People think I’m joking when I refer to bug fixing as Microsoft’s next billion-dollar business. I’m not. This month woefully demonstrated why patching
People think I’m joking when I refer to bug fixing as Microsoft’s next billion-dollar business. I’m not. This month woefully demonstrated why patching Windows has become much bigger – and more critical – than developing new versions. Microsoft’s hell-bent move to bring out new versions of Windows twice a year “as a service” makes things worse, but quality control problems dog patches to every version of Windows. Except, arguably, Windows 8.1.
In April, we’ve seen a return to two massive cumulative updates per month for all supported versions of Windows 10. The second cumulative update, with luck, fixes the bugs in the first cumulative update. Windows 7 turned into a fiery pit when it was discovered in late March that every patch to Win7 (and Server 2008R2) pushed out this year enables the Total Meltdown bug. Fortunately, by April 23, we finally saw some stability return to the process.
Multiple patches for all versions of Windows 10
If you’re using Windows 10, you saw big multiple patches in April:
- Version 1709 – the Fall Creators Update – the initial Patch Tuesday patch, KB 4093112, had the usual round of complaints about failure to install, random bluescreens and the like. It took a few days for info to surface about changes in pen behavior, which resulted in pen movements in major program (such as Adobe Photoshop) dragging the canvas. Turns out, beta testers in Win10 1803 liked the new feature so much that Microsoft decided to drop it into Win10 1709, without warning or (apparently) testing. The second cumulative update, KB 4093105, which went out on the night of April 23, fixed the aberrant pen behavior and promises to not re-install Candy Crush Soda Saga on version upgrades. We’ll see.
- Version 1703– the Creators Update – got its first cumulative update, KB 4093107, on Patch Tuesday, and a second huge cumulative update, KB 4093117, a week later.
- Version 1607– the Anniversary Update – received its first cumulative update, KB 4093119, on Patch Tuesday, April 10, the scheduled End of Life date for Win10 1607 Pro and Home. Version 1607 received a second monthly cumulative update a week later, KB 4093120 – but only for Win10 1607 Enterprise and Education.
There was yet another update for Win10 1709, 1703 and 1607 released on April 24. KB 4078407 is supposed to be the software side of the fix for Spectre variant 2. It has to be combined with microcode updates to work and it’s only available by download from the Microsoft Update Catalog. We’re following its progress closely on AskWoody.
Of course we’re all waiting for Win10 version 1803 to appear. There’s still no word on when that might happen, or what it’ll be called. (Inveterate leaker Faikee points to a Chinese-language letter to dealers saying it’ll be released May 9.)
The ongoing Windows 7/Server 2008 R2 saga
Two words: Total Meltdown. We now know that every 64-bit Windows 7 and Server 2008 R2 patch released this year, up to March 29, contained a bug that opens a security hole dubbed Total Meltdown. Microsoft spent most of April in Keystone Kops patching mode, where one patch after another introduced more and different bugs, and new patches replaced older patches at a truly mind-boggling rate.
As the month’s now winding down, there’s a bit of good news. As of Monday night, it appears as if the (re-re-re-released) April Monthly Rollup, KB 4093118, has lost its boorish tendency to re-re-re-install itself. That means, to a first approximation, Win7 and Server 2008 R2 users can install one patch and wipe out the Total Meltdown threat.
All of this is unfolding as a real, live working Total Meltdown exploit is in the works. Of course, Meltdown (as opposed to Total Meltdown) and Spectre have absolutely no known exploits. None.
Those who insist on installing Security-only patches, eschewing the Monthly Rollups, face an unanswered question: If you’ve installed the earlier, buggy version of the NIC and static-IP defending patch KB 4099950, do you need to uninstall it before proceeding? The official documents are mum. We’re also following that question on AskWoody.
There continue to be reports from people who installed this month’s updates and had to struggle with recovering their user profile. Microsoft acknowledged the problem, of and on, and even posted a Knowledge Base article with workaround steps.
Office patches keep rolling along
There don’t appear to be any pressing problems with this month’s Office patches. Susan Bradley’s Master Patchwatch List gives them a clean bill of health, although there are a number of acknowledged problems listed on the official Fixes pages.
In short, it looks like Microsoft has fixed the problems that it introduced earlier in the month. The fixes to security holes Microsoft installed with this year’s Win7 and Server 2008 R2 are almost ready. We just have a couple of niggling problems before it’s time to get the March patches installed.
Join us for the latest on the AskWoody Lounge.