Newsletter Archives

• The full story on the Nov 23 re-issue of KB 3197873, 3197874, 3197876, 3197877, 3193479, 3200970

  Posted on November 28, 2016 at 09:10 CST by woody • Comment in the Forums

  Looks like they were all pulled, then re-issued, to minimize the impact on Lenovo servers.

  If you got yours installed, no need to do anything.

  InfoWorld Woody on Windows

  Windows Patches/Security KB 3193479, KB 3197873, KB 3197874, KB 3197876, KB 3197877, KB 3200970, Lenovo server freeze

• Blink and you’ll miss it: Re-issued KB 3197868, 3197873, 3197874, 3197876, 3193479 explained

  Posted on November 26, 2016 at 08:13 CST by woody • Comment in the Forums

  At least, I think they were explained.

  You may recall that KB 3197868 – the Win7 Security Rollup that blew apart Malwarebytes – was mysteriously pulled for a few hours on Nov. 23. Malwarebytes claimed

  This false positive was caused by Microsoft not digitally signing over 500 files included in “November, 2016 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB 3197868)”. Malwarebytes triggered on these unsigned files despite efforts in the 1.80 and 2.x releases to enhance safeguards and prevent false positives on legitimate files. We are working on correcting what actions took place to better protect from this in the future.

  A few hours later, that KB as well as several others came back online, marked “Last modified: 11/23/2016.”Some of the KB articles (noted below) have been modified to include this explanation:

  Known issues in this update

  Some Lenovo servers do not start after this update is installed. Lenovo is aware of this problem and has released a UEFI update to address it. In the interim, Microsoft has changed the detection logic in the update to prevent additional customers from being affected. For more information, see https://support.lenovo.com/us/en/solutions/ht502912.

  Here are the patches I know about, in numerical order:

  KB 3197867 – the Win7 Security-only (“Group B,” for those of you who are following the patchocalypse grading system) patch wasn’t pulled or updated on Nov. 23.

  KB 3197868 – Win7 Nov. Monthly Rollup (that’s “Group A” ) was updated on Nov. 23, but the KB article still says it was last reviewed on Nov. 8. There’s no indication in the article why the patch was pulled – indeed, there’s no indication that it ever was pulled.

  KB 3197873 – Win8.1 Nov. Security-only (“Group B”) patch was pulled and re-released on Nov. 23. The KB article includes the notice above about Lenovo’s UEFI problem.

  KB 3197874 – Win 8.1 Nov. Monthly Rollup (“Group A”) patch was pulled and re-released on Nov. 23. The KB article includes the notice above about Lenovo’s UEFI problem.

  KB 3197876 – Server 2012 Nov. Security-only (“Group B”) patch was pulled and re-released on Nov. 23. The KB article includes the notice above about Lenovo’s UEFI problem.

  KB 3197877 – Server 2012 Nov. Monthly Rollup (“Group A”) patch was pulled and re-released on Nov. 23. The KB article includes the notice above about Lenovo’s UEFI problem.

  In addition:

  MS16-140 /  KB 3193479 , the “MS16-140: Security update for boot manager: November 8, 2016” was pulled, then re-released as well. MS16-160 has this notice

  • V1.1 (November 23, 2016) Revised bulletin to announce a detection change for certain servers running Windows Servers 2012, Windows Server 2012 R2, and Windows Server 2016. Affected servers will not automatically receive the security update. For more information about the servers affected by this detection change, see Knowledge Base Article 3193479.

  But KB 3193479 has no such notice.

  I don’t see any reference in Microsoft’s documentation to the Malwarebytes “maybe false” positive.

  Happy turkey day, everybody.

  Windows Patches/Security KB 3193479, KB 3197868, KB 3197873, KB 3197874