Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • More problems with the March IE Security-only patches

    Posted on April 1st, 2017 at 08:17 woody Comment on the AskWoody Lounge

    We’re seeing numerous reports of problems with the March Internet Explorer Security-only patches. These are the patches that you have to download and install manually – what I usually refer to as “Group B.”

    @PKCano is narrowing in on the symptoms and likely causes. Here’s what we know for sure.

    Starting in March, Microsoft separated Internet Explorer Security-only patches from the main Windows Security-only patches. (Prior to March, the IE patches were included in the main Windows Security-only patches.) It’s all documented in AKB 2000003. True to form, Microsoft discovered bugs in the original March Security-only IE patch, so they issued a second patch, which we’re calling the IE Hotfix.

    For Windows 7, the patches are (from AKB 2000003):

    Mar 2017 (IE) KB 4012204 – Download 32-bit or 64-bit
    Mar 2017 (IE Hotfix) KB 4016446 – Download 32-bit or 64-bit

    For Windows 8.1, the patches are:

    Mar 2017 (IE) KB 4012204 – Download 32-bit or 64-bit
    Mar 2017 (IE Hotfix) KB 4016446 – Download 32-bit or 64-bit

    At this point we’re looking for odd behavior associated with one or both of the patches for your machine. How do you know if the odd behavior is caused by one of the patches? If you uninstall the patches, and behavior returns to normal, you’ve hit a symptom of a bad patch.

    To date, @Sportsfan has reported one (or both?) of the patches causes IE to fail the Logjam security test at Qualys SSL Labs.

    An anonymous poster has reported “kb4016446 and kb4012204 caused problems with Notepad++ – when closed, the program would hang with an odd display for several seconds before shutting down. ”

    A different anonymous poster reported that the problem with Logjam failure appeared on a Win7 machine after installing just the first patch, KB 4012204. He/she hadn’t installed KB 4016446.

    And @RCPete has results all over the board. The first time he tested, IE 11 failed the Logjam test. The second time, it passed.

    Poster @AJNorth poses an interesting question for those who are failing the Logjam test: “under Tools —> Internet Options —> Advanced —> Security, are both “Use SSL 2.0” and “Use SSL 3.0” unchecked? ”

    @djgreen didn’t pass the Logjam test, but he wonders if the problem may be with interactions with a previous patch, KB 30161518.

    If you’re in Group B – and you’re installing IE security patches manually – what do you see? Also, if you’re in Group A, and taking the Win7/8.1 Monthly Rollups as they appear, do you have any problems with the Logjam test?