Microsoft Patch Alert: Welcome to the Upside Down

Credit to Author: Woody Leonhard| Date: Tue, 30 Jul 2019 09:33:00 -0700

This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions… and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

We don’t know what information Microsoft’s collecting with the new patch, but if you’ve been hoping to minimize Microsoft snooping by staying on the increasingly difficult Security-only path, the jig is up. You have two options:

It’s not an easy choice.

In my opinion, if you want to continue to patch Win7, you’re better off paying the devil his due and installing the Win7 Monthly Rollup, KB4507449 (“Group A”). That’ll give you the full version of Win7 telemetry, along with many small bug fixes.

To be sure, there are two sides to this development. On the one hand, you have people who feel that Microsoft should start collecting all of the data it can to guide the inevitable demise of Win7 and help customers onto Win10. On the other hand, you have people who just don’t like the intrusion.

I’m surprised that regulators haven’t launched an investigation into Microsoft’s newfound nosiness, but the fact remains that we don’t know what telemetry is being collected along either the Monthly Rollup or Security-only path.

Microsoft has halted Win10 version 1903 upgrades for PCs that have older versions of the Intel Rapid Storage Technology (RST) drivers. (Think Optane memory or certain RAID drivers.) The latest official Release Information status page says:

To safeguard your update experience, we have applied a compatibility hold on devices with Intel RST driver version between 15.1.0.1002 and 15.5.2.1053 installed from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Just one problem. Many, many people report that the Win10 1903 upgrade refuses to proceed in spite of the fact that they have recent Intel RST drivers. When they try to upgrade to 1903, they’re getting a block notice, which looks like this:

This is in spite of the fact that these folks have moved heaven and earth to try to get the latest versions of the RST drivers. An anonymous poster on AskWoody has a workaround that may or may not apply in all situations.

To my point of view, this is a feature, not a bug. It’s still too early to move to Win10 version 1903. There are still too many bugs lurking about — this being an excellent case in point. Give 1903 a few more months to mature, and then let’s take a new look.

Speaking of problems with the Win10 1903 upgrade, Rick Corbett has been trying to get the 1903 upgrade to bypass updating his drivers — he has his drivers set up the way he likes, and he doesn’t want the upgrader to come in and mess with them.

So far, we don’t have a definitive method for blocking new drivers. In particular, the techniques that worked for 1809 and earlier aren’t working right in 1903.

The second, “optional” Win10 July cumulative updates are all out, although the 1903 patch was posted last Thursday, pulled, then released again last Friday.

If you couldn’t get the Visual Studio patch KB4506161 installed, you aren’t alone. Microsoft messed up the version detection mechanism. It was fixed in a re-release on July 19, leaving admins everywhere scratching their heads for 10 days.

Also, in case you missed it, SQL Server 2008 has been relegated to the big bit bucket in the sky. Susan Bradley has the full story, including some workarounds, in her Patch Watch column.

We have a new set of Servicing Stack Updates for all versions of Win10, as well as Win8.1. (If you use Windows Update to get your updates, you don’t need to worry about the new SSUs. They only apply if you manually install updates.)

There are new lists of cumulative updates for .NET:

There aren’t any entries in the latter list, so far.

I would remiss if I didn’t repeat, loudly, the BlueKeep message I’ve been posting for months. If you run a WinXP, Vista, Win7, Server 2003, or Server 2008 machine and you haven’t installed the May patch, you’re playing with fire. Tell your friends to get patched. There are still many hundreds of thousands of machines sitting out there with “Kick me” signs facing the internet.

Although there’s a BlueKeep exploit available for sale, it hasn’t turned into a for-real threat. Yet.

Don’t let the heat get to you. We’re cool on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss

Leave a Reply