MS-DEFCON 2: Get your machine braced for the Windows and Office patches due tomorrow

Topic

New Reply

It’s that time again. With a little luck, we’ll have more options by the time the May or June Patch Tuesdays come around, but for now it’s the same-ol
[See the full post at: MS-DEFCON 2: Get your machine braced for the Windows and Office patches due tomorrow]

4 users thanked author for this post.

Microfix, abbodi86, Philomene123, Elly

Reply | Quote

Replies

Strange, but my copy of Windows 10 Home does not have the options mentioned to block (or delay) the pending update to 1809.17763.379.  I’ve also noted, in the past, that my copy of Windows 10 Home has never had those options.  (i.e., I actually have no way to block (or even delay) an impending update.

ceridgac

 

Reply | Quote

The option Pause is coming to v1903 for Home users. It may get back-ported into 1803 and 1809 in the next few months.

But up until now, the only way Home users can control updates is with Metered Internet connections (in Settings) and wushowhide.diagcap downloaded from Microsoft to HIDE updates (Unless you use a third-party update blocker).

3 users thanked author for this post.

Elly, Philomene123, woody

Reply | Quote

Or with : Win10 Home, 4 Update Stop/Delay Programs that work!
https://www.askwoody.com/forums/topic/win10-home-4-update-stop-delay-programs-that-work/

Reply | Quote

Look at the section marked “Tired old approach for Windows 10 Home”

Reply | Quote

My first full day of working with my office workstation with the latest updates to Win 10 v1809. Not a glitch in sight. Worked beautifully, and I pushed it pretty hard.

Thanks, Woody, for identifying when it’s the best time to update.

-Noel

Reply | Quote

April 2019 Updates :

Windows 10 1809 : KB4493509 (17763.437)

Addresses an issue that occurs when you enable per font end-user-defined characters (EUDC). The system will stop working and a blue screen will appear at startup. This is not a common setting in non-Asian regions.

Addresses an issue that may cause applications that use MSXML6 to stop responding if an exception was thrown during node operations.

Addresses an issue that causes the Group Policy editor to stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 Internet settings.

Addresses an issue that may cause authentication issues for Internet Explorer 11 and other applications that use WININET.DLL. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons.

Security updates to Windows Datacenter Networking, Windows Server, the Microsoft JET Database Engine, Windows Kernel, Windows Input and Composition, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Storage and Filesystems, Microsoft Graphics Component, Windows Virtualization, Windows MSXML, Windows SQL components, and Microsoft Edge.

Windows 10 1803 : KB4493464 (17134.706)

Provides protections against Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754) for VIA-based computers. These protections are enabled by default for the Windows Client, but disabled by default for Windows Server. For Windows Client (IT Pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use these guidance documents to enable or disable these mitigations for VIA-based computers.

Addresses a stop error that occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting.

Addresses an issue that may cause applications that use MSXML6 to stop responding if an exception was thrown during node operations.

Addresses an issue that causes the Group Policy editor to stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 Internet settings.

Addresses an issue that occurs when you enable per font end-user-defined characters (EUDC). The system will stop working and a blue screen will appear at startup. This is not a common setting in non-Asian regions.

Security updates to Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Storage and Filesystems, Windows Server, Windows Graphics, Windows Input and Composition, Windows Kernel, Windows Virtualization, Windows MSXML, and the Microsoft JET Database Engine.

Windows 10 1709: KB4493441 (16299.1087) The last day of support !

Addresses an issue that may cause applications that use MSXML6 to stop responding if an exception was thrown during node operations.

Addresses an issue that causes the Group Policy editor to stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 Internet settings.

Addresses a stop error that occurs when attempting to start the Secure Shell (SSH) client program from Windows Subsystem for Linux (WSL) with agent forwarding enabled using a command line switch (ssh –A) or a configuration setting.

Addresses an issue that occurs when you enable per font end-user-defined characters (EUDC). The system will stop working and a blue screen will appear at startup. This is not a common setting in non-Asian regions.

Security updates to Microsoft Scripting Engine, Windows Input and Composition, Windows Graphics, Microsoft Graphics Component, Windows App Platform and Frameworks, Windows Storage and Filesystems, Windows Server, Windows Datacenter Networking, Windows Server, Windows MSXML, Windows Kernel, Windows Virtualization, and the Microsoft JET Database Engine.

Reply | Quote

2 users with corrupt Outlook 2016 OST files this morning and 1 with Outlook 2016 that won’t connect. User with Outlook that won’t connect shows an updated version of O365 business as of the date his Outlook quit working.

Reply | Quote

Now up to 3 users with corrupt OST files and one user that can’t connect to O365 at all.

Reply | Quote

Were there any patches applied before the problem started?
Are these all O365 or C2R?
If updates, what were the KB numbers?

1 user thanked author for this post.

woody

Reply | Quote

I’m still firefighting. Looks like the problems started after O365 Business updated itself, and seems to be limited (at least right now) to users with the 32-bit version. Have not been able to suss out any other commonalities or causation – at this point I simply need to get the users back in business and out on the road again. Easiest way to do that for the time being is to blow away their Outlook profile and let it cache back.

1 user thanked author for this post.

woody

Reply | Quote

Except, of course, for the guy who won’t connect at all. Still working on his and have sent him out with a loaner.

Reply | Quote

I assume it’s C2R ????

Reply | Quote

IDN, TBH. It’s whatever I download and install for them from the O365 user web portal. I have one user who says the same thing is happening to him again today. The other 2 users with the OST file problem seem to be OK as of now and the one user who couldn’t connect at all was OK after getting Windows Updates installed and after an uninstall/reinstall of O365 Business product.

Reply | Quote

I guess it is CTR. Version 1903 build 11425.20202

Reply | Quote

Two more users with corrupt OST files this morning. One of them I can’t even give them a new profile – the new OST file goes corrupt right away when the new profile tries to open for the first time. I’m giving up on that one for now and issuing out a replacement laptop.

1 user thanked author for this post.

woody

Reply | Quote

You might try posting the details here:

https://www.askwoody.com/forums/forum/askwoody-support/office/office-365-and-click-to-run/

We have several Office experts who may be able to shed some light. I hope.

Reply | Quote

Thanks. I’ll give it a try. I’d actually like MS to get back to me on this, but our reseller says they’ve not responded. I have a new instance this afternoon, bringing my total to 7 so far.

Reply | Quote

Thought I’d come back and post what happened. It took a couple of weeks of angst, but after the initial swarm of corruption issues I had two users who were having this happen over and over again, despite doing everything I could think of, including uninstalling the 32-bit version of O365 and installing the 64-bit version.

It appears those two users had the underlying problem of an almost full server mailbox – both were at more than 47GB of the 50GB storage limit. After we paired that number down to around 30GB for each of them with a combination of email deletion and offline archiving, the problem appears to have gone away.

So the update for the 32-bit version of CTR still appears to have been the catalyst for the initial swarm. However, I can’t explain why the server mailbox issue was a further complication for the two – I had several other users with server storage use that was similar (but who already with the 64-bit version of CTR) and they never saw an issue at all, and then I had 32-bit users with reasonable mailbox storage usage who never saw the issue beyond the one time.

Anyway, I’m extremely glad to have this behind me!

1 user thanked author for this post.

Elly

Reply | Quote

All of my computers are Windows 7 x64 Group B with either Intel or AMD CPUs.

We are at Defcon 2. I am doing some early testing after having first created a new System Restore point, and after having performed an incremental backup of my OS partition, such that I have two ways to roll back if necessary.

NOTE: Both the April monthly rollup and the April security-only update include Spectre and Meltdown protection for computers with VIA CPUs. This is somthing new. Thus, all users who have VIA CPUs absolutely do not want to install the April updates unless they have either a full, incremental or differential backup of their OS partition. Why? We have already seen BSODs for microcode updates, provided by Microsoft via Windows Update, at least a few times in the past.

I installed the April 9, 2019 KB4493448 security-only update with no issues so far **. This update fixes the issues seen in the March security-only update for netdom.exe, and for IE11 and other apps which use wininet.dll having authentication issues. The latter issue is also present in the February security-only update.

The March security-only update had Kerberos issues which still remain unresolved in the April security-only update. Yet MS has mentioned some workarounds for the Kerberos issues.

My remarks, above, are not applicable to Group A since this year’s monthly rollups list additional issues. Yet the documentation for the April monthly rollup does indicate that a lot of these additional issues have been fixed. This is not to say that Group A Windows 7 users should merrily install the April monthly rollup. Again, we are at Defcon 2.

** I just discovered that, after installing KB4493448, and then launching any Office365 app, I had to sign in again in order to continue using Office365 as a registered user. Come to think of it, I encountered this same issue last month when I finally decided to get all of my Win7 computers updated on Group B from December 2018 to March 2019. Last month, and now this month, are the first times that I have ever encountered this issue.

1 user thanked author for this post.

columbia2011

Reply | Quote

Machine updated and it works fine.

Reply | Quote

I have managed to pause the latest update using a combination of “Metered Connection” setting and making my supposed data limit low. It seems to work.

Reply | Quote