Microsoft Patch day brings bug warnings, another Office CtR, and the return of KB 2952664

This month’s fourth-Tuesday patches includes a bevy of bug notices and a warning to uninstall old Previews, the fourth “Monthly Channel” update this month for Office 365, and our old snooping friend KB 2952664.

Windows logo overlaying hand with band-aid patch
Thinkstock/Microsoft

Once upon a time, the fourth Tuesday of the month was reserved by Microsoft for non-security patches. How times have changed. Yesterday, we saw a bunch of new bug warnings — including an admonition to uninstall a previous buggy .Net Preview patch — and an unexpected fourth update this month for Office 365’s reputedly stable Monthly Channel.

New .Net Preview warning to uninstall

The Feb. 2018 .Net Framework Previews — which were pulled last Thursday — got new warnings. Each of these updated KB articles:

  • KB 4074805 – the February 2018 Preview of Quality Rollups for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1
  • KB 4073701 – the February 2018 Preview of Quality Rollup for .Net Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 and for .Net Framework 4.6 on Server 2008 SP2
  • KB 4074808 – the February 2018 Preview of Quality Rollups for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1

... has been modified to include this warning:

.NET Framework applications might experience System.Security.Cryptography.Xml.Reference.LoadXml exception errors after you install the February 2018 .NET Framework Preview of Quality Rollup updates for Windows 7 SP1, and Server 2008 SP2 and Server 2008 R2 SP1.

Because of this known issue, update KB 4073701 is no longer available from Windows Update, WSUS, or Microsoft Update Catalog as of February 23, 2018.

For more information about this known issue, go to the following article in the Microsoft Knowledge Base:

4091227 Exceptions in System.Security.Cryptography.Xml.Reference.LoadXml after you install the February 2018 .NET Framework Preview of Quality Rollup updates for Windows 7 SP1, Server 2008 R2 SP1, and Server 2008 SP2

The instructions at KB 4091227 tell you how to uninstall the patches. Which you should take as a subtle hint that, if you got suckered into installing the Previews, you better get rid of them.

None of those patches are currently available in the Microsoft Update Catalog. No indication when they might reappear.

Windows 7 Security-Only and Monthly Rollup bugs

Both of the KB articles for this month’s Win7 patches have been updated. KB 4074598, the February Win7 Monthly Rollup, and KB 4074587, the Feb Win7 Security-Only patch, both triigger a bizarre error, “SCARD_E_NO_SERVICE.” The KB articles now say:

The LSM.EXE process and applications that call SCardEstablishContext or SCardReleaseContext may experience a handle leak. Once the leaked handle count reaches a certain threshold, smart card-based operations fail with error "SCARD_E_NO_SERVICE". Confirm the scenario match by reviewing the handle counts for LSM.EXE and the calling processes in the process tab of Task Manager or an equivalent application.

Monitor the handle counts for the LSM.EXE process and the calling process before and after installing this update. Restart the operating system that's experiencing the handle leak as required.

Microsoft is working on a resolution and will provide an update in an upcoming release

Which, I’m sure, is comforting news for most Windows 7 customers.

Yet another version of Office 365 Click-to-Run

You would think that the Office “Monthly Channel” would be stable enough to warrant the name “Monthly Channel.” Not so. Microsoft just released the fourth version of Office 365 this month — build 9001.2138 on Feb. 1, 9001.2144 on Feb. 7, 9001.2171 on Feb. 13, and now version 1802 build 9029.2167 on Feb. 26.

Poster bobcat5536 on AskWoody put it succinctly:

Just did notice that Office 365 has yet another update released on the monthly channel yesterday. That makes 4 this month. Why don’t they rename it the weekly channel. This update stuff is just pure madness.

Another bug for Win10 1607

There’s a new bug posted for KB 4077525, the second Monthly Rollup this month for Win10 1607:

After installing this update, servers where Credential Guard is enabled may restart unexpectedly. The error is “The system process lsass.exe terminated unexpectedly with status code -1073740791. The system will now shut down and restart.”

Event ID 1000 in the application log shows:

“C:\windows\system32\lsass.exe’ terminated unexpectedly with status code -1073740791

Faulting application: lsass.exe, Version: 10.0.14393.1770, Time Stamp: 0x59bf2fb2

Faulting module: ntdll.dll, Version: 10.0.14393.1715, Time Stamp: 0x59b0d03e

Exception: 0xc0000409

English translation: Stop using Win10 1607.

And an oldie but goodie for XP and Office 2010

Windows XP has been out of service for almost four years, but Office 2010 won’t hit its extended support date until October 2020. So we got a brand-new KB 4018314 — February 26, 2018, update for Outlook 2010. The KB article says, through seemingly clenched teeth:

This update fixes the following issue:

After you install KB4011273 on a Windows XP or Windows Server 2003-based computer, you receive an error message that resembles the following when you start Microsoft Outlook 2010:

CompareStringOrdinal not found in dynamic link library KERNEL32.dll

Which apparently means nobody bothered testing KB 4011273, last month’s Outlook 2010 security patch, on XP or Server 2003. And it took nearly two months to fix it.

KB 2952664 and KB 2976978 are baaaaaack

To put a little cherry bomb on top, our old snooping friends KB 2952664 (for Win7) and KB 2976978 (for 8.1) have re-re-appeared. As I mentioned earlier this month:

Starting this month, Microsoft feeds Meltdown/Spectre vulnerability information into its Azure-based Windows Analytics package using telemetry from those patches. If you’re running Windows Analytics and you don’t want to use Steve Gibson’s inSpectre, the patches are worthwhile, snooping and all. If you don’t plan to upgrade to Win10, and don’t care about an Azure-based snooping tool, there’s no reason to install KB 2952664 or KB 2976978 .

What’s missing

For whatever reason, as of early Wednesday morning, Microsoft still hasn’t released a fix for the acknowledged bugs in this month’s cumulative update for Win10 Fall Creators Update, version 1709. Some of the folks who run the latest Windows 10 are still getting INACCESSIBLE_BOOT_DEVICE bluescreens. Others are having their USB devices wiped out.

It’s been a pesky patching month.

You can see a list of all of this month’s updated KB articles on the AskWoody site.

Thx to @SB, @MrBrian, @abbodi86, @PKCano, @bobcat5536 and many others.

Join us for ruminations and recriminations on the AskWoody Lounge.

How AI will change enterprise mobility
  
Shop Tech Products at Amazon