MS17-006 (KB4012216, KB4012215, KB1042204) and Servers dropping off of the network

Topic

New Reply

Intriguing observation from PB: We had some of our Windows 2008, Windows 2008 R2 and Windows 2012 R2 servers “drop off the network” today.  In most of
[See the full post at: MS17-006 (KB4012216, KB4012215, KB1042204) and Servers dropping off of the network]

1 user thanked author for this post.

lmacri

Reply | Quote

Replies

Well . . . this makes me feel a bit nervous . . .

We typically wait about two weeks to install server side patches.  It’s saved me no end of grief over the years. These patches were just installed across our entire system a week ago or so.  The KB’s mentioned look to be from March 2017.

So far I’ve not had any of the described problems – and we run a similar mix of server versions.   I worry seeing this that there may be a memory or resource leak in the patched code that will trigger after a certain level of load, or a time-frame.  If that’s true then we should start to see this problem in the next few days.

I’m also wondering if the problem outlined in the OP is a factor of certain drivers/devices and the March patches for servers.  One thing we saw, and blocked, was those odd INTEL patches that Woody warned about (Thanks for that Woody!).  Is there any chance that those, or other recently released driver patches from Microsoft,  combined with the March cumulative and security updates, caused the servers to go AWOL?

~ Group "Weekend" ~

Reply | Quote

I work with PB and we patched our Dev/Test systems the weekend after patch Tuesday and it didn’t crop up until this week.  I don’t think it is a driver/hardware combination issue because we are seeing the issue on VMs and physical servers.  I think you are correct in your resource leak assessment based on the timing.

2 users thanked author for this post.

lmacri, NetDef

Reply | Quote

I may preemptively roll back the KB’s before they cause problems.  Part of me wants to be part of the solution finding virtual team, but I don’t want to risk my production servers.

 

My current test bed contains only Server 2016 and some Win10 Pro workstations . . . (learning it’s ways and means) and so far that has not shown a blip of problems related to patching since it was deployed in November 2016.

~ Group "Weekend" ~

Reply | Quote

We have rolled the patches off of our production servers.

Some of the servers from which the patches were removed, then showed that Windows Firewall was on (it previously was off).  This is despite the GPO we have to turn the Windows Firewall off.  A gpupdate /force seems to remedy that situation.

I’ve now also seen similar behavior on our Windows 7 workstations.  One in particular had a Windows Firewall Dialog pop up asking whether to block or allow certain traffic.  This is despite the fact the the Windows Firewall control panel applet showing that the Firewall is off, and that it is being managed by a third party AV tool.

PB

Reply | Quote

I don’t know how pertinent this is, but Windows Update in Win 10 seems to be inextricably linked to the Windows Firewall service. I use a 3rd party firewall package, but in order to succeed in a Windows Update I absolutely have to start the Windows Firewall service, which is normally disabled. Note that even when started it’s deconfigured, AND all the rules are deleted.

-Noel

3 users thanked author for this post.

HiFlyer, lmacri, PKCano

Reply | Quote

Wow. That is rather scary.

Reply | Quote

You might find some info about “secret” rules interesting…

http://win10epicfail.proboards.com/post/2882/thread

-Noel

1 user thanked author for this post.

HiFlyer

Reply | Quote

@Noel Carboni:

I’m replying to one of your posts because I can’t locate one which is “specific” to the latest
Firefox update which just showed up as Version 52.0.2.   It shows the same release date as the “first one” which has the same number except it has “esr” at the end.   I’m baffled as to what this new update actually is, and if it should be installed.

Would appreciate any information you may have on this one.  For now I’m just putting it off until “later”.   I don’t know what else to do.   Thank you for all of the help you provide to this Forum – – – – Right now I’m “lost”.      🙁

Reply | Quote

I’m not a regular FireFox user myself, so I’m not the best person to ask.

I do note that there is a FireFox version 53.0 update out now.

-Noel

1 user thanked author for this post.

walker

Reply | Quote

@Noel:   I just now read your reply.   Kirsty brought the history on this Firefox issue to my attention and I too have noted (only moments ago) that Firefox is now asking to update to Version 53.   I don’t know what the reason is for this.   Thank you for your reply.

Reply | Quote

Firefox ESR is still on 52.x until it shifts up in Q1 of 2018. I still use the older but still current and supported FF 45 branch (45.9), due to be upgraded to the 52(.1) branch with the next update: https://www.mozilla.org/en-US/firefox/organizations/faq/

The latest patch is for security, usability and stability (ESR doesn’t get new ‘features’), it should be upgraded: https://www.mozilla.org/en-US/firefox/52.0.2esr/releasenotes/

Reply | Quote

@Satrow:   It only gets more and more confusing to me – – – – Trying to determine which VERSION of Firefox to update to is the “major” question.    Now I’m being prompted to update to VERSION 53.    Does “anyone” know what’s occurring????

Any and all advice will be appreciated.

