Is anyone aware of these issues? https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-dc-boot-loops-break-hyper-v/
We are considering not installing the patches on DCs & Hyper-V as a result but big question mark is how to identify any other machines that may have ReFS… Has anyone ever written something to identify/report on it?
Thanks for the link! We are seeing the issue on some test AD DCs. Testing HyperV next.
It seems the following is working to identify ReFS on 2016 & 2019 at least… It’s not returning any positives on other versions but can’t be sure if it is because maybe they store the value differently (i.e. the code is not working as is) OR we just don’t have any machines with such FS…
exist wmi whose (exists selects “* from Win32_Volume where FileSystem like ‘ReFS’” of it) | False
We confirmed the bug where Hyper-V VMs don’t boot after host is patched. Our AD guys confirmed the domain controller boot loop issue as well. Saved our bacon before those were deployed. We’re holding on those patches until Microsoft can fix them.
The latest Bleeping computer article reports MS silently stop advertising all of the server cumulative updates
I had already run them on about 30 various servers with out issue (no DC’s)
As someone who is halfway thru our test cycle, no issues so far, but knowing revised patches will come out…
In cases like this, I wonder if Bigfix Lifecycle product should pull updates as well.
Don’t think so, cause hypothetically there maybe clients that do want to patch their no Hyper-V/DC/ReFS machines. Also, while they were removed from WU the patches still exist in the MS catalog and the BigFix fixlets are technically operational…
I agree that current way of access for updates is better, and we as MS customers need to raise issue with MS. MS should provide a better mechanism to truly identify what they are doing and not randomly behind the scenes change things and take 12+ hrs to admit to any possibility of things being changed.
Something like a revoke list, similar to what is used for SSL certs would be a nice idea.
We’re going to be removing the Default Actions on these fixlets, so they won’t be picked up by Patch Policy and would require an operator to specifically choose a deployment action when issuing them or adding to a baseline. At the same time, that does allow those customers who want to deploy the updates, and will allow everyone to at least report on the known vulnerabilities.
Watch for a content update coming soon
When will we see new content published since MS has made theirs available?
I posted over in the release announcement thread about this. Dev is preparing the content for publication now so it should be out shortly. I don’t have an exact ETA unfortunately.
That 5009586 is 2012 and so is 5010797 and neither one complement each other in MS catalog (yet). You are right about the sizes though, good question to ask MS.
When can we expect KB5010791 to be published? It is the new content for 2019.
Removing the Default actions on the original patches is messing with my guys who apply directly to test servers. The patch is still an active Critical, but no default action to push, and they don’t use baselines (yeah I know)
Had to walk them thru “Take Action” from the fixlet directly
You could create a Custom Copy in one of your sites and set the action to be a Default Action.
Otherwise I’m not sure how to accommodate everyone, given that the impacts of the botched patched were pretty bad…removing the Default Action was, I think, the closest we could do to mirror Microsoft’s blocking of the patch through Windows Update while still allowing it to be downloaded and installed manually through the Update Catalog
No I am fine with your actions. Just posted in case anyone else has issues with the default action missing.
Appreciate all you guys have done the last few months.
Can the 2019 and 2016 be marked as superseded? Microsoft seems to have confirm that, although it is very “hidden”…(need to open each of the old patches in MS Catalog and go to “Package Details” to see the statement that those patches have been replaced)…
We are not going to mark the “old” fixlets as superseded because, as a standard practice, we do not supersed a ‘Security update’ with an ‘Update’.
The reason is that doing so we could have impact and incorrect security reports.
