log<\/strong> in the <\/span>Action <\/strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.<\/span><\/p>\n Microsoft posted a <\/span>description of the problem<\/span><\/a>, and a complex manual workaround, on June 12. The bug\u2019s marked as \u201cmitigated,\u201d which apparently means the company has <\/span>published a PowerShell script<\/span><\/a> that can fix the bug in an ad-hoc kind of way. (\u201cYou will need to re-enter the function each time you open a new PowerShell window.”)<\/span><\/p>\n Both of those bugs touched <\/span>every <\/i><\/strong>Windows machine, from Windows 7 to the latest version of Windows 10, and everything in between. They\u2019re not the product of isolated fringe circumstances. If you needed IE or Edge to access those gov.uk<\/em> sites, or if you have custom views in Event Viewer, you got hit.<\/span><\/p>\n Neither of those bugs is particularly remarkable \u2013 just more of the same-old, same-old lousy patch quality we\u2019ve come to expect. What\u2019s different this time is Microsoft\u2019s public (and timely) confession. Instead of keeping users in the dark for days or weeks, Microsoft posted a description of the problem in very short order. The new <\/span>Release Information page<\/span><\/a> is actually working, although there are <\/span>some teething pains<\/span><\/a>.<\/span><\/p>\n To be sure, there are problems that aren\u2019t reflected in the Patch Information page. But it\u2019s a big step in the right direction.<\/span><\/p>\n Here are some of the other problems we\u2019re tracking:<\/span><\/p>\n We don\u2019t know for sure if (a) this behavior\u2019s a bug, not a feature, (b) what settings remain in effect after the disappearing trick and (c) how it\u2019s supposed to work. I think it\u2019s a bug, but some are casting aspersions on Microsoft\u2019s integrity. I have no idea how Microsoft will fix it. <\/span><\/p>\n Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, \u201cYour Bluetooth device attempted to establish a debug connection\u2026,” then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see<\/span> CVE-2019-2102<\/span><\/a> and<\/span> KB4507623<\/span><\/a>.<\/span><\/p>\n .NET 4.8 itself is not pushed or published through Windows Update. But you do have it \u201cin the box\u201d if you\u2019re running Win10 version 1903. <\/span><\/p>\n If you have .NET 4.8, you will get a separate security update for it through Windows Update.<\/span><\/p>\n Windows 8.1, Monthly Rollup KB 4503276\u2026 when I opened IE11 after restart, <\/span>this page automatically opened <\/span><\/a>asking me to set the \u201crecommended\u201d settings. I clicked the X mark inside the page, the tab closed and I retained my current settings<\/span><\/p>\n We\u2019re also seeing an SSU problem with folks using update servers. Apparently, it takes two passes for some update servers to \u201csee\u201d this month\u2019s patches: The first pass discovers and installs the Servicing Stack Update, and a second pass is necessary to find and install this month\u2019s cumulative update. Old problem, frustrating nonetheless.<\/span><\/p>\n Then there are the <\/span>old Intel microcode patches<\/span><\/a> (2019-01, 2019-02) that suddenly appear after installing this month\u2019s cumulative updates. Lots of people are scratching their heads because the updates show up on machines that aren\u2019t covered by the patches.<\/span><\/p>\n There\u2019s also a very poorly documented Exchange \u201c<\/span>defense in depth\u201d patch, described in <\/span>Advisory 190018<\/span><\/a>. <\/span><\/p>\n Problems? Observations? Abject feelings of despair? Hit us on the <\/span><\/i>AskWoody Lounge<\/span><\/i><\/a>.<\/span><\/i><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Woody Leonhard| Date: Thu, 13 Jun 2019 03:55:00 -0700<\/strong><\/p>\n I don\u2019t know about you, but I\u2019ve given up on Microsoft\u2019s ability to deliver reliable patches. Month after month, we\u2019ve seen big bugs and little bugs pushed and pulled and squished and re-squished. You can see a chronology from the past two years in my patching whack-a-mole columns starting <\/span>here<\/span><\/a>.<\/span><\/p>\n<\/p>\n