Windows Updates Thread - August 2019 - Patch Yo Shizzle

Discussion in 'Business & Enterprise Computing' started by PabloEscobar, Dec 11, 2014.

  1. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    What do you use for client endpoints? I've found MSE or whatever they call it these days is woefully inadequate, Like weeks behind on well seen signatures.
     
  2. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,473
    Location:
    Brisbane
    MSE + Premium spam filtering (Symantec message Gateway) works well enough in SMB land.

    I'm sick of people bitching at me that their $150/year Trend Micro platinum premium facebook ultra edition didn't stop the cryptolocker when they clicked on the invoice from seemorebutts.com

    I've pulled crypto and various other shit off every AV vendor you care to name. They are all pathetic and i can't in good faith recommend they spend money on any of them.
     
  3. NiTeHaWk

    NiTeHaWk Member

    Joined:
    Feb 22, 2002
    Messages:
    1,936
    Location:
    Brisbane
    Can someone who has applied the August updates check to see if you are seeing increased CPU usage on server 2012 R2 with DFS enabled?

    CPU has increased from around 40% to 60% constant.
     
  4. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    I noticed after the restart that it was using high CPU. I put it down to .Net assemblies being updated after the patch, It had settled by the time people arrived for work the Monday after :).
     
  5. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    I'm glad MS are shoving updates down peoples throats

    Their QA team is amazing, and totally doesn't let things like KB3097877 crashing outlook stop their march ever onward towards Cloud First, Mobile first.
     
  6. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,473
    Location:
    Brisbane
    Basically everyone is suffering (again) due to the stupidity of putting fonts in the kernel...

    Glad its fixed in Windows 10.

    Actually the Surface reddit is bitching that 1 year ago, they killed their Testing team and merged it with Dev - and that this is the reason MS has moved closer towards the ship now, patch later idea.


    *edit*

    Oh fucking christ. Our Customer base just woke up. God fucking dammit. Make the phones stop.
     
    Last edited: Nov 12, 2015
  7. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,138
    Location:
    NSW
    Given where MS was 10 years ago patch and security wise, I think for the most part they are pretty decent. I Don't agree with forced updates for all, I think that is a stupid idea, but I can see where it makes sense for home users.

    Given in my book MS security vulnerabilities don't rate in the top 3 things I think of when I think of pisspoor software that is forever needing to be updated to squash bugs, for the most part I think there has been a dramatic shift for MS.

    In regards to fonts in kernel, I'm guessing its one of those things in a long line that always starts and begins with 2 words .... Legacy & Compatibility.

    If we as an IT community want stuff from 20 years ago to still work today, then its the price we pay.
     
  8. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    They came good, but have been a pretty steady downhill slide for the past 12 months or so.

    I think there has only be two months where I haven't had to decline one or more updates to prevent things from breaking.
     
  9. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,473
    Location:
    Brisbane
    This one - and the RDP one are the only ones that have affected us in SMB MSP land. RDP one broke shitty out of date Wyse clients.
     
  10. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,472
    Location:
    qld.au
    A shame the stats don't agree with you. Have a look at the amount of critical patches Microsoft have had to offer this year, Windows 10 has had 42 exploits with a CVE score higher than 9. In 2014 that was only 14.

    Windows 10 already has 12 exploits with a CVE score higher than 9. Even Microsoft Edge (the browser nobody uses) which was meant to be void of all legacy issues / code has already had 7 exploits with a score of 9 or higher.

    That's an abysmal record for 2015. They've got a long way to go before they're at an acceptable benchmark for security vulnerabilities.

    Legacy doesn't mean poor coding standards. Microsoft are suffering from the poor leadership that Ballmer had and all of the horrid mismanagement systems that were put in place. The stack ranking forced employees to compete against each other, which decimated morale and meant that high performing employees would try to group themselves with low performing employees to increase their pay. It's such a horrid, horrid way of doing business and is used as an example of what not to do.

    They've had 10 years were many other tech companies flew by Microsoft and they've been busy playing catch-up. Only recently have we begun to see actual innovation from them again.
     
  11. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,774
    Location:
    3350
    Ahh well lets hope they actually fixed it.

    MS15-115 - Critical

    - Title: Security Update for Microsoft Windows to Address Remote
    Code Execution (3105864)
    - https://technet.microsoft.com/library/security/ms15-115
    - Reason for Revision: V2.0 (November 12, 2015): Bulletin revised
    to inform customers that the 3097877 update for Windows 7 and
    Windows Server 2008 R2 has been rereleased to correct a problem
    with the original update that could cause some applications to
    quit unexpectedly. Customers who have already successfully
    installed the update on Windows 7 or Windows Server 2008 R2
    systems should reinstall the update.
    - Originally posted: November 10, 2015
    - Updated: November 12, 2015
    - Bulletin Severity Rating: Critical
    - Version: 2.0
     
  12. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,138
    Location:
    NSW
    Given its the worlds biggest userbase, with probably over a billion installed boxes, the figures above don't surprise me. If you favourite flavour of *nix was installed on as many boxes, it'd be probed as much as windows is and just as many security holes would be found because the same lazy programmers who write windows code would be writing *nix code.

    What surprises me more is the IT pro's who always trot out the same arguments about how bad windows IS, but then neglect to think if the usage patterns were reversed that the same crap programs written in windows would be written in *nix by the same shitty programmers.

    *nix has just as many legacy pisspoorly written (from a security point of view) bits of code, but its just not as interesting to have as a target because it doesn't have mass appeal as windows does and therefore is not subject to the same intense level of scrutiny that windows is. Yes you can say open source many eyes ar elooking at it blah blah, but not one tenth the eyes are looking at *nix as are looking at windows and actively trying to break it/penetrate it.
     
  13. Sphinx

    Sphinx Member

    Joined:
    Sep 16, 2001
    Messages:
    10,133
    Location:
    Brisbane
    Yep, been dealing with KB3097877 yesterday and today. :mad:
    Do we know if they have realised yet and fixed it - or will this be going on for days... :upset:
     
  14. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,473
    Location:
    Brisbane
    [​IMG]

    Yeah, version 2.0 came out last night. Its either gon be ok, or still horrible.

    No word as of yet. I mean our phones are much quieter than i'd expect them to be if it wasn't fixed....
     
    Last edited: Nov 13, 2015
  15. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    To the Rants thread, Stat.

    This thread is to keep people mostly current on what broken patches are currently floating around, and if the yhave been fixed, or ways to mitigate them.
     
  16. roger895

    roger895 Member

    Joined:
    Aug 27, 2007
    Messages:
    178
    Location:
    Hobart, TAS
    Ah, KB3097877...

    A few of our machines were broken because of this. A little birdy told me it only affected touch screen machines (unconfirmed).

    Only Windows 7 machines broke for us.

    It's the first WSUS update I've come across like it, looked into how to get rid of it.

    Windows 7 disk + dism command, update fixed.

    only had about 8 machines affected out of about 900.
     
  17. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    The original one affected both touch screens and Outlook
    The revised one... That has the same name, without even bothering to put a trucking V2 on the end of it, fixed the outlook issues, but yeah, reports are in that it doesn't resolve the touch-screen login one.

    https://social.technet.microsoft.co...-way-of-logging-in-on?forum=w7itpronetworking
     
  18. greebs

    greebs Member

    Joined:
    Dec 30, 2001
    Messages:
    958
    Location:
    Melbourne
  19. OP
    OP
    PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
  20. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,421
    Location:
    Narrabri NSW
    Wait... What? A patch designed to add the ability to prevent "safe mode" has triggered forced safe mode? WTF?
     

Share This Page

Advertisement: