April’s deluge of patches

Topic

New Reply

PATCH WATCH By Susan Bradley It’s a good thing we no longer receive individual updates fixing each unique vulnerability. If we did, we’d be calling “u
[See the full post at: April’s deluge of patches]

Susan Bradley Patch Lady/Prudent patcher

10 users thanked author for this post.

CADesertRat, fisher75, Casey S, schmootoo, DLivesInTexas, jburk07, rbailin, lmacri, Alex5723, abbodi86

Reply | Quote

Replies

The CVEs notice about delayed Windows 10 updates was ment for Windows 10 LTSB 2015

Reply | Quote

The CVE notice about delayed Windows 10 updates was removed five days ago:

FAQ

Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?

Yes. As of April 9, 2025, the security update (5055547) for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are available. Customers running Windows 10 should ensure the update is installed to be protected from this vulnerability.

CVE-2025-26670

Reply | Quote

My reply was about a paragraph in the full article (Plus Newsletter)
but you are always ready to be Microsoft_MVP

Reply | Quote

Gentlemen, enough.

I was horrifically swamped this week and failed to go back and edit that part.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

“For those of you on Windows 10, the System Guard Runtime Monitor Broker service bug appears to be finally resolved in this month’s updates.”

 

Not so.  See https://www.askwoody.com/forums/topic/april-2025-updates-out/#post-2761673

1 user thanked author for this post.

lmacri

Reply | Quote

Hi Susan:

I can confirm the System Guard Runtime Monitor Broker service (SgrmBroker.exe) Event ID 7023 errors were NOT fixed on my Win 10 machine and are still being logged in the Event Viewer at Windows Logs | System at every Windows startup, as noted in my post # 2762591 in your topic April 2025 updates out. My April 2025 Patch Tuesday updates were installed on 11-Apr-2025.

———–
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.5737 * Firefox v137.0.1 * Microsoft Defender v4.18.25030.2-1.1.25030.1 * Malwarebytes Premium v5.2.10.182-130.0.5212 * Macrium Reflect Free v8.0.7783

Reply | Quote

There was a notice that it got fixed but clearly in Windows 10 it has not been fixed.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I don’t have any of those errors in my event viewer. Maybe mine got fixed.

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Hi Susan. I have Norton 360 installed on one of my machines (Windows 11 23H2 fully patched). When I browse to the latest April 14 Newsletter, I get the popup message below. This is the first time I’ve seen this on Askwoody.

Is it possible that this is being triggered by Brian Livingston’s article, as the Norton message refers to FakeCaptcha-D?

Can I assume that this is Norton being overly protective? Wasn’t sure if this was the best place to post this, so my apologies as this is not quite thread related.

2 users thanked author for this post.

Microfix, rbailin

Reply | Quote

Try another browser (non-chrome if you have one).
Do you get the same message?

 

1 user thanked author for this post.

SteveIT

Reply | Quote

Same Norton popup using Edge:

My guess is that Norton is triggering on the “Complete these Verification Steps” image that Brian has included in his article, as it seems to be a screenshot of an actual FakeCaptcha message.

Reply | Quote

We think it’s freaking out on one of the images.  I won’t be able to fully test until later on this week but will review.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

SteveIT

Reply | Quote

SteveIT, Have you tried replicating your route using a ‘Gecko’ based browser such as firefox?

Windows - commercial by definition and now function...

1 user thanked author for this post.

SteveIT

Reply | Quote

Unfortunately, Firefox is not on the machine running Norton 360. As Susan indicated, it seems that Norton is ‘seeing’ the fake “Verification Steps” image as part of something malicious.

Reply | Quote

Susan wrote, “After [April 2025] updates to Windows 11 24H2, Windows 11 23H2, and Windows 10 22H2 are installed, an empty folder appears in the root of the C drive — inetpub.” After reading that, I checked this computer, which has Windows 10 22H2, and which has not been updated. There is a folder called “c:\inetpub” with a creation date of 28/05/2022. It is not empty. It has subfolders history, logs, temp, and wwwroot. I checked further, and Internet Information Services is NOT enabled in Windows Features. So, in this case, at least, the folder inetpub appears BEFORE the April 2025 update is applied, because it has NOT been applied to this computer.

Reply | Quote

If you already had that folder installed from some software installation- you may have folders under it

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Me too. See #2761854, “My third Win10”

Reply | Quote

I checked my other computer running Windows 10, and apparently it must have updated without my knowledge, because it has the empty c:\inetpub folder with a creation date of 09/04/2025.

