Newsletter Archives

• Problems with yesterday’s Win10 1709 patch, KB 4090913, starting to appear

  Posted on March 6, 2018 at 07:26 CST by woody • Comment in the Forums

  I’m seeing some reports of problems with yesterday’s Patch Monday single-purpose cumulative update for Win10 1709.

  Computerworld Woody on Windows.

  UPDATE: We have a report of the “reboot to black” bug in the Win7 Feb. Monthly Rollup KB 4074598.

  Windows Patches/Security KB 4074598, KB 4090913, KB 4090914, Win10 1709

• Patch Lady Posts – Windows 7 and the SCARD_E_NO_SERVICE error

  Posted on February 28, 2018 at 23:15 CST by Susan Bradley • Comment in the Forums

  Woody wrote ….

  There’s a new bug posted for KB 4074598, the Feb Win7 Security-Only patch, that triggers a bizarre error, “SCARD_E_NO_SERVICE”

  I wanted to elaborate on Woody’s comment here… that issue is only triggered if you have a smart card deployment on Windows 7.  If you don’t have a smart card, you probably won’t see this error.  When I’m checking out if a patch issue is widespread I use what I call the “social test”:

  Can I see issues on twitter, facebook, in google posted in the last 24 hours and hot topics in the answers forum?  If all of those locations are silent, this issue is not widespread.  Nor have I seen it in any of my Windows 7 machines where I’ve applied KB 4074598.

  So if you are on Windows 7 and do not use a smart card to provide an additional two factor authentication into your machine, I would go ahead and install this update.

  The LSM.EXE process and applications that call SCardEstablishContext or SCardReleaseContext may experience a handle leak. Once the leaked handle count reaches a certain threshold, smart card-based operations fail with error “SCARD_E_NO_SERVICE”. Confirm the scenario match by reviewing the handle counts for LSM.EXE and the calling processes in the process tab of Task Manager or an equivalent application.

  Monitor the handle counts for the LSM.EXE process and the calling process before and after installing this update. Restart the operating system that’s experiencing the handle leak as required. Microsoft is working on a resolution and will provide an update in an upcoming release

  Windows Patches/Security KB 4074598, Patch Lady Posts, SCARD_E_NO_SERVICE

• Fourth Tuesday patches trickling in

  Posted on February 27, 2018 at 12:42 CST by woody • Comment in the Forums

  At this moment, I have notes for:

  KB 4018314 — February 26, 2018, update for Outlook 2010. As @MrBrian notes, the big fix here is:

  This update fixes the following issue:

  After you install KB4011273 on a Windows XP or Windows Server 2003-based computer, you receive an error message that resembles the following when you start Microsoft Outlook 2010:

  CompareStringOrdinal not found in dynamic link library KERNEL32.dll

  The list of new KB articles also includes several re-posted .NET Preview KBs, KB 4074805 (February 2018 Preview of Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1), KB 4074808 (February 2018 Preview of Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1), and KB 4073701 (Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 and for .NET Framework 4.6 on Server 2008 SP2), but none of the KB articles mention anything new (they’re still marked as last updated Feb. 23), and the three patches are still missing from the Windows Update Catalog.

  Poster bobcat5536 caught one I missed:

  Just did notice that Office 365 has yet another update released on the monthly channel yesterday. That makes 4 this month. Why don’t they rename it the weekly channel. This update stuff is just pure madness.

  And, sure enough, Microsoft’s official list bears him out.

  There’s a new bug posted for KB 4074598, the February Win7 Monthly Rollup, and KB 4074587, the Feb Win7 Security-Only patch, that triggers a bizarre error, “SCARD_E_NO_SERVICE”

  There’s a new bug posted for KB 4077525, the SECOND Monthly Rollup this month for Win10 1607:

  After installing this update, servers where Credential Guard is enabled may restart unexpectedly. The error is “The system process lsass.exe terminated unexpectedly with status code -1073740791. The system will now shut down and restart.”

  Event ID 1000 in the application log shows:

  “C:\windows\system32\lsass.exe’ terminated unexpectedly with status code -1073740791

  Faulting application: lsass.exe, Version: 10.0.14393.1770, Time Stamp: 0x59bf2fb2

  Faulting module: ntdll.dll, Version: 10.0.14393.1715, Time Stamp: 0x59b0d03e
  Exception: 0xc0000409

  I’m still looking for the Win10 1709 patch — the one that’s supposed to fix the USB and bluescreen problems.

  Did I miss anything?

  I’ll have a post in Computerworld when the dust settles.

  Windows Patches/Security 0xc0000409, 1073740791, CompareStringOrdinal, KB 4018314, KB 4073701, KB 4074587, KB 4074598, KB 4074805, KB 4074808, KB 4077525, Office 365, SCARD_E_NO_SERVICE, The system process lsass.exe terminated unexpectedly

• Weird hibernation state on reboot attributed to Win7 patches

  Posted on February 24, 2018 at 07:49 CST by woody • Comment in the Forums

  We have two reports here on AskWoody of Win7 hibernation (?) problems after installing recent Win7 Monthly Rollups.

  An anonymous poster:

  I installed KB 4074598 on my Windows 7 Desktop PC (I use AMD stuff etc) and it kept putting my PC into a weird hibernation state when trying to restart.. every single time. It wouldn’t show input from the monitors, mouse/keyboard, but the tower would still be running. To get out of this state I had to turn off the PC directly from the button on the tower itself, then turn it back on. It didn’t even do that “windows shut down unexpectedly” thing when you force turn off the PC.

  And a summary of reports on other forums, compliments of @amraybit.

  Looks like the problems started with the January Monthly Rollup, KB 4056894, and continue with this month’s Monthly Rollup KB 4074598. It seems to impact both Intel and AMD chips.

  Ben1907 on the Microsoft Answers forum has had some success, without uninstalling the patch:

  I checked my C-State settings on my ASUS P8P67-M motherboard and they were set to the default settings in the ASUS manual.

  • C1E [enabled]
  • C3 Report [disabled]
  • C6 Report [enabled]

  Playing around by setting different combinations, I found the C1E enabled/disabled did not matter, so left it enabled. However, by setting C6 Report to DISABLED, I have now been able to perform a normal restart/reboot from Windows 7. Tried at least half dozen times and all good so far.

  Thanks for investigating this and putting me on the right path to correct this issue. Microsoft has caused me so many lost hours of troubleshooting problems they inject with updates you wonder if they have any quality control.

  Indeed.

  Windows Patches/Security c-state, hibernation state, KB 4056894, KB 4074598, reboot, Win7

• Patch Lady Posts 2018-02-13

  Posted on February 21, 2018 at 18:58 CST by woody • Comment in the Forums

  So what happened?  Well a funny thing happened to a server.  Long story short, I decided that it was time for a fresh start and a new location courtesy of Woody.  This site will now be the home of the “Patch Lady” and my guidance to installing patches.  But with the new location we’re going to change things up a bit.  First off I’m going to focus not only on patching but guidance on security tweaks and adjustments you can do in both Windows 10 and Windows 7. I’ll be giving you my advice on finding a happy medium between what Microsoft THINKS we want and what we need (hint: we’re moving things to the cloud but the subscription model isn’t always the best solution).  I’ll give you ways to get the security goodness of Microsoft but in spoonfuls that are affordable and reasonable.

  I promise to point out the things I really like about Windows 10 to assure you that I see my future on the Windows platform. But I’ll also promise to help guide you to where you can make Windows 10 to be still YOUR operating system, with the choices and rebooting when you want, and not when Microsoft wants you to make those choices.

  I’ll be making some changes in the content along the way as well. First off I’ll be streamlining the Patch guidance, focusing less on the individual updates for Office 2013 and 2016 due to the fact that Office is pivoting to deploying EVERYTHING via click to run technology. So much so that Office 2019 will only be on click to run as noted on this blog.  I’ll have more on that in an upcoming post. But seeing Microsoft stress their click to run technology so much made me realize that for the vast majority of Microsoft users, you no longer see individual Office updates. You only see Windows updates, and then wonder why something changed in Office that you can’t quite figure out when it started having the issues or how to fix them.

  Click to run is an updating methodology that updates in the background in one “blob”. Rather than individual updates you get the entire suite updated as a whole. Unless you take action, you are by default on the monthly channel – which is a bit of a misnomer – as lately the monthly channel has been updating more than once a month.  As a result the first thing I want you to do after reading the Patch Lady post is to adjust how you get your click to run Office 2016 deployment. I’ll want you to change to the semi-annual feature update channel rather than the monthly update channel. This will move you off the more buggy platform and on to a more stable version of Office.  For Office 2016 you can do this on any version of Office 2016 that you get via the subscription model, unlike Windows 10 mandate that you need the Pro version to control updating.

  Rest assured, moving to the semi-annual channel does not make you more vulnerable to security issues. It merely moves you to a version that doesn’t get feature updates quite as quickly, less updates per month and a much more stable experience, especially in Outlook.

  To move to this slower feature updating schedule perform the following commands as noted from this blog:

  Launch Command Prompt as an administrator.

  Navigate to “C:\Program Files\Common Files\Microsoft Shared\ClickToRun>”

  Run the following command to change the desired channel, let’s say Monthly Channel “OfficeC2RClient.exe /changesetting Channel=Deferred”

  Then type in:  OfficeC2RClient.exe /update user

  Office 2016 will launch a window acting like it’s updating or reinstalling. Which it actually is, as it’s flipping to the slower semi-annual channel rather than the monthly one. To see if the change has taken effect, launch Word, click on File, Office account and review the information on that screen to see if it now has the wording “Semi-Annual Channel” rather than “Monthly”.  Note for consultants or administrators you can also use an xml tool if you are more comfortable with that process.

  On another note, I’m starting to see more and more OEM computers shipped with Office Desktop apps that are causing issues once you go to install the Office 365 subscription. As noted in this Knowledgebase article, make sure you uninstall these temp installs for best experience.

  Before I wrap up this first edition of the Patch Lady Guidance for the month of February, once again thank you Woody for my new home.  I’ll be looking forward to posting more often, being more responsive to bringing you information. I’m even thinking of maybe doing some special video recordings and link them here to better explain and give guidance when there are sticky patching situations to deal with. Bottom line, I’m looking forward to a new start in a new home.  I hope you are too!  Since this is a new start and a new format, let me know if you like the new format or think I should change things up a bit more?

   

  Patch Lady Guidance – February 2018

  The major issues I am tracking are predominantly in Windows 10 1709 release. There are two major issues that are impacting SOME but not ALL Windows 10 1709 users. The first has to do with the loss of USB devices after the install of KB4074588. The only workaround at this time is to uninstall the update. The second issue is more concerning: Some users have seen inaccessible boot device errors after the install of January and February updates. I personally have not seen this on any machine under my control leading me to theorize that the root cause may be the interaction of antivirus during updating. It is my theory based on the fact that all of my Windows 10 1709 machines use Windows Defender as their antivirus, and I’ve seen many antivirus vendors listed as being installed on impacted machines. It appears based on some smart folks in the forum that the acpi.sys driver gets uninstalled and not reinstalled during the updating process. The loss of this driver will trigger the boot error.  The only workaround is to use dism commands to uninstall the recently installed updates and then do a refresh of the operating system. Bottom line because I don’t have any clear cut root cause at this time, if you are running Windows 10 1709 and have third party antivirus, I would make sure you have a full backup of your system before updating.  [Which, let’s face it, is wise to do every month anyway!]  Finally, I’m seeing some folks having issues getting the patch to install at all. Given the above issues, that might not be such a bad thing after all.

  Without further ado, here is my guidance for the month:

   

  Patch Knowledge Base Article	Operating system	Safe to install?	Issues being tracked	Fixing or patching
  KB4074588	Windows 10 1709	Hold – wait for further guidance	Tracking issues with USB side effects on SOME Windows 10 machines.  See this link for details.  Tracking inaccessible boot device as a side effect for SOME computers.  See this link for details.	Patching security vulnerabilities for remote code attacks. Fixes an issue where some users may have experienced issues logging into some websites when using third-party account credentials in Microsoft Edge. Released Spectre-Meltdown updates to 32 bit platform.
  KB4074592	Windows 10 1703	Okay to install	Not tracking any major issues	Security update for remote code vulnerabilities. Released Spectre-Meltdown updates to 32 bit platform.
  KB4074594	Windows 8.1	Okay to install	Not tracking any major issues	Security update for remote code vulnerabilities.  Addressed a script-related issue that caused Internet Explorer to stop working in some cases.
  KB4074598	Windows 7	Okay to install	Not tracking any major issues	Security update for remote code vulnerabilities. Fixes issue with launching a new page in Internet Explorer.
  KB2952664	Windows 7	Optional update – do not need to install	Not tracking any side effects – however this update is optional	Telemetry update – does not install any code to update to Windows 10
  KB4076492	.NET optional quality updates for Windows 7, 8.1:  3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1	Optional update – do not need to install	Not tracking any side effects – however this update is optional	These updates only provide non security fixes. They are not new security updates. Thus it’s not mandatory to install any of these.
  KB4076493	.NET optional for Server 2012 for 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012	Optional update – do not need to install	Not tracking any side effects – however this update is optional	These updates only provide non security fixes. They are not new security updates. Thus it’s not mandatory to install any of these.
  KB4076494	.NET optional 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1, RT 8.1, and Server 2012 R2	Optional update – do not need to install	Not tracking any side effects – however this update is optional	These updates only provide non security fixes. They are not new security updates. Thus it’s not mandatory to install any of these.
  KB4076495	.NET optional for 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 for Windows Server 2008 SP2	Optional update – do not need to install	Not tracking any side effects – however this update is optional	These updates only provide non security fixes. They are not new security updates. Thus it’s not mandatory to install any of these.
  Office 2016 click to run release as of February 13, 2018 Monthly channel version 1801, Build 9001.2171	Office 2016			Security update for remote code vulnerabilities. Tracking issues in Outlook see this page. Unable to save attachments to network see this page.
  Office 2016 click to run release as of February 13, 2018 Semi-Annual Channel  version  1708, Build 8431.2215	Office 2016 *The version I want you to be on*			Security update for remote code vulnerabilities. Tracking issues in Outlook see this page. Unable to save attachments to network see this page.
  Office 2013 click to run version 15.0.5007.1000	Office 2013			Security update for remote code vulnerabilities. Tracking issues in Outlook regarding missing meeting information see this page.
  KB3114874	Office 2010	Okay to install – Security update	Not tracking any major issues	Security update for remote code vulnerabilities. Triggered by specially crafted files.
  KB4011707	Office 2010	Okay to install – Security update	Not tracking any major issues	Security update for remote code vulnerabilities. Triggered by specially crafted files.
  KB4011711	Outlook 2010	Okay to install – Security update	Not tracking any major issues	Security update for remote code vulnerabilities. Triggered by specially crafted files.
  KB4011187	PowerPoint 2010	Okay to install – Non security update	Not tracking any major issues	Fixes slow opening of PowerPoint after the install of Windows 10 1709
  KB4011191	PowerPoint Viewer 2010	Okay to install – Non security update	Not tracking any major issues	Fixes slow opening of PowerPoint after the install of Windows 10 1709
  KB4011715	Office 2007	Okay to install – Non security update	Not tracking any major issues	Security update for remote code vulnerabilities./No side effects being tracked at this time.
  KB4011200	Outlook 2007	Okay to install – Security update	Not tracking any major issues	Security update for remote code vulnerabilities./No side effects being tracked at this time.
  KB4011703	Word Viewer	Okay to install – Security update	Not tracking any major issues	Security update for remote code vulnerabilities./No side effects being tracked at this time.

   

  Office Patches/Security, Windows Patches/Security KB 2952664, KB 3114874, KB 4011187, KB 4011191, KB 4011200, KB 4011703, KB 4011707, KB 4011711, KB 4011715, KB 4074588, KB 4074592, KB 4074594, KB 4074598, KB 4076492, KB 4076493, KB 4076494, KB 4076495, Patch Lady Posts