{"id":11878,"date":"2018-03-28T10:30:43","date_gmt":"2018-03-28T18:30:43","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/03\/28\/news-5647\/"},"modified":"2018-03-28T10:30:43","modified_gmt":"2018-03-28T18:30:43","slug":"news-5647","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2018\/03\/28\/news-5647\/","title":{"rendered":"Microsoft Patch Alert: Windows 7 takes the brunt of March patching problems"},"content":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 28 Mar 2018 10:30:00 -0700<\/strong><\/p>\n

An enormous number of patches spewed out of Microsoft this month, with two ponderous cumulative updates for each version of Windows 10, a third \u201cbonus\u201d bug fix for Win10 Fall Creators Update (version 1709), and a just-described bug in Windows 7 that\u2019ll leave you begging for a Win7 patch that works.<\/p>\n

There\u2019s also a bit of comic relief with a patch for Win10 1709, KB 4094276<\/a>, that \u201cmakes improvements to ease the upgrade experience to Windows 10 Version 1709.\u201d That\u2019s a wonderful example of a self-referential fix.<\/p>\n

If you\u2019re running Win10, you saw multiple big patches in March:<\/p>\n

March also presented us with the third, uh, opportunity<\/em> to get forcibly pushed<\/a> from Win10 1703 to 1709 \u2013 even on systems specifically set to block the upgrade.<\/p>\n

At various points in March, users also saw updates to the Servicing Stacks for all three Win10 versions. Apparently, they resolved the race condition-related bugs<\/a> that left USB drivers, in particular, dead in the water. If you\u2019re installing the Win10 cumulative updates manually, make sure you install the respective Servicing Stack Update<\/a> before you install the cumulative update.<\/p>\n

Microsoft released a buggy Office 2016 security patch, KB 4011730<\/a>, which left Word 2016 in such a bad state that it couldn\u2019t save \u2013 or sometimes even open \u2013 files. We discovered later that if you install the March non-security patch for Office 2016, KB 4018295<\/a>, Word 2016 suddenly got its mojo back.<\/p>\n

Microsoft is researching this problem and will post more information in this article when the information becomes available.<\/em><\/p>\n

Of course.<\/p>\n

All of which serves as prelude to the massive cluster-cluck that engulfed Windows 7 in March.<\/p>\n

Win7 and Server 2018 R2 received a relatively modest Monthly Rollup, KB 4088875<\/a>, and the obligatory Security-only, manually installed patch, KB 4088878<\/a>, on Patch Tuesday, March 13. Almost immediately, we started seeing reports<\/a> of networking problems with the patches, and some bluescreens. Shortly afterward, two specific problems<\/a> with broken manual IP addresses and disabled Network Interface Cards (vNICs) bubbled up.<\/p>\n

At first, Microsoft didn\u2019t acknowledge the bugs; instead it stopped the Monthly Rollup<\/a> from installing automatically (for those of you na\u00efve enough to have Automatic Update enabled). As days passed, Microsoft finally published a detailed list of \u201cknown issues in this update.\u201d<\/p>\n

At this point, some users report that KB 4088875 appears in Windows Update as an \u201cimportant\u201d update that isn\u2019t checked, and which doesn\u2019t install by default<\/a>. But there\u2019s more. Others say it\u2019s off the Windows Update list, but apparently it\u2019s still being pushed out via WSUS servers.<\/p>\n

Microsoft released, then re-released, an ad-hoc VBScript program that was supposed to fix the problem. But the script has raised all sorts of questions<\/a>. Poster MrBrian reports that the script was changed on March 27<\/a>, with no notification. Poster abbodi86 has an improved version<\/a> posted on Pastebin.<\/p>\n

But there\u2019s more to the story.<\/p>\n

Yesterday, security researcher UlfFrisk posted a report<\/a> about a new big security hole in Windows 7. Bucking the recent trend, UlfFrisk avoided a massive publicity campaign, replete with pre-defined exploit names and cute logos, but his \u201cTotal Meltdown\u201d exploit almost defies imagination. As G\u00fcnter Born says<\/a>:<\/p>\n

Microsoft\u2019s Meltdown updates shipped in January 2018 and February for Windows 7 (and Server 2008 R2) intended to mitigate the Meltdown vulnerability rip open a huge security hole. This allows any process under Windows 7 to read and write to any memory area without exploits\u2026<\/p>\n

Unfortunately, an accident happened in the January 2018 [Win7] patch (and also in February 2018 patch) when\u2026 if a (user) process has read\/write access to the page tables, it is [trivial] to access the entire physical memory.<\/p>\n

This isn\u2019t \u201cSky is Falling\u201d time. But it means that if you\u2019re running Win7 64-bit or 2008R2 64-bit on an Intel machine, and you installed either the January or February Win7 Monthly Rollups or Security-only patches, Microsoft flipped the wrong bit, and you now have a big hole in your machine that will let any<\/em><\/strong> running program look at and change everything<\/em><\/strong> in memory. Note that you have to be running a destructive program in the first place \u2013 Total Meltdown doesn\u2019t make it easier to run bad programs \u2013 but the security hole appears to be massive, by any estimation.<\/p>\n

The problem is solved by the March Win7 patches, but\u2026, well, you can see what a mess those have become.<\/p>\n

Thx to @PKCano, @sb, @MrBrian, @abbodi86.<\/p>\n

Having problems with this month\u2019s patches? Join us on the <\/em>AskWoody Lounge<\/em><\/a>.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Woody Leonhard| Date: Wed, 28 Mar 2018 10:30:00 -0700<\/strong><\/p>\n

\n
\n

An enormous number of patches spewed out of Microsoft this month, with two ponderous cumulative updates for each version of Windows 10, a third \u201cbonus\u201d bug fix for Win10 Fall Creators Update (version 1709), and a just-described bug in Windows 7 that\u2019ll leave you begging for a Win7 patch that works.<\/p>\n

There\u2019s also a bit of comic relief with a patch for Win10 1709, KB 4094276<\/a>, that \u201cmakes improvements to ease the upgrade experience to Windows 10 Version 1709.\u201d That\u2019s a wonderful example of a self-referential fix.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10525],"class_list":["post-11878","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11878","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11878"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11878\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}