Beaucoup bugs beset this month’s Windows patches

July and August had relatively stable Patch Tuesdays. Not so, this month. Here’s the tip of the iceberg – the bugs that cropped up within a day of release.

software update
GOCMEN / Getty Images

Someday, you’ll tell your grandkids about the halcyon days of July and August 2020, when Microsoft took pity on us poor patching souls and introduced few bugs in its stew of Patch Tuesday patches.

Now, it looks like we’re well on our way to another mess.

Although it’s still too early to throw up your hands and peremptorily pass on the September crop, I assure you that there is no joy in Patchville.

Bitdefender bites 1909 

Right out of the gate, many folks running Bitdefender on Win10 version 1903 or 1909 were treated to a warning when trying to install this month’s cumulative update:

The file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\9e0ac098b282aa922e874fe9c2e52396_ctc\ is infected with Trojan.Ciusky.Gen.13. The threat has been successfully blocked, your device is safe.

Ransomware Remediation

The process C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1073_none_171f6eef2a0feed0\TiWorker.exe manifests ransomware behavior and was blocked. Your files have been protected from being altered.

Recommended solution? “Disable Bitdefender during the update installation or define an exception,” per Günter Born.

Windows Subsystem for Linux subsumed

Windows 10 version 2004 customers who actually use WSL 2, the Windows Subsystem for Linux version 2, get a nasty surprise. After installing the September cumulative update, on restart, the updated systems throw an “Element not found” error with the warning 

The remote procedure call failed. 

[process exited with code 4294967295]

Venkat on Techdows reports that the only known solution is to uninstall the cumulative update.

Paint Shop Pro 7 slowdowns

If you’re using the decade-old Paint Shop Pro 7 on Win10 version 2004, expect glacial performance. Born has a reasonable conjecture: “Possibly the preview handler for image files installed by Paint Shop Pro 7 is the cause. In the past, such handlers were the cause of Explorer crashes or tough Explorer actions.“

And the usual litany...

Many folks online report the usual range of problems – "X" doesn’t install, throws a blue screen (try re-starting repeatedly), Start menu doesn’t work, Search doesn’t work. The list goes on and on. If you have one of those specific problems, try scanning the usual monthly Reddit thread or the Microsoft Answers forum to see whether anyone else has encountered the problem. 

Long-standing bugs continue to show up, including the temporary user profile bug that leads to missing files, logon problems, and disappearing desktop icons. Mayank Parmar at Windows Latest has a discussion of the evergreen ESENT 642 warning bug. Lawrence Abrams at BleepingComputer explains how the “Optimize Drives” defrag date bug has been fixed – but the bug that trims hard drives persists. @EP warns that some of the Intel microcode updates may be offered to machines that don’t need them.

As usual, the official Windows Release Information list covers very few of the known problems.

Good news: Bye-bye Servicing Stack Updates

Aria Carley at Microsoft announced that the Windows installer is now, suddenly, miraculously, capable of updating itself, without a separate Servicing Stack Update. (Sometimes I think Windows will turn into a modern operating system!) The change only affects folks who install cumulative updates manually, or use one of the Microsoft update management tools:

Our goal is for all IT administrators, whether managing devices on-premises or from the cloud, to experience the simplicity of having a single cumulative monthly update to deploy that includes the month’s cumulative fixes and the appropriate servicing stack updates for that month, if applicable.

The only catch: In order to get rid of SSUs, you have to install the latest SSU. Chicken, meet egg. For those of you who use Windows Update, it’ll all happen automatically.

Is Microsoft fixing a bug behind our backs?

@NetDef has an interesting observation on AskWoody:

Two articles about a month apart are — to me — revealing a serious (and so far un-announced) vuln in WSUS that’s being mitigated quietly… HTTPS internally has long been considered a best practice, but not enforced in any way should the sysadmins choose to use HTTP between the server and client machines.

Now today we see:  “To ensure that your devices remain inherently secure, we are no longer allowing HTTP-based intranet servers to leverage user proxy by default to detect updates”

My suspicion is high here.  This only makes sense on an internal environment where a bad actor could spoof updates via a software proxy.  And malware proxies are nothing new, but this indicates that perhaps the cert check on updates packages is not as secure as we’ve assumed.

Onward with socially distanced bug tracking

Of course, I recommend that you avoid this month’s patches until we’ve had a chance to sort through the damage, and Microsoft has had a chance to correct its bugs. Crowdsourcing works. I expect we’ll see fixes for Bitdefender and the Windows Subsystem for Linux bugs in short order. As for the others…, it's hard to say.

If you hit a bug – or, better, a solution! – be sure to tell us on AskWoody.

Copyright © 2020 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon