|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
When Windows 10 Feature Updates don’t go smoothly
Last weekend, I decided to bite the bullet and update a Win10-1803 Pro machine to Win10-1809, using Windows Update. I’d taken a system image backup, and as it wasn’t my production machine, I wasn’t too worried.
This machine is under a year old, a purchase necessary when a hardware failure put paid to my trusty Win7 Pro laptop. It allows me to work more than I can manage at my desktop, and does most of the hard yards online, especially here.
Windows Update installed 1809 x64 2019-10B – this was before Woody changed MS-Defcon from 4 to 2. It took 20 minutes to Prepare to Install, and nearly 2 hours to download, and several hours to install.
Needless to say, it didn’t go to plan… The first indication of a problem was after several hours of installing, when a blue screen appeared bearing the words “Stopcode” and “Bad Pool Header”. It restarted, still on 1803, pending install. It continued installing. Eventually it restarted, and I was able to see KB 4521862 and KB 4519338 had installed – along with a bunch of drivers being updated, when the Pro settings were not to download drivers from Windows. I also noticed I hadn’t had to reset the Metered Connection settings to allow the update to download!
After it finished its update, it wasn’t working properly. It looked fairly normal, but restarting started problems – none of the visible desktop items actually worked – not the Start button, any of the TaskBar icons, or anything other than the Ctrl>Alt>Del routine.
I tried Sign Out. It took ages. It caused a loop of: Hi; We’re getting everything ready for you; This might take several minutes – don’t turn off your PC (that part remained until it got to Hi again); Leave everything to us; Windows stays up to date to help protect you in an online world; Making sure your apps are good to go; It’s taking a bit longer than expected, but we’ll get there as fast as we can. This loop took 5 minutes to restart, again, and again, and again.
It had been over 12 hours since the process started at this point. As I had to do my day job, I just left it chugging away in the background while I got on with earning an income. Over 5 hours later, it finally came up for air – a desktop, but still not functioning.
Along the way, I saw various errors:
Error 0x80072EE7
The gpsvc service failed the sign-in – access is denied
windows\system32\config\systemprofile\desktop is unavailableTo add to my woes, it wanted to restart itself again, where it re-entered the 5+ hour loop. I still had work to get done, so I just let it be. No stopcodes this time, but still it didn’t work.
I couldn’t access safe mode, even with Recovery Tool USB access. Start Up Repair “couldn’t fix [the] PC”. Using the Recovery Tool, I was able to access the Command Prompt, where SFC /SCANNOW reported “Not enough memory resources are available to process this command” the first time, and then, after it went through 100%, “Windows Resource Protection could not perform the requested operation”. Attempting to use Restore Points was another failure – they were listed, but “unavailable”.
At this time, I decided it was time to try to restore the system image. Again, the gpsvc error. Apparently there had been some issue prior to the update attempt? I had to put it aside for a few days, until I got time to address it properly. By this stage, I was heading for an ISO file on a USB stick. This laptop now needs to be reset from the ground up, going back over all the metered connection, deferred updates, Customer Experience, Start Menu apps settings etc. etc. etc. – and I’m sure there’ll be something important I forget!
Having got the ISO installed, I was able to run SFC / SCANNOW and DISM /Online /Cleanup-Image /RestoreHealth. All 100% clear, thank goodness.
There are only 5-6 programs to reinstall. If this had been a production machine, I’d have dozens of programs to have to reinstall. It’s still going to take another day or two until I get it back to normal, as I have other things I need to prioritize. If I’m a bit cranky this weekend, you now know why!
I’m really lucky I have a wealth of knowledge, support and expertise here at my disposal. A normal home user would have ended up paying for professional technical support, and if it had been my production machine, would have resulted in a loss of chargeable hours. I’m counting my blessings!
-
BlueKeep exploitation expected soon
Several hours ago, there was a lot of noise on Twitter about a Github explanation on how to “weaponize” BlueKeep, triggering fears it could soon be widely expolited.
BlueKeep Warning: someone published a slide deck explaining how to turn the crash PoC into RCE. I expect we'll likely see widespread exploitation soon.https://t.co/MG2IZfy5B5
— MalwareTech (@MalwareTechBlog) July 22, 2019
Dan Goodin‘s article on ArsTechnica.com is fairly succinct:
BEWARE OF WORMABLE EXPLOITS —
Chances of destructive BlueKeep exploit rise with new explainer posted online
We’ll be keeping an eye on Kevin Beaumont’s Twitter feed, to see what he posts about it today.Are you protected?
UPDATE:
Kevin Beaumont is also warning about a more imminent threat from BlueKeepI've updated this thread with @0xeb_bp's #BlueKeep exploitation technical document, newly released today – it shows how to reach UAF. The bar for (unreliable) public exploitation POC is lowering significantly. https://t.co/UX1ujWaQik
— Kevin Beaumont (@GossiTheDog) 23 July 2019
-
16-year U.S. data leakage: KrebsOnSecurity
Security supremo Brian Krebs has published details of a long-standing data leak he stemmed this week:
The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.
…
I should emphasize that these documents were merely available from First American’s Web site; I do not have any information on whether this fact was known to fraudsters previously, nor do I have any information to suggest the documents were somehow mass-harvested (although a low-and-slow or distributed indexing of this data would not have been difficult for even a novice attacker).See Brian’s blogpost “First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records” for details.
-
WhatsApp spyware vulnerability
WhatsApp users are being urged to update their apps, to address a vulnerability discovered recently. If you have family members using this platform, I trust you’ll encourage them to make sure they’re up-to-date too.
From theguardian.com:
Attackers could transmit the malicious code to a target’s device by calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, according to the report.
-
Windows Defender Security definition problems
We’re hearing reports of problems with Definitions Update 1.289.1521.0, preventing scanning in Windows 7 and 8.0 virtual machines. Other OS versions are still being tested by @alqamar.
Has your machine been affected by this definition update?
UPDATE: Win 8.1 also affected, but newer OS are ok.
@alqamar has posted his results
(This is a real-world problem, not just limited to virtual machines, where early reports were first tested)RESOLVED: Microsoft has now issued an update that fixes the issue. In her article on the problem (which was noted as first being seen here), Mary Jo Foley wrote on zdnet.com that update 1.289.1588.0 was issued on March 19th. @alqamar posted his tests were fixed by update 1.289.1587.0.
-
High praise, indeed!
AskWoody.com, and its eponymous factotum (…Woody), have made it to Martin Brinkmann’s “Tech Sites We Love“, over on ghacks.net:
AskWoody.com offers news, tips, and support for Microsoft Windows, Office, PCs and other tech. It is run by Woody Leonhard and one of the prime news sources for Windows administrators and users on the Internet…
It is a must-visit site in my opinion as a system administrator, regardless of whether you administrate a single Home PC or PCs in a company network.@martinbrinkmann is a trusted MVP here (but of course, with the roles still not 100%, you may not always see a correct indication on any account!), and his articles have often been linked here on AskWoody. Judging by the number of mentions he’s received here, you must respect him too.
In this case, I am 100% in support of Martin’s opinion – Well done, Woody!
Thx @Microfix -
Getting ready to track Santa
Norad are ready to set off their Santa Tracker, and Google’s will be going in about 3hrs. Have fun tracking Santa.
Merry Christmas, everyone.
-
“this week in security” newsletter
Many of you will be familiar with Zack Whittaker’s work. Zack is now TechCrunch’s Security Editor, and was formerly the same at zdnet.com until a few months ago. We have featured his work many times, here on AskWoody.com.
A few months ago, Zack started a weekly cyber-security newsletter, which contain links to recent interesting articles of relevance, as well as a cute cyber-cat of the week. If you haven’t seen this week’s newsletter, check it out, or the list of past issues. A subscribe link is on the top left of both pages.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
advice for setting up a new windows computer
by 6 hours, 23 minutes ago
-
It’s Identity Theft Day!
by 3 hours, 2 minutes ago
-
Android 15 require minimum 32GB of storage
by 11 hours, 13 minutes ago
-
Mac Mini 2018, iPhone 6s 2015 Are Now Vintage
by 11 hours, 23 minutes ago
-
Hertz says hackers stole customer credit card and driver’s license data
by 11 hours, 53 minutes ago
-
Firefox became sluggish
by 8 hours, 47 minutes ago
-
Windows 10 Build 19045.5794 (22H2) to Release Preview Channel
by 15 hours, 51 minutes ago
-
Windows 11 Insider Preview Build 22635.5235 (23H2) released to BETA
by 16 hours, 20 minutes ago
-
A Funny Thing Happened on the Way to the Forum
by 11 hours, 51 minutes ago
-
Download speeds only 0.3Mbps after 24H2 upgrade on WiFi and Ethernet
by 13 hours, 15 minutes ago
-
T-Mobile 5G Wireless Internet
by 5 hours, 13 minutes ago
-
Clock missing above calendar in Windows 10
by 5 hours, 46 minutes ago
-
Formula to Calculate Q1, Q2, Q3, or Q4 of the Year?
by 1 day, 7 hours ago
-
The time has come for AI-generated art
by 11 hours, 9 minutes ago
-
Hackers are using two-factor authentication to infect you
by 20 hours, 50 minutes ago
-
23 and you
by 1 day, 4 hours ago
-
April’s deluge of patches
by 7 hours, 23 minutes ago
-
Windows 11 Windows Updater question
by 7 hours, 51 minutes ago
-
Key, Key, my kingdom for a Key!
by 2 days, 12 hours ago
-
Registry Patches for Windows 10
by 2 days, 17 hours ago
-
Cannot get line length to NOT wrap in Outlining in Word 365
by 2 days ago
-
DDU (Display Driver Uninstaller) updates
by 1 day, 9 hours ago
-
Align objects on a OneNote page
by 2 days, 22 hours ago
-
OneNote Send To button?
by 2 days, 23 hours ago
-
WU help needed with “Some settings are managed by your organization”
by 3 days, 8 hours ago
-
No Newsletters since 27 January
by 1 day, 12 hours ago
-
Linux Mint Debian Edition 7 gets OEM support, death of Ubuntu-based Mint ?
by 2 days, 8 hours ago
-
Windows Update “Areca Technology Corporation – System – 6.20.0.41”
by 2 days, 7 hours ago
-
Google One Storage Questions
by 1 day, 15 hours ago
-
Button Missing for Automatic Apps Updates
by 1 day, 22 hours ago
Remembering Woody
