{"id":17908,"date":"2020-03-17T20:32:49","date_gmt":"2020-03-18T04:32:49","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/03\/17\/news-11641\/"},"modified":"2020-03-17T20:32:49","modified_gmt":"2020-03-18T04:32:49","slug":"news-11641","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2020\/03\/17\/news-11641\/","title":{"rendered":"Come on, Microsoft! Is it really that hard to update Windows 10 right?"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/windows-10_windows_microsoft_laptop_keyboard_update_-by-nirodesign-getty-100799328-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Steven J. Vaughan-Nichols| Date: Wed, 11 Mar 2020 07:47:00 -0700<\/strong><\/p>\n<p>Yesterday, on Patch Tuesday, as I was finishing up the column that follows lamenting the sorry state of Windows 10 patches and providing copious examples of things gone very wrong, a big, fat example landed in my lap (but happily not in my laptop). Word emerged that Microsoft had accidentally leaked news about a new <a href=\"https:\/\/www.zdnet.com\/article\/details-about-new-smb-wormable-bug-leak-in-microsoft-patch-tuesday-snafu\/\" rel=\"noopener nofollow\" target=\"_blank\">Server Message Block (SMB) bug with a maximum severity rating<\/a>, a.k.a. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw\/\" rel=\"noopener nofollow\" target=\"_blank\">SMBGhost<\/a><u>.<\/u> The leak also said that this bug wasn\u2019t patched in that day\u2019s releases.<\/p>\n<p>I\u2019ll get back to this latest outrage, but first, let\u2019s review the past several months.<\/p>\n<p>I\u2019ve written a lot about Microsoft\u2019s Windows 10 patch foul-ups. Frankly, I\u2019m tired of it. But you know what else I\u2019m tired of? Another month with yet more show-stopping Windows 10 update messes.<\/p>\n<p>And I don\u2019t even use Windows 10 as my main desktop. I primarily use <a href=\"https:\/\/www.computerworld.com\/article\/3268005\/why-not-the-best-why-not-linux-mint.html\" rel=\"noopener\" target=\"_blank\">Linux Mint on my desktops<\/a> and <a href=\"https:\/\/www.computerworld.com\/article\/3453943\/sorry-apple-for-the-education-market-chromebook-is-the-clear-winner.html\" rel=\"noopener\" target=\"_blank\">Chromebooks<\/a>, with <a href=\"https:\/\/www.debian.org\/\" rel=\"noopener nofollow\" target=\"_blank\">Debian Linux<\/a> running on the side, as laptops. Woe to all of you who have to rely on Windows for work.<\/p>\n<p>I mean, when I look at the Windows 10 patching landscape, I can almost understand why some of you are still <a href=\"https:\/\/www.computerworld.com\/article\/3513863\/saying-goodbye-to-windows-7-isn-t-easy-but-you-must.html\" rel=\"noopener\" target=\"_blank\">sticking with Windows 7<\/a>. It may be out of date and vulnerable to potential attacks, but at least when you patched it, you didn\u2019t have to wonder what would happen the next time you rebooted your computer.<\/p>\n<p>In February, we saw a standalone security patch \u2014 that\u2019s a thing again? \u2014 <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4524244\/security-update-for-windows-10-february-11-2020\" rel=\"noopener nofollow\" target=\"_blank\">KB 4524244<\/a>. It was a screw-up. It <a href=\"https:\/\/www.computerworld.com\/article\/3528302\/the-mess-behind-microsoft-s-yanked-uefi-patch-kb-4524244.html\" rel=\"noopener\" target=\"_blank\">knocked out a bunch of machines<\/a>, primarily HP PCs with Ryzen processors. If you had Secure Boot enabled \u2014 which you\u2019re supposed to have to keep your PC \u201csafe\u201d \u2014 your PCs wouldn\u2019t reboot normally and, in the worst cases, you would<a href=\"https:\/\/www.reddit.com\/r\/Windows10\/comments\/f35o6i\/anyone_having_trouble_with_kb4524244_it_hangs_and\/\" rel=\"noopener nofollow\" target=\"_blank\"> have to restore your system<\/a>. Oh, and even that might fail. Does Microsoft know how to give us a fun time, or what?<\/p>\n<p>Microsoft finally pulled that patch. Thanks, guys, for closing the computer door after the bytes have all ran away.<\/p>\n<p>Then there was KB 4532693. That one, the trusty Woody Leonhard tells us, <a href=\"https:\/\/www.computerworld.com\/article\/3528771\/with-a-fix-for-the-temporary-profile-bug-still-elusive-win10-1903-and-1909-customers-should-check-p.html\" rel=\"noopener\" target=\"_blank\">gobbled desktop icons and moved files<\/a> on Windows 10 1903 and 1909. It also caused <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4542617\/you-might-encounter-issues-when-using-windows-server-containers-with-t\" rel=\"noopener nofollow\" target=\"_blank\">trouble with Windows Server containers<\/a>\u00a0up to and including this tidbit: \u201c32-bit applications or processes running inside the container might silently fail.\u201d I love silent failures. Don\u2019t you?<\/p>\n<p>And silent is what Microsoft has been about fixing this one. As I write this, on March 10, these problems are alive, well and causing trouble. Aren\u2019t you glad you paused your updates? Oh, you didn\u2019t? I\u2019m so sorry.<\/p>\n<p>OK, so much for specifics, although if you want more about the details of these and other Windows patch shenanigans, <a href=\"https:\/\/www.computerworld.com\/author\/Woody-Leonhard\/\" rel=\"noopener\" target=\"_blank\">follow Woody<\/a>. He knows his stuff, and he\u2019ll keep you informed about when to pause updates and how to go about it.