Susan,
I am still investigating this issue, but I have uninstalled or ensured the
following patches were not installed in our RDP server farm because PDF's
leave a temporary file stuck open until reboot.
KB2970228
KB2993651
KB2982791
KB2975719
KB2975331
KB2976897
https://forums.adobe.com/thread/1558909
Thanks,
Job Cacka
From: Susan Bradley [mailto:sbradcpa-yBeKhBN/***@public.gmane.org]
Sent: Tuesday, October 21, 2014 4:03 PM
To: Patch Management Mailing List
Subject: [patchmanagement] What exact patches did you have issues with last
year?
Moderator request:
Humor me please?
If you can recall a patch directly causing impact to your systems please
email me directly with the KB number and what it impacted please? I would
love to put together a list of real patch pain, and not just perceived patch
pain.
Fact: There have been a lot of non security updates that are impacting our
patching views.
(I'm looking at you Exchange)
Case in point:
8/26/2014 CU 6 for Exchange 2013
http://support.microsoft.com/kb/2997209
http://blogs.technet.com/b/exchange/archive/2014/08/26/released-cumulative-u
pdate-6-for-exchange-server-2013.aspx
Fact: There have been a lot of click to run issues impacting our patching
views:
6/13/2014 Click to run Uninstall/reinstall
http://blogs.technet.com/b/office_sustained_engineering/archive/2014/06/13/j
une-public-update-issue-affecting-click-to-run-users.aspx
5/22/2014 Click to run Activation issues
http://blogs.technet.com/b/office_sustained_engineering/archive/2014/05/22/c
2r-update-may-2014.aspx
Fact: There have been hiccups in Office releases - especially in regards to
Outlook:
8/13/2014 Outlook 2013 KB2881011 Replaced with KB2889859
http://blogs.technet.com/b/office_sustained_engineering/archive/2014/08/13/a
ugust-2014-office-update-release.aspx
Lord knows KB2919355 has impacted my view of this year.
Off the top of my head these are recent pulled patches:
MS14-045 pulled and rereleased.
KB2949927 pulled
Anytime you see a Kernel update, expect slight turbulence especially in the
consumer side. Kernel updates interact with malware infected machines,
pirated machines and antivirus vendors that get a little too much protection
efforts.
I see the problem as a bit like the Ebola scare in the USA. We're scared
because of a lack of communication.
There's a lack of post release follow up and communication as I see it. We
have no idea how many machines are impacted, we just see the social echo of
headlines and twitter feeds.
I am concerned that it seems like it's taking longer to get investigations
done.
We're a week after release date and I still haven't a clue why KB3000061 is
failing, if the RDP patch is going to get a fix or if the fix should be
expected from the vendors or what.
While security patches have a known issue section, other patches need a
"we're investigating" section with follow up.
++++++++++++++
Another user, Axelrtgs
<https://social.technet.microsoft.com/Profile/Axelrtgs> , has replied to a
thread you have subscribed to in the Windows Server 2012 General
<https://social.technet.microsoft.com/Forums/en-US/winserver8gen/threads/>
Forum.
Thread Title KB3000061 fails to install on Server 2012
<https://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/f776
91d8-a9d0-4714-98ad-71665cfa8965/>
Started by: dsug32 <https://social.technet.microsoft.com/Profile/dsug32>
Post by Susan BradleyFrom some deducing what i can tell is the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishe
rs\{e7ef96be-969f-414f-97d7-3ddb7b558ccc} points to a resource
Microsoft-Windows-Win32k at %SystemRoot%\system32\win32k.sys
The KB article for the patch ( http://support.microsoft.com/kb/3000061 )
lists as files being changed:
For all supported x64-based versions of Windows 8 and Windows Server 2012
File name
File version
File size
Date
Time
Platform
Win32k.ptxml
Not applicable
4,172
11-Oct-2012
00:37
Not applicable
Win32k.sys
6.2.9200.17130
4,068,352
28-Sep-2014
04:18
x64
Win32k.ptxml
Not applicable
4,172
25-Jul-2012
20:29
Not applicable
Win32k.sys
6.2.9200.21247
4,067,840
28-Sep-2014
03:39
x64
Wow64_win32k.ptxml
Not applicable
4,172
12-Feb-2013
00:14
Not applicable
Wow64_win32k.ptxml
Not applicable
4,172
12-Feb-2013
00:09
Not applicable
I can see the relevance of deleting that registry key ONLY (not the whole
WINEVT root) as a probable workaround solution. Granted if that is the case
then Microsoft should release an updated patch that checks for and correct
whatever issue is with that tree causing the update to fail.
It seems from the CBS.log that the updater doesn't not correctly unregister
the win32k publisher prior to updating and attempting to re-register the
publisher causing it to fail with an already registered message. Deleting
the key must simulate the unregistration so when the update gets applied it
doesn't fail there.
For those that don't have the key present it is likely there is another
issue as the root of the install problem.
Susan Bradley
http://blogs.msmvps.com/bradley
On 10/21/2014 2:22 PM, Julian Harper wrote:
If you test well and keep your ears to the ground before deploying you can
avoid all but the weird issues. Waiting (too long) just leaves your system
open.
The only thing I've been hit with recently has been the Outlook OoF issue,
which we only fixed by migrating to Exchange 2013.
The key thing here is test, test, test! So nothing has changed in that
regard.
Julian Harper
IT Manager
Jeroboams Group Ltd
On 21 Oct 2014, at 21:47, Scott Elsdon [DATACOM]
<mailto:Scott.Elsdon-***@public.gmane.org> <Scott.Elsdon-***@public.gmane.org> wrote:
Yes, I'm recommending that we wait a while now before installing until MS
quality management improves.
-----Original Message-----
From: Stephen Murley [mailto:stephen.murley-mKUAeu0r+***@public.gmane.org]
Sent: Saturday, 18 October 2014 8:23 a.m.
To: Patch Management Mailing List
Subject: RE: [patchmanagement] Confirmed: 2949927 has been pulled
There's a noticeable increase in dodgy patches this year :/
________________________________
From: Rod Trent [rodtrent-***@public.gmane.org]
Sent: 17 October 2014 19:42
To: Patch Management Mailing List
Subject: [patchmanagement] Confirmed: 2949927 has been pulled
V2.0 (October 17, 2014): Removed Download Center links for Microsoft
security update 2949927. Microsoft recommends that customers experiencing
issues uninstall <https://support.microsoft.com/kb/2949927>
<https://support.microsoft.com/kb/2949927> this update. Microsoft is
investigating behavior associated with this update, and will update the
advisory when more information becomes available.
https://technet.microsoft.com/en-us/library/security/2949927
________________________________
[http://www.plymouth.ac.uk/images/email_footer.gif]
<http://www.plymouth.ac.uk/worldclass>
<http://www.plymouth.ac.uk/worldclass>
This email and any files with it are confidential and intended solely for
the use of the recipient to whom it is addressed. If you are not the
intended recipient then copying, distribution or other use of the
information contained is strictly prohibited and you should not rely on it.
If you have received this email in error please let the sender know
immediately and delete it from your system(s). Internet emails are not
necessarily secure. While we take every care, Plymouth University accepts no
responsibility for viruses and it is your responsibility to scan emails and
their attachments. Plymouth University does not accept responsibility for
any changes made after it was sent. Nothing in this email or its attachments
constitutes an order for goods or services unless accompanied by an official
order form.
---
PatchManagement.org is hosted by Shavlik
The content on the email list is intended for assisting administrators. If
you would like to use any of this content in a blog or media publication,
please contact the owners of the list for approval.
To unsubscribe send a blank email to
leave-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+***@public.gmane.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+***@public.gmane.org
---
PatchManagement.org is hosted by Shavlik
The content on the email list is intended for assisting administrators. If
you would like to use any of this content in a blog or media publication,
please contact the owners of the list for approval.
To unsubscribe send a blank email to
leave-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+***@public.gmane.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+***@public.gmane.org
---
PatchManagement.org is hosted by Shavlik
The content on the email list is intended for assisting administrators. If
you would like to use any of this content in a blog or media publication,
please contact the owners of the list for approval.
To unsubscribe send a blank email to
leave-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+***@public.gmane.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+***@public.gmane.org
---
PatchManagement.org is hosted by Shavlik
The content on the email list is intended for assisting administrators. If you would like to use any of this content in a blog or media publication, please contact the owners of the list for approval.
To unsubscribe send a blank email to leave-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+***@public.gmane.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+***@public.gmane.org