Patching meltdown: Windows fixes, sloppy .NET, warnings about Word and Outlook
نوشته شده توسط : jiajiasnow

Located on the heels of the Jan. 17 release of 14 Windows and .NET patches, we now end up with a huge crop of new patches, revised older patches, warnings about bugs, and a bewildered ecosystem of Microsoft customers who can't figure out what while in the blue blazes is going on.

Let's step into the, uh, offerings on Jan. 18.
Windows 10 patches

Win10 Fall Creators Update version 1709 - Cumulative update KB 4073291 brings the Meltdown/Spectre patches to 32-bit machines. What, you thought 32-bit machines already had Meltdown/Spectre patches? Silly mortal. Microsoft's Security Advisory ADV180002 has got dirty details during the fine print, point 7:

Q: Relating to an x86 architecture and also the PowerShell Verification output indicates that I am not fully protected of those speculative execution side-channel vulnerabilities. Will Microsoft provide complete protections from the future?

A: Addressing a hardware vulnerability having software update presents significant challenges and mitigations for older operating systems that require extensive architectural changes. The existing 32 bit update packages listed in the advisory fully address CVE-2017-5753 and CVE-2017-5715, but fail to provide protections for CVE-2017-5754 at this time. Microsoft is continuing to work with affected chip manufacturers and investigate the optimal way to provide mitigations for x86 customers, that will be provided in a future update.

It appears as if the is the first 32-bit version of Windows containing a patch to your Meltdown vulnerability. Surprise.

Like most of the patches I talked about yesterday, this one is available only through the entire Update Catalog - it won't be pushed onto your machine.

Win10 Fall ("November") Update version 1511 (Enterprise/Education only) - The cumulative update KB 4075200 continues within illustrious tradition of the 1703 and 1607 updates I discussed yesterday. It's the second cumulative update for 1511 so far this month. This patch "addresses [an] issue where some customers with AMD devices get into an unbootable state." Like all among the Meltdown/Spectre patches, you need to use antivirus software that sets the correct registry key before KB 4075200 will install. KB 4075200 isn't being pushed out Windows Update; it's available only by manually downloading it via the Update Catalog.

Win10 RTM ("Initial version") version 1507 (Enterprise LTSC) - Cumulative update KB 4075199. Same story as 1511 above.

Win8.1 - Microsoft officially acknowledged what we've suspected - that it released two versions of the company's Win8.1 Security-only update, KB 4056898: one on Jan. 3 plus the other on Jan. 5. Except the warning's buried in Security Advisory ADV180002:

On January 5, 2018, Microsoft re-released KB4056898 (Security Only) for Windows 8.1 and Windows Server 2012 R2 to address a known issue. Customers who had installed the original package on 1/3/2018 should reinstall the update.

I warned you within the switcheroo back on Jan. 10. Now we've found official acknowledgment, but still no description of a "known issue." The KB article still doesn't acknowledge, or describe, the swicheroo.
Some Windows Meltdown/Spectre patches on AMD resume

According to Catalin Cimpanu at Bleepingcomputer, Microsoft has started pushing five in the patches that it pulled while they bricked AMD machines. Details are sketchy at this point, but Cimpanu says Microsoft has started pushing all these patches onto AMD machines:

Win10 1709: Cumulative Update KB 4056892 (for 64-bit machines only; see above about 32-bit)
Win8.1: Monthly Rollup KB 4056895 and Security-only KB 4056898
Win7: Monthly Rollup KB 4056894 and Security-only KB 4056897

But, per Cimpanu, these patches are still being withheld from AMD machines:

Win10 1703: Cumulative Update KB 4056891
Win10 1607: Cumulative Update KB 4056890
Win10 1511 (Enterprise/Education only): KB 4056888
Win10 1507 (Enterprise LTSC): KB 4056893

As best I can tell, there happen to be no changes made to any among the five patches that are now going out to AMD machines. It's not whatever clear - and Microsoft certainly hasn't said anything - why these patches are going out now, as well as how they fixed the manifest problems with earlier version.

Naturally, we haven't received any answer to last week's question: Microsoft reinstates Meltdown/Spectre patches for some AMD processors - but which ones?

Trust us. We're from Microsoft, and we're here for you to.
Semantec Endpoint Protection conflict

I found out more towards the "Unbootable state for AMD devices" patches that I discussed yesterday. We still don't have any official answers for your chicken-and-egg nature of a patch specifically issued for machines which have already been bricked by an earlier patch. It still isn't clear if, after unbricking your machine and installing the new patch, make sure you re-install the old patch.

But one bit of enlightenment appeared yesterday on, very little Microsoft site, but for the Symantec Endpoint Protection site. It goes without saying. It seems Symantec Endpoint Protection has been suffering in the tray icon bug brought on by Microsoft's Jan. 3 patches. Symantec issued a hotfix to clear the dilemma, but that's been pulled?- because Microsoft fixed the bug.

As per Symantec, the tray icon bug - introduced by Microsoft on Jan. 3 - has been fixed in:

Win10 1709 - KB 4073290 - the "Unbootable state for AMD devices" patch
Win10 1703 - KB4057144 - the second Cumulative Update this month
Win10 1607/Server 2016 - KB4057142 - the second Cumulative Update this month
Win8.1/Server 2012 R2 ¡§C KB4057401 - the preview for next month's Monthly Rollup
Server 2012 - KB 4057402 - the preview for next month's Monthly Rollup

More .NET funnies

Having said that the barely documented fun 'n games don't end there.

Yesterday, Microsoft changed its documentation for these .NET patches:

Win7 .NET 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 - KB 4055532 has been re-released to fix the font problems from Jan. 17. @MrBrian notes on AskWoody:

The files ndp47-kb4074880-x64[?-].exe and ndp47-kb4074880-x86[?-].exe currently within catalog for KB4055532 (January 2018 .NET Framework monthly rollup for Windows 7) have got a digital signature of January 11, 2018, which happens to be newer than the original release date. Also, however I installed the January 2018 .NET Framework monthly rollup for Windows 7 on Monday (I have got .NET Framework 4.7), it is being offered again in Windows Update (it's ticked).

Win7 .NET 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 - KB 4074880 now says it replaces KB 4055002 for carrying care of the font problems for the earlier rollup. But note should you install KB 4074880 to fix 4.7.1, you still wish to install the earlier update, KB 4054856.
Server 2008 SP2 .NET 4.6 - KB 4055002 now says it applies only to Server 2008 SP2.

Deep within a Revisions list of CVE-2018-0764, there's an explanation:

To address a regression issue after installing security update 4055002, Microsoft has released security update 4074880 for Microsoft .NET 4.6/4.6.1/4.6.2/4.7/4.7.1 installed on supported editions of Windows 7 and Windows Server 2008 R2. Customers who might possibly have already installed KB4055002 should install KB4074880 grow to be protected from this vulnerability.

If you're keeping a January patch scorecard, it's official. Your collection of scorecards now need an index.
The steaming pile deepens

This month's patches aren't all about Meltdown and Spectre. Even our good old friend Word has joined the now well-worn "oops we did it again" chorus line. Remember earlier this month when Microsoft fixed the Office Online Server security hole CVE-2018-0792? Yeah, me neither, but on Jan. 9, Microsoft rolled out patch KB 4011021.

Except, well, it didn't install on some machines. No explanation why. Instead, we get this posted nine days later:

To address a known issue with installing security update 4011021, Microsoft is announcing the availability of security update 4011022 getting replacement. Customers who experienced problems installing 4011021 should install 4011022.

And in order to put icing upon your buggy patching cake, there's a reported bug around the KB 4011626 update for Outlook 2016. Microsoft has acknowledged definitely part of the dilemma:

After you install this security update, attachments are removed anytime you forward plain text emails. To work around this issue, save the attachments locally, reattach, and send the email.

But needless to say there's no fix. I see continuing discussions over the Microsoft TechNet forum basically Reddit.
Advice

With (hundreds of?) thousands of PCs bricked by bad patches this month and (hundreds of?) millions of Windows customers bewildered through the avalanche of patches - we've seen bucketloads of patches on Jan. 3, 4, 8, 9, 11, 12, 17 and now Jan. 18 - it's essential to wonder when rrt is going to all straighten out. Best I can tell you requires you to turn off Automatic Update, and wait for some semblance of sanity to return.





:: بازدید از این مطلب : 835
|
امتیاز مطلب : 0
|
تعداد امتیازدهندگان : 0
|
مجموع امتیاز : 0
تاریخ انتشار : سه شنبه 3 بهمن 1396 | نظرات ()
مطالب مرتبط با این پست
لیست
می توانید دیدگاه خود را بنویسید


نام
آدرس ایمیل
وب سایت/بلاگ
:) :( ;) :D
;)) :X :? :P
:* =(( :O };-
:B /:) =DD :S
-) :-(( :-| :-))
نظر خصوصی

 کد را وارد نمایید:

آپلود عکس دلخواه: