By far the most important reason for this month’s relative patching calm: Microsoft decided to wait and get the Windows 10 (version 1809) patch right instead of throwing offal against a wall and seeing what sticks.
What remains is a hodge-podge of Windows patches, some mis-identified .NET patches, a new Servicing Stack Update slowly taking form, a bunch of Office fixes – including two buggy patches that have been pulled and one that’s been fixed – the usual array of Flash excuses and Preview patches.
Win10 version 1809 – patching done right
In a day that will live in patching infamy, Microsoft released Windows 10 version 1809 on Oct. 2, then pulled it on Oct. 5, responding to cries of anguish and deleted data. Win10 1809 was officially re-released on Nov. 13, but very few people took the bait, and it appears as if Microsoft isn’t pushing 1809 onto any machines. Although I remain skeptical of their sampling method, AdDuplex reports that version 1809 now runs on 2.8% of all Win10 machines.
The most important patching news this month – indeed, I would argue, the most important patching news this year – is that Microsoft has finally (re-) discovered the Windows Insider Release Preview Ring. Some folks would have you believe that the Insider Release Preview Ring was designed for testing new versions of Windows. But that isn’t the way it was designed.
Here’s what Microsoft’s official Insider Program overview documentation says:
Release Preview Ring
If you want to be on the current public release of Windows 10 but still get early access to updates, applications, and drivers without taking the risk of moving to the Development Branch, the Release Preview Ring is your best option. The Release Preview Ring is only visible when your Windows build version is the same as the current Production Branch. The easiest way to go between the Development Branch to the current Production Branch is to reinstall Windows using the Media Creation Tool, see instructions at Download Windows 10.
Now we’re seeing builds of the Windows 10 September-October-November-soon-to-be-December 2018 Update going through a proper test cycle. Not surprisingly, Microsoft has uncovered (and apparently fixed) tons of bugs in 1809, including the notorious filename extension bug and mapped drive bug. While Microsoft once said that its fixes would arrive in late November, the official status page now says they’ll arrive in early December.
At the same time, other companies have had time to get their products ready for 1809. Apple has a new version of iCloud that works with 1809. Trend Micro says it has new versions of its products either in place, or coming soon, to fix its incompatibilities. That said, upgrade blocks are still in place for AMD Radeon HD2000 and HD4000 graphics cards, with no resolution yet identified; for F5 VPN clients; and for certain new Intel display drivers.
Short version: It would be, ahem, quite foolish to install 1809 until Microsoft has figured out and released its latest cumulative update. Yes, that means the Win10 September 2018 Update won’t arrive in moderately usable form until December. So be it.
Other Windows patches
Win10 1809 is being patched in a reasonable, steady way – with beta test versions of the cumulative updates appearing in the Insider Release Preview Ring, where they can be pounded appropriately.
Alas, we aren’t so lucky with the other versions of Win10, where untested non-security bug fixes continue to appear as monthly second-round cumulative updates. We had a bunch of those this month:
- Win10 version 1803— KB 4467682 brings the build up to 17134.441. Lots and lots of little bug fixes, plus a fix for the filename association bug. 1803 still shows two known issues: The SqlConnection exception in .Net (“will provide an update in an upcoming release”), and the Seek Bar is broken in Windows Media Player (“a solution will be available mid-December 2018”).
- Win10 version 1709— KB 4467681 brings the build up to 16299.820. Another big list of bugs, same acknowledged problems.
- Win10 version 1703— KB 4467699 brings Enterprise and Education users up to build 15063.1478.
- Win10 version 1607and Server 2016— KB 4467684 brings Server and LTSC users up to build 14393.2639.
Yes, that means Microsoft is currently supporting seven different versions of Windows – Windows 7, 8.1, Win10 1607, 1703, 1709, 1803, 1809 – plus Server versions, Xbox, Mobile (sorta), Embedded, IoT, Holographic, and heaven knows what all.
It now appears as if Microsoft is installing the second monthly Cumulative Updates for seekers – those who click Check for Updates. Ouch. I thought Microsoft had backed off that particular form of insanity.
There are also new Intel microcode updates, explained in KB 4465065 (thx @ep, @ch100), as well as a new beta test version of the Win10 1809 Servicing Stack Update, which will likely appear at the same time as the Win10 September-October-November-December 2018 Update.
As things stand now, I haven’t heard any loud screams of pain stemming from the Win10 Cumulative Updates, second monthly Cumulative Updates, or the Win7 or 8.1 Monthly Rollups.
More .NET shennanigans
The .NET patches this month have provided an ongoing source of amusement. First, we were treated to an apparent typo in the description of the Win7 Monthly Rollup for .NET 3.5.1… 4.7.2 (see this thread by FanJ in the Wilders Security Forums – thx @cesmart4125). Now we have three .NET patches for Win7/8.1 in Windows Update (thx @abbodi86):
- An apparently undocumented re-issue of KB 4457920, the old 2018-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1. (No indication as yet if the analogous patch for Win7, KB 4457918, has re-appeared.)
- The usual Monthly Rollup (KB 4467240 for Win7 and KB 4467242 for Win 8.1)
- The usual Preview Monthly Rollup (KB 4467224 for Win7, KB 4467226 for Win 8.1)
I’m not showing any significant problems with any of those – and no indication what’s been changed (if anything) with the 2018-09 patches.
As I explained on Nov. 19, this month’s big bunch of Office patches included two non-security patches, KB 4461522 and KB 2863821, that trigger Entry Point errors in various Office 2010 products. Microsoft’s current advice is to uninstall the patches. They aren’t being distributed and haven’t been fixed.
A Patch Tuesday security update marvel, KB 4461529, crashes 64-bit Outlook 2010 on startup. Not many people use the 64-bit version of Office 2010 because it’s so buggy. Think of this as exhibit 314159. Microsoft “fixed” the bug a couple of days ago by releasing a second patch, KB 4461585, whose sole purpose appears to be fixing the crashes caused by the original.
The bottom line
The past five months have shown, repeatedly, that you’d have to be crazy – or ignorant of the past– to continue applying Windows patches as soon as they’re released. July patching was an unmitigated disaster. After some initial mis-steps, August fared substantially better. September saw a bunch of “v2” patches that got yanked suddenly, but it all worked out in the end. If you waited long enough. October fell all over itself delivering bad news. November’s better, primarily because Microsoft put the brakes on Win10 1809 and decided to actually test things before releasing them. Novel concept, that.
If you’re in charge of protecting state secrets, the pressure’s on to get the patches installed come hell or high water. Susan Bradley’s Master PatchList remains relatively calm, if you take into consideration the problems explored in this article.
As best I can tell, the biggest threat still lies in a resurgence in Equation Editor exploits. That particular Office bug was fixed (and re-fixed) almost a year ago.
November’s almost over and, with the return of sanity in Win10 1809 patching, it may just be a turning point. Things really couldn’t get much worse.