{"id":17830,"date":"2020-02-26T10:30:06","date_gmt":"2020-02-26T18:30:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/02\/26\/news-11563\/"},"modified":"2020-02-26T10:30:06","modified_gmt":"2020-02-26T18:30:06","slug":"news-11563","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/02\/26\/news-11563\/","title":{"rendered":"Microsoft Patch Alert: February 2020 patches bring fire and ice but seem to have settled \u2013 finally."},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 26 Feb 2020 09:44:00 -0800<\/strong><\/p>\n

The real stinker this month, KB 4524244, rolled out the automatic update chute for four full days until Microsoft yanked it \u2013 leaving a trail of wounded PCs, primarily HP machines, in its wake. The other big-time bug in this month\u2019s patches, a race condition in the KB 4532693 Win10 version 1903 and 1909 cumulative update installer, hasn\u2019t been officially acknowledged by Microsoft outside of a blog post. But at least it\u2019s well known and understood.<\/p>\n

Folks running SQL Server and Exchange Server networks need to get patched right away.<\/p>\n

Patch Tuesday brought KB 4524244 for Windows 10 owners, a bizarre single-purpose patch apparently directed at one specific UEFI bootloader. I\u00a0talked about it last week<\/a>.<\/p>\n

The patch was pulled on Friday, but in the interim lots of people reported problems. Most notably, many folks running HP machines with Ryzen processors saw their machines hang, followed by an HP Sure Start Recovery message saying Sure Start had \u201cdetected an unauthorized change to the Secure Boot Keys.\u201d\u00a0HP has posted a list<\/a> of affected machines:<\/p>\n

HP EliteBook 735 G5 Notebook PC, 735 G6, 745 G5, 745 G6,\u00a0 755 G5, and HP ProBook 645 G4 Notebook PCs. HP EliteDesk 705 35W G4 Desktop Mini PC, 705 65W G4 Mini PC, 705 G4 Microtower PC, 705 G4 Small Form Factor PC, 705 G4 Workstation Edition, 705 G5 Desktop Mini PC, 705 G5 Small Form Factor PC, HP mt44 Mobile Thin Client, mt45 Mobile Thin Client, and HP ProDesk 405 G4 Small Form Factor PC.<\/p>\n

If you have any of those machines and left your PC open to Microsoft\u2019s updates during Patch Week, you got clobbered. In addition, Microsoft documents a bug in the \u201cReset this PC\u201d function but doesn\u2019t give any details.<\/p>\n

There\u2019s nothing you can do about it now. If KB 4524244 installed successfully, everything\u2019s OK. If it didn\u2019t, you need to follow HP\u2019s removal instructions<\/a> or Microsoft\u2019s removal instructions<\/a> to get things working again.<\/p>\n

Shortly after the Patch Tuesday patches arrived, we started seeing reports from folks who installed the Win10 1903 and 1909 cumulative update, KB 4532693, saying that their desktops got wiped out. A little poking revealed that all of their customizations had been tossed \u2013 icons, wallpaper \u2013 and many of their files weren\u2019t where they left them.<\/p>\n

Long story short, it looks like the patch gets ensnared in a race condition bug, which I wrote about last week<\/a>. We\u2019ve never been able to pin down which other programs trigger the race condition, but at least in some cases certain antivirus and \u201csecure banking software\u201d programs will leave your PC with a dangling temporary profile.<\/p>\n

Microsoft hasn\u2019t identified the offending software. Nor has it even acknowledged the problem either on the Knowledge Base article page<\/a> or the Windows Release Information status page<\/a>, two places that bugs like this are traditionally documented. (Perhaps Microsoft figures it\u2019s the other software\u2019s problem, so it has no need to report it?)<\/p>\n

Fortunately, there\u2019s a\u00a0Microsoft Answers forum post<\/a> that addresses the problem:<\/p>\n

Microsoft is aware of some customers logging into temporary profile after installing KB4532693, on both versions 1903 and 1909.<\/p>\n

Rebooting into Safe Mode* and then starting back in normal Mode should resolve this issue for most customers.<\/p>\n

You may uninstall any secure banking software or anti-virus in the temporary profile which may resolve this if the above steps do not help.<\/p>\n

If you didn\u2019t accidentally find that explanation, or don\u2019t know what a temporary profile is, or how it could get secure banking software, heaven help ya. But at least Microsoft \u201cis aware\u201d of the problem.<\/p>\n

How many people were affected by those high-profile bugs? I don\u2019t know. Judging by the number of complaints online \u2013 hardly a reliable metric \u2013 both of the problems were widespread and became apparent shortly after release.<\/p>\n

HP could probably come up with a tally of the number of afflicted machines and whether or not those machines installed the buggy UEFI patch. But the only organization that has comprehensive numbers about these bugs is Microsoft, and it\u2019s not talking.<\/p>\n

Think of all of that lovely telemetry we\u2019re providing to Microsoft.<\/p>\n

That \u201cexploited\u201d Internet Explorer JScript hole<\/a>, CVE-2020-0674 \u2013 the one that prompted computer security \u201cexperts\u201d to tell you that you had to get patched RIGHT NOW? It hasn\u2019t gone anywhere. This is the second month in a row<\/a> that we\u2019ve been inundated by Chicken Little warnings about the need to get patched immediately. Look where knee-jerk installation of new patches<\/a> has left folks running HP Ryzen computers, or the unidentified \u201csecure banking software,\u201d this month.<\/p>\n

Those of you running Windows 7, who haven\u2019t paid for Extended Security Updates, should know that 0patch has released a micro patch<\/a> for that particular security hole. It also has an online test<\/a> you can use to confirm that your Win7\/IE 11 system has properly swallowed the micro fix.<\/p>\n

To be sure, there are<\/em><\/strong> major security holes that need your attention, but only if you\u2019re in charge of a network running SQL Server<\/a> or Exchange Server<\/a>. That latter vulnerability is particularly vexing because anyone who can get access to any Exchange account on your server can take over Exchange. Seems that somebody forgot to delete hard-coded keys.<\/p>\n

We\u2019re looking into a report that Win10 version 1903 running Hyper-V is throwing \u201cSynthetic_Watchdog_Timeout\u201d errors<\/a>. There are unconfirmed reports that there will be a fix in late March.<\/p>\n

There seems to be a way to cheat the 35-day \u201cPause updates\u201d limitation<\/a> imposed in Win10 version 1903 and 1909. In a nutshell, if you tell Windows to Resume Updates, then unplug the computer from the internet, you may be able to reboot and get 35 more days paused, without installing the outstanding updates. In addition, @abbodi86 has a more complex but apparently foolproof way<\/a> to wipe out the 35 day limitation.<\/p>\n

Join the patch watch <\/em>on AskWoody.com<\/em><\/a>.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 26 Feb 2020 09:44:00 -0800<\/strong><\/p>\n

\n
\n

The real stinker this month, KB 4524244, rolled out the automatic update chute for four full days until Microsoft yanked it \u2013 leaving a trail of wounded PCs, primarily HP machines, in its wake. The other big-time bug in this month\u2019s patches, a race condition in the KB 4532693 Win10 version 1903 and 1909 cumulative update installer, hasn\u2019t been officially acknowledged by Microsoft outside of a blog post. But at least it\u2019s well known and understood.<\/p>\n

Folks running SQL Server and Exchange Server networks need to get patched right away.<\/p>\n

Win10 UEFI update KB 4524244 blockages<\/strong><\/h2>\n

Patch Tuesday brought KB 4524244 for Windows 10 owners, a bizarre single-purpose patch apparently directed at one specific UEFI bootloader. I\u00a0talked about it last week<\/a>.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10516,10909,13764,714,10525],"class_list":["post-17830","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-microsoft","tag-microsoft-office","tag-pcs","tag-security","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17830"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17830\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17830"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}