The November Patch Tuesday aftermath

There were a few surprises in this month's updates released on Tuesday, including Office 2010 updates, some Intel Microcode updates you can probably skip and fixes for Outlook memory issues.

Illustration: Bandages adhere to a sad-faced laptop in need of a patch, fix, or update.
Zoljo / Getty Images

November’s updates held a few surprises. 

First, for those still running Office 2010 last month was supposed to be the drop-dead date for support.  No more security updates at all.  None.  Zilch.  Zippo.  

And yet, we week received updates for Excel (KB4486743), Office (KB4486737, KB4486738, KB4484534, KB4484455), and for Word (KB4486740) — all of which patch for remote code executions.  (I remember when Office 2007 had its swan song, we received updates after its end-of-life notice as well.) My guess is that these updates were probably still in testing and had not yet been completed, hence the late release. So, if you are still running Office 2010, you get one more month’s worth of updates.  I don’t expect another set next month. But then again, I didn’t expect this month’s either.

The next surprise is another set of Intel Microcode updates. These include KB4589198 for Windows 10 1507 Long Term Servicing Branch, KB4589210 for Windows 10 1607 long term servicing branch, KB4589206 for Windows 10 1803, KB4589208 for Windows 10 1809, KB4589211 for Windows 10 1903 and 1909 and KB4589212 for Windows 10 2004 and 20H2.  These are security updates for Intel processors that have security vulnerabilities. 

Specifically, these target the Avoton, Sandy Bridge E, EN, EP, EP4S, Sandy Bridge E, EP, Valley View / Baytrail processors. (If you have an affected computer, you will be offered up the patch.)


If you’re like me and have no clue what CPU your hardware uses, Intel provides several ways to look up the info. Or in Windows 10, click on Start, then Settings, then About, and in the device specifications window you can see the processor identification – though not the brand name. Typically, I go to the Intel site and search on the processor name and compare that to what’s running on my computer. Alternatively, you can download CPU-Z to determine your exact CPU code name.  This application gives the most specific information about what brand of Intel chip you are running, but a word of warning: the site makes it extremely hard to determine what to click on to download the program without installing something you don’t want.

 For the curious, my Lenovo laptop has a Haswell processor.

Should you install?

But the question everyone always asks me is… should I install these microcode updates? I’m not convinced. I have in the past uninstalled some of these patches from machines after seeing them slow down after the update. In this instance, the attackers would have to “monitor power consumption and deduce what instructions were being performed by a CPU, allowing them to steal sensitive data from memory.” That sounds like “nation state” attackers looking for key industrial or government secrets. These days, the most sensitive information on my computer is my weekly order to Instacart and my Amazon purchases. Unless your computer keeps nuclear codes, or is an ATM machine, I’d skip those updates —  especially if they impact performance. 

I do recommend bios updates, especially on Windows 10 machines.

Consumer, Home and small business patchers

My general advice to consumer, home or small business users is to hold back from patching and wait until I give an all-clear. At this time, only install updates on a spare machine, then ensure that basic activities such as printing works as you expect. There are several patches to fix a remote code execution in the Print Spooler (CVE-2002-17042) as well as a print spooler elevation-of-privilege (CVE-2020-17001). This is repatching a prior print spooler bug that was first patched in May (CVE-2020-1048), then again in August (CVE-2020-1337). If you experienced issues with the June Windows 10 patches and printing, you’ll probably be wary of patches that affect printing. I personally have not seen issues in my testing, but I’ll keep an eye out for specific issues and report back on any bugs later this month.

The other big bug fixed in this release is a Zero-day that impacted not only Windows, but Chrome and Microsoft’s new Edge browser. Chrome and Edge were patched earlier; now, the base operating system is getting its fix for a separate elevation-of-privilege bug (CVE-2020-17087).  (A targeted attack using a remote code vulnerability in Google Chrome utilizing the Windows Kernel Cryptography driver to elevate privileges was seen in late October.)

Keeping an eye out for bugs

It’s way too soon to be installing updates at this time; I’m seeing too many early reports of odd issues in the Reddit venue, the Answers forum, and of course, on  Fortunately ,nothing major is trending at this time and I hope it stays that way.  This month we did not receive any new .NET security updates, but did receive the normal releases of Windows and Office.

Outlook loses its memory

We are still tracking an issue where Outlook and other applications can’t remember passwords after the installation of the Windows 10 2004/20H2 release. Microsoft has officially documented the issue and traces it to an HP Customer participation utility task. They are investigating the issue and promising a fix.

In the meantime, they recommend this workaround:

  • Right-click the Windows 10 Start Button and select Windows PowerShell (Admin).
  • Copy and paste the command below into Windows PowerShell and press Enter.
  • Get-ScheduledTask | foreach { If (([xml](Export-ScheduledTask -TaskName $_.TaskName -TaskPath $_.TaskPath)).GetElementsByTagName("LogonType").'#text' -eq "S4U") { $_.TaskName } }

If you see any Tasks listed from the PowerShell output, make a note of them. Next, go to Windows Task Scheduler and disable any tasks you found from the above command.  Follow these steps:

  • In the Windows 10 Search box, type Task Scheduler and then open the Task Scheduler app.
  • Locate the task in the Window (HP Customer participation), or other task from the Windows PowerShell output.
  • Right-click the task and choose Disable.
  • After you disable the task, restart Windows.

If that process makes you wince, you can choose a different way to temporary fix this: Uninstall 2004 or 20H2. If you are within the 10-day window of installing the Windows 10 2004 feature release, you can roll back to 1909 by clicking on Start, then Settings, then on Update and Security, then click on the Recovery tab. In the Recovery section, click on “Go back to the previous version of Windows 10” and click on get started. Windows will ask you a few questions and roll you back to 1909.

Enterprise patchers

For those in control of corporate patching who regularly pour over security patch release information, Microsoft has changed how it prepares and releases documentation on the Security updates. Descriptions included in the patch release bulletins have been replaced by summaries and abbreviations to streamline the communication. 

According to ZDnet's Catalin Cimpanu, the same information is there, just in fewer words. Former Microsoft Security Response Center release manager Dustin Childs disagrees. Childs, who is now a Zero Day Initiative blogger, notes in his Patch Tuesday write up that getting good information about a bug helps explain the attack risk and how to protect ourselves. “As a network defender, I have defenses to mitigate risks beyond just applying security patches. Should I employ those other technologies while the patches roll out? Until I have some idea of the answers to those questions, I can’t accurately assess the risk to my network from this or any of the other bugs with outstanding questions. Hopefully, Microsoft will decide to re-add the description in future releases.” I strongly agree. Other admins are also upset by the changes.

Take a look at the new format Security Update Guide and provide feedback on their form or email them.

I’ve always had a philosophy that installing updates is not without risk. When the time arrives where the risk of getting attacked is higher than the risk of installing updates and dealing with the side effects, that’s the optimum time to install and reboot. 

Helping users better understand risks and how attacks occur means means keeping us better informed — and better ready to prevent attacks. I, too, want Microsoft to add back more details to its security release information. Blindly installing updates without a better understanding of what they’re protecting us from is never wise. 

Patching problems? As always, hit us up on

Copyright © 2020 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon