{"id":16208,"date":"2019-08-30T10:30:11","date_gmt":"2019-08-30T18:30:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/08\/30\/news-9950\/"},"modified":"2019-08-30T10:30:11","modified_gmt":"2019-08-30T18:30:11","slug":"news-9950","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/08\/30\/news-9950\/","title":{"rendered":"Microsoft Patch Alert: Full of sound and fury, signifying nothing"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Fri, 30 Aug 2019 10:27:00 -0700<\/strong><\/p>\n

What happens when Microsoft releases eight \u2013 count \u2018em, eight<\/em> \u2013 concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?<\/p>\n

Pan. De. Moaaan. Ium.<\/p>\n

No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive \u201cinvalid procedure call error\u201d messages<\/a> when using apps that had been working for decades.<\/p>\n

Some companies\u2019 commercial applications stopped working intermittently. More importantly, many large corporations\u2019 internal custom programs turned belly-up.<\/p>\n

The bug affects every single version of Windows \u2013 all the way from Win7 to Win10 version 1903. I think of it as Patching as a Keystone Kops Service.<\/p>\n

If you\u2019ve been following the details, you know that on Aug. 16, three days after Patch Tuesday, Microsoft released fixes for the bug in:<\/p>\n

Then on Saturday (!), Aug. 17, we got fixes for:<\/p>\n

And on Monday, Aug. 19, Microsoft released a fix for:<\/p>\n

As of today, Aug. 30, we still don\u2019t have a fix for Win10 1903, the latest version of the last version of Windows. It\u2019s not clear why, but I have a guess that Microsoft\u2019s so wrapped up in beta testing Win10 1903 that it somehow fell through the cracks. We still don\u2019t have the second August cumulative update for Win10 1903 \u2013 the one that\u2019s common called \u201coptional non-security,\u201d with varying degrees of accuracy. And therein lies a tale.<\/p>\n

Normally, beta testing doesn\u2019t have much of an influence over month-to-month patching. But this month it looks like we had a significant divergence of direction.<\/p>\n

For the past year, Microsoft has been testing its Win10 1903 patches thoroughly, using the Windows Insider Release Preview ring. That\u2019s great \u2013 it\u2019s what the Release Preview ring was made for<\/a>.<\/p>\n

During the month of August, though, the Microsoft beta people took over a corner of the Release Preview ring and pushed the beta version of 1909 onto (supposedly) 10% of the 1903 testers. The official announcement<\/a> came on Aug. 26:<\/p>\n

For a small subset of Insiders (around 10%) in the Release Preview ring, we have enabled the \u201cseeker\u201d experience for version 1909 [Editor\u2019s note: MS calls it 19H2, just to confuse you]<\/em>. For these Insiders, if they go to Settings > Update & Security > Windows Update, they will see that there is a Windows 10, version 1909 update available. They will be able to choose to download and install this update on their PC. After the update finishes, they will be on version 1909 [Editor\u2019s note: I changed it again]<\/em> Build 18363.327.<\/p>\n

That seems complicated, but reasonable enough \u2013 until you realize that the Win10 1909 beta currently has eight<\/em> differ<\/em>ent<\/em> versi<\/em>ons<\/em><\/a>. Some of those versions are being distributed to people who are in the Release Preview ring. In particular, the 18362.327 preview of the Win10 1903 patch went out at the same time \u201cthe 10%\u201d got a Win10 1909 patch called 18363.327 (see how 18362 changes to 18363?)<\/p>\n

Apparently that build wasn\u2019t good enough, so on Aug. 29 we got the latest bifurcated patch 18362.329 (for the 90%) and 18363.329 (for the 10%). It looks like we\u2019re waiting until Microsoft gets the bifurcated patch to work on both Win10 version 1903 and on the beta of version 1909.<\/p>\n

Regardless of the genesis, those of you waiting to get a fix for the VB\/VBA\/VBScript problem in Win10 version 1903 will have to wait a little longer.<\/p>\n

All of this would be frustratingly academic, if it weren\u2019t for the fact that DejaBlue \u2013 a new set of \u201cwormable\u201d security holes<\/a> in Windows itself \u2013 made its debut this month. While I\u2019ve read lots of Chicken Little reports that DejaBlue has been exploited, none of those warnings has come true. As of this moment, there are no publicly available DejaBlue exploits.<\/p>\n

Of course, plenty of people are trying to build them.<\/p>\n

Until Microsoft releases a fix for the VB\/VBA\/VBScript problem in Win10 1903, you have two choices \u2013 either patch, protect yourself from DejaBlue, but break VB. Or you can hold back on patching, keep VB working, but leave your system open to a DejaBlue infection.<\/p>\n

Nice choice<\/a>, eh?<\/p>\n

We\u2019ve had loads of additional fun \u2018n games this month:<\/p>\n

Have a patching problem? Don\u2019t we all. Join us on <\/em>AskWoody.com<\/em><\/a>.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Fri, 30 Aug 2019 10:27:00 -0700<\/strong><\/p>\n

\n
\n

What happens when Microsoft releases eight \u2013 count \u2018em, eight<\/em> \u2013 concurrent beta test versions of Win10 version 1909 without fixing bugs introduced into 1903 on Patch Tuesday?<\/p>\n

Pan. De. Moaaan. Ium.<\/p>\n

The VB\/VBA\/VBScript debacle<\/strong><\/h2>\n

No doubt, you recall the first wave of pain inflicted by the August 2019 patching regimen. Microsoft somehow managed to mess up Visual Basic (an old custom programming language), Visual Basic for Applications (for Office macros) and VBScript (a largely forgotten language primarily used inside Internet Explorer). Folks running applications in any of those languages would, on occasion, receive \u201cinvalid procedure call error\u201d messages<\/a> when using apps that had been working for decades.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10516,10909,13764,714,10525],"class_list":["post-16208","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-microsoft","tag-microsoft-office","tag-pcs","tag-security","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16208"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16208\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16208"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}