Reply | Quote

George S. Augustas wrote:

and apparently it must have updated without my knowledge

Its time to take control on Windows Updates.

https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/

https://www.askwoody.com/forums/topic/60002-guide-to-using-wumgr-for-windows-10-updates/

Reply | Quote

I went through a nightmare installing Win 11 24H2. Kept rolling back over and over. Finally went on a help forum and after 2 weeks of running WVE over and over again, dealing with BSODs, and endless reboots, we figured out that my Logitch Setpoint drivers and an older VHS to DVD driver (Roxio) were interfering. The actual installation NEVER gave any indication as to what was wrong, just a general driver issue. After I pulled these off the system, the installation went through without a hitch. However, I do not see how someone that does not have rudimentary knowledge to deal with these troubleshooting methods would be able to fix this. Those people would either never update, or have to pay someone to do it for them. This is an unsatisfactory business practice. MS needs to get their 5h!# together.

Reply | Quote

Similar story here – tried updating to 24H2 and it kept rolling back. Tried running Lenovo Vantage to update the drivers and everything was up to date. On a whim checked for NVidia drivers and was a fair bit behind (T1200 GPU). With that up to date, everything progressed satisfactorily.

Reply | Quote

pmruzicka wrote:

… after 2 weeks of running WVE over and over again,

What’s WVE?

Reply | Quote

WVE is Windows Driver Verifier Manager. I didn’t know it existed until the guy helping me told me to use it…

 

Reply | Quote

Does anyone else call it WVE?

Reply | Quote

WVE at MS.

cheers, Paul

Reply | Quote

Why WVE?

Reply | Quote

I tried to read the post regarding VBS security updates and halfway through my eyes started to bleed. Sometimes I don’t know what’s more poorly written– the software, or the documentation that explains it.

Is my understanding correct that merely applying the April updates will not automatically apply that new Microsoft-signed VBS policy, but a lesser remediation that while not as effective, won’t bork your system’s ability to boot?

Honestly, as concerning as the vuln is, IMHO this update is scarier.

Very much appreciate you commenting on it.

2 users thanked author for this post.

Cybertooth, Perq

Reply | Quote

Why are you worried?
It may prevent old boot CD/USBs booting, but you just create a new one with updated Windows files. No obvious downside IMO.

cheers, Paul

Reply | Quote

And the hits just keep on coming

 

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-blue-screen-crashes-caused-by-april-updates/

3 users thanked author for this post.

Perq, Cybertooth, lmacri

Reply | Quote

Paul T wrote:

Why are you worried?
It may prevent old boot CD/USBs booting, but you just create a new one with updated Windows files. No obvious downside IMO.

cheers, Paul

If you read the Microsoft post, you’ll see it warns of a litany of potential issues with its signed policy that go well beyond broken boot media, including problems with WinRE, interference with applications and scripts, rolling back updates resulting in a boot loop, slow startup times, and more.

As the sole IT person managing Windows 100 endpoints and three servers, the notion that I can possibly think through and test for all these negative implications of applying a security patch is, well… slightly ludicrous.

Which is why I won’t touch that Microsoft-signed policy with a ten-foot pole and just have to make do with the April update default protections.

 

Reply | Quote

I think we would know by now if there were issues with that patch. This is why we hang around here, issues are reported early.

cheers, Paul

Reply | Quote

I don’t see a clear indication that it’s time to update my W 10 computers. Is it time to update??

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Never Mind. Just updated my main W 10 computer, KB 5056686 .net sec. updt., KB 5055518 W10 22H2 cum. bld 19045.5737, KB 5055683 .net , SSU 10.0.19041.5676

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

SkipH

Reply | Quote

I cannot find, even on the patchlists, any indication whether its advisable to install 5055518 or not? Its being presented to me today. Yay or nay? Win 10 22h2

Reply | Quote

I’m seeing this on the patch list:

Windows 10 Versions 22H2/ 21H2 5055518 4/8/2025  Defer

So – is it still Defer – or OK to install?

Reply | Quote

I installed it with no problems

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

LHiggins

Reply | Quote

And that’s what I saw. No recent update.

Reply | Quote

My Windows 10 22H2 system has Windows Update setting to OFF for showing the latest update which means I don’t want to install Preview updates. For one Preview update that setting did not work.

On 4/16/25 I installed the following monthly updates without any problems.

2025-04 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5055683)

2025-04 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5055518)

On 4/23/25 my PC notified me that a Windows Update needed to be restarted. It appears that Windows Update download and installed the following Preview update and needed a restart to finish the installation.

2025-04 Cumulative Update Preview for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5057056)

Also interesting is at the same time it offered the following Preview update under Quality Updates which is where all Preview updates are offered if I want it.

Optional quality update available
2025-04 Cumulative Update Preview for Windows 10 Version 22H2 for x64-based Systems (KB5055612)

Wonder if this is a fluke for my PC or did other users see this.

HTH, Dana:))

1 user thanked author for this post.

LHiggins

Reply | Quote

Drcard:)) wrote:

For one Preview update that setting did not work.

If you are on a Pro there is a GPEdit setting to block Previews (as well as Bios, Firmware, drivers..) updates.

Reply | Quote

No advise or updated  patchlist? Martin Brinkman seems to feel its not a good update and causes the inetpub folder, but unsuere if that is only win11 and not 10.

 

Windows 10 Versions 22H2/ 21H2 5055518 4/8/2025  Defer

Reply | Quote

inetpub folder was already on my W 10 computers dated January 2021 in properties before I did this months updates. Not sure why that date is shown but it was already there regardless.

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

See #2761854. The part about my Third Win 10.

2 users thanked author for this post.

LHiggins, CADesertRat

Reply | Quote

Drcard:)) wrote:

Wonder if this is a fluke for my PC or did other users see this.

Found the answer:
The KB5057056 update displays in my PC with the word “Preview” in the name, but is not a Preview update and automatically installs on all Windows as indicated in the MS link below:

April 22, 2025-KB5057056 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2

FYI. At the same time the Windows Update creates the empty inetpub folder in Windows folder an inetpub.cdf-ms file is created and placed in C:\Windows\WinSxS\FileMaps folder.

HTH, Dana:))

Reply | Quote

KB5057056 is in fact a preview and is indicated as such in the left panel of the above link for KB5057056. The left panel labeling as a preview is inconsistent with the title of the link at the top of the right panel. But clicking on other left panel links that are labeled as previews will also be inconsistent with the corresponding right panel titles. In other words the inconsistency is, at least, consistent.

Even though it says this update will be automatically installed, you can easily block the .NET previews in Windows Update by toggling the switch for ‘installing other available updates’ to off. Disclaimer: I’m not on W10 right now so I probably don’t have the exact correct wording, but the switch is right below the area where you ‘resume updates’. (I’m on my daily driver Mint 20.3 Cinnamon, where the sun always shines!)

Reply | Quote

Surprised no one has replied on yay or nay on CU. I did see this about an hour ago and still no active links to the sheets:

So, to be clear (thought I was) is 5055518 safe and recommened to install or not? And if so, what to watch out for? Not finding clear (at least to me ) explanations.

1 user thanked author for this post.

LHiggins

Reply | Quote

It says ” recommended you DO INSTALL UPDATES “.

I’ve seen no ill effects from KB 5055518 after installing yesterday.

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Thanks, but usually there is a little more info and the links to the html, pdf, etc do not yet exist to see each individual to confirm for induvidual updates. I can read. I also am missing the “usual” information.

Reply | Quote

My bad.  Got busy and just now updated them.  Can you try it again?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

 

They are there now. Thanks.

Any caveats for Win 10 22h2?

 

Especially since its still a Defcon 3.

Reply | Quote

@SB, just read your alert again and still iunclear as to wether Win 10 CU is a risk or not. Appears the inetpub is business or Win 11 only? And no mention of the .nets

Can I ssume I could/should skip 5055518 and do the other updates or are you clearly recommending to install the CU and with any things to [pay clear attention to.

Sorry, seems this month more information that may not all agree as I read and would like to make a final decision what to do and do it

 

Thanks.

 

PS. I did March. I do NOT have a c:\inetpub

Reply | Quote

The Master Patch List says “Install” in green beside KB5055518.
That seems fairly clear.

 

Reply | Quote

 

Axctually no. Not with a Defcon 3 and a newsletter that is a tad confusing.  If it were that clear, I would not be asking.

Reply | Quote

OK, just did them. Back up and running but now I have a c:/inetpub folder

Reply | Quote

rebop2020 wrote:

…now I have a c:/inetpub folder

I updated yesterday and I have the same folder. Per Microsoft’s guidance, I’m going to leave that folder alone and leave it just where it is.

 

Reply | Quote

I agree Bob.

Reply | Quote

Finished updating the rest of my computers today and inetpub folder was already on all of them before updates and evidently I never noticed LOL

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote