Microsoft? We want to speak. Lately you’ve been disappointing me. You launched three units of safety updates this month for my Windows 10 machines. The first set of updates (KB5000802 for the 2004/20H2 variations) triggered blue screens of demise after I tried to print to Ricoh and Kyocera printers as precipitated points with Dymo labels. As you your self famous, “after installing this update, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps.”The second set of updates (KB5001567 for 2004/20H2 variations) was supposed to repair these points, however solely mounted among the BSODs and didn’t repair points with Dymo label printers or printers that create photographs (reminiscent of bar code printers). You mentioned it: “After installing updates released March 9, 2021 or March 15, 2021, you might get unexpected results when printing from some apps. Issues might include: Elements of the document might print as solid black/color boxes or might be missing, including barcodes, QR codes, and graphics elements, such as logos. Table lines might be missing. Other alignment or formatting issues might also be present. Printing from some apps or to some printers might result in a blank page or label.”Then you launched a 3rd model of the updates that reportedly would repair the problem with Dymo label printers and picture or barcode printers. One would assume that after three tries we’d get the proper and glued replace. KB5001649 for the 2004/20H2 variations was alleged to be that final and excellent replace.Not so quick. As famous by posters on Reddit, the replace failed to put in. There are even social media posts showcasing that issues are occurring with it.Now usually with Patch Tuesday, we by no means have patch perfection. There is at all times somebody that can undergo some random aspect impact of regular computing weirdness that, whereas circuitously associated to the updating course of, will get blamed on any updates due to coincidence. I’ve usually seen customers complain about one thing on their laptop and level to Windows updates because the set off; usually, it’s only a mere reboot that exposes underlying issues, not the patching course of itself. (In finest practices for servers, it’s usually really helpful that you simply reboot a system earlier than putting in an replace to make sure your system is useful.)I’ve additionally seen the place malware will insert itself right into a system and when a patch is put in, the up to date system is now unstable and ship a BSOD. Several years in the past a rootkit put in on many Windows programs was impacted by a safety replace, which had put in a brand new model of the Windows kernel; when the system rebooted, the interplay between the rootkit and the brand new kernel replace triggered a blue display screen. So whereas we pointed to the safety patch as the issue, in actuality it truly helped expose the rootkits.But it’s regarding to me that within the extra 20 years I’ve been patching machines and monitoring for negative effects we’ve got but to resolve two basic issues: You need us to activate computerized updates to make sure our machines are stored protected, however as this month’s points with printers reveals, I can not assure there gained’t be negative effects from this month’s updates. That’s simply flat out unsuitable. I’ve no extra confidence about patching than I did 20 years in the past: I’m nonetheless telling individuals to carry again, to check, to look at for points, to attend, to not set up updates immediately as I can’t assure they gained’t have points. Microsoft, that’s not adequate! We are in a world the place attackers are going after on-premises mail servers in small and medium-sized companies and putting in internet shells to probably inject ransomware. Installing high quality updates instantly is vital to defending our machines. But if we’ve misplaced all religion within the testing course of you utilize, Microsoft, how can we get to a spot the place we set up updates the second they arrive out?Then there may be the rebooting drawback. In order to put in updates and change the unique recordsdata with the mounted ones you power our programs to reboot And as a common rule, Windows customers hate rebooting. It disrupts what we’re engaged on, it makes us lose our place in what we’re doing. And within the umpteen years that we’ve used Windows, we’ve but to repair this rebooting challenge. I’ve actually seen consultants ask the way to disable Windows’ replace mechanism as a result of they can’t set a particular time for Windows machines to reboot that gained’t be disruptive. How many people have seen convention talks interrupted by a Windows 10 replace triggering a reboot? (Rather than completely disabling Windows updates, I like to recommend utilizing the “metered connection” trick so the system will solely obtain updates if you need them to.)Now we’ve got phrase that you simply’ve has re-released KB5001649 for 2004/20H2 and will probably be providing it up once more as an non-obligatory replace for these impacted by the printing points launched this the month. Microsoft, you advocate that we set up these non-obligatory updates ought to we be impacted, however that’s asking all of us to hold the burden of testing. That’s simply not proper. If you need us to right away set up updates the second they’re launched, you have to do higher than this. You have to widen your testing of updates to incorporate customers and never simply enterprises. People usually assume that the insider testing course of impacts the standard of safety updates. It’s my opinion that they don’t. Insider testing is for options not associated to safety. These are fixing safety bugs that aren’t but mounted even within the insider variations.Recently you introduced you’ll be closing your UserVoice suggestions course of, which permits customers and IT directors to ask for brand new options. At a time that I feel you have to hear extra from clients, it feels such as you’re pulling again.So in a while this week after I resolve to inform individuals to replace – or not – I’m nonetheless unsure what I’m going to inform my readers right here at Computerworld or on Askwoody.com. I’m not comfy telling individuals to NOT replace. But I’m additionally not comfy telling them to blindly set up updates and belief that Microsoft has gotten it proper. So far, you haven’t given me sufficient assurance that even with thrice you’ve bought it proper but. And that’s a disgrace.Because the attackers usually get their assaults proper the primary time.
Copyright © 2021 IDG Communications, Inc.