Microsoft is better at documenting patch problems, but issues abound

Credit to Author: Woody Leonhard| Date: Thu, 13 Jun 2019 03:55:00 -0700

I don’t know about you, but I’ve given up on Microsoft’s ability to deliver reliable patches. Month after month, we’ve seen big bugs and little bugs pushed and pulled and squished and re-squished. You can see a chronology from the past two years in my patching whack-a-mole columns starting here.

For the past few months, though, we’ve seen some improvement. Microsoft has started identifying and publicly acknowledging big bugs, shortly after they’re pushed. Consider:

Event Viewer may close or you may receive an error when using Custom Views

When trying to expand, view or create Custom Views in Event Viewer, you may receive the error, “MMC has detected an error in a snap-in and will unload it.” and the app may stop responding or close. You may also receive the error using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

Microsoft posted a description of the problem, and a complex manual workaround, on June 12. The bug’s marked as “mitigated,” which apparently means the company has published a PowerShell script that can fix the bug in an ad-hoc kind of way. (“You will need to re-enter the function each time you open a new PowerShell window.”)

Both of those bugs touched every Windows machine, from Windows 7 to the latest version of Windows 10, and everything in between. They’re not the product of isolated fringe circumstances. If you needed IE or Edge to access those gov.uk sites, or if you have custom views in Event Viewer, you got hit.

Neither of those bugs is particularly remarkable – just more of the same-old, same-old lousy patch quality we’ve come to expect. What’s different this time is Microsoft’s public (and timely) confession. Instead of keeping users in the dark for days or weeks, Microsoft posted a description of the problem in very short order. The new Release Information page is actually working, although there are some teething pains.

To be sure, there are problems that aren’t reflected in the Patch Information page. But it’s a big step in the right direction.

Here are some of the other problems we’re tracking:

We don’t know for sure if (a) this behavior’s a bug, not a feature, (b) what settings remain in effect after the disappearing trick and (c) how it’s supposed to work. I think it’s a bug, but some are casting aspersions on Microsoft’s integrity. I have no idea how Microsoft will fix it.

Addresses a security vulnerability by intentionally preventing connections between Windows and Bluetooth devices that are not secure and use well-known keys to encrypt connections, including security fobs. If BTHUSB Event 22 in the Event Viewer states, “Your Bluetooth device attempted to establish a debug connection…,” then your system is affected. Contact your Bluetooth device manufacturer to determine if a device update exists. For more information, see CVE-2019-2102 and KB4507623.

.NET 4.8 itself is not pushed or published through Windows Update. But you do have it “in the box” if you’re running Win10 version 1903.

If you have .NET 4.8, you will get a separate security update for it through Windows Update.

Windows 8.1, Monthly Rollup KB 4503276… when I opened IE11 after restart, this page automatically opened asking me to set the “recommended” settings. I clicked the X mark inside the page, the tab closed and I retained my current settings

We’re also seeing an SSU problem with folks using update servers. Apparently, it takes two passes for some update servers to “see” this month’s patches: The first pass discovers and installs the Servicing Stack Update, and a second pass is necessary to find and install this month’s cumulative update. Old problem, frustrating nonetheless.

Then there are the old Intel microcode patches (2019-01, 2019-02) that suddenly appear after installing this month’s cumulative updates. Lots of people are scratching their heads because the updates show up on machines that aren’t covered by the patches.

There’s also a very poorly documented Exchange “defense in depth” patch, described in Advisory 190018.

Problems? Observations? Abject feelings of despair? Hit us on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss