Patch Alert: February 2018

Topic

New Reply

This month’s pile of problems pales in comparison to last month’s mayhem, but we’re still facing a handful of significant patching difficulties. My ad
[See the full post at: Patch Alert: February 2018]

15 users thanked author for this post.

Microfix, bobcat5536, dononline, JDeC, Fred, AJNorth, jwhiz56, Tiernan, Elly, Pepsiboy, SueW, HiFlyer, wdburt1, sheldon, abbodi86

Reply | Quote

Replies

Thanks for the update Woody. I always check your site for any update on the patch alert level.

2 users thanked author for this post.

Microfix, HiFlyer

Reply | Quote

I hate it soooo much. :-((( Just wanted to swicth off systems after a busy working day. Hello KB 4077528! Goodbye relaxing free evening :-((((

Reply | Quote

No, you should see it as a game you play!

“An evening full of fun” sounds so much better and positive!

2 users thanked author for this post.

SueW, Cybertooth

Reply | Quote

Perhaps I’m caught up in something strange again.  According to the latest Computerworld article dated today, there are seven pages of material.

https://www.computerworld.com/article/3216425/microsoft-windows/microsoft-patch-alert-februarys-fixes-arent-as-bad-as-last-month-but-problems-abound.html

Each page reviews information from proceeding months going back to August on page seven.

While I’ll admit to missing an occasional entry on Computerworld, it seemed like I should say something just in case there was an error or that multiple articles were accidentally merged.

Win 8.1 (home & pro) Group B, W10/11 Avoider, Linux Dabbler

Reply | Quote

Nope, that’s exactly as intended. CW calls it an “evergreen” article.

Several benefits – the main one is that, if you have a link to an old version, you end up looking at the latest version. Also, you can flip back to previous months.

7 users thanked author for this post.

walker, Cascadian, SueW, HiFlyer, GoneToPlaid, BobbyB, Purg2

Reply | Quote

normally you provide a link to your computer world article.  are you no longer doing that?  you have the line in the post for it, but it’s not a link like usual.

 

john

John W Zerkel

Reply | Quote

As far as I can see, as of 2:00pm CST US, the article has not been published on ComputerWor.d. Link to be added when possible (as usual).

Reply | Quote

Mea culpa! Edits were delayed, but the article was posted about 1:00 Central time. I just now fixed the error and posted the link.

2 users thanked author for this post.

HiFlyer, JDeC

Reply | Quote

Thanks for the latest update Woody! Thanks also to Susan for her already typically insightful contributions.

Once again, however, we Windows 7 users are left with (a) a sense of relief that our machines weren’t the ones that Microsoft decided in its infinite wisdom to upgrade to Windows 10 on its own initiative, and (b) a sense of bewilderment as to whether we should see out the support period for Windows 7 or just say “to h*** with it” and switch WU to “Never check” and be done once and for all with what seems increasingly to be the biggest threat to our machines.

4 users thanked author for this post.

HiFlyer, Sessh, JDeC, wdburt1

Reply | Quote

Agreed…I purchased a new router with excellent firewall and I make regular weekly image backups and a couple of malware prevention programs as well as one of the paid for virus protection programs. In my humble opinion, Microsoft and their botched up update system is worse than a virus or at the least malware. I fear 10 times more what they are going to do my computers more than I fear any virus or malware out there.

6 users thanked author for this post.

HiFlyer, GoneToPlaid, mindwarp, Sessh, Seff, Cybertooth

Reply | Quote

Re: worrying about MS more than malware: I’m sure my coworkers are sick of what has almost become a daily cursing of MS from me, since we’ve had more problems this past week with maintaining any stability thanks to Windows trying to shove 1709 down our throats even with WU disabled a few months before IT is ready to roll it out than malware has ever caused.

1 user thanked author for this post.

HiFlyer

Reply | Quote

woody wrote:

Computerworld Woody on Windows.

Your “(Win10 now surpasses Win7)” link leads to a two-year-old article.

1 user thanked author for this post.

woody

Reply | Quote

That older is still relevant as Microsoft had been claiming Windows 10 had very high installation & user base numbers earlier than that time without proof.

Reply | Quote

I guess I will skip this month updates (Unless we reach MSDEFCON 4 or 5 which I seriously hope but I highly doubt)

Reply | Quote

Still cannot install Jan Updates for Win 7 Group B (fail to install) – nothing like being way behind the curve

Reply | Quote

Since December, I’m off the grid.  I’ll consider getting back on if you give the all clear.  In January M$ objectively crossed the line where the patches were more trouble than they were worth.

Reply | Quote

that’s wise, and I am happy you did it, I got scared with the meltdown patch and installed the january updates ….

Reply | Quote

@wdburt1:  I have reached the point where I am leery of even installing the MSRT and the Windows Defender update (which is always listed as “unremovable”) because there have been too many problems with the updating process, which in some instances involved one or both of these (unless my memory fails me).  Group A,   Windows 7 (Home Prem)x 64.

 

Reply | Quote

From Exceptions in System.Security.Cryptography.Xml.Reference.LoadXml after you install the February 2018 .NET Framework Preview of Quality Rollup updates for Windows 7 SP1, Server 2008 R2 SP1, and Server 2008 SP2: “Microsoft .NET Framework applications might experience System.Security.Cryptography.Xml.Reference.LoadXml exception errors after you install the February 2018 .NET Framework Preview of Quality Rollup updates for Windows 7 Service Pack 1 (SP1), Windows Server 2008 R2 Service Pack 1 (SP1), and Windows Server 2008 Service Pack 2 (SP2).”

Reply | Quote

Issue added to the four most recent updates listed at Windows 7 SP1 and Windows Server 2008 R2 SP1 update history: ‘The LSM.EXE process and applications that call SCardEstablishContext or SCardReleaseContext may experience a handle leak. Once the leaked handle count reaches a certain threshold, smart card-based operations fail with error “SCARD_E_NO_SERVICE”. Confirm the scenario match by reviewing the handle counts for LSM.EXE and the calling processes in the process tab of Task Manager or an equivalent application.’

Reply | Quote

I myself have also stopped all updating as of Dec. 2017. (Also using Opera now).

The confusion, deception, damage and no thoughts of saying were sorry, bah, I  have to work on multiple machines daily, I’ve given up, I just tell the customers to come to this site, read for yourself, install if you want.

1 user thanked author for this post.

HiFlyer

Reply | Quote

woody wrote:

Nope, that’s exactly as intended. CW calls it an “evergreen” article. Several benefits – the main one is that, if you have a link to an old version, you end up looking at the latest version. Also, you can flip back to previous months.

Hi Woody,

That is slick. Yet I wish that for every bolded section a date would be provided just above each bolded section. That said, the entire seven pages of the evergreen article read like a horribly written Greek tragedy in which all of the actors eventually die, leaving the audience wondering, “Why did I bother to sit through this play?”

We have all been trying to wade through this nightmare, under Nadella, of being Microsoft’s beta testers for all new Windows Updates, Office Updates, and all new Windows “features” which are bundled into the Monthly Rollups. The second Microsoft cash cow which is Windows, after Microsoft’s original cash cow which was DOS, is completely bleeding out and is in its death throws due to sheer stupidity. It shouldn’t be this way, and it should have never become this way. Yet it is what it is.

I am on Group B. I backed up all of my computers on Sunday evening. And this morning I decided to install all of the Security Only Windows updates which I had avoided installing, due to various reported issues. I also considered that Microsoft of late has had issues with supersedence. Thus I was careful to install some later Security Only updates first, before installing one or more Security Only updates which were released either the previous month or two months before. Why? Because after spending a lot of time to delve into when issues with previous Security Only updates were subsequently partially or eventually totally fixed, I figured that a reverse supersedence installation method was appropriate in order to completely avoid all issues, for example, Windows Update no longer working.

Let’s use the example, directly above, where some of my Core i5 Haswell CPUs were blocked by Microsoft after I installed the April 2017 Security Only update. Yep, after installing that update, Windows Update wouldn’t run. I uninstalled the April 2017 Security Only update. Yep, Windows Update still wouldn’t run! I then performed a System Restore which I created just before I installed the April 2017 Security Only update. Yep, Windows Update STILL wouldn’t run. Yes, you got that right — System Restore, even though it reported as being successful, did NOT fix the Windows Update issue.

Thanks to AskWoody.com and the mentions of the April 2017 updates unintentionally killing Windows Update for some older CPUs, I had prudently performed differential backups of the OS partitions on all of my Win7 computers. So yep, in order to FIX the issue that Microsoft had KILLED Windows Update for my Haswell CPUs, I had to restore the OS partitions from offline backups. It is what it is, and I wasted half a day in order to recover from this Microsoft fiasco.

The May 2017 Security Only update supposedly resolved these issues of blocking Windows Update for the affected older CPUs, yet it did not completely resolve these issues. The June 2017 Security Only update is the update which did completely resolve these issues.

Thus this morning’s procedure was as follows:

1. I already had installed the June 2017 Security Only update onto all of my Win7 computers.

2. Then I bravely installed the May 2017 Security Only update onto all of my Win7 computers, and rebooted. So far, so good.

3. And then I bravely installed the April 2017 Security Only update onto all of my Win7 computers, and rebooted.

By installing these updates in the reverse order of their release dates, I completely avoided Windows Update from becoming bricked as a result of Microsoft’s ineptitude.

Similarly and for different reasons, I first installed the September 2017 Security Only update before I installed the August 2017 Security Only update.

I always update a log file of what I do, in terms of installing any Windows Updates, with notes and any issues. Here is the final version of this morning’s log file which was edited after I finally and bravely got all of my Win7 computers updated with all Security Only updates through January 2018:

**********************

The October 2016 through March 2017 updates are installed, but the January 2017 update kb3212642 is not installed because it was depreciated by the March 2017 update. This depreciation is undocumented by Microsoft.

Note that there was no February 2017 update.

Install the June 2017 update first, before installing the May 2017 and April 2017 updates (in this order), in order to prevent Windows Update from being blocked on some older CPUs.

Install the September 2017 update before installing the August 2017 update.

The October 2017 update may cause Jet DB issues with older apps. A fix is available.

The November 2017 update may break printing for some Epson dot matrix printers. Update KB4055038 is available to fix this issue. This update is documented by Microsoft as being available via Windows Update, yet this Windows Update never showed up on my Win7 computers. Apparently KB4055038 is not offered in Windows Update if you installed the November 2017 Security Only update. Perhaps KB4055038 only applies if you installed the November 2017 Quality Rollup?

The April 2017 through December 2017 updates are installed.

The January 2018 update is installed.

The February 2018 is not installed.

**********************

I haven’t installed any IE updates since May 2017 since I don’t know what ones have issues and which do not. Furthermore, it appears that the separate IE security updates are NOT cumulative as some have stated. My proof? Install a latter IE security update, and then try to install a prior IE security update. The prior IE security update will merrily install, instead of properly reporting that “This update is not applicable to your computer” if it was superseded. I tested this scenario using a couple of different combinations of updates to try to install, yet using my reverse supersedence method which I described above. It is what it is, yet this is not surprising since Microsoft not only wants everyone on Group A, but also wants everyone on Win10.

As far as the .Net Security Only rollups go, I instead went with what was presented in Windows Update, yet I stopped with the May 2017 .Net updates. Note that I never installed any version of .Net above 4.5 on my Win7 computers, yet note that some programs may require you to do so.

The upshot of all of the above is that has taken me an incredible amount of time and effort, in comparison to the “old days” in 2015 and earlier in which I would readily install all presented Windows Updates, in order to avoid Microsoft’s deep telemetry and in order to avoid the exponential flux of moderately to royally botched Windows Updates. This has literally become a three ring circus. I mean that, literally, since all Windows users now have to be wary of flawed Windows Updates, flawed .Net updates, and flawed Office updates.

Woody, how in the world do you and your team keep track of Microsoft’s watery spaghetti of issues is beyond me. Prior to Nadella, the situation was more like baked lasagna. Yeah, occasionally there might be a layer or two which wasn’t fully baked, yet nothing like the swirling spaghetti mess which we all have been dealing with since 2015.

I sincerely apologize that my reply became a rant, yet I think that this is how frustrated most of us are in terms of having to continue to deal with Microsoft’s neverending stampede of botched updates.

Best regards,

–GTP

4 users thanked author for this post.

woody, Seff, johnf, HiFlyer

Reply | Quote

GoneToPlaid wrote:

Thanks to AskWoody.com and the mentions of the April 2017 updates unintentionally killing Windows Update for some older CPUs, I had prudently performed differential backups of the OS partitions on all of my Win7 computers. So yep, in order to FIX the issue that Microsoft had KILLED Windows Update for my Haswell CPUs, I had to restore the OS partitions from offline backups. It is what it is, and I wasted half a day in order to recover from this Microsoft fiasco.

I run Windows 7 and Windows 8.1 each in its own virtual machine, all running in a Linux Mint host. I wonder if this Haswell “bug” would have occurred for me, since I am running Windows in a VM rather than as the host system on the computer?

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

The April 2017 update killed Windows Update for two of my three Haswell i5 CPUs. I guess it depended on the exact models of Haswell i5 CPUs. Both of mine were were K models, and apparently they were not in the list of “supported” models for receiving future updates. So yes, the April 2017 update could have killed Windows Update in your VM, depending on your exact Haswell CPU model.

Reply | Quote

That’s a good question!  But the good news is that you have a great plan in place by running Linux as your host system.  Worst case if that MS patch happens to botch Windows is that you might need to roll back a VM to an earlier snapshot or backup, but that is fairly easy to do.

I have come to the conclusion that unless you need to run Windows as a host for some hardware dependency that is not supported by Linux, you can run all of your legacy Windows applications in a Win VM and migrate away from total dependency on MS to run (or corrupt) your machine. 

Windows 10 Pro 22H2

2 users thanked author for this post.

Cascadian, Elly

Reply | Quote

I’ve been Linux Mint now since 2009. I work repairing Windows PC’s as a residential IT person. I would not use a Windows machine on a daily basis – it’s just too much trouble & aggravation!

I forget how stable & wonderful it is to run Mint until I get home from a day battling all of the various issues with Windows. I honestly have never had any problems with Mint– other than a config file edit once for my printer. When I tell people about it, they act as if the only reason I am able to use it is because I’m “techie” – but I literally do nothing but turn it on & use it.

On a side-note tp your experience, I do need to have Windows to refer to for some remote calls I get, & the MS OS’s which I run in Virtualbox seem to behave themselves a LOT better.

1 user thanked author for this post.

Elly

Reply | Quote

Are there already any known issues with the February IE11 security update and the February Windows security-only update?

Thanks.

Reply | Quote

Are you experiencing issues that need you to update while we are still at MS-Defcon 2?

MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

Woody’s article today did mention Outlook updates as a security priority, if you are using it.

You might like to check out the Patch Lady February topic, which mentions KB4074598.

6 users thanked author for this post.

Elly, JDeC, OscarCP, woody, GoneToPlaid, HiFlyer

Reply | Quote

Sorry, just checking if anyone there is, as I have noticed that those two patches have not been mentioned much recently, compared with those for .NET and others.

Reply | Quote

I have installed versions of Outlook on 3 computers, none of which use Outlook for email. It seems obvious but it’s not explicitly stated that only if Outlook is installed AND used for email that there’s a security issue. Am I wrong in this assumption/interpretation?

Reply | Quote

Just did notice that Office 365 has yet another update released on the monthly channel yesterday. That makes 4 this month. Why don’t they rename it the weekly channel. This update stuff is just pure madness.

2 users thanked author for this post.

woody, GoneToPlaid

Reply | Quote

Is it Groundhog Patch Day again?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

From February 26, 2018, update for Outlook 2010 (KB4018314):
“This update fixes the following issue:

After you install KB4011273 on a Windows XP or Windows Server 2003-based computer, you receive an error message that resembles the following when you start Microsoft Outlook 2010:

CompareStringOrdinal not found in dynamic link library KERNEL32.dll”

2 users thanked author for this post.

cesmart4125, woody

Reply | Quote

FYI… we have had a few cloudbooks this week that presented no blue screen but simply boot looped on auto repair. DISM removal of package KB4074588 fixed this issue. Moral of the story… not every computer will show inaccessible boot device.

Reply | Quote

A new issue has been added to the most recent six updates listed at Windows 7 SP1 and Windows Server 2008 R2 SP1 update history: “After installing this update, SMB servers may experience a memory leak.”

1 user thanked author for this post.

walker

Reply | Quote

Microsoft has added an issue to Windows 10 articles https://support.microsoft.com/en-us/help/4058258/windows-10-update-kb4058258, https://support.microsoft.com/en-us/help/4074588/windows-10-update-kb4074588, and https://support.microsoft.com/en-us/help/4077525/windows-10-update-kb4077525: “Because of an AD FS server issue that causes the WID AD FS database to become unusable after a restart, the AD FS service may fail to start.”

1 user thanked author for this post.

woody

Reply | Quote

4 of the top 10 vulnerabilities listed at Threat Landscape Dashboard – Vulnerabilities (more info) were fixed in the Microsoft February 2018 updates.

2 users thanked author for this post.

woody

Reply | Quote

I found other evidence that one of the 4 vulnerabilities – CVE-2018-4878 – is being exploited: Flash Exploit, CVE-2018-4878, Spotted in The Wild as Part of Massive Malspam Campaign (Feb 25, 2018)

1 user thanked author for this post.

woody

Reply | Quote