The patches haven’t yet been out for 24 hours and already we’re seeing a lot of activity. Here’s where we stand with the initial wave of problems.
Malicious Software Removal Tool installation error 800B0109
Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again. There are hundreds of reports online of people who found that the MSRT installer threw an 800B0109 and wouldn’t install; or installed but then reinstalled on reboot; showed up multiple times in the Installed Updates list; didn’t show up in the Installed Updates list in spite of running; and several variations on those themes.
Ends up, it was all Microsoft’s fault. By last night, MSRT was behaving itself.
Servicing Stack Updates
Microsoft released new updates for the Servicing Stack on all supported versions of Windows. Notably, Win7 and 8.1 also have new SSUs. (You only have to worry about SSUs if you manually download and install updates. If you use Windows Update, they should be installed automatically. Should.) There’s a complete list of the new SSUs in Security Advisory ADV990001.
Another mysterious 'exploited' Internet Explorer security hole
Yesterday’s patches includes one for an Internet Explorer security hole, dubbed CVE-2019-1429, an “exploited” vulnerability. Just like the August “exploited” IE zero-day Keystone Kops episode, this appears to be a genuine flaw in IE. Just like the August doppelganger, Microsoft isn’t telling us very much.
A reprieve from 'optional non-security' updates for the rest of the year
This should come as good news for Windows patchers of all stripes.
Microsoft has officially announced that it’s giving up on its practice of releasing (at least) two cumulative updates per month, through the end of this year. Tucked away in a neglected corner of the Windows Release Information page lies this little gem:
Timing of Windows 10 optional update releases (November/December 2019)
There will be no more optional “C” or “D” releases for the balance of this calendar year. Note There will be a December Security Update Tuesday release, as usual.
For those of you who don’t speak the A-B-C-D-E jargon, that means we won’t have second cumulative updates in November or December. The “optional, non-security” patches (which frequently contain fixes for bugs introduced by security updates) are a strange artifact that solidified in early 2017.
It looks like Microsoft is shutting that down, at least for the next two months, and I say good riddance.
The rise of 1909
Those who have installed the Win10 1903 November cumulative update, KB 4524570, and rebooted, will see an offer on your Windows Update setting page (screenshot).
Right now, there’s no pressing reason to click that “Download and install now” link. Let’s wait and see what problems arise.