Microsoft botches six (yes, six) Black Tuesday patches: KB 2876063, KB 2859537, KB 2873872, KB 2843638, KB 2843639, and KB 2868846

Topic

New Reply

No, I don’t make this stuff up.Last month, we had four botched patches sent down the Automatic Update chute.This month, it’s six.Admittedly, most of t
[See the full post at: Microsoft botches six (yes, six) Black Tuesday patches: KB 2876063, KB 2859537, KB 2873872, KB 2843638, KB 2843639, and KB 2868846 ]

Reply | Quote

Replies

Woody, thanks for the diligence. I’m a desktop support manager for a Univerisity and am constantly fighting with the security department about why I don’t patch sooner. Your articles help me prove my point. Quick question, I really hate when MS has a prerequisite patch requirement, and then something borks because you don’t have the pre-req. Sometimes those are recommended patches that I don’t apply as a rule. Would it be so hard for them to put in a “detect” feature to any that do require a pre-req and install it for you if you don’t have it?

Reply | Quote

@Jim –

Frequently they do — or they abort requested installation of a patch if the pre-req hasn’t been installed.

Big problem though is the enormous tree of dependencies. This month along we’re going to see half a dozen of them, or more – when MS re-releases the patches.

Reply | Quote

Can we hide the server updates if we don’t need them not having a server? Thanks

Reply | Quote

Woody – as always your posts make it clear why auto-updates are bad (and that applies to Chrome and Firefox as well, not that one has much choice there).

Hopefully MS will get these (and the stuff from last month) fixed soon – let us know when you think it’s time to update.

Reply | Quote

They released fixes for some of the patches last month though.

Reply | Quote

Exchange Server 2007/2010 is another mess BTW with security updates included in update rollups that have non security updates.

Reply | Quote

@Dennis –

They shouldn’t appear on your list, if your system can’t take them.

Reply | Quote

Just saw this on Neowin.net recently Aug. 16:

Microsoft pulls two of its Patch Tuesday security updates

Microsoft has yanked security patches MS13-061 and MS13-066 off their web site due to the problems they have caused. Seems like they’ve been rushed too quickly.

woody, I’m thinking the MS-DEFCON level should be at 1 instead of 2 since at least two patches have been recalled by Microsoft.
I wouldn’t install any August security patches at all until next month.

Reply | Quote

Three updates from July that you recommended we not install (KB2803821..Security Update, and KB 2840628 and KB2844286..both .NET updates) if you didn’t install them are repeated on the August updates. Are we still on hold for them? I have not been able to find anything anywhere that says they have been fixed. Susan Bradley did say a couple days ago that the .NET updates have been repeated in Aug and if you should install them or in some cases, reinstall them. By my read, the only non server update you mentioned for Aug that is a problem is KB2859537, a security update. I assume, though, we are still on hold for the rest as well?
Thanks.

iPhone 13, 2019 iMac(SSD)

Reply | Quote

Woody,

So still don’t install any updates from last month yet…? Thanks!

Reply | Quote

I was vacationing, away from all my computers, for all of the month of July, so the last time I patched was June 5, before June black Tuesday. Clearly we’re at defcon 2 for the August patches. Should I still be waiting for an all-clear before I apply *any* patches from the June, July and August offerings?

Reply | Quote

Well I have trouble with this month patch. NVDIA service don’t like them

Reply | Quote

All the July .NET patches (including the ones I had issues with)have been reissued, and must be reapplied. Don’t be surprised to see them reoffered even if you thought you got them installed last month. (Sigh.) This from Susan Bradley’s Windows Secrets Patch Watch column this week. (Paid content.)

Reply | Quote

In yet another side-effect of my July 2013 MS Updates patching experience, I found that my Toshiba Satellite’s Intel Rapid Storage Technology (RST) Driver and Service had stopped functioning. I don’t think this was a .NET issue. Probably a kernel driver patch issue.

Anyway, I updated from Version 9 of the RST driver to Version 12 (got it from MajorGeeks) and found that after rediscovery of the device, my internal SATA hard drive is working up to speed for the first time in a few months.

So it may have been a previous issue, but the July patches sure didn’t help with that driver issue!

Reply | Quote

@Vern –

It would’ve been better if you had applied the June patches, but given a choice between applying everything and holding for a few weeks – I’d hold off.

Reply | Quote

@Jack –

Yep.

Reply | Quote

@Paul –

Yes, at this point I think you’re better off waiting. Give it a week or so, to see if anything else comes crawling out of the woodwork.

Reply | Quote

@EP –

Good point, but I reserve MS-DEFCON 1 for patches that are so bad, massive numbers of people are getting bit. I have a few examples in my new InfoWorld slide show.

Reply | Quote

Okay I’ll give you that the Exchange one and the ADFS one got badly tested/released, but KB2859537 is looking strongly to be a repeat of a root kit revealer. I have installed it just fine on several of my machines.

I wouldn’t be so quick to beat up Microsoft on that kernel update just yet.

Reply | Quote

Looks like another case where a rootkit interferes with a Windows kernel patch:
http://jameswatt.me/2013/08/18/microsoft-update-kb2859537-prevents-pc-from-booting-if-rootkit-is-present/

Reply | Quote

@Yuhong –

Looks like Susan agrees with you.

If you see more definitive word, let me know – I’ll run it in InfoWorld, too, if we can nail it down…

Reply | Quote

Woody,

So still holding off applying any updates — but I had a question. In my gmail account, I stupidly opened up an email that was in my spam folder that said it was from USPS about a package not being able to deliver. I had reason to believe (well, without thinking) that it could have been legitiate, but it obviously wasn’t. I didn’t click on any links in the email (of course) and just deleted it. Do I have to worry about possibly having got something bad on my system from just opening the email in gmail? Especially with not having applied any MS Updates the last two times (while waiting for your all clear)? Thanks!

Reply | Quote

@Jack –

Don’t worry. As long as you didn’t open the attachment, you’re fine.

Reply | Quote

Thanks, Woody. Just to verify — there weren’t any attachments (I don’t believe), but it wanted me to click on a link in the email. Some images from the email were blocked (I think), but the USPS banner image did show up. I did not click on anything though. So nothing embedded in the html of the email can automatically do anything from just opening up the email in gmail? Sorry to bug again, but just want to make sure. Thanks!

Reply | Quote

@Jack –

That’s correct. Once upon a time it was possible to get infected by just looking at an email in Outlook, but those days are long gone. And if you’re using Gmail or Outlook.com or Yahoo Mail (which I heartily recommend), they’re all very sophisticated at trapping that kind of problem.

On the other hand, if you open an attachment and tell Windows that you want to install a program — then you’ve pulled out the gun, aimed it right at your foot, and pulled the trigger…

Reply | Quote

@Jack –

Ooops. Should’ve made it more clear that I heartily recommend and use Gmail (after swearing I could never live without Outlook), I dabble with Outlook.com (formerly Hotmail) and it’s fine, and I don’t have any experience with Yahoo Mail.

Reply | Quote