Massive batch of bug fixes for Windows, Office – KB 4022716, 4022723, with known problems

Topic

New Reply

The dust is still settling, but here’s what people are seeing right now: Win10 version 1703 – KB 4022716 includes a long list of bug fixes, brings bui
[See the full post at: Massive batch of bug fixes for Windows, Office – KB 4022716, 4022723, with known problems]

4 users thanked author for this post.

SueW, ch100, HiFlyer, Elly

Reply | Quote

Replies

Woody, while you have the numbers according to Microsoft, the KB numbers for 1607 and 1703 look weird to me as they are published. Maybe they are the other way around?
They have not been made available yet for Windows 10/2016 as far as I can tell and were not released at the normal time in WSUS.
I noticed in both descriptions that issues with Windows Search have been addressed, which I assume are references to the Outlook Search known issue without providing details.
I cannot comment about the other releases.
There was an update on the Office page about the known issues, but nothing else than more workarounds and an attempt to buy more time on the Microsoft side.

1 user thanked author for this post.

woody

Reply | Quote

From Windows 10 builds 15063.447, 14393.1378, and 10586.965 now available – here’s what’s new [Update]
Update: Over nine hours after the updates were announced, 15063.447 is now available via Windows Update, and the link to manually install them works. Unfortunately, the 1607 and 1511 updates still aren’t coming through Windows Update, so your only option for those is to manually install them.

3 users thanked author for this post.

ch100, woody, MrBrian

Reply | Quote

Kirsty wrote:

Unfortunately, the 1607 and 1511 updates still aren’t coming through Windows Update, so your only option for those is to manually install them.

I think they can wait few more hours. There is no such urgency to download manually those patches, when those released 2 weeks ago fix all that was security related and are included in the current patches.

Reply | Quote

All three of the Windows 10 updates are documented by Microsoft as being catalog-only updates.

Reply | Quote

Correction: 15063.447 is available on Windows Update also.

1 user thanked author for this post.

ch100

Reply | Quote

I wonder if, as a Windows-as-a-service service, Microsoft could make this a little more complicated.

I hear there’s also confusion about the Release Preview branch… and something about the Slow Ring that I haven’t parsed just yet.

2 users thanked author for this post.

Cybertooth, HiFlyer

Reply | Quote

Woody, I was going to notify you about the patch for 1703 not having known issues according to the doco, while 1607 does have, but someone else (Kirsty?) notified you before I had a chance.
I confirm now that the patch for Windows 10 1703 is on WU and also on WSUS. The updates were released earlier in the catalog. I cannot see the patches for 1607 and Server 2016 in WSUS. They may arrive in the next few hours. Older KB3150513 for 1607/Server 2016 have been expired in the last few hours.
Being at the catalog subject, while searching for the current update, I noticed few more updates for 1703 which are available only in the catalog, but are not documented. They were released in the last few days and are tiny in size. Does anyone have any knowledge about them? They are not Dynamic Updates, as those Dynamic Updates are flagged as such.

KB4023543 – last updated 6/27/2017
KB4025632 – last updated 6/22/2017

Preparations for the imminent promotion to CBB?

1 user thanked author for this post.

woody

Reply | Quote

This is unclear from the doco, but it is made even more confusing because the patches were originally released only in the Catalog, while now, after few hours, they seems to slowly be released through the main channels, i.e. Windows Update.

Reply | Quote

I based it upon the info in the “How to get this update” section of the given update.

1 user thanked author for this post.

ch100

Reply | Quote

Now it has become more clear.
The latest update for 1703 is on Windows Update, WSUS and Catalog.
The latest update for 1607 is only in the Catalog.
The list of fixed issues is different, but both address the well-known Outlook Search bug introduced in the previous CU. That bug is not as critical as it was previously thought and can be resolved without further patches, but this is not obvious to everyone and require time spent doing further research and implementation.

Why are the 2 CUs treated differently, one is mainstream (intended as) mandatory CU for 1703, while the other for 1607 is treated like a non-essential hotfix?
Just a guess, it may have something to do with the CB status of 1703 which is seen as pre-release software for this reason and as such not subject to the same quality controls and restrictions in implementing changes like 1607.

2 users thanked author for this post.

woody, MrBrian

Reply | Quote

Some Outlook updates are available at the link Woody mentioned. You need to click on a given issue to expand it.

2 users thanked author for this post.

ch100, woody

Reply | Quote

Thanks, I missed them previously. However, I am personally not very much interested in hotfixes which are not made widely available on Windows Update. I install everything which comes on Windows Update, even timezone updates for Morocco (I don’t live in that part of the World, the example is related to KB4020322, released yesterday in WSUS and Catalog, but not on WU – will likely be part of the next monthly rollup though), but do not install if they are not made available mainstream on Windows Update.
They could be good patches, however they tend to mess up with the supersedence in the same way in which KB3125774 does the same if they are not on WU. For now, I would install all patches available 2 weeks ago, with a single exception which is the Outlook patch for each version.
The current patches are too early to install, especially taking in consideration that they do not address pressing security issues, quite the opposite in some ways – IE security being relaxed to fix an obscure printing issue with iFrames. There are other issues with IE and iFrames which have never been fixed because they affect a very small number of users, unsupported and outdated versions of software, which makes me believe that iFrame related problems are an ongoing issue for IE.

Reply | Quote

Two things about June 27, 2017, update for Outlook 2010 (KB3015545).

a) this fixes problems caused by June 13th update: 3203467.

How come the fix has a lower number than the first update?

b) The June 13th culprit was delivered by Windows Update. But the fix can only be installed manually, not via Windows Update. So it will NOT resolve the issue for many users (those who rely completely on Windows Update).

I can’t check my home computer (holiday!), but maybe someone else can tell. Last time I cheked, 3203467 was in the list, but already unchecked by MS. Has anyone else seen this? And what is the status of 3203467 now? Still unchecked, or checked (if so: would the fix be included?

 

Reply | Quote

anonymous wrote:

How come the fix has a lower number than the first update?

According to the MS website, the release date for KB3015545 is 6/26. Microsoft numbers as Microsoft numbers.

anonymous wrote:

b) The June 13th culprit was delivered by Windows Update. But the fix can only be installed manually, not via Windows Update. So it will NOT resolve the issue for many users (those who rely completely on Windows Update).

It is not unusual for MS to issue hotfixes through the MS download site (as this one), or the MS Update Catalog, for manual installation. They are usually rolled into the updates offered through Windows Update on the next Patch Tuesday, but are not offered through Windows Update individually.

2 users thanked author for this post.

HiFlyer, woody

Reply | Quote

Thank you, PKCano! Once again you have cleared something up for me

1 user thanked author for this post.

HiFlyer

Reply | Quote

Here is what I have found.

The June 27, 2017, update for Outlook 2010 (KB3015545) as of June 28, 2017 @ 12:48 EDT says the following: “This update is only available for manual download and installation from the Microsoft Download Center” and “This update for 32-bit Outlook 2010 is under development and will be posted here when available.”

In my Win7Pro-64 SP1, the original kb3203467 still shows up in WU as UNCHECKED.

Will the KB3015545 be a patch of the KB3203467 (does that one have to be installed first and then patched), or will KB3015545 ‘replace’ the first patch and still close the vulnerability?

Reply | Quote

Just a note. When I went to the Microsoft website for the above info, there was a small “Virtual Agent” applet in the lower right corner that was labeled ‘preview’. Anyone else see that?

Reply | Quote

What a shambles. If I produced a cluster such as this at work I would be fired, and rightly so.

Windows 10 Home 22H2, Acer Aspire TC-1660 desktop + LibreOffice, non-techie

2 users thanked author for this post.

SueW, HiFlyer

Reply | Quote

I’m not sure I’d go so far call it a “cluster”.

I can’t help but think it’s being made out to be more than it really is, having run now for well over a week with the June updates on my own critical systems and seeing no problems whatsoever.

Of course, my success doesn’t reflect everyone’s results… Each admin/user provisions, configures, and uses their Windows systems differently, and mine are likely set up and used in a way that’s a fair bit more “back to basics” than most, because I’ve found that that’s simply what works best with Windows.

As pertains to this month’s particular set of updates, I don’t use indexing AT ALL, for example, and as such I have not experienced the problems others have seen with searching in Outlook. I believe I have benefited from the decision to deconfigure indexing many times over, this being the latest occasion.

Also though I do use IE, I virtually never want nor expect to be able to print things in iFrames. Generally speaking, I block things that would appear in iFrames (e.g., ads), so to me this latest “shortcoming” seems more like a feature than a bug.

I know, that seems like an awful lot of explanation to justify a comment about a subjective judgment.

-Noel

1 user thanked author for this post.

ch100

Reply | Quote

I have to disagree with the advice (?) for disabling indexing, but everything else is an excellent assessment. I use IE as well and I don’t see the iFrame printing as such a big issue as it is made to look like. It is just a nice feature to be, but beyond that…
To be clear for everyone, the page as a whole prints correctly as it is intended, with or without the so-called bug.
The issue is resolved in the latest round of CUs or hotfixes, the difference in publishing the fix depending on the OS of choice.

1 user thanked author for this post.

woody

Reply | Quote

“Can anybody remember back when patching Windows wasn’t so complicated?”
XP days. Patches came out, and I installed them the day they came out without hesitation. Didn’t even look up the KB’s to see what they actually fixed – because the trust was still there. “Those were the days!”

11 users thanked author for this post.

samak, dononline, Cybertooth, The Surfing Pensioner, lurks about, DAVe3283, ryegrass, SueW, Bill C., Noel Carboni, AlanH

Reply | Quote

What stops you to do the same today?
Saying that XP patching was reliable compared to the current systems is totally misleading.

Reply | Quote

Oh, you can do the same today, it’s just not advisable. I don’t think that line of thinking is misleading, but that’s JMHO.

I don’t remember any regular XP patches causing problems; the drivers did, but those were unchecked anyway by default, and it only took 1 time with 1 busted audio driver to keep me from ever doing that again.

Again, my issue is that the trust is not there.
MS has snuck enough in, and fiddled around enough without saying they were doing so – whereas they didn’t use to. Installing updates the minute they hit WU is like playing Russian roulette now.

4 users thanked author for this post.

SueW, samak, dononline, wdburt1

Reply | Quote

And that is the rebuttal.

1 user thanked author for this post.

dononline

Reply | Quote

“What stops you to do the same today?”

MS-DEFCON 1 perhaps?

Until the era of the great GWX war, I was happily patching along and grateful for the continuing fine service from microSoft.

Deeply wounded and disabled by the horrible war, not so much any more. Now I just roll another cigaret, lean back and let the quality updatings, bugs, fixes and what not “amuse” me… nothing gets installed until weeks or months later.

Or until you, Woody and the brilliant team says we’re good to go…

3 users thanked author for this post.

The Surfing Pensioner, SueW, zero2dash

Reply | Quote

Thanks Woody, this site and patched resolved our search issue.

Reply | Quote

My previously updated (as of mid-June, Group A style) Win 8.1 test VM today showed one update available via Windows Update:

KB4022720

I have just installed it for testing. Normally I would wait for the normal patch day but are issues in the bugfix list that could potentially apply to my systems (e.g., a possible remote desktop hang; I haven’t seen it, but I do rely on RDP).

The installation went smoothly and the system booted right up without unexpected errors in the log. It does basic things like run applications and browse successfully. I’ll advise if I find anything amiss after more thorough testing.

-Noel

1 user thanked author for this post.

ch100

Reply | Quote

The Preview patches are as they are, good for those who require them, but not recommended for mainstream as they are in early stages and do not address critical security issues.
This is why they are flagged as Optional, otherwise they should be at the same level of quality like any other patches and it is not a mistake at all to install them. It just involves a greater tolerance to the the risk that they may misbehave and potentially require uninstalling as a result.

1 user thanked author for this post.

Noel Carboni

Reply | Quote

I also have KB4022720 offered as an optional update on my W8.1 system. I am trying to make the connection, if any, between the June security/quality cumulative update and the new preview patch. I have not yet installed any of the June security updates for Office 2013 and W8.1 due to the QA issues which have been noted.

Reply | Quote

The Security Monthly Quality Rollup has three components: security updates, non-security updates and the cumulative patch for IE11. It is issued as a checked important update on the second Tues of the month.

On the third Tues of the month, the Preview patch comes out as an unchecked optional update. It will become the non-security part of the following month’s Monthly Rollup. It is issued for testing purposes for IT professionals for the three weeks until it is rolled into the next month’s Rollup along with the security and IE components.

1 user thanked author for this post.

ch100

Reply | Quote

It should be mentioned that the Preview patches have been delayed this month June 2017 for one week from the regular schedule, otherwise it is all back to normal.

Reply | Quote

The verbiage about KB4022723 on the main AskWoody.com page should be “..build 14393.1378, not “..14393.11378..”

The link to the MS page listing Win10 version show it as KB4022723: OS Build 14393.1378

If MS would clean up the Window 10 version number systems, it would eliminate brain jam for simple minded people like me!

Reply | Quote

oops. Got that one.

Thanks

Reply | Quote

woody wrote:

Please tell me if you can translate this paragraph from the announcement:

Slow Insiders will not automatically get new builds immediately because MS want to test phased deployment. If they want a new build immediately they can manually check for updates.

Reply | Quote

Thanks. That’s much more succinct and understandable than the MS bafflegab.

Reply | Quote

MikeFromMarkham wrote:

MS bafflegab

Thanks. That’s a great new phrase to a to my vocabulary.

Reply | Quote

Not happy at all. Very busy day, just wanted to shut down systems. Didn’t expect any update since its not patch Tuesday. I am in the ‘business ring’ or whatever it’s called. Why I suddenly get an insider update pushed I don’t understand. We just ran our images and backups today, not expecting this at all. Microsoft makes a huge mess of Windows 10, you can’t image how much enough I have of it.

Reply | Quote

If you are running an Insider Preview, by definition you should expect the unexpected.

Microsoft is trying to stay ahead of the exploits that were released, by such as the Shadow Brokers Hacker Group, by patching vulnerabilities. They are also trying to fix issues from last month’s patches that are affecting many people.

Reply | Quote

I am not an insider at all, even at the business branch. However, there was some unclear description of this update it turned out. Anyway, it does give some troubles for sure. Somehow  the store generates update errors regularly since the update. Right now I am trying to restore an image for the 7th time, it’s all getting complicated and tyring. I regret the day I ever installed Windows 10.

Reply | Quote

From .NET Framework June 2017 Cumulative Quality Update for Windows 10 (June 27, 2017):

“Today, we are releasing a new Cumulative Quality Update for the .NET Framework. It is specific to Windows 10 Creators Update (1703).”

1 user thanked author for this post.

ch100

Reply | Quote

This would partially explain why the 1703 update was pushed through WU and treated as mandatory update (Windows 10 style) while the other preview updates have not.

1 user thanked author for this post.

MrBrian

Reply | Quote

woody.

you forgot to mention KB4032695 for Win10 RTM v1507 which is similar to KB4022716, KB4022723 & KB4032693.

I checked the MS Update Catalog site on 6/28 at 1:15am past midnight and the KB4022716 update for Win10 v1703 became available there.

Reply | Quote

It was mentioned and linked here

Reply | Quote

1507 is past its due date, I think it is best placed in the history bin, like XP and Vista.

Reply | Quote

Microsoft Pushes New Privacy Interface to Older Windows 10 Versions
https://www.thurrott.com/windows/windows-10/121097/microsoft-pushes-new-privacy-interface-older-windows-10-versions

Posted on July 1, 2017 by Paul Thurrott

 
Microsoft is also reminding users that the initial version of Windows 10—retroactively named version 1507 as it was released in July 2015—is no longer supported. This means it will no longer receive the monthly security updates that Microsoft describes as quality updates. That is, it is unsafe to use this version of Windows 10 and you should upgrade immediately. It’s free to do so, of course.

Reply | Quote

I am *NOT* running an insider preview. Especially not since this is a business machine used for work.

Reply | Quote

anonymous wrote:

Why I suddenly get an insider update pushed I don’t understand.

I must have misunderstood your use of “insider update.”

Reply | Quote

Also here (https://support.microsoft.com/en-us/help/4022716/windows-10-update-kb4022716) is nothing mentioned about an inside preview. Can anyone explain what is going on here? I start to be confused and worried. Did I get an update that was not meant for mainstream? And if so how on earth is that possible???

Reply | Quote

KB4022716 was issued through Windows Update and was intended for mainstream. It contains a bunch of bug fixes.
So, yes, you were supposed to get it.

Reply | Quote

Just had our 3rd user get nicked by one of the Outlook 2010 issues due to the June patches.
(Hopefully this finally pushes someone above me over the edge to let me finally add the WSUS Role to one of our servers.)
Unfortunately the 32-bit Outlook 2010 patch’s patch is “under development”, but the 64-bit one is available.
https://support.microsoft.com/en-us/help/3015545/june-27-2017-update-for-outlook-2010-kb3015545
Why in the heck Microsoft obviously made the 64-bit patch the priority, when the Office installer by default installs the 32-bit version of Office (even on the dual 32/64-bit ISO) is anyone’s guess.

I’m almost not surprised by anything this bunch of clowns does at this point. I’ve heard people in the past joke that Microsoft = job security, but lo and behold, it’s not a “joke” anymore.

2 users thanked author for this post.

SueW

Reply | Quote

I’m having the same issues with 32bit not being available yet? WTH Also the whole search issue being tied to windows search and its a different patch for each OS, and windows 7 fix is in the Preview patch, 1511/1607 update is only available via catalog update.. its crazy

Reply | Quote

Download update 3015545 for 64-bit version of Outlook 2010

Note A new update for 32-bit Outlook 2010 is under development and will be posted in this article when it becomes available. The original download package for the 32-bit version was removed from the Download Center after a problem was discovered that could cause Outlook to crash when you preview messages that have attachments. If you already downloaded and installed the 32-bit update, we recommend that you remove it until a new version is available.

Reply | Quote

So the fix is causing problems of its own. More on Reddit: https://www.reddit.com/r/sysadmin/comments/6k09bj/outlook_2010_update_kb3015545_causing_crash_when/

2 users thanked author for this post.

SueW, zero2dash

Reply | Quote

Thank you for linking that.
Now I guess we wait for the patch’s patch’s patch.
What a fri**in’ joke. [rolleyes]

Reply | Quote

Just installed KB4022716 from the catalog onto my Windows 10 test VM. Note that I don’t even bother trying to run Windows Update from the Settings panel manually any more. It’s turning out that keeping online updates impossible (Windows Update service disabled, firewall blocking the required connections, etc.), and installing the cumulative updates directly from the catalog may be a workable strategy with Win 10 v1703 “Creator’s”.

Under this approach and upon hearing of an available update here or somewhere online, I do this:

1. Temporarily change the Windows Update service to “Manual”, start it, then immediately change it back to “Disabled”.
   
2. After that I double-click the downloaded .msu file and it goes right in, no fuss no muss.
   
3. The subsequent reboot after the updates takes down the Windows Update service and when the system comes back up it leaves it off (given that I returned it to “Disabled” above).

Voila, a manageable, controllable update process for Windows 10 Pro.

So far build 15063.447 seems be running pretty solidly. I’m wondering whether maybe this big bug bash might be a run-up to promotion of the Creator’s update to the Current Branch for Business… It HAS been almost 3 months, after all…

-Noel

1 user thanked author for this post.

zero2dash

Reply | Quote

The process I’ve used that seems to work (even on Home), is that I add the pertinent registry keys disabling automatic updates, auto reboot with logged on users, excluding drivers in quality update (and Windows Update), and deferring upgrades. Those things being done, Windows Update does nothing on its own (but of course once you open it, it immediately starts checking for, downloads, and installs updates with no interaction). So, before I do that, I run wushowhide to see what updates are out there…if I want them, I open WU; if I don’t, I don’t open it. Seems like so far, that’s kept my Lenovo 100S on AU (ie CBB), and it only updates when I want it to – once Woody’s hit the DEFCON button and raised the level, of course.

Reply | Quote

Out of curiosity, are you running WUShowHide successfully on v1703? I ask because I initially had some trouble with it (and in getting the online update process to work right in general). Several services I don’t want enabled (e.g., the Windows Firewall service) must be enabled for the online Windows Update to work, so I just sought out a more manual way to go about it.

-Noel

Reply | Quote

I’m only running 1703 in a VM, but yes, after doing my tweaks, I can still use wushowhide.

1 user thanked author for this post.

Noel Carboni

Reply | Quote

I just bought a new computer a Lenovo computer after taking back my HP computer after it had a few issues. Anyway I blocked the 4022716 by hiding it thanks to a neat tool from windows 10 that helps me hide and block updates and such. I’m still waiting to see when it’ll be ready to update. I haven’t add anything yet because I disabled windows update for now due to the storm outside and also I’ve been through a lot of stuff today even getting things settled on my new laptop. So I am thinking of adding the updates next week on Sunday or so.

Reply | Quote

Just received this warning on KB4022716 in a pop-up from Comodo Firewall:

Reply | Quote

Yeah, and it points to https://forums.comodo.com/news-announcements-feedback-cis/please-read-before-updating-to-microsoft-update-kb4022716os-build-15063447-t119928.0.html See a post mentioning it applying to other Windows versions as well. And with Comodo 10 possibly not playing well with Win 7, if the issue will persist when the final update will be released, even more so if it’ll also exist in the security-only one, unless they release a separate hotfix for those still on v8, it’ll be a rock and hard place scenario.

Hoping something will get fixed by then. Preferably by MS, who’ll actually release a final patch that won’t cause these issues. Otherwise it’s not looking good.

Reply | Quote

still defcon 1 for win 7 users ?

Reply | Quote

Yes, there is still a big “1” at the top of the website.

1 user thanked author for this post.

ch100

Reply | Quote

Now it moved to 3, so here is your answer.

Reply | Quote

Installed 4022720 onto our Windows 2012 R2 WSUS server, and it broke WSUS. The admin/management console worked fine, just none of the clients were able to successfully connect, so not sure if it did something to IIS.

Reply | Quote

Very unlikely, it must be a coincidence.
However, please check patchmanagement.org for similar reports and if you don’t see any, then look closer to home

Reply | Quote

Uninstalling the update cleared the issue when we first identified it on Thursday.

And seems like at least one other person has had issue (I started the thread linked below):
https://social.technet.microsoft.com/Forums/en-US/fbf4912e-5d1f-4168-832d-31102c2b0d16/clients-failing-to-connect-to-wsus-80244008?forum=winserverwsus

Reply | Quote

Sorry, I didn’t realise that you mentioned the Preview update which was causing the WSUS issue.
I thought that you made reference to the mainstream June 2017 update which did not have this issue.
Thank you for raising it here.
Unfortunately, not many readers here install the Preview updates and even less run WSUS.
My trial installation of WSUS is on Windows 2016.

Reply | Quote