Microsoft Patch Alert: April patches have sharp edges, with several missing, others reappearing

Credit to Author: Woody Leonhard| Date: Mon, 29 Apr 2019 09:32:00 -0700

You have to wonder who’s testing this stuff.

Admins, in particular, have had a tough month. April brought widespread breakdowns – bluescreens, hangs, very sluggish behavior – to hundreds of thousands of Win7 and 8.1 machines. This wasn’t a “small percentage” kind of event. For some companies, rebooting overnight on Tuesday brought seas of blue screens on Wednesday morning.

The first round of cumulative updates and Monthly Rollups arrived on Patch Tuesday, but the now-ubiquitous second round didn’t show up until late Thursday afternoon, two and a half weeks later. Talk about admins taking a beating.

We still have one Tuesday left this month – the mythical “E week” that Microsoft never talks about – so the month may yet end with both a bang and whimper.

Here’s how things look as early Monday morning.

It took a while, but the second round of April patches finally arrived. The one exception is for Windows 10 version 1809, which still hasn’t seen an “optional non-security” patch. (They’re “optional” because you have to be a seeker – click Check for updates – in order to get hit with the patch.)

We have a reliable report that the second patches this month were held up because of continuing problems with the Japanese new era date bugs. That same report also says that even the latest patches have bugs. I find it all amazing – Microsoft’s been working on this problem for at least a year, and the patches-of-patches have been stumbling all over themselves.

Even Win10 1903 – the version still in beta testing – got a new patch, KB 4497093, bringing the build number up to 18362.86. It’s for “Insiders who are currently in the Fast ring only and on Build 18362.53. We’ll roll this out to the Slow and Release Preview rings in a bit.”

April’s Patch Tuesday brought immediate complaints of Win7 bluescreens. Within a couple of days we found out that six patches – for Win 7, 8.1, Server 2008 R2, 2012 and 2012 R2 – had conflicts with five different companies’ antivirus products. The current tally:

Sophos – The company now says it’s figured out the source of the problem:

“We have identified a permanent fix and are now automatically rolling out the fix to customers starting 25th April 2019. This will take place over a two- to three-week period.”

Microsoft continues to block the six dirty patches on systems running Sophos Endpoint.

Avira – The folks at Avira have been remarkably quiet. Our latest report from UAz says they may have finally hit upon a solution – verified in the very early hours of Monday morning. Earlier attempts at an Avira solution failed, sometimes spectacularly. Microsoft has not changed its terse announcement:

“Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed. We are presently investigating this issue with Avira and will provide an update when available.”

Arcabit – The small Polish-language AV supplier has released an update that solves the problem, according to Microsoft, although the Microsoft link to Arcabit’s support article points to a Technical Assistance phone number, and no discussion.

Avast/AVG – The company has issued hotfixes to avoid the bluescreens. (Avast owns AVG.) Oddly, though, the way to install the hotfixes isn’t what you might expect:

That, to me at least, is a very distressing way to apply a hotfix.

Microsoft no longer blocks the six dirty patches on machines running Avast or AVG.

McAfee – Late to the game, McAfee has acknowledged that installing the dirty six patches may lead to slow boot up times or slow performance. The only solution to the problem, at present – aside from uninstalling the dirty six – is to disable any user-defined (non-default) Access Protection rules.

Microsoft says it is “presently investigating this issue with McAfee,” but they’ve been saying that for a week.

I’m seeing scattered reports that Win7 users are being offered KB 3185319 — an update from Sept. 13, 2016 — as a checked Important update to Win7. It’s part of the MS16-104 bundle. I wrote about bugs in this patch back in October 2016. This isn’t the first time we’ve seen KB 3185319 appear out of the blue.

There are also reports of locked Server 2008 machines after installing this month’s Monthly Rollup, KB 4493471.

Keep up with the latest on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss