October Patch Day – MS DEFCON 2 – here comes Win 11

Topic

New Reply

Dustin Childs is first of the block with his October 2021 security update review. And yes Virginia, we have security updates for Windows 11. There is
[See the full post at: October Patch Day – MS DEFCON 2 – here comes Win 11]

Susan Bradley Patch Lady/Prudent patcher

6 users thanked author for this post.

Mr. Austin, lmacri, Pim, Mr. Natural, fk5353, abbodi86

Reply | Quote

Replies

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on Oct 12, 2021.

There is a Security-only Update for those with Win7 ESU subscriptions.
There was a October IE11 CU KB5006671 for Win7. Download 32-bit or 64-bit.

October Rollup KB5006743 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

You must have at least the August 2020 Servicing Stack KB4570673 previously installed to receive these updates).

There is a October 2021 Servicing Stack KB5006749 – Download 32-bit or 64-bit for those with Win7 ESU subscriptions.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

For .NET updates listed for Win7. See #2395474.

6 users thanked author for this post.

SueW, Pim, Mr. Natural, abbodi86, DrBonzo, Microfix

Reply | Quote

The B side of my dual boot, Windows 10 Pro, received the Malicious Software Removal Tool along with

KB4023057 Update for Windows 10 Version 21H1 for x64-based Systems

No hiccups.

The A side of my dual boot, Windows 11 Pro on unsupported hardware, received the Malicious Software Removal Tool along with

KB5005537 Cumulative Update for NET Framework 3.5 and 4.5 for Windows 11 for x64
KB5006674 Cumulative Update for Windows 11 x64-based Systems

No hiccups.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

Pim

Reply | Quote

bbearren wrote:

The A side of my dual boot, Windows 11 Pro on unsupported hardware, received the Malicious Software Removal Tool along with

KB5005537 Cumulative Update for NET Framework 3.5 and 4.5 for Windows 11 for x64
KB5006674 Cumulative Update for Windows 11 x64-based Systems

No hiccups.

…until security patches are tied into secureboot and TPM2 for Win11

Windows - commercial by definition and now function...

Reply | Quote

Microfix wrote:

…until security patches are tied into secureboot and TPM2 for Win11

“…until” didn’t happen today.  Sometimes “until” stretches to “forever”, one simply has to wait.  In the meantime, “laissez les bons temps rouler”  So far, Microsoft Defender has received one to three Definition Updates every day since upgrading on the 4th.

If security patches are at some point in time tied into Secure boot and TPM2 for Windows 11, there will be workarounds; there always have been.

The first line in my signature is there for a very good reason, and it’s in red in the hope that it does not go unnoticed.  I do the things that I do because I can, and if I pooch the system I can always restore and try again.  I’ve done it literally hundreds of times in the past two decades+.

No FUD for me, thanks.

I’ll add that I’m now on Windows 11 Pro Version 21H2 (OS Build 22000.258).

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

Pim

Reply | Quote

Your Win10 21H1 did not receive the October CU?

Reply | Quote

Windows 11 Enterprise (Build 22000) test system with a BitLocker encrypted drive tripped BitLocker protection after rebooting as part of the installation of KB5006674. BitLocker recovery key had to be entered to continue booting the system. BitLocker protection was not tripped on subsequent reboots. Build version after patching 22000.258.

Test system: Lenovo T14 Gen 1 (20UD000GUS) laptop, BIOS 1.35, 16GB of RAM, Samsung (MZVLB512HBJQ) 512GB NVMe SSD, All hardware drivers from Windows update, Microsoft 365 Apps for Enterprise Current Channel (16.0.14430.20298)

 

Reply | Quote

The Patch Tuesday updates showed up, and were installed on the unsupported test system. (mentioned in the “So Have You Been Offered Windows 11 Yet” thread).

No issues so far.

We’ll see how it goes.

Reply | Quote

Win 11 Pro – just installed

KB5005537 Cumulative Update for NET Framework 3.5 and 4.5 for Windows 11 for x64
KB5006674 Cumulative Update for Windows 11 x64-based Systems

No problems.

--Joe

Reply | Quote

oh no now what??

The processor isnt currently supported for Windows 11

Processor: Intel Penntium CPU G3420 @ 3.20 GHz

Reply | Quote

See how to install Windows 11 on unsupported systems in the “So have you been offered Win11 yet” thread.

 

Reply | Quote

Windows 10 is just fine.  Why do you need to do anything other than install updates on Windows 10 when you are given the all clear?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

“Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it”

Wouldn’t zero-day patches qualify as an “immediate, pressing need”?

Reply | Quote

I don’t define these as zero day patches.   Zero day to me are when Microsoft has released an out of band update. When they see widespread active attacks.  Currently the vulnerabilities for which there are active attacks have only been used in targeted attacks.  We’re still watching for and dealing with side effects.  The smart Askwoodites know to be careful, don’t click, don’t browse while we wait for the all clear.  Obviously you have to set the risk factor for you (and if you are an IT admin) for your firm.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Performed the following steps:

Downloaded the Media Creation Tool from here:
https://www.microsoft.com/en-us/software-download/windows11

Made a USB and used setup.exe to install Windows 11

There were no installation errors.

Several observations:

• Microsoft backup (Windows 7) still exists, but in a slightly different place.
• There were new Microsoft programs that I removed.
• Standard functions such as start are awkward, but not impossible.
• Many functions required twice the number of key strokes as Windows 10.
• Round corners are the new old look rather like fins on cars.

In short, nothing I viewed warranted a new Windows version. (The installation, cleanup, and subsequent backup sure ate a bunch of time, though.)

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

4 users thanked author for this post.

Berserker79, Microfix, doriel, NaNoNyMouse

Reply | Quote

Windows 11 October Cumulative update makes performance issues on AMD processors worse.

https://www.windowscentral.com/windows-11s-first-cumulative-update-makes-amd-cpu-issues-worse-fix-coming

Reply | Quote

As I understand this problem, it is an issue with the L3 cache memory architecture on the Ryzen chips. I suspect that 1.) most users will not notice and 2.) it will be fixed in relatively short order.

--Joe

Reply | Quote

Windows 11, according to Microsoft and Intel, was optimized for Intel’s 12th gen CPUs. All other Intel’s 8th gen – 11th gen and all AMD CPUs were left behind.

AMD had 4 months of insider builds to test Windows 11 and they didn’t do so.

Reply | Quote

aha, that old chestnut WinTel again..
having typed that, I dropped AMD years ago.
Athlon XP Barton was my last AMD CPU.

Windows - commercial by definition and now function...

Reply | Quote

build 22000.282, which contains a fix for this issue. is in the beta and release preview channels. It should be for the general public soon.

--Joe

Reply | Quote

It makes me velly hoppy that Microsoft thinks my very powerful desktop isn’t ready for Windows 11. As if I’d actually want that! 😉

Human, who sports only naturally-occurring DNA ~ oneironaut ~ broadcaster

Reply | Quote

I wish that Windows 11 notes here could be separated from those for Windows 10. At this time, I think that the majority of people really don’t care about Windows 11 – either because they can’t (easily) update to it or don’t want to – but do really want to know if Windows 10 patches are ok.

2 users thanked author for this post.

David F, Seff

Reply | Quote

How about next Patch Tuesday I do a post on that day *just* for Windows 11 and then the main one for 10/8/7 so you can track the side effects separately?

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

David F, Graham

Reply | Quote

The same could’ve been said when 7/8/8.1/10 was released. As long as the comments are clearly marked about the affected release that should be sufficient.

--Joe

1 user thanked author for this post.

SueW

Reply | Quote

Susan Bradley wrote:

How about next Patch Tuesday I do a post on that day *just* for Windows 11 and then the main one for 10/8/7 so you can track the side effects separately?

I think that would be helpful during the initial period with Windows 11. At the moment 11 is quite likely to have issues that 10 does not, but after a while, that will settle down and the most important issues (security and basic functions like printing) are likely to be common to both.

Reply | Quote

That was me, not logged in *again* thanks to Firefox’s fairly recent habit of forgetting logins. I relly do need to give up on Firefox.

Reply | Quote

Try Opera.

Reply | Quote

Wayne wrote:

Try Opera.

I actually have Vivaldi as my second browser.

