Editor’s Note: An earlier version of this story incorrectly contained references to a republished version of Windows 10 1809. This version of Windows was not republished.
The patches have not been available for 24 hours and we are already seeing a lot of activity. Here we are with the initial wave of problems.
Malicious Software Removal Tool 800B0109 installation failure
Many early patchers found that the MSRT KB 890830 always installed itself. poster IndyPilot80 says::
It is at Install: 0% for a few minutes and then disappears. When I press “Check for updates” it reappears and does the same.
There are hundreds of online reports from people who have found that the MSRT installer threw an 800B0109 and would not install it. or installed, but reinstalled on restart; was displayed several times in the list of installed updates; was not displayed in the list of installed updates despite execution. and different variations of these topics.
In the end, it was Microsoft’s fault. MSRT behaved the last night.
Access error 3340 query is corrupt
Günter Born First described this problem, based on reports on German-language websites, including desktopmodder.de:
Microsoft Office security updates released on Patchday (November 12, 2019) result in Access being unable to access databases. Error 3340 “Query is corrupt” is cleared. …
It seems that a security update for the CVE-2019-1402 The vulnerability in every version of Microsoft Office causes this error. Here is the list of Office security updates that you can uninstall.
At least after what I’ve seen so far, uninstalling this security update seems to allow database access again.
Born says he has reported the problem to Microsoft but is not yet showing it on the official account Fixes or workarounds for current problems in Access List.
Maintenance of stack updates
Microsoft has released new updates to the servicing stack for all supported versions of Windows. In particular, Win7 and 8.1 also have new SSUs. (You only need to worry about SSUs if you manually download and install updates. If you use Windows Update, they should be installed automatically. Should.) For a complete list of new SSUs, see Safety note ADV990001.
Another mysterious “exploited” security hole in Internet Explorer
Tell me if that Sounds familiar.
Yesterday’s patches include one for an Internet Explorer vulnerability that is said to be synchronized CVE-2019-1429, a “exploited” vulnerability. Just like the “day” zero day Keystone Kops episode of IE that was “exploited” in August, this seems to be a real bug in IE. Just like the lookalike in August, Microsoft doesn’t tell us much.
Dustin Childs says it best in his Zero Day Initiative contribution::
This patch for IE addresses a vulnerability in how the script engine handles objects in memory. This vague description of memory corruption means that an attacker could execute his code when an affected browser visits a malicious website or opens a specially crafted Office document. This second vector means that you will need this patch even if you are not using IE. Microsoft does not provide information about the nature of the active attacks, but they are currently likely to be limited.
Undoubtedly, the Windows Littles chicken littles will bill this as a major threat to 800 million Windows users – or as such a fool. In fact, the discovered exploit is likely to have occurred in a polished attack on an important government or industrial target.
Until we learn more about it (we haven’t heard any attacks on August’s exploit, have we?), You should be fine.
A break from “optional non-security” updates for the rest of the year
This should be good news for all kinds of Windows patchers.
Microsoft has officially announced that it will release (at least) two cumulative updates per month by the end of this year. Tucked away in a neglected corner of the Windows version information page lies this little gem:
Time of optional Windows 10 update versions (November / December 2019)
There are no optional “C” or “D” versions for the rest of this calendar year. Note As usual, there will be a security update for December on Tuesday.
For those of you who don’t speak A-B-C-D-E jargon, this means that we won’t have any second cumulative updates in November or December. The “optional, non-security-related” patches (which often include fixes for bugs caused by security updates) are a strange artifact that solidified in early 2017. Microsoft previously released a cumulative update on the second Tuesday of most months, and then patched again at any point in time if necessary, mainly to fix bugs caused by the first patch.
From around 2017 (it is difficult to determine a date) someone decided that it would be good to give Windows patchers a preview of the non-security patches of the next month, usually in the 3rd or 4th week of the month (hence “C” and “D” week). The approach was similar to an inside preview that was included in the non-security patches of the next month. You could get a preview of next month’s patches, but only if you downloaded and installed them manually or (horror!) Became a viewfinder and clicked “Check for updates”.
It looks like Microsoft will shut it down for at least the next two months, and I say good exemption. If there should be an Insider Preview Ring for every version of Win10, I am in favor – let people sign in and give them a reliable way to report bugs. But playing with Seekers Footsie just hangs out too many innocent viewers to dry.
It is not clear whether we are spared the same outrage with Windows 7 and 8.1 “Monthly Rollup Preview”. Stay tuned.
Late 1803 and ascent in 1909
As generally announced, this month’s cumulative update for Win10 version 1803 is the last (unless we have a serious security issue and Microsoft is making changes). If you are running Win10 version 1803, there is no need to panic. Under normal circumstances, you wouldn’t get another security patch until next month anyway. I will learn more about the 1803 journey in a subsequent column.
Those who have installed and restarted the cumulative Win10 1903 November Update KB 4524570 will see an offer on your Windows Update Settings page (screenshot).
There is currently no urgent need to click the “Download and Install Now” link. Let us wait and see what problems arise.
Quite a distance in the first 24 hours, right?