By Woody Leonhard,
Someday, you’ll tell your grandkids about the halcyon days of July and August 2020, when Microsoft took pity on us poor patching souls and introduced few bugs in its stew of Patch Tuesday patches.
Now, it looks like we’re well on our way to another mess.
Although it’s still too early to throw up your hands and peremptorily pass on the September crop, I assure you that there is no joy in Patchville.
Right out of the gate, many folks running Bitdefender on Win10 version 1903 or 1909 were treated to a warning when trying to install this month’s cumulative update:
The file DeviceHarddiskVolume2WindowsSoftwareDistributionDownload9e0ac098b282aa922e874fe9c2e52396_ctcWindows10.0-KB4574727-x64.cab is infected with Trojan.Ciusky.Gen.13. The threat has been successfully blocked, your device is safe.
The process C:WindowsWinSxSamd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1073_none_171f6eef2a0feed0TiWorker.exe manifests ransomware behavior and was blocked. Your files have been protected from being altered.
Recommended solution? “Disable Bitdefender during the update installation or define an exception,” per Günter Born.
Windows 10 version 2004 customers who actually use WSL 2, the Windows Subsystem for Linux version 2, get a nasty surprise. After installing the September cumulative update, on restart, the updated systems throw an “Element not found” error with the warning
The remote procedure call failed.
[process exited with code 4294967295]
Venkat on Techdows reports that the only known solution is to uninstall the cumulative update.
If you’re using the decade-old Paint Shop Pro 7 on Win10 version 2004, expect glacial performance. Born has a reasonable conjecture: “Possibly the preview handler for image files installed by Paint Shop Pro 7 is the cause. In the past, such handlers were the cause of Explorer crashes or tough Explorer actions.“
Many folks online report the usual range of problems – “X” doesn’t install, throws a blue screen (try re-starting repeatedly), Start menu doesn’t work, Search doesn’t work. The list goes on and on. If you have one of those specific problems, try scanning the usual monthly Reddit thread or the Microsoft Answers forum to see whether anyone else has encountered the problem.
Long-standing bugs continue to show up, including the temporary user profile bug that leads to missing files, logon problems, and disappearing desktop icons. Mayank Parmar at Windows Latest has a discussion of the evergreen ESENT 642 warning bug. Lawrence Abrams at BleepingComputer explains how the “Optimize Drives” defrag date bug has been fixed – but the bug that trims hard drives persists. @EP warns that some of the Intel microcode updates may be offered to machines that don’t need them.
As usual, the official Windows Release Information list covers very few of the known problems.
Aria Carley at Microsoft announced that the Windows installer is now, suddenly, miraculously, capable of updating itself, without a separate Servicing Stack Update. (Sometimes I think Windows will turn into a modern operating system!) The change only affects folks who install cumulative updates manually, or use one of the Microsoft update management tools:
Our goal is for all IT administrators, whether managing devices on-premises or from the cloud, to experience the simplicity of having a single cumulative monthly update to deploy that includes the month’s cumulative fixes and the appropriate servicing stack updates for that month, if applicable.
The only catch: In order to get rid of SSUs, you have to install the latest SSU. Chicken, meet egg. For those of you who use Windows Update, it’ll all happen automatically.
@NetDef has an interesting observation on AskWoody:
Two articles about a month apart are — to me — revealing a serious (and so far un-announced) vuln in WSUS that’s being mitigated quietly… HTTPS internally has long been considered a best practice, but not enforced in any way should the sysadmins choose to use HTTP between the server and client machines.
Now today we see: “To ensure that your devices remain inherently secure, we are no longer allowing HTTP-based intranet servers to leverage user proxy by default to detect updates”
My suspicion is high here. This only makes sense on an internal environment where a bad actor could spoof updates via a software proxy. And malware proxies are nothing new, but this indicates that perhaps the cert check on updates packages is not as secure as we’ve assumed.
Of course, I recommend that you avoid this month’s patches until we’ve had a chance to sort through the damage, and Microsoft has had a chance to correct its bugs. Crowdsourcing works. I expect we’ll see fixes for Bitdefender and the Windows Subsystem for Linux bugs in short order. As for the others…, it’s hard to say.
If you hit a bug – or, better, a solution! – be sure to tell us on AskWoody.
Woody Leonhard is a columnist at Computerworld and author of dozens of Windows books, including “Windows 10 All-in-One for Dummies.”
Copyright © 2020 IDG Communications, Inc.
Copyright © 2020 IDG Communications, Inc.