It’s the third week of the month — the week we discover out whether or not Microsoft acknowledges any uncomfortable side effects it’s investigating as a part of the month-to-month patch-release course of.First, a little bit of background. Microsoft has launched patches for years. But they haven’t all the time been launched on a schedule. In the early days, Microsoft would launch updates any day of the week. Then in October 2003, Microsoft formalized the discharge of regular safety updates on the second Tuesday of the month. Thus was born Patch Tuesday. (Note: relying on the place you’re on the earth, Patch Tuesday could also be a Patch Wednesday.) The following day, or in some circumstances, over the subsequent week, customers and admins report points with updates — and Microsoft lastly acknowledges that, sure, there are points.Herein lies the rub: not everybody will see the uncomfortable side effects acknowledged by Microsoft (and typically there are uncomfortable side effects Microsoft by no means acknowledges). Or some that happen may merely be a coincidence of the patching course of. (I’ve usually put in updates and the act of rebooting delivered to mild an underlying problem I didn’t find out about.)This month, I made an attention-grabbing discovery. There are literally two sources of documentation about points arising from the most recent updates. The first, known as the Windows Health Release Dashboard, lists the entire supported merchandise from Windows Server 2022 all the way in which again to Windows 7 and paperwork points Microsoft is investigating and has mounted. This month, for instance, Microsoft acknowledges points with Server 2022 triggered on Active Directory Domain Controllers. As the corporate notes: “An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.”Not all energetic listing area controllers are affected — simply those who use system certificates. Microsoft will probably be rolling out adjustments in how certificates are dealt with; it plans so as to add auditing now and implement extra adjustments later. If you’re in control of an Active Directory Domain I like to recommend you evaluate this KB article and evaluate your occasion.Interestingly sufficient, there’s a second supply that paperwork patch issues Microsoft could also be investigating. However, this recap of recognized points is just obtainable if in case you have entry to an E3 or E5 license. If so, and you’ve got both Administrator rights or Support rights, you’ll be able to go to the built-in dashboard inside your Microsoft 365 dashboard. It paperwork among the uncomfortable side effects not famous within the public dashboard. For occasion, this month’s Microsoft 365 Health launch dashboard acknowledged two further points not famous within the public console. First, it notes the problem with Remote Desktop Services Broker Connection function:“We have received reports that after installing KB5005575 or later updates on Windows Server 2022 Standard Edition, Remote Desktop Services Connection Broker role and supporting services might be removed unexpectedly. We have expedited investigation and are working on a resolution. Note: Windows Server 2022 Datacenter edition and other versions of Windows Server are not affected by this issue. “Workaround: If you are using Remote Desktop Connection Broker on Windows Server 2022 Standard edition, you can mitigate this issue by removing Remote Desktop Connection Broker, installing the latest security update, and then re-adding Remote Desktop Connection Broker.“Next steps: We are working on a resolution and will provide an update in an upcoming release.”Next, it paperwork this:“We are receiving reports that the Snip & Sketch app might fail to capture a screenshot or might fail to open using the keyboard shortcut (Windows key+shift+S), after installing KB5010386 and later updates. “Next steps: We are presently investigating and will provide an update when more information is available.”I’m not sure why there’s a distinction between the objects famous within the public well being launch dashboard and the Microsoft 365 Health launch dashboard. But if in case you have entry to the Microsoft 365 model, it is best to evaluate the knowledge there.More and extra, Microsoft is utilizing a know-how known as “Known Issue Rollback.” If an issue is launched by a non-security repair included within the Patch Tuesday updates, Microsoft can roll it again and repair it behind the scenes. Often within the well being launch dashboard, you will notice a discover that a difficulty will probably be dealt with this fashion and if you happen to’re not in a company area, it’s possible you’ll be urged to reboot your laptop. In a website, you should use group coverage as a set off. (An admx file is routinely printed with steering to set off the rollback.) These rollbacks can’t be finished if the issue is triggered by a safety patch, nonetheless, as a result of returning the replace to its pre-security patch state would depart your system weak.For instance, a latest replace launched a difficulty the place “some apps using Direct3D 9 might have issues on certain GPUs.” As Microsoft notes:“After putting in KB5012643, Windows units utilizing sure GPUs might need apps shut unexpectedly or intermittent points with some apps which use Direct3D 9. You may additionally obtain an error in Event Log in Windows Logs/Applications with faulting module d3d9on12.dll and exception code 0xc0000094.“Resolution: This problem is resolved utilizing Known Issue Rollback (KIR). Please observe that it’d take as much as 24 hours for the decision to propagate robotically to client units and non-managed enterprise units. Restarting your Windows system may assist the decision apply to your system sooner. For enterprise-managed, units which have put in an affected replace and encountered this problem can resolve it by putting in and configuring the particular Group Policy listed beneath. For data on deploying and configuring these particular Group Policies, please see How to make use of Group Policy to deploy a Known Issue Rollback.“Group Policy downloads with Group Policy title:
Download for Windows 11, model 21H2 – Group Policy title: KB5012643 220509_20053 Known Issue Rollback.
Download for Windows 10, model 2004, Windows 10, model 20H2 and Windows 10, model 21H1 – Group Policy title: KB5011831 220509_20051 Known Issue Rollback.”
Once once more, not all computer systems will see this drawback. It’s restricted to sure computer systems with particular GPUs which are affected.Bottom line: the subsequent time you see tales about uncomfortable side effects attributable to Patch Tuesday releases, don’t assume you’ll be affected. You could encounter no points in any respect. If you might have the sources, I like to recommend establishing a check mattress of pattern machines so you’ll be able to decide if you’ll. If you’ll be able to’t do this, the important thing to restoration (and avoiding points), is to make sure you have a backup of your laptop and might restore it if crucial. The know-how that ensures you’ll be able to get better from ransomware can be the identical know-how that ensures you’ll be able to get better from errant patching uncomfortable side effects.
Copyright © 2022 IDG Communications, Inc.