Reply | Quote

Walker, I suspect that you might have 2x FF versions installed as ESR won’t be on the 53 branch until next year, so the inbuilt updater (Alt > Help > About Firefox (Should specify ESR, EME Free (old?), or other non-mainstream release) > Check for Updates) shouldn’t offer an update to 53.

Check the Properties of your shortcuts for the FF directories, or use (File) Explorer /Search to track down all FF directories.

Sometimes I have 4-5 different, current non-Alpha/Beta FF versions installed for comparison/testing, I pin them to the Taskbar in a specific order in blocks of 2: ESR 45.x, both x86 and x64 (*other software*) then mainstream Release 53.x, again both x86 and x64 (*different software*) and then FF EME Free or other alt. version that’s current.

If you do have different versions, and esp. if your FF Profile is older than a year or so, you might find that running the latest release version might ‘damage’ the Profile when switching back to an ‘older’ FF branch, better to use different Profiles per version.

Reply | Quote

@Satrow:    OMG!!!   As If I don’t have enough headaches, now there’s a new one.   I don’t know where to go from here – – — – – I’m totally lost.   Thank you for the information, however I am not capable of getting out of this “new” mess.

Reply | Quote

Basically, which link(s) on your Start Menu/Desktop/Taskbar do you use to open Firefox, always the same one, or is there a choice? If there’s a choice, open each one after Exiting the other, and check what you see on (Alt) Help > About Firefox for each different shortcut locations you use and note the result(s).

https://support.mozilla.org/en-US/kb/update-firefox-latest-version?cache=no

Don’t waste time updating them unless you’re sure you are using the version you want to keep. You might want to uninstall the ‘other’ version instead, once you’ve worked out what you have installed.

Reply | Quote

@satrow & NetDef:   Thank you for all of the information – – – – – I just don’t have time to try “anything” at the present time, however I appreciate all of the advice you provided, and “hopefully” I will be able to get to it in another day or two.   I definitely want the ESR and not the Version 53.

I will report back as soon as I have the time to try to figure this one out.   Thank you both again for your help!   🙂

Reply | Quote

@satrow & @NetDef:    I’m the “anonymous” listed above.   I forgot to log in.   My apologies!

Reply | Quote

No worries. We’ll still be around should you require further assistance 🙂

Reply | Quote

@ Walker

As others mentioned, it sounds like you might have more than one Firefox installed.

First:  Which version do you want?

a) If you need plugins like Silverlight, Java (which is doubtful) you should be on the ESR (Extended Service Release) which will support those for roughly another year. You’ll get FF security updates for that for the year, but no new features.

b) If you want to be on the newest release, which does NOT support Silverlight, Java, etc, but will (for now) support Flash, and will generally provide better security and better compatibily with the newest web standards, you should be on (as of today) version 53.0 / 32-bit (recommended).

To clear up your situation:  Go to your Control Panel, Uninstall a Program, and find all listings for Mozilla Firefox and the Mozilla Maintenance Service.  Remove all of them except the version you want!  If you are unsure, remove them all and re-install the version you want.

For the ESR (Extended Service Release) see this page for directions and the download link. https://support.mozilla.org/en-US/kb/npapi-plugins . . . I recommend the 32-bit edition of the ESR for maximum backward compatibility with your plugins.  Don’t forget to keep the plug-ins updated as well!

For the most current version, see this page for the download link: https://www.mozilla.org/en-US/firefox/new/?scene=2#download-fx

Once you are done, if you are running Windows 10, don’t forget to set it back to Default if that’s your preference: https://support.mozilla.org/en-US/kb/make-firefox-your-default-browser

Cheers!

 

 

~ Group "Weekend" ~

1 user thanked author for this post.

satrow

Reply | Quote

@NetDef:  Thank you for all of the information, however my total lack of expertise causes me so much anxiety, I’m not sure “which way to jump”.    I think I should have just been allowed to update the 52.0,2 esr, however before I had the chance, the next time the update appeared it was the version 53.     I don’t show 2 difference versions of FF on the desktop icon (lower tool bar).   When I close it, it just closes.    Have had a myriad of other problems so I couldn’t even “try” some of the options you have listed.   All I can do is try to wait until I have the time to “try” something.    I’ve seen other reports that FF had some serious problems while back that have never been corrected.

Thank you again for the advice.      I sincerely appreciate it!

Reply | Quote

@NetDet:   Apologies for the duplicate msg.   Can’t seem to do anything right!!  Thank you once again for your help.    I just don’t have time right now, and don’t know which way to jump insofar as getting back the “OLD” Firefox I had for “years” without any problems.   All I’m seeing now are reports that there have been “problems”, etc. so it appears that I’m “not alone”.  Once again thank you for the advice you provided.

Reply | Quote

If this issue is related to MS17-006 (Cumulative Security Update for Internet Explorer: March 14, 2017) I suspect the KB1042204 in the thread title and forum tag is a typo and should actually be KB4012204.

Is this strictly a server issue, or is it possible this bug could be related to recent a problem I’ve encountered on my Vista SP2 computer where my internet connection disconnects several times a day?  One of these disconnects just occurred when I tried to reply to Noel Carboni’s 07-Apr-2017 post. I use Firefox ESR v52.0.2 as my default browser but my IE9 browser was automatically updated to the latest Update Version 9.0.59 (KB4012204) by Windows Update during the March 2017 Patch Tuesday updates.

I use the Norton Smart Firewall that comes bundles with my NIS v22.9.1.12.  The Norton Smart Firewall automatically turns off the Windows Firewall but will not function correctly unless the Windows Firewall service (MpsSvc) is started at boot-up.
————
32-bit Vista Home Premium SP2 * Firefox ESR v52.0.2 * IE9 * NIS v22.9.1.12

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Note that the March 2017 Rollup replaces the January 2017 Rollup. In the

A crisis looms for Win7 and 8.1 customers with recently-built computers

topic, I mentioned that just over a month after installing the January 2017 Security Only Rollup, suddenly Office 365 on all of my computers would no longer launch. I have Office configured to never check for updates, and I had not installed any other Windows Updates or changed any software on my Win7 computers. After uninstalling the January 2017 Security Only Rollup KB3212642 and rebooting my computers, Office magically started working again. Note that I never thought to check if Windows Firewall got turned on when I first noticed that Office 365 wouldn’t start up, and that I didn’t check to see if telemetry was being sent. I was in the middle of a work day. So my only concern was to get Office 365 working again as quickly as possible. My instinct to uninstall the January Rollup proved to be both quick and correct.

Given my observations about the January Rollup and the above posts about the March Rollup which replaces the January Rollup, I suspect that these rollups contain time bombs which execute to install telemetry. If true, then perhaps MS is turning on Windows Firewall in an attempt to bypass third party firewalls so that the telemetry can be sent to MS’s servers all over the world. My hypothesis is that MS realizes that third party firewalls could be configured to block contact with the plethora of MS servers which receive telemetry from Windows computers.

This wouldn’t be the first time that MS has shimmed telemetry into Windows Updates. For example, KB3118401, the Update for Universal C Runtime in Windows, is basically another version of the infamous KB2999226. READ THE EULA which is NOT displayed when KB3118401 is installed via Windows Update. KB3118401 installs deep system wide telemetry, may not integrate with Office 365 in order to install telemetry within Office 365, may cause other issues, and may cause eventual system lockup. The last may depend on whatever antivirus program you are using. Since virtually every single Windows program relies on the universal C runtime, everything is sent to MS in the form of telemetry. These are my direct observations after testing KB3118401. As mentioned, KB3118401 is basically another version of the infamous KB2999226.

If I am proved to be correct about the January and March Security Only Rollups, then logically I should assume that MS will continue this practice since MS has a penchant for beating a dead cow with a stick in hopes of reviving the dead cow. What am I talking about here? Windows Phone — dead. Windows 8 (not 8.1) — dead. Windows 10 as MS’s glorious platform for generating volumes of advertising revenue in order to overthrow Google — dead. Windows which used to be one of MS’s cash cows — dead. MS repeatedly shot the Windows cash cow, and MS obviously doesn’t have a clue about how to revive this cash cow since MS is still shooting it while trying to revive it at the same time.

So for me, this would seem to be the end. I do not plan to further update any of my Windows 7 computers.

 

5 users thanked author for this post.

HiFlyer, owdrtn, Elly, walker, woody

Reply | Quote

@GoneToPlaid:     Thank you for the information.   At the rate things are going the future of updates, and the stand-alone updates becomes more and more complex.  I can understand why so many are opting to NOT try to keep Windows 7 updated.   Thank you to Woody, PKCano, and many others for keeping us on top of everything.   Without them we would be totally lost.

Reply | Quote

From abbodi86 in post https://www.askwoody.com/forums/topic/windows-7-8-1-patches-are-up/#post-13605:
‘@gonetoplaid

Maybe you should be certain of things before spreading them as facts

Monthly Rollup do not contain Universal C runtimes, and those has nothing to do with telemetry, they are merely Visual C++ redistributables like other versions (2005,2008,2010,2012,2015,2017)

apparently, you confusing Universal C with “Unified Telemetry Client”, which is included in the Rollup, but has no impact at all on the devices or system functionality’

Reply | Quote

KB4012216 knocked a client’s server offline today.  It was stuck on the reboot screen.

After power cycling it came back up and the update shows a successful install.

Reply | Quote

walker wrote:

@netdef: Thank you for all of the information, however my total lack of expertise causes me so much anxiety, I’m not sure “which way to jump”. I think I should have just been allowed to update the 52.0,2 esr, however before I had the chance, the next time the update appeared it was the version 53. I don’t show 2 difference versions of FF on the desktop icon (lower tool bar). When I close it, it just closes. Have had a myriad of other problems so I couldn’t even “try” some of the options you have listed. All I can do is try to wait until I have the time to “try” something. I’ve seen other reports that FF had some serious problems while back that have never been corrected. Thank you again for the advice. I sincerely appreciate it!

Reply | Quote