As Patch Tuesday approaches, turn off Automatic Update temporarily and — especially — disengage IE




It’s hard to overstate the problems caused by Microsoft’s second, third and fourth September  cumulative updates for all Windows 10 versions. For example, Win10 version 1903, the latest and greatest, saw cumulative updates on Sept. 10 (KB 4515384), Sept. 23 (KB 4522016), Sept. 26 (KB 4517211) and Oct. 3 (KB 4524147, which some characterize as a super-early October cumulative update).

As Microsoft kept flinging buggy fixes at the zero-day problem known as CVE-2019-1367, customers kept complaining about problems with:

  • Print spooler crashes No, they weren’t fixed with the fourth cumulative update, KB 4524147, in spite of Microsoft’s assertions. In fact, Mayank Parmar at Windows Latest documents complaints about KB 4524147 breaking PCs that were working after the third cumulative update, KB 4517211. So we have separate printer bug reports for the second, third and fourth cumulative updates. A royal printer flush.
  • Start Menu bugs — Click Start on a patched system and you get the message “Critical Error/ Your Start menu isn’t working,” which is my latest candidate for a D’oh! illuminating error message award.
  • Older JScript-based program bugs
  • Can’t type into the Cortana Search box
  • VMWare won’t start, with the warning “VMware Workstation Pro can’t run on Windows”
  • Machines won’t boot after installing the fourth cumulative update (see Lawrence Abrams’ report on BleepingComputer), or can’t install the update at all.

Microsoft hasn’t acknowledged any of those bugs, except for the printer spooler bug in the second September cumulative update. Yes, that’s the bug that is known to persist (reappear?) in the fourth cumulative update.

There were bugs in the first September cumulative update — audio problems, and the inability to install .Net 3.5 — that appear to be fixed in one of the later updates.

The main source of those lingering problems? Microsoft’s pursuit of the IE frumious bandersnatch, the zero-day security hole known as CVE-2019-1367. Snicker-snack.

Security info locked behind a Microsoft paywall

I was shocked to discover that Microsoft has published details about the CVE-2019-1367 security hole — but they’re hidden behind a pricey paywall. Late Friday night, Susan Bradley posted an excerpt from the Windows Defender Security Portal, which says, in part:

Copyright © 2019 IDG Communications, Inc.






Software

Leave a Reply

Your email address will not be published.