Windows and .Net finally get their 'D Week' patches, as Intel microcode fixes go wacko
Credit to Author: Woody Leonhard| Date: Fri, 31 Aug 2018 05:02:00 -0700
Time for the final August patching shoe to drop.
Late last night Microsoft released a flurry of patches, posting them on the Microsoft Update Catalog. Some are available through Windows Update, some aren’t.
As of early Friday morning, the Win10 patches are not available through WSUS, the update server service. It’s not clear if that’s a mistake, a hesitation — or if somebody just went home last night and forgot.
Let’s hear it for patching predictability. And transparency.
Those of you with Win10 1803 get KB 4346783, which brings you up to build 17134.254. I found two of the fixes worthy of note:
Microsoft still hasn’t fixed the months-old bug:
Launching Microsoft Edge using the New Application Guard Window may fail
and its solution is to uninstall the Aug. 14 cumulative update, install the July 24 cumulative update, then reinstall the Aug. 14 cumulative update. Which, in a cumulative world, makes no sense whatsoever.
Folks who are hanging tight with Win10 1709 get KB 4343893, which brings you up to build 16299.637. There’s a long list of changes, none of which seem particularly noteworthy.
If you’re using Win10 1703 — that’s still my choice for production machines — the new KB 4343889 brings you up to build 15063.1292. There’s a shorter list of changes. Note that security patches for 1703 will end in October. In six weeks or so, you’ll have to choose between 1709, 1803, or possibly 1809. As you might imagine, I’ll be watching the aging process astutely.
@abbodi86 advises that, as of Friday morning:
Windows 10 Updates did not hit WSUS, although 4346783 (1803) and 4343889 (1703) were delivered as Dynamic Updates (i.e., feature upgrade companions)
There’s also a cumulative update for Win10 1607/Server 2016, KB 4343884. Same old same old.
The Win7 Monthly Rollup Preview, KB 4343894, contains a major bug fix for Internet Explorer 11:
Addresses an issue in Internet Explorer 11 that may cause a blank page to appear for some redirects. Additionally, if you open a site that uses Active Directory Federation Services (AD FS) or Single sign-on (SSO), the site may be unresponsive.
Which is a wonderful way to describe a bug that Microsoft introduced in the Aug. 14 Monthly Rollup, KB 4343900, and in the Aug. 14 Internet Explorer Security-only update, KB 4343205. As long as you’re installing Monthly Rollups, the sequencing works out al lright, but if you’re manually installing Security-only updates, the only way to fix the bug in the Aug. 14 Security-only patch is to install this Monthly Rollup Preview. Which, again, makes no sense at all. Thx, @DrBonzo.
In addition, the ancient bug with network interface controller drivers is still there:
There is an issue with Windows and third-party software related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.
Not unexpectedly, the Win8.1 Monthly Rollup Preview, KB 4343891, looks clean as a hound’s tooth.
We were, uh, blessed in the middle of the night with three new .Net Previews:
There are subsidiary KB articles that provide more detailed explanations of the changes in these KBs. Again, I don’t see anything earth-shattering.
While you were sleeping — or intentionally ignoring the increasingly dismal news — Microsoft has also been piling on Intel microcode updates, directed at Meltdown and Spectre (versions 1, 2, 3, 3a, 4, n for n >=4). There continues to be confusion about why the Intel microcode updates get installed on AMD machines, what bits need to be flipped in which registries, and whether firmware updates trump Windows patches. It’s a mess par excellence, with little documentation, and nothing official that’s reliable. We have two active threads on the topic(s) on AskWoody, here and here.
Don’t know about you, but I can’t download the key Win10 1803 Intel microcode patch, KB 4100347. Susan Bradley has been asking Microsoft whether they’ve pulled the patch, and so far the only response is crickets.
Of course, we still haven’t seen any in-the-wild Meltdown or Spectre infections. When we do, the whole exercise will no doubt turn into a delightful marketing opportunity for a couple of hardware manufacturers.
Sit tight. The cumulative updates are still too young. And I never recommend that you install Previews. There are no significant security exploits that are patched by the July or August crop of fixes (unless you’re using IE in a Chinese company that’s become a target for North Korea). Let’s see if any undead arise over the long weekend.
Most of Microsoft should be back to work by next week anyway. We missed ya.
Thx, @abbodi86, @sb, @DrBonzo, @PKCano, @Kirsty.
Join the long march to WinOblivion on the AskWoody Lounge.