For February, a 'bumpy' Patch Tuesday ride

A few issues have already cropped up with this month's collection of patches from Microsoft. Then, for now, pause updates if you can.

A digital hub marked with crossed wrench and screwdriver branches circuits through a system.
Traitov / Getty Images

One week out from Patch Tuesday and it's been a bumpy release for the month, especially for older versions of Windows 10 and Server 2016. (Less affected: the consumer versions of Windows 10 2004 and 20H2.)

Windows Server 2016/1607 suffered the worst of the issues: the original version of the Servicing Stack update KB4601392 caused patching to get "stuck." Server patchers had to leap through a ton of hoops to go the monthly security update installed. Microsoft pulled the bad update and replaced information technology with KB5001078. If you were unlucky and installed KB4601392 before information technology was pulled, Microsoft has this  guidance to manually reset Windows updates components.

Windows Server 2016 long has had a reputation of being a horrible platform to patch. It installs updates slower than Windows Server 2019 and typically takes longer to reboot afterward — and Microsoft won't (or can't) backport the fixes from Server 2019 to the older platform. Unlike Windows x, if y'all purchased Windows Server 2016 for your firm, y'all can't upgrade to Server 2019 for gratis; it's an additional purchase. (Given all of the patching issues on that platform, Microsoft, should provide a license to Server 2019 for free for affected businesses.)

If you lot withal run Windows 10 1909, you lot too were impacted by a buggy update: KB4601315. I personally noticed on my 1909 workstation that I wasn't offered that update; I but received this month'southward .Cyberspace patch. I checked effectually on Askwoody.com and plant I wasn't solitary. Others experienced the same result, especially on consumer versions of Windows 10. Two days after Patch Tuesday, Microsoft released KB5001028, an "out of band" release to fix a blueish screen that occurred when you attempted to utilise a Wi-Fi Protected Access iii (WPA3) connection. Microsoft notes that you are more than probable to run across this issue when reconnecting to a Wi-Fi network after disconnecting, or when waking from slumber or hibernation. (This is a cumulative update ,so it can be installed on top of, or instead of, the earlier February update.)

Often people question why Microsoft's pre-release beta testing Insider program, can't notice issues similar this. The underlying trouble is that the Insider program is testing lawmaking for future releases of Windows, it's not testing patches and updates on the older releases most people still utilize. We've long complained about the lack of quality control with Microsoft updates and, unfortunately, this appears to be another less-than-stellar set of releases.

Microsoft for many years has published a tool that helped us block a troublesome update until we were fix to deal with information technology, or until the update had a fix released. Called the Wushowhid.diagcab tool, we've used this to block buggy updates for years. In the last few weeks, even so, Microsoft pulled the tool from its website with no explanation why. Where is this wushowhide tool?

When you go to the web site detailing how yous tin can block a buggy patch or driver, the download link is now a cleaved link. We retrieve this was triggered past Microsoft wanting to retire any web download that relies on SHA1. But in doing and so, many of these older, still useful, tools are no longer available — meaning  we have to notice them on tertiary-party sites. Nosotros no longer have an "official" site for these tools.

I desire you to practise me a favor. Visit the web site where we used to download the

MSFT feedback link Microsoft

Here'due south where yous tin tell Microsoft to restore admission to the Wushowhid.diagcab tool.

tool and roll to the bottom of that page. Where the footer links to the question, "Was this information helpful?" and asks for a Yes or No, click on the No button. When information technology asks "How can we improve? The more you tell us, the more than we can assist," reply with something like this: "Delight fix the wushowhide.diagcab file and put it back on your web site. We need it to block certain updates." And hitting send. I'grand hoping that if enough of united states of america provide feedback that we need that tool in item Microsoft will re-release it.

Getting rid of SHA1 isn't the upshot; information technology is an older engineering and it allows attackers to spoof downloads and content that could be used in attacks. But it's not cool that nosotros take at present lost key tools to go on our systems functional. I've recently recommended using the Wushowhide.diagcab tool to cake certain updates that would attempt to install over and once more with no resolution. I recommended to someone affected by KB4535680, the update for secure boot that wouldn't install, to use this tool to hide the update. At the time I gave that advice, the tool was notwithstanding available. Now they'd take to attempt to notice it on a 3rd-political party site. I'd rather be able to signal to an official tool on an official Microsoft spider web page.

For those of yous running Windows ten 1909 with Conexant sound drivers, Microsoft is still indicating that the only manner to work effectually an ongoing driver outcome is to let the 2004/20H2 feature release install and then when it fails, and rolls back to 1909, let the process install a second fourth dimension. I remain unsure whether Microsoft volition make this procedure improve for these impacted customers. Stay tuned.

And so what exercise I recommend at this time? Be patient. I'yard withal in testing fashion to make certain I don't encounter any problems. Thus, I recommend staying in "pause" mode when it comes to this month'due south updates. We'll go along y'all informed here and over on Askwoody.com of any of the details.

Copyright © 2021 IDG Communications, Inc.