Reply | Quote

Installed (using WUmgr) KB5006670 on 21H1. All is well.

1 user thanked author for this post.

CAS

Reply | Quote

Is Microsoft trying to pursue the ‘paperless office’ fantasy?
It’s now three months in a row and printing issues with printnightmare taking the headlines.
Fixed, fixed again and now more reports of issues with printing!
Reports on bleeping computer forum continue to pour in..
as per Susan’s Bleeping Computer Forum link.

Uninstalling the October CU seems to be THE workaround
for many dependant on systems, seats et al, as everthing works as intended thereafter without the need to re-install printers.

Then, there’s the MSHTML zero-day exploit that the October CU
closes which has been widely exploited..along with a Windows print spooler spoofing Vulnerability CVE-2021-36970

So what gives, no printing or widely used zero-day exploitation?
geeeez who tests this stuff?

Windows - commercial by definition and now function...

Reply | Quote

New Windows 10 KB5006670 update breaks network printing on bleeping computer now..sigh

Windows - commercial by definition and now function...

Reply | Quote

Windows 11 installed on Dell Latitude E5250 as Windows2Go, on a SATA SSD with a USB3-SATA bridge. Surprisingly this worked very well, except for TRIM which became Optimize/Defrag, and I pulled the brake on that one.

Moved drive to White Macbook A1181 (2006) with 4GB RAM, of which only 3GB is usable for Windows. It was very sluggish at first, but after the usual driver reshuffle and updates it quieted down. Her I CAN TRIM the drive, in return for that there is no functional brightness control and touchpad is seen as mouse, no driver available. Can’t be bothered with BootCamp, since this was just an experiment. Vivaldi and Brave Browser are usable in moderation, Edge seems almost snappy.

Just an experiment, ignore, will be formatted tomorrow anyway   =:-)…

Reply | Quote

anonymous wrote:

Surprisingly this worked very well, except for TRIM which became Optimize/Defrag, and I pulled the brake on that one.

Optimize/Defrag is TRIM.  Windows recognizes the SSD, and only TRIM will be used.

Reply | Quote

FYI,

2 Windows 10 Home v21H1 systems (one x64 and another x86 system)
————————————————————————
Resumed update via Windows Update yesterday and installed the following :

– 2021-10 Cumulative Update for Windows 10 Version 21H1 for x64 (x86)-based Systems (KB5006670)
– 2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H1 for x64 (x86)-based Systems (KB5005539)
– Windows Malicious Software Removal Tool for x64 (x86)-based Systems v5.94 (KB890830)
– 2021-09 Update for Windows 10 Version 21H1 for x64 (x86)-based Systems (KB4023057)

2021-09 KB4023057 installed the Microsoft Update Health Tools version 2.84.0.0 and are listed as both a program under Control Panel > All Control Panel Items > Programs And Features and as an app under Settings > Apps & features.

Paused Windows Update for both systems to furthest date available.

New OS Build : 19043.1288.

1) Scanning and printing via USB cable to local printer are working. No network printing here though.
2) Passed both DISM, SFC and CHKDSK checks before and after patching.
3) Might be relating to the patching (or not) as I was also installing updates to some desktop applications right after patching. Notice that the file association to application might have been reset in the x64 system (but not the x86 system) e.g. clicking .pdf, .txt, .html, and .png files will now prompt a notification to select the corresponding application for opening.

So far both Windows 10 systems are running stable.

Hope this helps.

Reply | Quote

Have a Win 10 Pro v21H1 OS. Had temporarily paused updates (Windows Update | Advanced Settings | Pause Updates | Pause Until | October 15, 2021) and received three updates:

KB890830 : Windows Malicious Software Removal Tool x64 – v5.94
KB4023057: 2021-09 Microsoft Update Health Tools v2.84.0.0
KB5006670: 2021-10 Cumulative Update for Win 10 v21H1 x64 (Build 19043.1288)

The updates went smoothly and I haven’t noticed any glitches so far (this is a home computer so I don’t have any network printers). This is also the third Patch Tuesday in a row (Aug/Sep/Oct) that I’ve received a new version of KB4023057 / Microsoft Update Health Tools (just an observation, not a concern since I know how to hide this update if it ever causes a problem on my system).

I did not receive KB5005539 (2021-10 Cumulative Update for .NET Framework 3.5 and 4.8) but I gather that’s expected since this month’s .NET Framework update does not include a security update, and I’ve enabled Computer Configuration | Administrative Templates | Windows Components| Windows Update | Windows Update for Business | Select When Preview Builds and Feature Updates Are Received and set to “Semi-Annual Channel” (defer for 1 day) in my Local Group Policy Editor (gpedit.msc) to prevent delivery of “preview” builds. At least that seems to be the general consensus as to why my .NET Framework hasn’t been updated since KB4601050 was delivered in Feb 2021 (see donnegar’s June 2021 .NET Update Confusion for a discussion on this topic).
———–
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H1 build 19043.1288 * Firefox v93.0.0 * Microsoft Defender v4.18.2109.6 * Malwarebytes Premium v4.4.8.137-1.0.1474

Reply | Quote

Win 10 21H1 64 bit.  With WUMgr, downloaded Oct CU KB5006670 along with .NET and Office updates), installed OK, stable for 2 days including net printing (HP).

Reply | Quote

Updated .NET 5.0.11 – October 12, 2021.

https://www.catalog.update.microsoft.com/Search.aspx?q=.NET%205.0.11

https://dotnet.microsoft.com/download/dotnet/5.0

Reply | Quote

Alex5723 wrote:

Installed (using WUmgr) KB5006670 on 21H1. All is well.

So, it seems there is a network connected devices problem with not just printers.
I tried to copy some files from my USB attached external WD HDD to a networked attached WD HDD with 1Gb/s.
Usually I copy the files at ~1Gb/s. Now, after October patch copy speed is crawling at ~8-50Mb/s !

Reply | Quote

This just in the W11 update queue and installed:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5006746

Does not show as Preview in WUMgr nor as preview in Installed Updates.
None-the-less this update is a Preview.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

CU released outside of Patch Tuesday are most often non-Security Previews, but sometimes OOBs on special occasions.

Reply | Quote

Despite being a preview, the list of non-security changes is extensive as detailed here:
https://support.microsoft.com/en-us/topic/october-21-2021-kb5006746-os-build-22000-282-preview-03190705-0960-4ba4-9ee8-af40bef057d3

How many changes were made “under the hood” in the upgrade code?

How many undisclosed security errors are present?

Having installed W11, I will keep it.

I have “before” and “after” backups.

This transition should prove interesting.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

I’ve routinely blocked KB4023057 (latest offering 2021-09 Update for Windows 10 Version 21H1) under the rubric of rumored problems, no obvious benefits. Today something a bit different showed up in the pending download queue: 2021-10 Update for Windows 10 Version 21H1 for x64-based Systems (KB5005463). Microsoft labels this as the PC Health Check Application with a list of unneeded features along with a check for Windows 11 eligibility. All of my current computers are too old to consider for 11 and will be at their retirement age (10 years +) when Windows 10 runs out, so I don’t really need an additional unneeded function. What gave me real pause, however was the Microsoft disclaimer in this description:

<b class=”ocpLegacyBold”>Important</b> By default, when you open the PC Health Check application, it will automatically install important application updates when they become available. PC Health Check users will not be able to turn off automatic updates. [emphasis added]

Coming as a routine monthly update, is this just another sneaky way for Microsoft to zap user control of updates?

The instructions for uninstalling this thing are right below the disclaimer, so maybe even they realize this might be an annoying step for many users. Anyone else have similar thoughts?

Reply | Quote

Application updates, not Windows Updates.

(And I think they mean just updates for the Windows PC Health Check itself.)

1 user thanked author for this post.

ENShearin

Reply | Quote

Susan and gang – It’s Oct 24.  Do you think we’ll have DefCon 4 soon, or are the issues still too dangerous?  Thanks.

Reply | Quote

Coming this week – but with warnings and caveats.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

SueW

Reply | Quote

This out-of-band update appeared today:

2021-11 Update for Windows 11 for x64-based Systems (KB5008295)

https://support.microsoft.com/en-us/topic/november-5-2021-kb5008295-out-of-band-5540f171-846c-4af0-b363-29b6f02a8935

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote