Microsoft Patch Alert: October’s been a nightmare

Credit to Author: Woody Leonhard| Date: Wed, 17 Oct 2018 10:30:00 -0700

This month’s bad patches made headlines. Lots of headlines. For good reason.

You have my sympathy if you clicked “Check for updates” and got all of the files in your Documents and Photos folders deleted. Even if you didn’t become a “seeker” (didn’t manually check for updates) your month may have been filled with blue screens, odd chicken-and-egg errors, and destroyed audio drivers — and Edge and your UWP (“Metro” Store) apps might have been kicked off the internet.

You didn’t need to lift a finger.

Hard to believe that Windows 10 version rollouts could get any worse, but this month hit the bottom of a nearly bottomless barrel. Some folks who clicked “Check for updates” wound up with a brand spanking new copy of Win10 version 1809 — and all of the files in their Documents, Pictures, Music, Videos and other folders disappeared. I have a series of articles on that topic, arranged chronologically:

Word to the Win10 wise: Don’t click ‘Check for updates’ — Microsoft has unilaterally given itself permission to upgrade your Win10 PC to the brand-new version 1809, if you have the temerity to click “Check for updates.”

How to block the Windows 10 October 2018 Update, version 1809, from installing — the best ways to ensure you install 1809 when you’re ready, even in the face of recent forced updates from Microsoft.

Did you upgrade to Win10 1809 and lose all of your documents and pictures? — If, in spite of my warnings, you upgraded to the latest version of Win10, and you lost all of your Documents, Pictures, Music, Videos or other folders, DON’T DO ANYTHING until you’ve tried this fix.

Microsoft yanks buggy Win10 1809 upgrade, leaving zapped files in its wake — It took four days of complaints about deleted Documents, Photos and other files and late Friday, Microsoft finally pulled the Win10 1809 upgrade. Microsoft has known about the bug for months.

Now that we’re in October’s “C Week” — the week containing the third Tuesday of the month — version 1809 is back in beta testing, there are new patches for those who want to continue with 1809, Microsoft hasn’t come up with a fix for the deleted files, and a whole lot of people are in a whole lot of hurt.

Rule #1: Don’t trust Microsoft.

Rule #2: Don’t click “Check for updates.” In Microsoft-speak, “check for updates” means “install most (but not necessarily all) available updates.”

Rule #3: Refer to Rule #1.

Microsoft vowed that it would fix the bizarre error where the patch installer isn’t smart enough to update itself prior to installing new patches. The primary symptom is an Error 0x8000FFF when installing the Monthly Rollup.

The Servicing Stack Update sequencing problem is so bad, it looks like Microsoft stopped pushing the Monthly Rollup at the end of “B Week.”

We’ve had many conflicting reports about the Monthly Rollup itself, KB 4462923, appearing in the Windows Update list checked (and thus pushed through Windows Update), unchecked and, in some cases, missing entirely. WSUS has been spinning. Patch Lady Susan Bradley puts it succinctly:

Metadata and patch dependency is totally screwed up on Windows 7 platform and because of that the October security updates detection are screwed up.

I still see reports that Microsoft pushed a buggy update to Win10 version 1809 that caused the WDF_VIOLATION blue screens that brought some systems to their knees. That’s not true. The blue screens are triggered by a bad HP keyboard driver, version 11.0.3.1, which was distributed via Windows Update to Win10 version 1803 and 1809 machines. The buggy driver causes blue screens on the latest builds of 1803 and 1809, although it’s unclear whether the driver triggers BSODs on earlier builds.

Microsoft released a “silver bullet” update that deletes the driver if it’s sitting in your PC’s queue waiting for reboot — which doesn’t do a whole lot of good, especially if you’re stuck in a BSOD loop.

As if the pushed buggy HP keyboard driver weren’t enough, Microsoft also pushed a second bad driver. Some folks running Win10 1709, 1803 or 1809 with Automatic Update turned on discovered that after installing this month’s updates, the sound stopped working, with the message “No Audio Output Device Is Installed.”

Fer heaven’s sake. Why let Windows Update push its buggy drivers onto your machine? There’s a fairly straightforward procedure for telling Windows to stop pushing drivers along with its other dicey updates. At least, the steps are straightforward for those who own Win10 Pro or Education. Home users get to futz with a Registry setting.

Speaking of weird Win10 version 1809 behavior… if you’re trying to run Edge (I know, I know) in Win10 version 1809, you may not be able to connect to the internet. UWP (“Metro” Store) apps might not be able to connect, either. This happens even if you have a working internet connection.

The problem? You need to turn on IPv6. Lawrence Abrams on Bleepingcomputer has a step-by-step solution.

Some day this will all go away. The latest version of the dominant Chrome browser doesn’t have that IPv6 problem, and with newfound, fledgling support for Progressive Web Apps, we’re likely looking at the beginning of the end of UWP apps. I, for one, won’t miss them.

Trend Micro’s Zero Day Initiative found a bug in the Jet Database Engine — an ancient (early ‘90s) bug-ridden database precursor to today’s SQL Server. Microsoft didn’t fix it in the ZDI-allotted 120-day fix window, so they published full details. On Day 154, this month’s Patch Tuesday, Microsoft released a fix for what is now known as CVE-2018-8423.

Except Microsoft’s CVE-2018-8423 fix doesn’t fix the whole problem. You can read the gory details on Mitja Kolsek’s 0patch Team blog.

0patch is in the business of providing short-term “micropatches” for bugs that Microsoft doesn’t fix. They initially published a micropatch when Microsoft missed the ZDI deadline. Now they’ve issued a re-patch for the still-unfixed CVE-2018-8423 bug.

I rarely recommend third-party fixes for Microsoft bugs because of the potential for problems. But when Microsoft can’t fix its own bugs, well, it gives me pause.

The past four months have shown, repeatedly, that you’d have to be crazy — or ignorant of the past — to continue applying Windows patches as soon as they’re released. July patching was an unmitigated disaster. After some initial missteps, August fared substantially better. September saw a bunch of “v2” patches that got yanked suddenly, but it all worked out in the end — if you waited long enough. Now October is back to the same-old same-old.

If you’re in charge of protecting state secrets, the pressure’s on to get the patches installed come hell or high water. But for most folks, there’s precious little reason to subject your machine to patching problems right away. That said, Susan Bradley’s Master PatchList remains relatively calm, if you take into consideration the problems explored in this article.

As best I can tell, the biggest threat at this point lies in a resurgence in Equation Editor exploits. That particular Office bug was fixed (and re-fixed) almost a year ago. Yes, you have to install security patches sooner or later.

This month is the first month with an “E Week” — there are five Tuesdays in October. It’ll be the first “E Week” since Microsoft adopted the “A Week” / “B Week” bafflegab. With five Tuesdays now open to official attack, we may be entering a new stage of enlightenment.

Patching problems? Join us on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss