[German]In general, Microsoft’s August 2018 patchday seems to go smoothly with the delivered updates. But there are occasional hints that there may be issues with some updates. Addendum: There are new hints, that update KB4100347 is causing issues.
Update KB4456688 for Visual Studio 2015
Update KB4456688 (Description of the security update for the Diagnostic Hub Standard Collector elevation of privilege vulnerability in Visual Studio 2015 Update 3: August 14, 2018) shall mitigate the vulnerability CVE 2018 0952. I am not using VS 2015, so I can’t say anything about it. But at askwoody.com a user has reported the following.
2018 August 18 Microsoft released a security update to Visual Studio 2015 Update 3 to deal with CVE-2018-0952 and CVE-2018-8273. The update can be found in their update catalog under KB4456688.
We’ve applied this update on some canary machines to find out if there is any impact before a general rollout… Unfortunately this security update renders VS2015 virtually unusable – if you try to run your code in debug mode it is super super slow. Don’t know if anyone else has seen this problem. Wanted to let you guys know that MS seems to have botched yet another patch.
In a nutshell: After installing the update, the Visual Studio 2015 installations were virtually unusable on the user’s test machines. Everything is extremely tough. Can anyone confirm that?
Issues with Intel Microcode-Update KB4100347?
On July 24, 2018 Microsoft released several Intel Microcode updates for Windows (see my blog post Intel Microcode Updates KB4100347, KB4090007 (July 2018)). On August 20/21, 2018 there were further Intel Microcode updates released for Windows 10 (see my blog post Intel Microcode Updates KB4346084, KB4346085, KB4346086, KB4346087, KB4346088 (August 20/21, 2018)). Within my German blog, some users commented, that they were also offered Update KB4100347. On Twitter there is a tweet that updates led to system start issues.
I just completely wiped my drive, formated it and installed Windows 10 from scratch.
During installing the updates through windows update everything was okay until KB4100347. Then the same issue occured again and I’m stuck in windows logo screen after reboot for 10 minutes now.
— tmGrunty (@tmGrunty) 22. August 2018
The tweet above shows that the user has installed a fresh copy of Windows 10 after the problem occurred. Also in this scenario KB4100347 causes the computer to hang at the Windows logo when booting.
On August 19, 2018, in the blog article Windows 10: Intel driver updates for AMD systems?, I had already raised the question of whether Microsoft incorrectly delivers Intel drivers for AMD systems. MS Power User, who take up the above issue within this article mentioned an article (Microsoft deployment error – Update for Windows 10 version 1803 for x64-based systems (KB4100347)) from an Italian site. The article points out that Microsoft mistakenly rolls out the Intel microcode update KB4100347 on systems with AMD CPUs. All that remains is to uninstall the update and then block the reinstallation (see How to block Windows 10 updates).
Addendum: More users reporting issues, further details
Since I posted the initial article, more users has reported issues. On August 27, 2018, Bleeping Computer published this article reporting two more sources of boot issues after installing KB4100347. And it is confirmed, that the update has been rolled out to AMD systems. This reddit.com article takes up the one case – and the affected user has been able to tried a few things. Here is, what he wrote:
I guess this is a heads up, this weekend Microsoft deployed a new version of update KB4100347 containing Intel microcode for Spectre related issues. After installing the patch I’ve already have five systems that have been rendered unbootable. Most of them are Xeon E5 v4 based workstations. Be careful if this update shows up. It’s been giving me a headache since this morning. From the looks of it on Google I’m not alone with this problem.
It’s quite hard to get rid of it too. So far I’ve not been succesful in recovering a machine without redeploying Windows and blocking the update.
Update; Things I tried that don’t work:
Recovery points fail no matter how old or new they are
Removing the package via DISM on the recovery console is succesful, but the system still won’t boot
Edit 2: What worked for me, I’m going to write this one out so anybody who has this issue irregardless of skill can fix it if they stumble upon this topic.
I just succeeded in repairing one workstation that couldn’t boot anymore into Windows. This was what I did:
Boot into WinRE (press F9 before Windows starts)
Choose Advanced Options and go to the command line option
You have to find out now which letter the Windows partition got; start diskpart and type ‘list disk’. Select the one which matches your OS drive. Type ‘list volumes’. It’ll spew out a list. The biggest one should be Windows. Two small ones of around 500MB should be there, ignore those.
Close diskpart by typing ‘exit’
Now type ‘dism /image:<driveletter here> /get-packages’. This should result in a list of packages. Find KB4100347. It’s name is quite long, but you can copy it by selecting it and right clicking
Now type ‘dism /image:<driveletter here> /remove-package /PackageName:<The really long name of the KB4100347>’
Now type ‘dism /image:<driveletter here> /cleanup-image /revertpendingactions’ as to undo the damage done
When done, reboot the system and Windows works again. Be sure to kill Windows Update right after booting. It will again try to install it causing a kind Groundhog Day starring you.
The trick in the above step-by-step procedure is to boot into Windows PE (because the Windows 10 installation doesn’t boot anymore) and then use dism to remove the package from the none bootable Windows installation. Afterwards, the update store and the pending installation has to be cleaned using the command:
dism /image:<driveletter> /cleanup-image /revertpendingactions
Afterward it’s recommended, to block the reinstallation of this update (see How to block Windows 10 updates). Within the reddit.com thread a users mentioned that five Xeon E5 v4 workstations has been affeced, another reported issues with a Core i5 Haswell machine (no AMD, only Intel, CPUs).
Note: The thread above contains a note that the KB4100347 update is only rolled out for Windows 10 version 1803 (Windows 10 April 2018 update) and Windows Server version 1803 (Server Core). So it should only affect these users. According to further entries in the thread (and also comments within my German blog post), mcupdate_GenuineIntel.dll will be replaced from this updates.
This reddit.com thread contains further indications of irregularities during the update. So the update was also offered to owners of two systems with AMD Ryzen 7 1800X/2800X CPU, but there it caused no issues (the Intel microcode should not be loaded). Some people could solve boot issues (on Intel processors) by switching off and on the computer, forcing a complete cold start. But not every user with Intel CPU is affected by the startup problems. This is pretty fishy.
Could it be a BIOS issue?
German user Bolko pointed out in a comment at my German edition of this blog post, that it may be a wrong BIOS version, that’s causing boot issues. He was reffering to a comment from user Christopher S. Johnson at mspoweruser.com, who wrote.
I had the annoying infinite Spinning Dots on the Startup screen after this patch. Yes, it was one of the supported listed CPUs. Turns out I missed a BIOS update from MSI. After flashing the mobo (MSI X99A MPOWER) the problem went away.
Whether it depends in all cases on the BIOS version, as noted above, I cannot judge. But maybe it’s a hint.
Additions: Trend Micro Worry Free Business also seems to be experiencing problems (see Trend Micro WFBS: issues with update KB4100347). And I received a comment within my German blog, where a user claims, that KB4091664 has broken AAD Connect on Windows Server 2016.
Microcode updates: I lost track
I don’t know if I’m alone. When it comes to Intel Microcode updates, I’m slowly losing track of things. There are firmware updates and there are Windows updates that are used when booting Windows. Depending on the machine, certain registry entries must then be set in order for the microcode updates to take effect under Windows Server (see article Windows Server guidance to protect against speculative execution side-channel vulnerabilities).
Side note: The registry settings to enable Spectre mitigation published from Microsoft within the article Windows Server guidance to protect against speculative execution side-channel vulnerabilities seems to be wrong! See my other article Security Advisory-Update ADV180018
And the bottom line for every user is: Are the Spectre vulnerabilities a big security problem? Or is malware focussing an other vulnerabilities? Susan Bradley took up this question on askwoody.com in the blog entry Patch Lady – Microcode confusion and concludes that everything is not that simple. At ComputerWorld you will find further information about (minor) issues caused by August 2018 Patchday.
Issues with Exchange Server 2016 Update KB4340731
Security Advisory-Update ADV180018
Intel Microcode Updates KB4346084, KB4346085, KB4346086, KB4346087, KB4346088 (August 20/21, 2018))