The out-of-band emergency update, KB4100480, was released by Microsoft last week to supplement a patch released in early March to address severe vulnerabilities accidentally introduced by Redmond’s engineers in their January and February security updates for Meltdown on Windows 7 and Windows Server 2008 R2 systems. It seems that this patch is far away from being ‘finished’.
A patch for a patch for a …. well, patch
A lot of system administrators recently said many of their 64-bit Windows 7 and Server 2008 R2 boxes are still unable to be properly patched. They seem to face the problem that WUS offers you endless an update in order to fix ‘urgent security’ problems on your Windows machine. With many saying that though they realize their machines are in need of the patch for the patch for the patch, they can’t seem to get WSUS to apply it or they’re stuck in an ‘update loophole’.
Of approximately 200 Windows Server 2008 R2 systems all of which have installed more than at least one of the qualifying Jan-Mar updates, only 18 are showing that KB4100480 is applicable,…
On top of that, since we do utilize WSUS, nearly all of those 200 systems are patched identically.”
Microsoft answered with “The update is available to WSUS customers, who can download and import it into WSUS from the catalog.” which is fun to read cause one day later they published a hotfix which also solves the problem to reset the NIC or static IP after applying some specific updates.
Seems this problem and KB is a bigger issue, after all, this isn’t the first time Microsoft had a problem with Meltdown related patches. In a lot of cases, the tries only resulted in more problems after applying the patches.
Watch and observe is the strategy, seems you can’t do much until MS releases another hotfix or an updated version of Meltdown related KB’s. Maybe it’s Intel to blame here because they still seem to have problems with their own ‘Meltdown solutions’ but I’m not 100% how the communication between both of them are since you never hear much on information regarding such security or update problems.
I’m not sure what exactly to suggest here in this special case, cause you can stay insecure but bug-free or patch it and might get some problems, however, the NIC/static IP issue was not unfixable but annoying.
I’m pretty sure Microsoft will update their KB’s once more on the next big patchday the 10 April 2018.
Shhh! Enough now, let’s rant about Facebook & Reddit it’s more fun.