Microsoft confirms stalled downloads, bogus errors in Win10 FCU update KB 4054517

Credit to Author: Woody Leonhard| Date: Thu, 21 Dec 2017 06:21:00 -0800

Microsoft has just fessed up to a couple of the known bugs in this month’s Win10 version 1709 cumulative update, KB 4054517 – in particular, the stall at 99% download, and the completely bogus warning that the patch had failed to install with error 0x80070643. Sadly, several other problems with KB 4054517 have not been acknowledged. Yet.

In addition, we have new mea culpas for the November Patch Tuesday security update for Excel 2016, KB 4011220, which throws a “Cannot run the macro” warning, and for this month’s Patch Tuesday security fix for Microsoft Exchange, KB 4045655.

As usual, I’m seeing reports thatMicrosoft tech support staff don’t know about the problems, haven’t read the KB articles, and are recommending that people re-install Windows.

The first problem in this month’s Win10 1709 cumulative update KB 40454517 is described as:

Update installation may stop at 99% and may show elevated CPU or disk utilization if a device was reset using the Reset this PC functionality after installing KB4054022.

You may recall that KB 4054022 is a Servicing Stack update for Win10 1709 to “ease the upgrade and recovery experience to Windows 10 version 1709.” The situation is a bit more complicated than Microsoft lets on. Per @abbodi86 on AskWoody:

The issue is within the new Unified Update Platform delivery system, not the cumulative update itself. For some reason, UUP bundles the Servicing Stack Update KB 4054022 and the cumulative update KB 4054517 together. [That’s what triggers the installation stall at 99%.] KB 4054022 was also bundled with last month’s cumulative update KB 4051963.

Poster @PKCano didn’t hit the problem, and may have figured out why:

In Group Policy Admin TemplatesWindows componentsDelivery Optimization = 99 Simple (simple download, no peering, HTTP, no DO)

In Group Policy Admin TemplatesWindows componentsWindows Updates ConfigureAutoUpdates is Enabled = 2 (ask download/install)

I still don’t trust UUP completely.

The KB 40454517 article lists a complicated manual bypass procedure that involves manually installing the Servicing Stack update. I suggest that you not bother — if you don’t use Internet Explorer or Edge, there’s no pressing reason to install this month’s cumulative update — and just wait for Microsoft to get its act together. “Microsoft is working on a resolution and will provide an update in an upcoming release.”

The second acknowledged bug in this month’s Win10 1709 cumulative update involves a bogus error message:

Windows Update History reports that KB4054517 failed to install because of Error 0x80070643.

Ends up that the error is in the error message itself. Microsoft suggests that you ignore the Windows Update History entry and look at the build number. (The KB article, at this moment, says a successful installation results in a build number of 16299.15. That’s wrong. It should be 16299.125. Expect MS to fix that bug in the bug about the bug description shortly.) As with the other bug, “Microsoft is working on a resolution and will provide an update in an upcoming release.”

I haven’t seen any confirmation of the other bugs in this month’s Win10 1709 cumulative update.

The Excel 2016 bug is an odd one. After you install the Nov. 14 security patch, KB 4011220

When you click on a shape that has a digitally signed macro assigned to it, you may receive the following error: Cannot run the macro. The macro may not be available in this workbook or all macros may be disabled. … Currently, the only recommended workaround is to update the workbook so there isn’t a shape that is used to trigger a digitally signed macro.

English translation: We broke macros assigned to shapes. Your only choice is to get rid of macros assigned to shapes. As usual, “Microsoft is researching this problem and will post more information in this article when the information becomes available.”

The Dec. 12 Exchange Server patch KB 4045655 is an even bigger mess. You may recall that this patch was necessary to fix a bug in an earlier patch, KB 4036108. The KB article now says:

Exchange services may remain in a disabled state after you install this security update. If this occurs, the update is installed correctly. However, the service control scripts encounter a problem when they try to return Exchange services to its usual state.

and

When you try to manually install this security update in “normal mode” (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update is not correctly installed.

There are manual workarounds provided for both problems.

For those of you who have functioned as unpaid beta testers, I salute you!

Thx @abbodi86, @MrBrian, @PKCano

How’s your holiday break going so far? Rhetorical question. Join us on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss