Stung by a festering pile of bugs on Patch Tuesday, MS releases 27 more patches

Stung by a festering pile of bugs on Patch Tuesday, MS releases 27 more patches

In what is becoming a common occurrence, Microsoft’s Patch Tuesday brought along so many bugs that they necessitated a remediation round. This month,

U.S. Senators Urge VPN Ban for Federal Workers Over Spying
A Hybrid Solution to Taming SOC Alert Overload
FreeRADIUS Update Patches Bugs Static Analysis Tools Missed

In what is becoming a common occurrence, Microsoft’s Patch Tuesday brought along so many bugs that they necessitated a remediation round. This month, unusually, it took only six days to get the exterminators out.

Since these fixes are aimed at four specific bugs introduced on Patch Tuesday, they don’t include the massive patches normally appearing on the second Patch Whateverday of the month. My guess is we’ll see at least one more big set of Windows patches before the month is out. Oh, boy.

Windows July patches, version 2

Yesterday, Monday, July 16, Microsoft released 27 new security patches for Windows, bringing the total number of patches so far this month up to 156. The new patches fall into six separate groups:

  • Win10 version 1803 got cumulative update KB 4345421. The KB article says this update moves 1803 users to build 17134.166, but multiple sources say, in fact, they’re getting moved to 17134.167. That may seem like a small discrepancy, but it speaks volumes about last-minute changes in the build and the lack of coordination in the documentation.
  • Win10 1709 got KB 4345420. The KB article says it moves 1709 users to 16299.550, but the Win10 release info page says it’s 16299.551.
  • Win10 1703 got KB 4345419. The KB article says build 15063.1208. The audience says 15063.1209. Bzzzzzt.
  • Win10 1607 / Server 2016 got KB 4345418. The docs say 14393.2367. The guinea pigs say 14393.2368. And the crowd goes wild.
  • Win8.1 / Server 2012 R2 got a manual-download-only KB 4345424.
  • Win7 / Server 2008 R2 also got a manual-only patch, KB 4345459. We have one report that this patch breaks acquiring IP addresses over a wireless connection.

All six of the groups say they fix the same basic bugs. Er, issues. All of the acknowledged issues look like this:

  • Addresses an issue that may cause some devices running network monitoring workloads to receive the 0xD1 Stop error because of a race condition after installing the July update.  (@abbodi86 has clarified that the fixes are for tcpip.sys and related components.)
  • Addresses an issue with the DHCP Failover server that may cause enterprise clients to receive an invalid configuration when requesting a new IP address. This results in a loss of connectivity.
  • Addresses an issue that may cause the restart of the SQL Server service to fail occasionally with the error, “Tcp port is already in use”.
  • Addresses an issue that occurs when an administrator tries to stop the World Wide Web Publishing Service (W3SVC). The W3SVC remains in a “stopping” state, but cannot fully stop or it cannot be restarted.

Win10 1703, Win8.1 and Win7 don’t list the DHCP Failover bug.

Yes, you read that correctly. If you installed any of the Patch Tuesday patches for Windows, you got hit with at least three of those bugs. They won’t affect most of you. But for folks relying on those specific features, the bugs are deadly.

How bad was it? On Sunday — five days after the buggy Patch Tuesday swarm came out of the underground — the Microsoft Exchange Team blog posted a candidate evaluation:

The Exchange team is aware of issues with the Windows Operating System updates published July 10th, 2018, causing Exchange to not function correctly. The Windows servicing team has advised us that they will be releasing updates to the affected packages. We encourage Exchange customers to delay applying the July 10th updates, including the security updates released on the same date, on to an Exchange server until the updated packages are available.

That’s a good warning, but if you weren’t perusing the Exchange Team blog on a Sunday afternoon, you may have missed it. Gawrsh.

If you head over to Windows Update right now (ProTip: DON’T), you may or may not find the July updates waiting. There’s at least one report that you have to install last month’s Preview before you can see the Patch Tuesday Win7 Monthly Rollup.

Still more problems with the Win7 / Server 2008 R2 patch

Yet another reason to hold off on installing this month’s Win7 patch. As if you needed another one. Günter Born reports on his blog about a reader who says:

After those recent updates, web servers are also not functioning well. When restarting a server under IIS, the server refuses to start again unless you do a reboot. Also all our custom services listening to a socket refuse to restart.

Is anyone also having these issues? For a quick troubleshooting, I uninstalled KB4338818 and issue went away.

Life as a server administrator dealing with broken updates s*cks!

Born also reports that some Apache servers get stomped, too. It isn’t clear to me if yesterday’s Win7 patch, KB 4345459, fixes the problem — but if it does, the KB article doesn’t bother to mention the fix.

New .NET patches

That’s not all. There are five new .NET patches, falling into these groups:

  • KB 4340557 — Security and Quality Rollup updates for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012
  • KB 4340558 — Security and Quality Rollup updates for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1, RT 8.1, and Server 2012 R2

According to the KB articles, both of these patches continue to exhibit this “known issue”:

Users receive a “0x80092004” error when they try to install the July 2018 Security and Quality Rollup update KB4340557 or KB4340558 on Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 after they install the June 2018 .NET Framework Preview of Quality Rollup updates KB4291497 or KB4291495 on systems that are running on .NET Framework 4.7.2, 4.7.1, 4.7, 4.62, 4.6.1, or 4.6.

As Martin Brinkmann explains on his Ghacks site:

It is possible that Microsoft did not update the description yet and that the issue is resolved.

To answer the most obvious question, no, it doesn’t appear as if anyone tests these things before they’re shoved out the Windows Update chute.

Thx to @abbodi86, @PKCano, @gborn, @ghacks and the legions of AskWoody sleuths.

You can comment on this article on the AskWoody Lounge, but be forewarned: I goofed and let the SSL certificate expire Saturday night. You’ll have to poke through your browser’s defenses to get into the site. Hope to have it working again later today.

Go to Source

RECOMMENDED FOR YOU

Loading...
Newer Post
Older Post

COMMENTS