I don't know about you, but I've given up on Microsoft's ability to deliver reliable patches. Month after month, we've seen big bugs and little bugs pushed and pulled and squished and re-squished. You can see a chronology from the past two years in my patching whack-a-mole columns starting here.
For the past few months, though, we've seen some improvement. Microsoft has started identifying and publicly acknowledging big bugs, shortly after they're pushed. Consider:
Microsoft posted a description of the problem, and a complex manual workaround, on June 12. The bug's marked as "mitigated," which apparently means the company has published a PowerShell script that can fix the bug in an ad-hoc kind of way. ("You will need to re-enter the function each time you open a new PowerShell window.")
Both of those bugs touched every Windows machine, from Windows 7 to the latest version of Windows 10, and everything in between. They're not the product of isolated fringe circumstances. If you needed IE or Edge to access those gov.uk sites, or if you have custom views in Event Viewer, you got hit.
Neither of those bugs is particularly remarkable - just more of the same-old, same-old lousy patch quality we've come to expect. What's different this time is Microsoft's public (and timely) confession. Instead of keeping users in the dark for days or weeks, Microsoft posted a description of the problem in very short order. The new Release Information page is actually working, although there are some teething pains.
To be sure, there are problems that aren't reflected in the Patch Information page. But it's a big step in the right direction.
Here are some of the other problems we're tracking:
We don't know for sure if (a) this behavior's a bug, not a feature, (b) what settings remain in effect after the disappearing trick and (c) how it's supposed to work. I think it's a bug, but some are casting aspersions on Microsoft's integrity. I have no idea how Microsoft will fix it.
.NET 4.8 itself is not pushed or published through Windows Update. But you do have it "in the box" if you're running Win10 version 1903.
If you have .NET 4.8, you will get a separate security update for it through Windows Update.
Windows 8.1, Monthly Rollup KB 4503276... when I opened IE11 after restart, this page automatically opened asking me to set the "recommended" settings. I clicked the X mark inside the page, the tab closed and I retained my current settings
We're also seeing an SSU problem with folks using update servers. Apparently, it takes two passes for some update servers to "see" this month's patches: The first pass discovers and installs the Servicing Stack Update, and a second pass is necessary to find and install this month's cumulative update. Old problem, frustrating nonetheless.
Then there are the old Intel microcode patches (2019-01, 2019-02) that suddenly appear after installing this month's cumulative updates. Lots of people are scratching their heads because the updates show up on machines that aren't covered by the patches.
There's also a very poorly documented Exchange "defense in depth" patch, described in Advisory 190018.
Problems? Observations? Abject feelings of despair? Hit us on the AskWoody Lounge.
This story, "Microsoft is better at documenting patch problems, but issues abound" was originally published by Computerworld.
