Microsoft Patch Alert: February's fixes aren’t as bad as last month, but problems abound

Credit to Author: Woody Leonhard| Date: Mon, 26 Feb 2018 09:34:00 -0800

The January 2018 Microsoft patching cycle may have been the worst and most invasive set of Microsoft releases in recent memory. The February updates, by marked contrast, only clobber a limited number of machines. How many? We don’t know — and Microsoft isn’t saying.

What we do know for sure is that the buggy Win10 Fall Creators Update cumulative update KB 4074588 tossed many PCs into bluescreen hell and disabled USB devices of various stripes. That’s quite an accomplishment for version 1709 which, according to AdDuplex, is now said to run on 85% of all Windows 10 machines. To look at it a different way, Microsoft blew the cumulative update to the most-used version (1709) of the most-used Windows (Win10 now surpasses Win7).

It took Microsoft 10 days to admit to the bugs. Finally, on Feb. 23, it appended these items to the KB article. There’s no additional notification, of course – if you figured out what caused your problem, and figured the KB article would have some information, here’s what you eventually got:

After installing this update, some USB devices and onboard devices, such as a built-in laptop camera, keyboard or mouse, may stop working.  This may occur when the windows update servicing stack incorrectly skips installing the newer version of some critical drivers in the cumulative update and uninstalls the currently active drivers during maintenance.

Microsoft is working on a resolution and will provide an update in an upcoming release. Workaround steps are available in KB4091240.

After installing this update, some devices may fail to boot with INACCESSIBLE_BOOT_DEVICE.

This issue occurs when the windows update servicing stack incorrectly skips installing the newer version of some critical drivers in the cumulative update and uninstalls the currently active drivers during maintenance.

Microsoft is working on a resolution and will provide an update in an upcoming release. Workaround steps are available in KB4075150.

As you might imagine, both manual workarounds require an advanced degree in Microsoft Patch bugology.

Late last week, on Feb. 22, we saw new cumulative updates for Win10 1703 (the Creators Update) and 1607 (the Anniversary Update). Both were the second cumulative updates this month for the respective versions. What we didn’t see was a second cumulative update for 1709. Although there’s been no official word, I think it’s likely that the 1709 second cumulative update was held because of problems with the patch – and I’d be willing to bet my eye teeth that the problems have to do with the bluescreen and USB issues.

We’ll reportedly see the second February cumulative update for Win10 1709 on  Tuesday.

In spite of its 85% lead, I’m still not moving from the Creators Update (1703) to the Fall Creators Update (1709), and suggest that you resist, too, until Microsoft has shown it can reliably keep 1709 alive and well.

Or, you can join the swelling ranks of the unpaid beta testers. Millions already have.

The other major problem this month is with the Windows 7 Monthly Rollups. Many users report that, after installing a Win7 Monthly Rollup, their systems no longer restart properly: Clicking through the Start / Restart sequence lands these PCs on a black screen, with the computer and fans still running. The only way to get their system working again involves a nearly-hard-restart, typically by punching the restart button on the front of a desktop or pushing and holding the power button on a laptop.

It’s not clear whether the problem affects Intel (Sandy Bridge? Ivy Bridge?) or AMD processors, or all of them – and maybe more.

It’s also not clear whether the problem started with January’s Monthly Rollup, or if it just emerged in February. I have a report that the problem didn’t occur after the January Monthly Rollup. But then again I have a report that it did.

Ben1907 on the Microsoft Answers forum has had some success, without uninstalling the patch:

I checked my C-State settings on my ASUS P8P67-M motherboard and they were set to the default settings in the ASUS manual.

Playing around by setting different combinations, I found the C1E enabled/disabled did not matter, so left it enabled. However, by setting C6 Report to DISABLED, I have now been able to perform a normal restart/reboot from Windows 7. Tried at least half dozen times and all good so far.

Thanks for investigating this and putting me on the right path to correct this issue. Microsoft has caused me so many lost hours of troubleshooting problems they inject with updates you wonder if they have any quality control.

On Thursday, Microsoft released a gaggle (or perhaps it’s a murder?) of Preview patches at the the same time it released a bunch of optional Windows patches (see Susan Bradley’s list). Two of those Previews were doomed from the get-go:

KB 4074805 – the February 2018 Preview of Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 – set Quickbooks Enterprise 2017 crashing at startup

KB 4073701 – the February 2018 Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 and for .NET Framework 4.6 on Server 2008 SP2 has also been implicated.

Intuit, the owner of Quickbooks, has some choice comments about the bug:

Consult your IT professional to remove patch KB4074805. If you are still experiencing the issue, you may have to uninstall patch KB 4073701 as well.

Microsoft apparently pulled the patches, although the KB articles fail to mention the bug – or the fact that KB 4074805 and KB 4073701 are no longer available.

There’s a reason why you should never install a Preview.

Every month, I look back and try to figure out whether the damage caused by Microsoft’s patches outweighs the undeniable benefit of more-secure systems. This month’s Anubis weigh-in shows, once again, that lots of people are getting clobbered – and there’s very little benefit to the February patches at this point.

One important point for the patching-inclined: As I made clear shortly after this month’s Patch Tuesday, there’s a very real threat for folks with the installed (“MSI”) version of Office:

If you’re using Outlook 2007, 2010, 2013, or 2016 – the installed versions – you’ll be vulnerable to drive-by email attacks by previewing a bad email or just by downloading a rigged email. No, you don’t need to open the email. It just infects.

As best I can tell, there aren’t any known exploits. But anyone with installed versions of Outlook should seriously consider installing the patch for Outlook 2007 (KB 4011200, four months beyond its end-of-support date), Outlook 2010 (KB 4011711), Outlook 2013 (KB 4011697), and/or Outlook 2016 (KB 4011682).

If you use Office 2016 Click-to-Run, the patches will appear the next time CtR updates itself, with version 1708 build 8431.2215 in the Semi-Annual Channel and 1705 build 8201.2258 in the Deferred Channel.

I’m also seeing reports that last month’s Outlook 2010 patch, KB 4011273, is making Contacts View in Microsoft’s Dynamics CRM 2011 fail. This isn’t the first report of problems with KB 4011273.

Other than that, and a disclosed (but not particularly infectious) exploit in Edge (CVE-2018-0771), and ongoing, perennial threats through Flash (if you use Flash, you have nobody to blame but yourself), there are no immediate threats from the exploits fixed this month that I know about. In particular, there are no known attacks that use Meltdown or Spectre. None.

If you’re motivated to sift through individual patches, patching guru Susan Bradley has watchlists for the February Patch Tuesday patches, the February Optional Updates, and last week’s Feb. 22 releases.

If you’d rather wait until the coast is clear, and prefer not to sweat the small stuff, make sure you have Outlook fixed if you need to then go get a cup of coffee. Check back again in a few days, to see whether Microsoft has finally given us a version of Win10 1709 that actually, you know, works – and if there are any further problems with the second cumulative updates for 1703 and 1611. Don’t expect a fix for the Win7 boot to black screen problem.

Have a problem? Don’t we all. Join us on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss