Microsoft Patch Alert: Where we stand with September’s Windows and Office patches
Credit to Author: Woody Leonhard| Date: Tue, 26 Sep 2017 05:03:00 -0700
Microsoft’s foray into quantum computing sure sounds neat, but those of us stuck with real programs on real computers have been in something of a quandary. Once again this month, we’ve hit a bunch of stumbling blocks, many of which were pushed down the Automatic Update chute.
Before we dissect the creepy-crawlies this month, it’s important to remember that you have to get the .Net patches installed, unless you fastidiously refrain from clicking the “Enable Editing” button in Word.
After telling us that Windows 10 Creators Update, version 1703, is “the most performant and reliable version of Windows 10 ever!” you might expect some stability with version 1703 patches. This month, that didn’t happen. After releasing cumulative update KB 4038788 on Patch Tuesday, we got a new out-of-band fix for bugs introduced by that same update. The new cumulative update, KB 4040724, appeared in Windows Update on Monday, Sept. 25. It brings 1703 up to build 15063.632. So far, I haven’t heard of any problems with the new cumulative update — but it’s been less than a day.
The situation with Win10 Anniversary Update, version 1607, isn’t as straightforward. Apparently, there were a host of problems that appeared after this month’s Patch Tuesday cumulative update, KB 4038782. It isn’t clear if that update introduced bugs of its own, but the situation’s bad enough that we got a second cumulative update this month, again on Monday. KB 4038801 brings Win10 version 1607 to build 14393.1736. It’s a hotfix; it isn’t distributed via Automatic Update. You have to download KB 4038801 and install it manually. I haven’t seen a detailed analysis of the security holes fixed by this odd Monday patch – but to date I haven’t seen any complaints, either. The day is still young.
For reasons as yet unexplained, KB 4038801 is only for Win10 1607; it’s explicitly not released for Server 2016.
There’s a note on the 1607 patch site that says:
Windows Update Client Improvement
Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that have not installed any recent cumulative updates and are not currently managed (e.g., domain joined).
As noted by @abbodi86 on AskWoody.com:
The note means [they] are going to release a separate “small” update for WUC, similar to this one for version 1507. They could also release the update directly as a SelfUpdate for WUC like they used to do with Windows prior [to] Windows 8 (for example, latest for Windows 7 is v7.6.7600.320 before they shifted to separate WUC updates starting with KB2990214).
When you run the Get-PhysicalDisk cmdlet, some disks may display an operational status of “In Maintenance Mode.” The Get-VirtualDisk cmdlet may also display the operational status of the virtual disk as “Degraded.” There’s a manual workaround described in KB 4043361.
On Windows Server 2016, when you try to download updates by using Windows Update (stand-alone or WSUS), the process hangs at 0 percent completion. Microsoft has a description of the problem and two manual overrides in KB 4039473.
Everyone’s favorite whipping boy just took another lash. Many folks report that, after installing KB 4038792 — the September Monthly Rollup for Win 8.1 — they can no longer log on to their computers with a Microsoft account. I posted the details yesterday. Still no word from Microsoft – not even an acknowledgment of the problem on the KB article.
There’s a well-publicized problem with Internet Explorer 11 suddenly sprouting a search box on the address bar after installing KB 4038777 (the Windows 7 Monthly Rollup) or KB 4036586 (the September Internet Explorer Security-only patch). For a detailed look at what’s happening, with screenshots, see ElderN’s post on the Microsoft Answers forum. Turns out up the flim-flammery is a result of font sizes changed behind the scenes and a possible undocumented switcheroo in one of the IE settings. See @PKCano’s post.
Poster Richard has also identified a problem with starting IE 11 after this month’s Windows 7 updates — and he found a solution. Again, it’s related to undocumented changes in the Tab View settings and in font size. See post 8 on the AskWoody Lounge.
I’ve seen no change from the sorry state we were in a week ago: Microsoft pulled the September Outlook 2007 security patch KB 4011086 and replaced it with KB 4011110, but you have to manually uninstall the bad patch before you install the new one. Microsoft posted incorrect information about the uninstallation method. Both that patch and the Outlook 2010 patch, KB 4011089, have a nasty habit of changing languages in menus.
The .NET Security and Quality Rollups make certain custom images turn black. As Microsoft puts it: “After you install the September 12, 2017, .NET Security and Quality Rollups that apply to the .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7, you experience rendering issues in Windows Presentation Foundation (WPF) applications that use WPF types in a Windows service.”
There’s a description of the problem on the Visual Studio forum and a workaround in KB 4043601. The workaround suggests that you uninstall the Security and Quality Rollup and install the Security-only patch.
In addition, Microsoft has released a preview of next month’s .Net Framework patches.
Assuming you don’t click “Enable Editing” in Word, there are no immediately pressing September patches. I say it’s wise to wait and see if any of the outstanding bugs get fixed — and wait to see if the patches-of-patches generate new problems of their own.
Remember when patching was easy?
Please join us for an ongoing Patch Festschrift on the AskWoody Lounge.