Microsoft Thanksgiving turkeys: One patch disappears, another yanked

If you’re just coming back from the long US Thanksgiving weekend, all sorts of Windows patch inanities await. The Epson dot matrix bug in this month’s security patches was fixed for older versions of Windows, but .NET patch KB 4049016 and others got pulled.

Broken window with Windows 10 logo
Thinkstock/Microsoft

For those of us keeping track of Windows patches, the long four-day weekend in the U.S. felt like another instantiation of Mr. Toad’s Wild Ride. Here are the developments, in more or less chronological (which is to say, not logical at all) order.

While many of you were sneaking out the door early on Wednesday, Microsoft released KB 4055038, a fix for bugs that clobbered Epson dot matrix printers, introduced in this month’s Patch Tuesday security patches. I talked about the bug two weeks ago. In short, a bug in all of this month’s Windows security patches caused Epson dot matrix printer drivers to fail. The bug appeared in:

  • Win10 1709 KB 4048955 Build 16299.64
  • Win10 1703 KB 4048954 Build 15063.726
  • Win10 1607/Server 2016 KB 4048953 Build 14393.1884
  • Win10 1511 Enterprise and Education only KB 4048952 Build 10586.1232
  • Win10 1507 LTSC only KB 4048956 Build 10240.17673
  • Win 8.1/Server 2012 R2 KB 4048958 2017-11 Monthly Rollup
  • Win 8.1/Server 2012 R2 KB 4048961 2017-11 Security-only update
  • Server 2012 KB 4048959 2017-11 Monthly Rollup
  • Server 2012 KB 4048962 2017-11 Security-only update
  • Win 7/Server 2008 R2 KB 4048957 2017-11 Monthly Rollup
  • Win 7/Server 2008 R2 KB 4048960 2017-11 Security-only update

No matter how you slice it, that’s one impressive list of buggy Windows versions. As I explained at the time, the bug isn’t in Epson’s printer drivers. The bug’s in Microsoft’s security patches. All 11 of them.

Microsoft released a fix for the bug just as many of us were off to visit family, friends and others with malfunctioning printers. The fix, called KB 4055038, only applies to these six products:

  • Win 8.1/Server 2012 R2 2017-11 Monthly Rollup – KB 4048958
  • Win 8.1/Server 2012 R2 2017-11 Security-only update – KB 4048961
  • Server 2012 2017-11 Monthly Rollup – KB 4048959
  • Server 2012 2017-11 Security-only update – KB 4048962
  • Win 7/Server 2008 R2 2017-11 Monthly Rollup – KB 4048957
  • Win 7/Server 2008 R2 2017-11 Security-only update – KB 4048960

Of course, Microsoft didn’t document the rollout on its official Windows Update page. (Still hasn’t, far as I can tell.) But apparently KB 4055038 went out the Automatic Update chute on or around Nov. 21. Those of you who use Epson dot matrix printers on Win7 or 8.1, and have Automatic Update enabled, would’ve been without a printer for a week.

Raise your hand if you bought a new printer over the weekend because the old one wouldn't work.

Microsoft’s fix for older versions of Windows didn’t plug the printer hole in more recent versions of Windows. For that, we had two patches released on Nov. 22.

  • Win10 1709 KB 9999786 appeared on the Windows Update servers and in the Catalog (thx, @PerthMike), but a moderator on the Windows Server Technet site says:

KB9999786 was accidently published as a test package to WSUS/Catalog. This package has been removed from WSUS/Catalog. Customers who downloaded KB9999786 should delete/remove this package.

  • Win10 1703 KB 4055254 brings the Win10 Creators Update up to Build 15063.729 (Thx, @abbodi86). It’s an odd Win10 patch with a proper KB entry (click on the link), but it hasn’t yet been integrated into the usual Windows Support list. Microsoft advises in the KB article that it’ll be installed via Windows Update, but I haven’t seen it. Most likely that’s because I don’t have the correct Epson driver installed.

So at this point we still don’t have Epson dot matrix printer support for:

  • Win10 1709 Build 16299.64
  • Win10 1607/Server 2016 Build 14393.1884
  • Win10 1511 Enterprise and Education only Build 10586.1232
  • Win10 1507 LTSC only Build 10240.17673

Epson has kindly provided a matrix listing some of the outstanding problems with Microsoft’s updates. It managed to keep the verbiage civil, possibly because the sudden failure of so many old printers must've contributed to the bottom line. Ka-ching.

As if that weren’t enough to make you choke on your cranberry sauce, we had a second, separate row with .Net updates. Günter Born picked it up on his Tech and Windows World blog. Microsoft officially released these four .Net updates on Patch Tuesday:

  • 2017-11 Quality Rollup for .Net Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB 4049016)
  • 2017-11 Quality Rollup for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB 4049017)
  • 2017-11 Quality Rollup for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows Embedded 8 Standard and Windows Server 2012 (KB 4049018)
  • 2017-11 Quality Rollup for .Net Framework 2.0 on Windows Server 2008 (KB 4049019)

Now, it looks as if all of those have been pulled. Although all of the patches still appear in the official Windows Update list, none are available in the Update Catalog, and there’s no indication in either the Update list or in the individual KB articles that explain why.

If you want to find out why, you need to unravel a comment posted by Microsoftie Rich Lander on an obscure MSDN Technet entry. Lander describes Microsoft’s quandary on releasing .Net bug fixes (“quality only” updates) and security fixes, and how those fit into the Patch Tuesday model. Abbodi86 asks:

Why didn’t the November Rollup (quality-only) supersede October Rollup (quality-only)? i.e. for Windows 8.1, both November (KB4043767) and October (KB4049017) are requested

To which Lander replied:

Good question. That’s a mistake on our part. We will fix the supercedence so that November supercedes October. Because of the upcoming US holiday, we won’t be able to fix it until later in the month.

The, uh, net result to Windows users: You may or may not see the patch(es). Since it’s a “quality only” patch, it’s just a bug fix. There are no security issues lurking. Go back to sleep, but make sure Automatic Update is turned off.

So over the long weekend we discovered how Microsoft tests and fixes dot matrix printers, and how it stumbles over its own .Net patching regimen. Kinda makes you feel warm and fuzzy, yes?

The AskWoody Lounge is bobbing up and down as we roll in security patches. Join us if you can.

How AI will change enterprise mobility
  
Shop Tech Products at Amazon