People think I joke about troubleshooting as Microsoft's next billion dollar business. I'm not. Unfortunately, this month has shown why patching Windows has become much bigger and more critical than developing new versions. Microsoft's persistent move to release new versions of Windows twice a year makes "things worse", but quality control issues provide patches for every version of Windows. Except for Windows 8.1.
In April, we saw a return to two massive cumulative updates per month for all supported versions of Windows 10. The second cumulative update will, with some luck, fix the bugs in the first cumulative update. Windows 7 turned into a fiery pit when it was discovered in late March that every patch to Win7 (and Server 2008R2) released this year enabled the Total Meltdown Bug. Fortunately, we have finally regained stability in the process by April 23.
Multiple patches for all versions of Windows 1
When you use Windows 10, you saw several major patches in April:
- Version 1709 – the case creator update – the initial patch Tuesday- Patch, KB 4093112, had the usual complaints about installation errors, random bluescreens and the like. It took a few days for information on changes in pen behavior to emerge, causing pen gestures in a main program (such as Adobe Photoshop) to move the artboard. It turned out that beta testers in Win10 1803 liked the new feature so much that Microsoft decided to put it in Win10 1709 without warning or (seemingly) testing it. The second cumulative update, KB 4093105, released on the night of April 23, resolved the deviant pen behavior and promises not to install Candy Crush Soda Saga on version upgrades. We will see.
- Version 1703 – The Creator Update – received its first cumulative update, KB 4093107, on Patch Tuesday and a second major cumulative update, KB 4093117, a week later.
- Version 1607 – the anniversary update – received its first cumulative update, KB 4093119, on Patch Tuesday, April 10, the scheduled end of its useful life for Win10 1607 Pro and Home. Version 1607 received a second monthly cumulative update a week later, KB 4093120 – but only for Win10 1607 Enterprise and Education.
On April 24, there was another fix for Win10 1709, 1703, and 1607. KB 4078407 is said to be The software side of the fix for Specter Variant 2. It needs to be combined with microcode updates and is just over the Microsoft Update Catalog available. We are following his progress on AskWoody closely.
Of course we are all waiting for Win10 Version 1803 to appear. There is still no word about when this could happen or what it is supposed to mean. (The intrepid hacker Faikee points to a Chinese-language letter to Trader that says it will be released on May 9.)
The ongoing Windows 7 / Server 2008 R2 saga
Two words: Total meltdown. We now know that every 64-bit patch for Windows 7 and Server 2008 R2 released this year through March 29 contains a bug that opens a security hole called Total Meltdown. Microsoft spent most of April in Keystone Kops patch mode, where patch after patch introduced more and other bugs and replaced new patches with really incredible speed with older patches.
As the month is breaking down, there is some good news. As of Monday night, it seems as if the (monthly) April Monthly Rollup, KB 4093118, has lost its bullish tendency to re-install itself. This means that Win7 and Server 2008 R2 users can first install a patch and delete the Total Meltdown threat.
All this unfolds as a true, live-working Total Meltdown exploit. Of course, Meltdown (as opposed to Total Meltdown) and Specter have absolutely no known exploits.
Those who insist on patching only for security and avoiding monthly rollups must ask an unanswered question: If you install the earlier buggy version of the NIC and Static IP Defense Correction patch KB 4099950 have to uninstall it before proceeding? The official documents are mom. We also follow this question on AskWoody.
There are still reports from people who have installed this month's updates and were struggling to recover their user profile. Microsoft has detected this issue from time to time and has even published a Knowledge Base article with workaround steps.
Office patches continue
There do not seem to be any issues with the office patches this month. Susan Bradley's Master Patchwatch List gives them a clean health, although there are a number of acknowledged issues listed on the official fixes pages.
In short, it looks like Microsoft has resolved the issues earlier in the month. The vulnerabilities that Microsoft has installed with this year's Win7 and Server 2008 R2 are almost done. We only have a few issues before it's time to install the March patches.
Join us on the AskWoody Lounge