Microsoft? We have to speak. These days you’ve been disappointing me. You launched three units of safety updates this month for my Home windows 10 machines. The primary set of updates (KB5000802 for the 2004/20H2 variations) triggered blue screens of demise after I tried to print to Ricoh and Kyocera printers as triggered points with Dymo labels. As you your self famous, “after putting in this replace, you would possibly obtain an APC_INDEX_MISMATCH error with a blue display screen when making an attempt to print to sure printers in some apps.”
The second set of updates (KB5001567 for 2004/20H2 variations) was supposed to repair these points, however solely fastened a number of the BSODs and didn’t repair points with Dymo label printers or printers that create photographs (resembling bar code printers). You stated it: “After putting in updates launched March 9, 2021 or March 15, 2021, you would possibly get surprising outcomes when printing from some apps. Points would possibly embrace: Parts of the doc would possibly print as strong black/colour packing containers or is likely to be lacking, together with barcodes, QR codes, and graphics components, resembling logos. Desk traces is likely to be lacking. Different alignment or formatting points may additionally be current. Printing from some apps or to some printers would possibly lead to a clean web page or label.”
Then you definately launched a third model of the updates that reportedly would repair the difficulty with Dymo label printers and picture or barcode printers. One would suppose that after three tries we’d get the proper and glued replace. KB5001649 for the 2004/20H2 variations was purported to be that final and excellent replace.
Not so quick. As famous by posters on Reddit, the replace failed to put in. There are even social media posts showcasing that issues are occurring with it.
Now usually with Patch Tuesday, we by no means have patch perfection. There’s at all times somebody that can undergo some random aspect impact of regular computing weirdness that, whereas in a roundabout way associated to the updating course of, will get blamed on any updates due to coincidence. I’ve usually seen customers complain about one thing on their pc and level to Home windows updates because the set off; usually, it’s only a mere reboot that exposes underlying issues, not the patching course of itself. (In greatest practices for servers, it’s usually really useful that you simply reboot a system earlier than putting in an replace to make sure your system is useful.)
I’ve additionally seen the place malware will insert itself right into a system and when a patch is put in, the up to date system is now unstable and ship a BSOD. A number of years in the past a rootkit put in on many Home windows techniques was impacted by a safety replace, which had put in a brand new model of the Home windows kernel; when the system rebooted, the interplay between the rootkit and the brand new kernel replace triggered a blue display screen. So whereas we pointed to the safety patch as the issue, in actuality it truly helped expose the rootkits.
However it’s regarding to me that within the extra 20 years I’ve been patching machines and monitoring for unintended effects we have now but to resolve two elementary issues: You need us to activate computerized updates to make sure our machines are saved protected, however as this month’s points with printers reveals, I can not assure there gained’t be unintended effects from this month’s updates. That’s simply flat out incorrect. I’ve no extra confidence about patching than I did 20 years in the past: I’m nonetheless telling folks to carry again, to check, to observe for points, to attend, to not set up updates instantly as I can’t assure they gained’t have points. Microsoft, that’s not adequate! We’re in a world the place attackers are going after on-premises mail servers in small and medium-sized companies and putting in net shells to presumably inject ransomware. Putting in high quality updates instantly is vital to defending our machines. But when we’ve misplaced all religion within the testing course of you employ, Microsoft, how can we get to a spot the place we set up updates the second they arrive out?
Then there’s the rebooting downside. So as to set up updates and change the unique information with the fastened ones you drive our techniques to reboot And as a normal rule, Home windows customers hate rebooting. It disrupts what we’re engaged on, it makes us lose our place in what we’re doing. And within the umpteen years that we’ve used Home windows, we’ve but to repair this rebooting subject. I’ve actually seen consultants ask easy methods to disable Home windows’ replace mechanism as a result of they can’t set a selected time for Home windows machines to reboot that gained’t be disruptive. How many people have seen convention talks interrupted by a Home windows 10 replace triggering a reboot? (Quite than completely disabling Home windows updates, I like to recommend utilizing the “metered connection” trick so the system will solely obtain updates while you need them to.)
Now we have now phrase that you simply’ve has re-released KB5001649 for 2004/20H2 and might be providing it up once more as an optionally available replace for these impacted by the printing points launched this the month. Microsoft, you suggest that we set up these optionally available updates ought to we be impacted, however that’s asking all of us to hold the burden of testing. That’s simply not proper. If you need us to instantly set up updates the second they’re launched, you could do higher than this. You should widen your testing of updates to incorporate customers and never simply enterprises.
Individuals usually suppose that the insider testing course of impacts the standard of safety updates. It’s my opinion that they don’t. Insider testing is for options not associated to safety. These are fixing safety bugs that aren’t but fastened even within the insider variations.
Just lately you introduced you’ll be closing your UserVoice suggestions course of, which permits customers and IT directors to ask for brand spanking new options. At a time that I believe you could hear extra from prospects, it feels such as you’re pulling again.
So in a while this week after I resolve to inform folks to replace – or not – I’m nonetheless unsure what I’m going to inform my readers right here at newsonthecloud or on Askwoody.com. I’m not snug telling folks to NOT replace. However I’m additionally not snug telling them to blindly set up updates and belief that Microsoft has gotten it proper. To date, you haven’t given me sufficient assurance that even with 3 times you’ve received it proper but. And that’s a disgrace.
As a result of the attackers usually get their assaults proper the primary time.
Copyright © 2021 IDG Communications, Inc.