As many of us were removing prepared for a holiday weekend, after a warn proclamation about Windows being ripped into 3 pieces, Microsoft shoveled nonetheless another bucket of rags out a Automatic Update chute. Think of it as a module homogeneous of a Friday night news dump.
A mortal repair for Total Meltdown
KB 4100480 kicked off a dual days from patching limbo with a Windows 7/Server 2008R2 heart refurbish for CVE-2018-1038, a “Total Meltdown” bug Microsoft introduced in Win7 behind in January. Total Meltdown, we might recall, is a outrageous confidence hole implemented by all of these Microsoft confidence patches:
- KB 4056894 Win7/Server 2008 R2 Jan Monthly Rollup.
- KB 4056897 Win7/Server 2008 R2 Jan Security-only patch.
- KB 4073578 Hotfix for “Unbootable state for AMD inclination in Windows 7 SP1. and Windows Server 2008 R2 SP1” bug commissioned in a Jan Monthly Rollup and Security-only patches.
- KB 4057400 Win7/Server 2008 R2 Preview of a Feb Monthly Rollup.
- KB 4074598 Win7/Server 2008 R2 Feb Monthly Rollup.
- KB 4074587 Win7/Server 2008 R2 Feb Security-only patch.
- KB 4075211 Win7/Server 2008 R2 Preview of a Mar Monthly Rollup.
- KB 4091290 Hotfix for “smart label formed operations destroy with blunder with SCARD_E_NO_SERVICE” bug commissioned in a Feb Monthly Rollup.
- KB 4088875 Win7/Server 2008 R2 Mar Monthly Rollup.
- KB 4088878 Win7/Server 2008 R2 Mar Security-only patch.
- KB 4088881 Win7/Server 2008 R2 Preview of Apr Monthly Rollup.
If we commissioned any of those 11 rags on your Intel 64-bit Windows 7/Server 2008 R2 computer, we non-stop adult a gaping hole famous as “Total Meltdown,” or CVE-2018-1038, that allows any module using on your mechanism to run in heart mode. Yes, any program that’s using can review or write into any partial of memory.
Microsoft putrescent all of those machines to urge opposite a professionally marketed Meltdown/Spectre vulnerability, that has never, ever been seen in a wild. Kevin Beaumont (@GossiTheDog on Twitter) said it best:
The extraordinary thing is Meltdown is educational research, that is practically really formidable to do during scale (ie nobody has managed it) given this introduced emanate is pardonable to feat — even we can do. And I’m thick.
Vess Bontchev goes on to say:
The singular bug this [KB 4100480] refurbish fixes is catastrophic. Basically a bug that negates a elemental confidence protections of a OS and earnings it to a times of MS-DOS.
Ulf Frisk, a man who detected this gaping confidence hole, pronounced final Wednesday that a Mar Monthly Rollup, KB 4088875, plugs a hole. The subsequent day he pronounced that, oops, a Mar Monthly Rollup doesn’t repair a hole. Microsoft has now reliable that a Mar Monthly Rollup indeed introduces a hole.
KB 4100480 heal worse than a disease?
With a crowd of problems introduced by a Mar confidence patches, we might be wondering if this new (patch of a patch) ^ 12 brings along with it a bugs that have led to Microsoft “unchecking” a patch in Windows Update — to put it bluntly, a Mar rags scent so badly that Microsoft stopped force-feeding them a week ago.
MrBrian has a step-by-step analysis of a bugs in a Mar rags and either they’re hereditary by KB 4100480. He concludes that a Internet Explorer, haunt NIC and reset primer IP bugs, and bluescreen VALID_POOL_ON_EXIT bugs in a Mar rags aren’t benefaction in this new patch. The SMB server memory trickle bug might or might not be in this new patch, though a bug has been around given January. And a bluescreens for PAE and SIMD might or might not be in a new patch.
We’ve had ongoing coverage during AskWoody about a KB 4100480 patch and a mess. Susan Bradley, who has lots of knowledge with tiny business installations, has left so distant as to suggest SMEs with 64-bit Win7 machines hurl them behind to December:
If there are users in your patching sourroundings that roller and click on ANYTHING, I’d wish you’d make them do their pointless surfing on an iPad, not a Windows appurtenance (probably still with internal admin rights) until this Windows 7 patching disaster gets straightened out. we don’t like revelation people to hurl behind to pre-January updates, though conjunction do we conclude Microsoft carrying consistent side effects that are quantifiable and impactful and all that happens is that they keep on revelation us that they are operative on a issues and this will be bound in a destiny release…
If we have any Jan by Mar refurbish installed, make certain KB4100480 is installed.
Otherwise go into add/remove programs and hurl behind to December’s KB4054521 (security only) or KB4054518 (rollup) and afterwards hang parsimonious and keep a fingers crossed that April’s updates will solve these issues.
And afterwards Microsoft greatfully greatfully please, do something about these famous issues and repair them, since it heedfulness me severely to publically form this.
A repair for rags that don’t have problems
Also, on Thursday afternoon, Microsoft forsaken a handful of rags that repair other bad bugs in before patches. Susan Bradley has a brief list that includes KB 4096309 for Win10 1607/Server 2016 that “addresses an emanate that can means operational plunge or a detriment of sourroundings since of connectivity issues in certain sourroundings configurations after installing KB4088889 (released Mar 22, 2018) or KB4088787 (released Mar 13, 2018).”
As Susan notes, both of a referenced bound rags are still listed in their KB articles, as “Microsoft is not now wakeful of any issues with this update.”
Then there are a rags that repair bluescreens generated by progressing botched patches:
- KB 4099467 — Stop blunder 0xAB when we record off a Windows 7 SP1 or Windows Server 2008 R2 SP1 session. That’s a bug introduced in this month’s Win7/Server2008R2 patches.
- KB 4099468 — Stop blunder 0xAB when we record off a Windows Server 2012 session. That bug was introduced in this month’s Server 2012 patches.
- KB 4096310 — Stop blunder 0xAB when we record off a Windows Server 2008 session. Ditto ditto ditto.
Save your IP if you’re prescient
This refurbish addresses issues introduced in KB4088875 and KB4088878 for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 where a new Ethernet Network Interface Card (NIC) with default settings might reinstate a formerly existent NIC, causing network issues. Also addressed, is an emanate where immobile IP residence environment are mislaid after requesting a update. These symptoms might be seen on earthy computers and practical computers using VMWare.
Ends adult this is only a package for a (modified) VBScript that, when run before to installing this month’s rags for Win7, avoids a immobile IP busting inlet of a patch. we speak about a VBScript module in my Patch Alert article from final week.
Abbodi86 describes it:
So it’s a easy programmed chronicle of a VBscript. It checks if KB2550978 hotfix is commissioned (or any superseder). [Note:=KB 2550978 is a many-year-old hotfix, final updated some-more than a year ago.] …
I consternation because Microsoft didn’t hurl out that critical repair years ago by Windows Update
The critical note is that we have to run KB 4099950 before we implement this month’s Win7/Server 2008R2 patches.
The bottom line
I can remember lots of bad Windows rags over a past integrate of decades, though I’d be hard-pressed to come adult with any that proceed this year’s phalanx of Windows 7 screw-ups. It’s as if Microsoft doesn’t caring about aged multi-billion-dollar businesses.
For now, we continue to suggest that people stay put and don’t implement any of a Mar patches. For enterprises, follow Bradley’s advice and hurl behind to Dec if we have users with unenlightened clicking fingers.
Join us for tea and magnetism on the AskWoody Lounge.