Hi All,
I was just informed of an issue with the KB4088875 and KB4088878 patches causing issues with vms configured with static ips.
Thanks for the heads-up! But wait, thereās more!
There are some reports about problems introduced in the March 2018 patch rollups from Microsoft. Iām still gathering info but this is what Iāve seen so far:
- Windows 7 and Windows 2008 R2 Virtual Machines, using the vmxnet3 virtual network card, may have their interfaces reset / lose IP addresses / need to be reconfigured. Likely caused by kb4088878.
- May also be occurring on older physical workstations (see Reddit thread ā HP 8100, 8200, 8300; Dell Optiplex 9020, nothing we use that I found).
- SMB servers may leak memory
- STOP error may occur on 32-bit Win7/Win2008 with Physical Address Extension (PAE) mode disabled
- Word may crash, have slow performance, or be unable to open a document by double-clicking the file.
- To enable mitigations for CredSSP fixes, additional steps are required. See https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018 for information on Group Policy settings.
Microsoft has downgraded the Windows 7 rollup to āImportantā, so itās not being delivered automatically through Windows Update but is still available via the Update Catalog. Thatās usually an indication that theyāre preparing to withdraw the update.
https://support.microsoft.com/en-us/help/4088878/windows-7-update-kb4088878
Yeah, we ran into this issue patching last night. Lost static IP settings on about 20 virtual machines. Anyone know if IBM will be pulling the fixlet? I see itās still in the Patches for Windows site. Iām going to pull it from our baseline for now, but was hoping to see some sort of update by now.
I encountered the Word issue after KB4011730 this morning (Win10 1709 x64, Office 2016 Professional x32).
Installing KB4011732 did not fix it, Iām trying KB4018295 now.
There are not currently Fixlets available for KB4011732 or KB4018295, Iāll post again if KB4018295 fixes it.
Installing KB4018295 corrected the problem for me.
On another system encountering the same problem, removing KB4011730 also fixes it.
Can anyone from BigFix comment on whether youāre looking at adding content for KB4018295? It doesnāt seem to be listed as a Security issue so Iām not certain whether itās in your plansā¦
I found reference to a VBS Script that resolves the issue with KB4088875 can be added to a copy of the IBM provided Fixlet ID#408887503.
My original attempt was to create task to run the Script as part of a Baseline, but that didnāt resolve the issue.
Modifying a copy of the Fixlet by adding the script directly to it, DOES seem to have worked on at least one Win2008R2 VM so far. The initial IF/ENDIF clause is so we only run the script on Virtual servers. I got lazy and pulled the relevance from a property, it really should be limited to just systems running under VMware. Iām also going to be adding some additional code to exclude any of our Citrix servers, but this is the code I added between the Patch installation waithidden command and the action requires restart command.
if {(if ((version of client < "8.0") or (if (windows of operating system) then (platform id of operating system = 3) else false) or (if (version of client >= "8.2.1078.0") then in proxy agent context else false) or (if ((windows of it OR name of it starts with "Linux") of operating system) then false else true)) then "N/A" else (if exists true whose (if true then( (((item 0 of it contains "VMware") or ((item 0 of it contains "Microsoft") and not (item 1 of it as lowercase contains "surface")) or (item 0 of it contains "Xen")) of ((value "manufacturer" of it as string, value "product_name" of it as string) of structure "system_information" of smbios))) else false) then "Virtual" else "Physical")) as string as lowercase = "virtual"}
delete _createfile
delete C:\Windows\Temp\RecoverNic.vbs
createfile until ##END##
Option Explicit
Const HKEY_LOCAL_MACHINE = &H80000002
Dim oReg : Set oReg = GetObject("winmgmts:{{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
Dim oShell : Set oShell = CreateObject("WScript.Shell")
Dim sPath, aSub, sKey, aSubToo, sKeyToo, dwValue, Result, SaveResult
Dim NotDeleted
NotDeleted = 0
' Get all keys within sPath
sPath = "SYSTEM\CurrentControlSet\Enum\PCI"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aSub
' Loop through each key
For Each sKey In aSub
' Get all subkeys within the key 'sKey'
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath & "\" & sKey, aSubToo
For Each sKeyToo In aSubToo
Result = oReg.DeleteKey(HKEY_LOCAL_MACHINE, sPath & "\" & sKey & "\" & sKeyToo & "\" & "\Device Parameters" & "\SlotPersistentInfo")
' Allow failure only if key never existed
If (Result = 1) Or (Result > 2) Then
NotDeleted = 1
SaveResult = Result
End If
Next
Next
If (NotDeleted > 0) Then
Wscript.Echo "One or more SlotPersistentInfo keys still exist under HKLM\System\CurrentControlSet\Enum\PCI\<deviceid>\<subdeviceid>\Device Parameters. Please delete manually. Result = " & Result
End If
##END##
move __createfile "C:\Windows\Temp\RecoverNic.vbs"
wait "{pathname of system folder}\cscript.exe" "C:\Windows\Temp\RecoverNic.vbs" >> "C:\Windows\Temp\RecoverNic.log"
endif
So far, Iāve only tested it on one server. Iāll have it tested on more in a little bit. We were fortunate enough to find this yesterday, before we tried to patch several thousand virtualized servers.
3 Likes
Donāt understand why IBM BigFix releases those affected patches released by Microsoft.
Do we have any alternate solutions rather than not applying these patches.
Please suggest.
Of course BigFix is going to release the fixlets, if Microsoft releases the patches!
It is up to us as systems administrators to evaluate them. Every action is a balance of risk - the risk of the patch breaking a functionality, vs the risk of an unpatched system getting compromised.
Iāll tell you, even knowing the flaws in this month patch rollups, I am moving ahead with the patches. (So far.) Iāve evaluated my systems, and Iām not using the vmxnet3 adapter and I have a workaround for the Word issues. My risk/impact of compromise is still higher than the risk of the patch breaking my systems.
I will go slow & careful, deploying to my development and test systems first. But I do that every month. I know there are some known problems with this momthās patch rollups. But they have those every month too. Go read last monthās rollup bulletins, check the āknown issuesā section. Or the month before that.
I noticed that was missing from BigFix too, is this something that will become available? what is IBMās stance on implementing content for fixes like this one? just curious if I can expect it to be generated or if I should expect to generate it myself etc.
Jason, when you tested your rollback process, did you just use the built-in rollback wizard or did you take another approach? I tried to use the wizard and it generated a fixlet that was not relevant, and Iām not entirely sure the scripting it generated is correct. just curious if thereās a built in tool you use, or if you generate your own using wusa /uninstall /kb:####### etcā¦
1 Like
I manually rolled back one client to see whether that fixed the problem (it does).
Instead, Iām moving forward with both the rollup and a custom fixlet for KB4018295
Yeah weāre still having a big issue with this. No patch despite it being available for nearly 2 weeks? Not a good look.
And I as well, am having an issue with creating a rollback task for this. No matter what we try, we can not get any computers to show up. We know they have 4011730 installed, we made sure the KB was right in name, made sure the OS was right. Nada. Iām sure for this part weāre just missing something very simple, but weāre frustrated. We canāt roll back, and thereās no patch to push outā¦ so were looking at another way to push the patch.
Hey Entaille, had a similar problem you had. Created the rollback process based on relevancy, and it would not catch a single computer even though we knew it had dozens of machines with 4011730. Instead, I targeted a specific computer in the wizard and it says it worked, however the patch above was not removed. Support claims that the RollBack tool is only for OS updates and not application updates.
BigFix does plan on releasing content for KB4011732 & KB4018295.
Work looks to be in progress but I donāt want to provide a hard eta on these.
I will follow up on this and report back.
1 Like
Thanks much for the update!
BigFix content for KB4011732 & KB4018295 has been released in version 2950 of the Patches for Windows.
2 Likes
Much appreciated, thanks for this!
This is much easier than the VBscript Microsoft is pushing on people. Plus if you run this before the reboot then you shouldnāt have a NIC issue when it comes back up.
get-childitem -path HKLM:\SYSTEM\CurrentControlSet\Enum\PCI -Recurse -force -erroraction silentlycontinue | where-object Name -like ā*SlotPersistentInfoā | Remove-Item
Thatās only the PowerShell command to change the registry key. Are you meaning to reference this .vbs script:
Dim strPciFileVersion
Dim WindirFilePath
set WshShell = WScript.CreateObject("WScript.Shell")
WindirFilePath = WshShell.ExpandEnvironmentStrings("%WinDir%")
Dim fs
Set fs = CreateObject("Scripting.FileSystemObject")
strPciFileVersion = fs.getfileversion(WindirFilePath & "\\system32\\drivers\\pci.sys")
Dim strAryFileVersion1
strAryFileVersion1 = Split(strPciFileVersion, ".")
If (strAryFileVersion1(0) = 6 And strAryFileVersion1(1) = 1 And strAryFileVersion1(2) = 7601) Then
If (strAryFileVersion1(3) < 17630 Or (strAryFileVersion1(3) > 20000 And strAryFileVersion1(3) < 21744)) Then
Const HKEY_LOCAL_MACHINE = &H80000002
Dim oReg : Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
Dim oShell : Set oShell = CreateObject("WScript.Shell")
Dim sPath, aSub, sKey, aSubToo, sKeyToo, dwValue, Result, SaveResult
Dim NotDeleted
NotDeleted = 0
' Get all keys within sPath
sPath = "SYSTEM\CurrentControlSet\Enum\PCI"
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath, aSub
' Loop through each key
For Each sKey In aSub
' Get all subkeys within the key 'sKey'
oReg.EnumKey HKEY_LOCAL_MACHINE, sPath & "\" & sKey, aSubToo
For Each sKeyToo In aSubToo
Result = oReg.DeleteKey(HKEY_LOCAL_MACHINE, sPath & "\" & sKey & "\" & sKeyToo & "\" & "\Device Parameters" & "\SlotPersistentInfo")
' Allow failure only if key never existed
If (Result = 1) Or (Result > 2) Then
NotDeleted = 1
SaveResult = Result
End If
Next
Next
If (NotDeleted > 0) Then
Wscript.Echo "SlotPersistentInfo keys still exist under HKLM\System\CurrentControlSet\Enum\PCI\<deviceid>\<subdeviceid>\Device Parameters. Please delete all manually and then install the updates. Result = " & Result
End If
Else
WScript.Echo "Your system is ready to install the updates"
End If
Else
WScript.Echo "Your system is ready to install the updates"
End If
I found the above on Microsoftās Technet article for KB4088878 https://support.microsoft.com/en-us/help/4088878/windows-7-update-kb4088878
New article found related to win 7 patches
1 Like