Windows and .Net finally get their 'D Week' patches, as Intel microcode fixes go wacko

Overnight, Microsoft released 34 patches for all versions of Windows and .Net: Every version of Win10 gets a cumulative update; Win7 and 8.1 get Monthly Rollup Previews; all versions of .Net also get Previews. But beware the Ides of Intel.

Microsoft Windows update arrows on laptop and mobile phone
Microsoft / IDG

Time for the final August patching shoe to drop.

Late last night Microsoft released a flurry of patches, posting them on the Microsoft Update Catalog. Some are available through Windows Update, some aren't.

As of early Friday morning, the Win10 patches are not available through WSUS, the update server service. It’s not clear if that’s a mistake, a hesitation — or if somebody just went home last night and forgot.

Let’s hear it for patching predictability. And transparency.

The Win10 patches

Those of you with Win10 1803 get KB 4346783, which brings you up to build 17134.254. I found two of the fixes worthy of note:

  • Addresses an issue that causes computer certificate enrollment or renewal to fail with an "Access denied" error after installing the April 2018 update. Some admins on Reddit were waiting for that fix, which had been promised for Tuesday.
  • Addresses an issue that prevents printing on a 64-bit OS when 32-bit applications impersonate other users (typically by calling LogonUser). This issue occurs after installing monthly updates starting with KB4034681, released in August 2017. Which will come as welcome, if stale, news for developers who lost the capability a year ago.

Microsoft still hasn’t fixed the months-old bug:

Launching Microsoft Edge using the New Application Guard Window may fail

and its solution is to uninstall the Aug. 14 cumulative update, install the July 24 cumulative update, then reinstall the Aug. 14 cumulative update. Which, in a cumulative world, makes no sense whatsoever.

Folks who are hanging tight with Win10 1709 get KB 4343893, which brings you up to build 16299.637. There’s a long list of changes, none of which seem particularly noteworthy.

If you’re using Win10 1703  that’s still my choice for production machines — the new KB 4343889 brings you up to build 15063.1292. There’s a shorter list of changes. Note that security patches for 1703 will end in October. In six weeks or so, you’ll have to choose between 1709, 1803, or possibly 1809. As you might imagine, I’ll be watching the aging process astutely.

@abbodi86 advises that, as of Friday morning:

Windows 10 Updates did not hit WSUS, although 4346783 (1803) and 4343889 (1703) were delivered as Dynamic Updates (i.e., feature upgrade companions)

There’s also a cumulative update for Win10 1607/Server 2016, KB 4343884. Same old same old.

The Win7 and 8.1 Monthly Rollups

The Win7 Monthly Rollup Preview, KB 4343894, contains a major bug fix for Internet Explorer 11:

Addresses an issue in Internet Explorer 11 that may cause a blank page to appear for some redirects. Additionally, if you open a site that uses Active Directory Federation Services (AD FS) or Single sign-on (SSO), the site may be unresponsive.

Which is a wonderful way to describe a bug that Microsoft introduced in the Aug. 14 Monthly Rollup, KB 4343900, and in the Aug. 14 Internet Explorer Security-only update, KB 4343205. As long as you’re installing Monthly Rollups, the sequencing works out al lright, but if you’re manually installing Security-only updates, the only way to fix the bug in the Aug. 14 Security-only patch is to install this Monthly Rollup Preview. Which, again, makes no sense at all. Thx, @DrBonzo.

In addition, the ancient bug with network interface controller drivers is still there:

There is an issue with Windows and third-party software related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.

Not unexpectedly, the Win8.1 Monthly Rollup Preview, KB 4343891, looks clean as a hound’s tooth.

The .Net mess, version 3.1415a

We were, uh, blessed in the middle of the night with three new .Net Previews:

  • KB 4346080 — August 2018 Preview of the Quality Rollups for .Net Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4346080)
  • KB 4346081 — August 2018 Preview of the Quality Rollups for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012
  • KB 4346082 — August 2018 Preview of the Quality Rollups for .Net Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2

There are subsidiary KB articles that provide more detailed explanations of the changes in these KBs. Again, I don't see anything earth-shattering.

Intel microcode madness

While you were sleeping — or intentionally ignoring the increasingly dismal news — Microsoft has also been piling on Intel microcode updates, directed at Meltdown and Spectre (versions 1, 2, 3, 3a, 4, n for n >=4). There continues to be confusion about why the Intel microcode updates get installed on AMD machines, what bits need to be flipped in which registries, and whether firmware updates trump Windows patches. It’s a mess par excellence, with little documentation, and nothing official that’s reliable. We have two active threads on the topic(s) on AskWoody, here and here.

Don’t know about you, but I can’t download the key Win10 1803 Intel microcode patch, KB 4100347. Susan Bradley has been asking Microsoft whether they’ve pulled the patch, and so far the only response is crickets.

Of course, we still haven’t seen any in-the-wild Meltdown or Spectre infections. When we do, the whole exercise will no doubt turn into a delightful marketing opportunity for a couple of hardware manufacturers.

What to do?

Sit tight. The cumulative updates are still too young. And I never recommend that you install Previews. There are no significant security exploits that are patched by the July or August crop of fixes (unless you’re using IE in a Chinese company that’s become a target for North Korea). Let’s see if any undead arise over the long weekend.

Most of Microsoft should be back to work by next week anyway. We missed ya.

Thx, @abbodi86, @sb, @DrBonzo, @PKCano, @Kirsty.

Join the long march to WinOblivion on the AskWoody Lounge.

Related:
How AI will change enterprise mobility
  
Shop Tech Products at Amazon