Microsoft's July 2018 series of patching missteps, with .Net security patches in particular, have left many admins in the lurch. Less than two weeks a
Microsoft’s July 2018 series of patching missteps, with .Net security patches in particular, have left many admins in the lurch. Less than two weeks after they were first unleashed, poorly documented versions of the patches now appear to be available, but are not being actively pushed. There’s no indication from Microsoft if and/or when they’ll be fixed.
These patches, originally released on Patch Tuesday, July 10, are baring their FAANGs:
- KB 4340556 — Security and Quality Rollup updates for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1
- KB 4340557 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012
- KB 4340558 — Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2
- KB 4340559 — Security and Quality Rollup updates for .Net Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 for Windows Server 2008
The patches had been out for less than a day when we started seeing error reports on AskWoody. As I noted on July 12:
If you tried to install KB 4340558, the “Security and Quality Rollup updates for .Net Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1, RT 8.1, and Server 2012 R2” and had it crash with an error 0x80092004, you aren’t alone. AskWoody poster macauln82 says he’s seen it happen on all of his Server 2012 R2 machines. Günter Born has a detailed explanation.
On July 13, in damage control mode, Microsoft posted article KB 4345232, “0x80092004” error occurs and July 2018 .NET Security and Quality Rollup update KB4340557 or KB4340558 does not install after you apply June update KB4291497 or KB4291495. The original version of that article listed two manual workarounds, neither of which worked in all cases.
Microsoft modified the patches (it’s not clear exactly how), and reposted them on the Update Catalog dated July 16.
Then, on July 19, they were reposted again. If Microsoft changed the KB article to reflect the new-new versions, I can’t find the modification. But the KB 4345232 article was updated on July 19 to say:
Microsoft has re-released the July 2018 .NET Framework Security and Quality Rollup updates, KB 4340558 and KB 4340557 to correct an installation issue. You can scan for these updates through Windows Update. You can also download and install these updates directly through the following Knowledge Base articles …
As if that weren’t enough, the patches were updated again, and now appear in the Update Catalog marked July 20. Again, there’s no indication what was changed or why, but the original KB articles now say they were updated on July 20.
According to Susan Bradley,
For the record the .NET updates have not be officially “pulled” but they are unchecked and not being pushed via Microsoft update. If you use WSUS to patch you may want to pull back on approval
I’ve seen multiple reports of the patches not appearing in the WSUS list.
That leaves us with a handful of .Net patches that have gone through at least four revisions — most of which are completely undocumented — in the past two weeks. Who’s testing this stuff?
Stuck in a .Rut? Join us on the AskWoody Lounge.