Newsletter Archives

  • Widespread reports of problems with the second March Win10 cumulative update, KB 4551762, the SMBv3 patch

    Posted on March 14, 2020 at 08:38 CDT by Comment in the Forums

    I was afraid this would happen. When Microsoft releases two security patches back-to-back, it’s rare that the second patch goes in without problems.

    I’m seeing lots of reports with problems with Thursday’s post-Patch-Tuesday cumulative update, KB 4551762.

    Günter Born kicked off the discussion on Borncity with Windows 10: KB4551762 causes errors 0x800f0988 and 0x800f0900.

    Mayank Parmar at Windows Latest has more complaint reports — and they’re extensive:

    • The aforementioned errors on installation
    • Random reboots
    • Performance hits (which are always hard to verify)

    People who already have installation issues will be lucky enough to have Windows to automatically repair the patch is manually removed. Alternatively, some will have to undergo the recovery process and reinstall their Windows 10 copy if the PC remains slow and buggy.

    We’re also getting lots of reports about the new cumulative update zapping user profiles, just like the original Patch Tuesday patch and last month’s cumulative update.

    There are no in-the-wild exploits of the SMBv3 security hole, although there are many Proof of Concept demos. Kevin Beaumont has tried and failed to crack it in a meaningful way. We’ve had a couple of anonymous posts that point to other potential problems, but I haven’t seen any of them in the real world.

    Finally, @Alex5723 notes that MS has changed the Knowledge Base article associated with the patch, with a worthwhile inclusion:

    SMB Compression is not yet used by Windows or Windows Server, and disabling SMB Compression has no negative performance impact.

    Microsoft also inserted a clarification (for Dummies like me!) explaining why the Server Core versions are the ones affected.

    ‘Softie Nate Warfield tweeted:

    Full Server is not released as part of the Windows Semi-Annual Channel releases; only Server Core.

    As such, Full Server is not affected, only the listed Server Core editions.

    Which is what numerous people told me here on the forum. Thanks, all!

    We’re still at MS-DEFCON 2.

    Windows Patches/Security , ,

  • CVE-2020-0796, the SMBv3 security hole, doesn’t pose an immediate threat

    Posted on March 13, 2020 at 16:52 CDT by Comment in the Forums

    I’ve been sitting on pins and needles wondering when an in-the-wild exploit for the just-patched SMBv3 security hole might appear.

    Looks like it’s much harder than many folks expected. Kevin Beaumont just posted this:

    We’re going to stay at MS-DEFCON 2 for the foreseeable future, particularly because we’re seeing many more reports of the disappearing icons/temporary profile bug.

    Windows Patches/Security , ,

  • Heads up: Microsoft posts a fix for that SMBv3 security hole. Get ready to install this month’s Windows patches.

    Posted on March 12, 2020 at 10:57 CDT by Comment in the Forums

    Microsoft just released the patch that it almost released on Tuesday. It’s the SMBv3 patch that’s set the security community on fire.

    KB 4551762, which fixes CVE-2020-0796 is a regular, old-fashioned Win10 cumulative update, but it’s only made for Win10 1903, 1909, Server  1903 Core and Server 1909 Core. (I still have no idea why only Server Core versions are affected.)

    Anyway, I’m going to keep my eyes open for any obvious problems and, if the coast looks reasonably clear, we may be moving to MS-DEFCON 3 or 4 pretty quickly.

    For now, hold off. There are no known exploits. But be ready to twitch that clicking finger.

    Will keep you posted.

    UPDATE: 24 hours later, I still haven’t seen an in-the-wild exploit. But there are many reports of a repeat of the “missing icon”/temporary profile bug associated with KB 4551762.

    Kevin Beaumont tweeted:

    For anybody pondering, I’ve tried various exploits for CVE-2020-0796 – with a default config and vulnerable Windows 10 install, Windows Defender detects the exploit attempt. If you have automatic updates enabled you will also have the patch already.

    It’s a significant security hole, but it doesn’t appear to be an imminent threat.

    Mayank Parmar has a recounting of the bugs in Windows Latest.

    Still watching.

    Windows Patches/Security , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.