This month's Windows and Office security patches: Bugs and solutions

This month's Windows and Office security patches: Bugs and solutions

By , Columnist, Computerworld | PT

The biggest surprise in the February patching lineup is one that didn’t appear: the 'optional non-security' cumulative update for Win10 version 1809. Most – but not all -- bugs introduced by earlier patches are now fixed.

This month's Windows and Office security patches: Bugs and solutions
Thinkstock/Microsoft
Table of Contents

Show More

Microsoft continues to hold Windows 10 version 1809 close to the chest. While all of the other Win10 versions have had their usual twice-a-month cumulative updates, the latest version of the last version of Windows, 1809, still sits in the Windows Insider Release Preview Ring.

For most people, that’s excellent news. It seems that Microsoft is willing to hold off until they get the bugs fixed, at least in the 1809 releases. May I hear a “hallelujah” from the chorus?

Mystery update bulldozer KB 4023057 hits the Catalog

You’ve heard me talk about KB 4023057 many times, most recently in January. It’s a mysterious patch that Microsoft calls an “update reliability improvement” whose sole reason for existence, as best I can tell, is to blast away any blocks your machine may have to keep the next version of Windows (in this case, Win10 1809) from installing on your machine.

KB 4023057 and its predecessor KB 4022868 have gone through 50 or so versions over the past three-plus years, and it’s always been distributed stealthily – you get it when you install updates, unless you go to great pains to block it. @PKCano has a thorough description of the tortuous procedure for preventing its installation.

Now comes word from @abbodi86 that on Thursday, for the first time, KB 4023057 has appeared in the Microsoft Update Catalog. It’s not clear why the old bete noire has been elevated to Catalog status – and I doubt Microsoft will ever tell us.

Old Access bugs fixed. Mostly.

February’s earlier Windows patches wreaked havoc on old Access databases. In January, Access 97 file format databases got clobbered by all of the Windows updates. Then Access 95 databases got the shiv. It’s almost as if nobody tests the Win10 cumulative updates against older databases, wouldn’t you say?

As of this writing, all is well (apparently), except for Win10 version 1809, which hasn’t yet received the Access 95 inoculation.

Word to the wise: If you have an older database program that you really need to use, watch out.

Fixing with a wing, a prayer, and a silver bullet

There’s a smattering of new bugs introduced by the Patch Tuesday patches, and subsequently fixed by Third Tuesday patches. The most entertaining of the lot is the Internet Explorer backslash bug. Of course, you don’t use IE, but for those who do…

February’s Patch Tuesday patches for Win7 and 8.1 contained this weird, acknowledged, bug:

After installing this update, Internet Explorer may fail to load images with a backslash (\) in their relative source path.

That bug, and several others, were fixed in the Third Tuesday Monthly Rollup preview patches – but those aren’t distributed through normal channels. You have to wait until later in March, when the Monthly Rollup Preview patches will (presumably) be added to the March Monthly Rollups. Got that? A bug in the February security update is fixed by a patch in the next month’s (presumably non-security) monthly rollup.

Here’s where things get weird. On Feb. 19, Microsoft released KB 4491113, a “Cumulative update for Internet Explorer: February 19, 2019,” which is a silver bullet patch with one intent:

This cumulative update includes improvements and fixes for Internet Explorer 11 that is running on Windows 8.1 or Windows 7, and resolves the following issue:

Internet Explorer cannot load images that have a backslash (\) in their relative sources path.

So we have a cumulative update, KB 4491113, that fixes a bug introduced in this month’s Monthly Rollups, but which is also fixed in this month’s Monthly Rollup previews. The previews fix other bugs as well, but I guess this one was problematic enough to warrant a single silver bullet.

Except… now comes word (from an anonymous poster) that KB 491113 is causing problems:

FWIW, this “silver bullet” isn’t quite ready to be fired; it caused problems with the game Halo: Spartan Strike by omitting some of the sound and then letting the game hang after a few minutes. It may also have caused some problems with videos on Firefox. Upon uninstalling, the Spartan is again killing Covenanters and Prometheans with full sound.

If you’re using Win10, the bug was fixed in the Third Tuesday patches – except for Win10 1809, which doesn’t yet have a Third Tuesday patch.

Moral of the story: Internet Explorer isn’t a browser. It’s a decorative appendage.

To further complicate matters, the Win8.1 Monthly Rollup Preview, which fixes this bug, introduces a truly bizarre bug that enables Location Services and makes a nuisance of itself in the Notification (er, Action) Center.

Windows 10 1809 still not ready for prime time

Microsoft changed its terminology, again, but it hasn’t yet officially declared that version 1809 is ready for business deployment. You can think of that as CBB, or SAC-not-T, SP1, or VGBS (venerable gray beard status), but whatever hokey name you put to it, the fact remains that Microsoft has not yet come out and said that Win10 version 1809 is suitable for mass consumption.

The official Windows 10 release information page still lists it as “Semi-Annual Channel (Targeted),” which is old terminology but with a judicious nod and wink – and with a dearth of additional reassurances – it’s clear that Microsoft isn’t yet recommending that businesses move onto the latest and greatest.

Hard to say when that’ll happen, but there’s lots of pressure to brand Win10 1809 as “ready for business” (CBB, SAC, SP1, VGBS, whatever) before Win10 1903 arrives…. which should be in 3… 2… 1…

Keep up on the parts of Windows that matter on the AskWoody Lounge.

0 Comment

NO COMMENTS

Comments are closed.