<\/p>\n<p>What I want to know is why Microsoft Windows quality assurance (QA) has become a joke, with our machines as the punchline.<\/p>\n<p>I don\u2019t get it. Microsoft introduced its <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-insider\/at-home\/rings\" rel=\"noopener nofollow\" target=\"_blank\">Windows 10 Insider \u201cslow, fast and release rings<\/a><u>\u201d<\/u> to avoid just this kind of nonsense. <a href=\"https:\/\/www.computerworld.com\/article\/2947673\/windows-10-to-run-rings-around-customers.html\" rel=\"noopener\" target=\"_blank\">Windows Insider got its start<\/a> way back on Sept. 30, 2014. Microsoft has had plenty of time to get the bugs out of this program.<\/p>\n<p>And the latest count I\u2019ve seen has <a href=\"https:\/\/www.windowscentral.com\/pros-and-cons-windows-insider-program\" rel=\"noopener nofollow\" target=\"_blank\">10 million people enrolled in the Windows Insider<\/a> program. That\u2019s a lot of beta-testers. No other software testing program even comes close.<\/p>\n<p>To quote Microsoft, \u201cSlow ring builds include Quality Update service packages to fix key issues and also receive the latest <a href=\"https:\/\/msrc-blog.microsoft.com\/category\/msrc\/\" rel=\"noopener nofollow\" target=\"_blank\">Microsoft Security Response Center security fixes<\/a> shortly after public availability.\u201d So why do the updates fail so hard?<\/p>\n<p>Well, maybe as Woody \u2014 smart guy, that Woody \u2014 pointed out a few years back, the <a href=\"https:\/\/www.computerworld.com\/article\/3125525\/6-things-wrong-with-the-windows-insider-program.html\" rel=\"noopener\" target=\"_blank\">Insider program is much more marketing<\/a> than it is a beta-tester program. His preferred term for the beta-testers: \u201ccannon fodder.\u201d In addition, Microsoft doesn\u2019t really do a decent job of helping Insiders post helpful beta reports.<\/p>\n<p>And of those 10 million Insiders, how many are providing useful information? Quick! Which <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/13443\/windows-which-version-am-i-running\" rel=\"noopener nofollow\" target=\"_blank\">version of Windows 10 are you running<\/a>? To find out, press the Windows logo key + R, type \u201cwinver\u201d in the Open box, and then select OK. Did you know that? Without that basic information, an Insider \u201cbug\u201d report is useless. Microsoft needs to make better use of all those brave early adopters.<\/p>\n<p>Finally, I don\u2019t know how many people Microsoft has working on Windows 10 QA, how much money it pours into the program, and what the expertise level of those people is. But because the results speak louder than words, I do know that Win10 QA is understaffed and under-resourced, with staff that aren\u2019t as experienced as they should be.<\/p>\n<p>Now, about that SMB bug, the latest bombshell from Microsoft. I\u2019m not sure there is a patch for it yet. In case you don\u2019t remember, SMB security holes are the ones responsible for the infamous WannaCry and NotPetya ransomware.<\/p>\n<p>And now, as I wrap this up, it appears that the Patch Tuesday patch will also be delayed. I presume because Microsoft now needs to shoehorn an emergency patch into the Patch Tuesday roundup.<\/p>\n<p>Come on, Microsoft! Enough is enough. Get your QA act together already!<\/p>\n<p><a href=\"https:\/\/www.computerworld.com\/article\/3532092\/come-on-microsoft-is-it-really-that-hard-to-update-windows-10-right.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/windows-10_windows_microsoft_laptop_keyboard_update_-by-nirodesign-getty-100799328-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Steven J. Vaughan-Nichols| Date: Wed, 11 Mar 2020 07:47:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Yesterday, on Patch Tuesday, as I was finishing up the column that follows lamenting the sorry state of Windows 10 patches and providing copious examples of things gone very wrong, a big, fat example landed in my lap (but happily not in my laptop). Word emerged that Microsoft had accidentally leaked news about a new <a href=\"https:\/\/www.zdnet.com\/article\/details-about-new-smb-wormable-bug-leak-in-microsoft-patch-tuesday-snafu\/\" rel=\"noopener nofollow\" target=\"_blank\">Server Message Block (SMB) bug with a maximum severity rating<\/a>, a.k.a. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw\/\" rel=\"noopener nofollow\" target=\"_blank\">SMBGhost<\/a><u>.<\/u> The leak also said that this bug wasn\u2019t patched in that day\u2019s releases.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3532092\/come-on-microsoft-is-it-really-that-hard-to-update-windows-10-right.html#jump\">To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10516,714,10525],"class_list":["post-17908","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-microsoft","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17908","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17908"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17908\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}