![](\"https:\/\/images.idgesg.net\/images\/article\/2017\/09\/windows_patch_security12-100734741-large.3x2.jpg\"\/)
<\/p>\n
Credit to Author: Woody Leonhard| Date: Wed, 13 Nov 2019 07:59:00 -0800<\/strong><\/p>\n The patches haven\u2019t yet been out for 24 hours and already we\u2019re seeing a lot of activity. Here\u2019s where we stand with the initial wave of problems.<\/span><\/p>\n Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again. Poster IndyPilot80 says<\/a>:<\/span><\/p>\n It sits at \u201cInstalling: 0%\u201d for a couple minutes then goes away. When I hit \u201cCheck for Updates\u201d it shows up again and does the same thing.<\/span><\/p>\n There are hundreds of reports online of people who found that the MSRT installer threw an 800B0109 and wouldn\u2019t install; or installed but then reinstalled on reboot; showed up multiple times in the Installed Updates list; didn\u2019t show up in the Installed Updates list in spite of running; and several variations on those themes.<\/span><\/p>\n Ends up, it was all Microsoft\u2019s fault. By last night, MSRT was behaving itself.<\/span><\/p>\n G\u00fcnter Born first <\/span>described this problem<\/span><\/a>, based on reports on German-language sites, including deskmodder.de:<\/span><\/p>\n Microsoft Office security updates released on Patchday (November 12, 2019) cause Access to fail to access databases. An error 3340 \u2018Query is corrupted\u2019 will be dropped. \u2026<\/span><\/p>\n It appears that a security update for the <\/span>CVE-2019-1402<\/span><\/a> vulnerability in each version of Microsoft Office causes this error. Here is the list of Office security updates that you can uninstall.<\/span><\/p>\n Office 2010: <\/span>Description of the security update for Office 2010: November 12, 2019 (KB4484127)<\/span><\/a><\/p>\n Office 2013: <\/span>Description of the security update for Office 2013: November 12, 2019 (KB4484119)<\/span><\/a><\/p>\n Office 2016: <\/span>Description of the security update for Office 2016: November 12, 2019 (KB4484113)<\/span><\/a><\/p>\n At least from what I\u2019ve seen so far, uninstalling this security update seems to allow database access again.<\/span><\/p>\n Born says that he\u2019s reported the problem to Microsoft, but it doesn\u2019t yet appear on the official <\/span>Fixes or workarounds for recent issues in Access<\/span><\/a> list.<\/span><\/p>\n It isn\u2019t clear to me why Microsoft re-released its most stable version of Win10 (at least, I\u2019m still using 1809 on my production machines), but a new one\u2019s out, apparently. At the same time Microsoft announced the re-release of 1809, it also <\/span>reset the countdown date<\/span><\/a> for version 1809 support:<\/span><\/p>\n On November 13, 2018, we re-released the Windows 10 October Update (version 1809), Windows Server 2019, and Windows Server, version 1809. We encourage you to wait until the feature update is offered to your device automatically. …\u00a0\u00a0<\/span><\/p>\n Note for Commercial Customers: November 13 marks the revised start of the servicing timeline for the Semi-Annual Channel (\u201cTargeted\u201d) release for Windows 10, version 1809, Windows Server 2019, and Windows Server, version 1809.\u00a0 Beginning with this release, all future feature updates of Windows 10 Enterprise and Education editions that release around September will have a 30-month servicing timeline.<\/span><\/p>\n And you thought Microsoft had abandoned the ridiculous \u201cSemi-Annual Channel (\u201cTargeted\u201d)\u201d bafflegab.<\/span><\/p>\n Microsoft released new updates for the Servicing Stack on all supported versions of Windows. Notably, Win7 and 8.1 also have new SSUs. (You only have to worry about SSUs if you manually download and install updates. If you use Windows Update, they should be installed automatically. Should.) There\u2019s a complete list of the new SSUs in <\/span>Security Advisory ADV990001<\/span><\/a>.<\/span><\/p>\n Tell me if this <\/span>sounds familiar<\/span><\/a>.\u00a0<\/span><\/p>\n Yesterday\u2019s patches includes one for an Internet Explorer security hole, dubbed\u00a0 <\/span>CVE-2019-1429<\/span><\/a>, an \u201cexploited\u201d vulnerability. Just like the August \u201cexploited\u201d IE zero-day Keystone Kops episode, this appears to be a genuine flaw in IE. Just like the August doppelganger, Microsoft isn\u2019t telling us very much.\u00a0<\/span><\/p>\n Dustin Childs says it best in his <\/span>Zero Day Initiative post<\/span><\/a>:<\/span><\/p>\n This patch for IE corrects a vulnerability in the way that the scripting engine handles objects in memory. This vague description for memory corruption means that an attacker can execute their code if an affected browser visits a malicious web page or opens a specially crafted Office document. That second vector means you need this patch even if you don\u2019t use IE. Microsoft gives no information on the nature of the active attacks, but they are likely limited at this time.\u00a0<\/span><\/p>\n No doubt the Chicken Littles of the Windows reporting industry will bill this as a huge threat to 800 million Windows users\u00a0\u2014 or some such drivel. In fact, it\u2019s likely the discovered exploit appeared in a honed attack directed at a major governmental or industrial target.<\/span><\/p>\n Until we hear more about it (we haven\u2019t heard of any attacks based on August\u2019s exploit, have we?), you should be fine.<\/span><\/p>\n This should come as good news for Windows patchers of all stripes.<\/span><\/p>\n Microsoft has officially announced that it\u2019s giving up on its practice of releasing (at least) two cumulative updates per month, through the end of this year. Tucked away in a neglected corner of the<\/span> Windows Release Information page <\/span><\/a>lies this little gem:<\/span><\/p>\n Timing of Windows 10 optional update releases (November\/December 2019)<\/strong><\/p>\n There will be no more optional \u201cC\u201d or \u201cD\u201d releases for the balance of this calendar year. <\/span>Note<\/strong> There will be a December Security Update Tuesday release, as usual.<\/span><\/p>\n For those of you who don\u2019t speak the A-B-C-D-E jargon, that means we won\u2019t have second cumulative updates in November or December. The \u201coptional, non-security\u201d patches (which frequently contain fixes for bugs introduced by security updates) are a strange artifact that solidified in early 2017. Prior to that, Microsoft released one cumulative update on the second Tuesday of most months, then patched again at an arbitrary time, should the need arise\u00a0\u2014 primarily to fix bugs introduced by the first patch.<\/span><\/p>\n Starting in 2017 or so (it\u2019s difficult to pinpoint a date), somebody decided that it would be good to give Windows patchers a preview of the next month\u2019s non-security patches, generally during the 3rd or 4th week of the month (thus, \u201cC\u201d and \u201cD\u201d week). The approach resembled something of an Insider Preview shot at the next month\u2019s non-security patches. You could get a preview of the next month\u2019s patches, but only if you downloaded and installed them manually, or (horrors!) became a Seeker and clicked \u201cCheck for updates.\u201d<\/span><\/p>\n It looks like Microsoft is shutting that down, at least for the next two months, and I say good riddance. If there\u2019s to be an Insider Preview ring for each version of Win10, I\u2019m all for it\u00a0\u2014 let people opt in, and give them a reliable way to report bugs. But playing footsie with Seekers just hangs too many innocent bystanders out to dry.<\/span><\/p>\n It isn\u2019t clear if we\u2019ll be spared the same indignity with Windows 7 and 8.1 \u201cMonthly Rollup Previews.\u201d Stay tuned.<\/span><\/p>\n As widely advertised, this month\u2019s cumulative update for Win10 version 1803 is destined to be its last (unless we have a major security problem and Microsoft changes things). If you\u2019re running Win10 version 1803, there\u2019s no need to panic; in the normal course of events, you wouldn\u2019t get another security patch until next month anyway. I\u2019ll have more about the journey from 1803 in a subsequent column.<\/span><\/p>\n Those who have installed the Win10 1903 November cumulative update, KB 4524570, and rebooted, will see an offer on your Windows Update setting page (screenshot).<\/span><\/p>\n Right now, there\u2019s no pressing reason to click that \u201cDownload and install now\u201d link. Let\u2019s wait and see what problems arise.\u00a0<\/span><\/p>\n Quite a haul for the first 24 hours, eh?\u00a0<\/span><\/p>\n Thx, @abbodi86, @PKCano, @gborn and many more<\/span><\/em><\/p>\n Join us for the usual patching follies <\/span>on AskWoody.com<\/span><\/a>.<\/span><\/em><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Woody Leonhard| Date: Wed, 13 Nov 2019 07:59:00 -0800<\/strong><\/p>\n The patches haven\u2019t yet been out for 24 hours and already we\u2019re seeing a lot of activity. Here\u2019s where we stand with the initial wave of problems.<\/span><\/p>\n Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again. Poster IndyPilot80 says<\/a>:<\/span><\/p>\n<\/p>\nMalicious Software Removal Tool installation error 800B0109<\/strong>\u00a0<\/span><\/h2>\n
\n