{"id":19055,"date":"2022-05-16T08:30:18","date_gmt":"2022-05-16T16:30:18","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/05\/16\/news-12788\/"},"modified":"2022-05-16T08:30:18","modified_gmt":"2022-05-16T16:30:18","slug":"news-12788","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/05\/16\/news-12788\/","title":{"rendered":"Not all patching problems are created equal"},"content":{"rendered":"

<\/p>\n

Credit to Author: Susan Bradley| Date: Mon, 16 May 2022 09:00:00 -0700<\/strong><\/p>\n

It\u2019s the third week of the month \u2014 the week we find out whether Microsoft acknowledges any side effects it\u2019s investigating as part of the monthly patch-release process.<\/p>\n

First, a bit of background. Microsoft has released patches for years. But they haven\u2019t always been released on a schedule. In the early days, Microsoft would release updates any day of the week. Then in October 2003, Microsoft formalized the release of normal security updates on the second Tuesday of the month. Thus was born Patch Tuesday<\/a>. (Note: depending on where you are in the world, Patch Tuesday may be a Patch Wednesday.) The following day, or in some cases, over the next week, users and admins report issues with updates \u2014 and Microsoft finally acknowledges that, yes, there are issues.<\/p>\n

Herein lies the rub: not everyone will see the side effects acknowledged by Microsoft (and sometimes there are side effects Microsoft never acknowledges). Or some that occur might simply be a coincidence of the patching process. (I\u2019ve often installed updates and the act of rebooting brought to light an underlying issue I didn\u2019t know about.)<\/p>\n

This month, I made an interesting discovery. There are actually two sources of documentation about issues arising from the latest updates.\u00a0 The first, called the Windows Health Release Dashboard<\/a>, lists all of the supported products from Windows Server 2022 all the way back to Windows 7 and documents issues Microsoft is investigating and has fixed. This month, for example, Microsoft acknowledges issues with Server 2022 triggered on Active Directory Domain Controllers<\/a>. As the company notes: \u201cAn issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.\u201d<\/p>\n

Not all active directory domain controllers are affected \u2014 just those that use device certificates. Microsoft will be rolling out changes in how certificates are handled; it plans to add auditing now and enforce more changes later. If you are in charge of an Active Directory Domain I recommend you review this KB article<\/a> and review your event.<\/p>\n

Interestingly enough, there is a second source that documents patch problems Microsoft may be investigating. However, this recap of known issues<\/a> is only available if you have access to an E3 or E5 license. If so, \u00a0and you have either Administrator rights or Support rights, you can go to the integrated dashboard inside your Microsoft 365 dashboard. It documents some of the side effects not noted in the public dashboard. For instance, this month\u2019s Microsoft 365 Health release dashboard<\/a> acknowledged two additional issues not noted in the public console.<\/p>\n

First, it notes the issue with Remote Desktop Services Broker Connection role:<\/p>\n

\u201cWe have received reports that after installing KB5005575 or later updates on Windows Server 2022 Standard Edition, Remote Desktop Services Connection Broker role and supporting services might be removed unexpectedly. We have expedited investigation and are working on a resolution. Note: Windows Server 2022 Datacenter edition and other versions of Windows Server are not affected by this issue.<\/p>\n

\u201cWorkaround: If you are using Remote Desktop Connection Broker on Windows Server 2022 Standard edition, you can mitigate this issue by removing Remote Desktop Connection Broker, installing the latest security update, and then re-adding Remote Desktop Connection Broker.<\/p>\n

\u201cNext steps: We are working on a resolution and will provide an update in an upcoming release.\u201d<\/p>\n

Next, it documents this:<\/p>\n

\u201cWe are receiving reports that the Snip & Sketch app might fail to capture a screenshot or might fail to open using the keyboard shortcut (Windows key+shift+S), after installing KB5010386<\/a> and later updates.<\/p>\n

\u201cNext steps: We are presently investigating and will provide an update when more information is available.\u201d<\/p>\n

I\u2019m unsure why there is a difference between the items noted in the public health release dashboard and the Microsoft 365 Health release dashboard. But if you have access to the Microsoft 365 version, you should review the information there.<\/p>\n

More and more, Microsoft is using a technology called \u201cKnown Issue Rollback<\/a>.\u201d If a problem is introduced by a non-security fix included in the Patch Tuesday updates, Microsoft can roll it back and fix it behind the scenes. Often in the health release dashboard, you will see a notice that an issue will be handled this way and if you\u2019re not in a corporate domain, you may be urged to reboot your computer. In a domain, you can use group policy as a trigger. (An admx file is routinely published with guidance to trigger the rollback.) These rollbacks can\u2019t be done if the problem is triggered by a security patch, however, because returning the update to its pre-security patch state would leave your system vulnerable.<\/p>\n

For example, a recent update introduced an issue where \u201csome apps using Direct3D 9 might have issues on certain GPUs.\u201d<\/p>\n

As Microsoft notes:<\/p>\n

\u201cAfter installing KB5012643, Windows devices using certain GPUs might have apps close unexpectedly or intermittent issues with some apps which use Direct3D 9. You might also receive an error in Event Log in Windows Logs\/Applications with faulting module d3d9on12.dll and exception code 0xc0000094.<\/p>\n

\u201cResolution: This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed,\u00a0devices that have installed an affected update and encountered this issue can resolve it by installing and configuring the special Group Policy listed below. For information on deploying and configuring these special Group Policies, please see How to use Group Policy to deploy a Known Issue Rollback.<\/p>\n

\u201cGroup Policy downloads with Group Policy name:<\/p>\n

Once again, not all computers will see this problem. It\u2019s limited to certain computers with specific GPUs that are affected.<\/p>\n

Bottom line: the next time you see stories about side effects caused by Patch Tuesday releases, don\u2019t assume you\u2019ll be affected. You may encounter no issues whatsoever. If you have the resources, I recommend setting up a test bed of sample machines so you can determine if you will. If you can\u2019t do that, the key to recovery (and avoiding issues), is to ensure you have a backup of your computer and can restore it if necessary. The technology that ensures you can recover from ransomware is also the same technology that ensures you can recover from errant patching side effects. \u00a0<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Susan Bradley| Date: Mon, 16 May 2022 09:00:00 -0700<\/strong><\/p>\n

\n
\n

It\u2019s the third week of the month \u2014 the week we find out whether Microsoft acknowledges any side effects it\u2019s investigating as part of the monthly patch-release process.<\/p>\n

First, a bit of background. Microsoft has released patches for years. But they haven\u2019t always been released on a schedule. In the early days, Microsoft would release updates any day of the week. Then in October 2003, Microsoft formalized the release of normal security updates on the second Tuesday of the month. Thus was born Patch Tuesday<\/a>. (Note: depending on where you are in the world, Patch Tuesday may be a Patch Wednesday.) The following day, or in some cases, over the next week, users and admins report issues with updates \u2014 and Microsoft finally acknowledges that, yes, there are issues.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10516,10909,714,24580,10525],"class_list":["post-19055","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-microsoft","tag-microsoft-office","tag-security","tag-small-and-medium-business","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19055"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19055\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19055"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}