Not all patching problems are created equal

This is the third week of the month – the week in which we find out if Microsoft has acknowledged any side effects it is investigating as part of the monthly patch-release process.

First, a bit of background. Microsoft has released patches year after year. However they are not always released on a schedule. In the early days, Microsoft will release the update any day of the week. Then in October 2003, on the second Tuesday of the month, Microsoft announced the release of the usual security update. Thus the patch is born on Tuesday. (Note: Depending on where you are in the world, a patch Tuesday could be a patch Wednesday.) The next day, or in some cases, next week, users and administrators will report problems with the update – and Microsoft finally acknowledges that, yes, the problem There is.

Here’s the rub: There are side effects recognized by Microsoft (and sometimes there are side effects that Microsoft never acknowledges). Or something happens that could be a coincidence in the patching process. (I’ve installed updates too often and rebooting has an underlying problem that I didn’t know existed.)

This month, I made an interesting discovery. There are two sources of documentation about issues arising from recent updates The first, known as the Windows Health Release Dashboard, lists all supported products from Windows Server 2022 for Windows 7 and document issues that Microsoft is investigating and fixing. This month, for example, Microsoft Active Directory acknowledges the problems of Server 2022 triggered by domain controllers. As the company notes: “A problem has been found in the machine account related to how the mapping of the certificate is being handled by the domain controller.”

Not all active directory domain controllers are affected – only those who use device certificates. Microsoft will change the way certificates are handled; It now plans to add auditing and apply further changes later If you are in charge of an Active Directory domain, I suggest you review this KB article and review your events.

Interestingly, there is a second source that Microsoft is investigating document patch issues. However, this brief overview of known issues is only available if you have access to an E3 or E5 license. If so, and you have either admin rights or support rights, you can go to the integrated dashboard inside your Microsoft 365 dashboard. It records some side effects not mentioned in the public dashboard. For example, this month’s Microsoft 365 Health Release Dashboard acknowledged two additional issues that were not mentioned in the public console.

First, it notes the problem with the remote desktop service broker connection role:

“We’ve received reports that after installing KB5005575 or later updates to Windows Server 2022 Standard Edition, the role of Remote Desktop Services Connection Broker and supporting services may be unexpectedly deleted. We have expedited the investigation and are working on a solution. Note: Windows Server 2022 Datacenter version and other versions of Windows Server are not affected by this issue.

“Workround: If you use Remote Desktop Connection Broker in Windows Server 2022 Standard Edition, you can reduce this problem by removing the Remote Desktop Connection Broker, installing the latest security updates, and then reconnecting Remote Desktop Connection Broker.

“Next step: We are working on a resolution and will provide an update on an upcoming release.”

Next, it records:

“We are reporting that the Snip & Sketch app may fail to capture a screenshot after installing KB5010386 and later updates or may open using keyboard shortcut (Windows key + shift + S).

“Next step: We are currently investigating and will provide an update when more information becomes available.”

I’m not sure why there is a difference between the items mentioned in the Public Health Release Dashboard and the Microsoft 365 Health Release Dashboard. But if you have access to Microsoft 365 version, you should review the information there.

What’s more, Microsoft is using a technology called “known issue rollback”. If there is a problem with a non-security fix included in the patch Tuesday update, Microsoft can roll it back and fix it behind the scenes. Often in the Health Release Dashboard, you will see a notice that a problem will be handled this way and you may be prompted to reboot your computer if you are not in the corporate domain. In a domain, you can use group policy as a trigger. (An admx file with instructions for triggering rollback is regularly published.) These rollbacks cannot be performed if the problem is triggered by a security patch, however, reverting the update to its pre-security patch state will weaken your system.

For example, a recent update introduced an issue where “Some apps using Direct3D 9 may have issues with certain GPUs.”

As Microsoft notes:

“After installing KB5012643, apps on Windows devices using certain GPUs may close unexpectedly or there may be occasional issues with some apps that use Direct3D 9. You may also find an error in the event log in Windows logs / applications with defective module d3d9on12.dll and exceptions. .

“Resolution: This issue has been resolved using known issue rollback (KIR). Please note that it may take up to 24 hours for the resolution to be automatically broadcast on consumer devices and non-managed business devices. When your Windows device is restarted, the resolution may quickly apply to your device. For enterprise-managed, devices that have installed an affected update and encountered this problem can resolve this by installing and configuring the special group policy listed below. For information on setting up and configuring these special group policies, please see How to use Group Policies to set up a known problem rollback.

Download Group Policy with Group Policy Name:

  • Download for Windows 11, version 21H2 – Group Policy Name: KB5012643 220509_20053 Known Issue Rollback.
  • Download for Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1 – Group Policy Name: KB5011831 220509_20051 Known Issue Rollback.

Again, not all computers will see this problem. It is limited to certain computers with specific GPUs that are affected

Bottom line: The next time you see stories about side effects due to Patch Tuesday’s release, don’t assume you’ll be impressed. You may encounter any problems anyway. If you have the resources, I recommend setting up a test bed of the sample machine so that you can determine if it is. If you can’t do that, the key to recovery (and avoiding problems) is to make sure you have a backup of your computer and restore it if necessary. The technology that ensures that you can recover from ransomware is also the same technology that ensures that you can recover from incorrect patching side effects.

Copyright © 2022 IDG Communications, Inc.

Leave a Reply

Your email address will not be published.