Windows 10 will automatically remove updates, drivers that break booting

failed update screen

Windows appears to be getting a little smarter about updates that go wrong. A newly published support page (spotted by Windows Latest) describes what the operating system does when a recent update causes a boot failure. First, Windows will uninstall the update and revert to a configuration that should work correctly. It will then block the update for 30 days.

The page states that this approach will be taken for both driver updates and the regular monthly Patch Tuesday updates. It’s not unusual for Microsoft to have to issue blocks for these updates to prevent them from being distributed to certain system configurations after problems are found. But this policy allows for more fine-grained blocking, wherein systems will impose a temporary block on themselves should they have to. In most cases, when problems with updates are discovered, they’re fixed and the updates are re-issued within a few days or weeks. So a 30-day block should typically give enough time for the update to be fixed prior to the attempted reinstallation.

It’s not clear if this approach will be used for the twice-yearly feature upgrades or just the regular monthly Patch Tuesday updates. Microsoft’s terminology usually distinguishes between “updates” (which are the things released on Patch Tuesdays) and “upgrades” (which come out twice a year). The description only mentions updates and driver updates. The install mechanism used by upgrades is completely separate from that used by updates, with its own separate rollback logic, so we’d suspect that nothing has changed for those.

Read on Ars Technica | Comments

Mandatory update coming to Windows 7, 2008 to kill off weak update hashes

Mandatory update coming to Windows 7, 2008 to kill off weak update hashes

Windows 7 and Windows Server 2008 users will imminently have to deploy a mandatory patch if they want to continue updating their systems, as spotted by Mary Jo Foley.

Currently, Microsoft’s Windows updates use two different hashing algorithms to enable Windows to detect tampering or modification of the update files: SHA-1 and SHA-2. Windows 7 and Server 2008 verify the SHA-1 patches; Windows 8 and newer use the SHA-2 hashes instead. March’s Patch Tuesday will include a standalone update for Windows 7, Windows Server 2008 R2, and WSUS to provide support for patches hashed with SHA-2. April’s Patch Tuesday will include an equivalent update for Windows Server 2008.

The SHA-1 algorithm, first published in 1995, takes some input and produces a value known as a hash or a digest that’s 20 bytes long. By design, any small change to the input should produce, with high probability, a wildly different hash value. SHA-1 is no longer considered to be secure, as well-funded organizations have managed to generate hash collisions—two different files that nonetheless have the same SHA-1 hash. If a collision could be generated for a Windows update, it would be possible for an attacker to produce a malicious update that nonetheless appeared to the system to have been produced by Microsoft and not subsequently altered.

Read 2 remaining paragraphs | Comments

The Windows 10 October 2018 Update is now fully available—for “advanced” users

Who doesn't love some new Windows?

The Windows 10 October 2018 Update, version 1809, continues to limp out of the door. While the data-loss bug that saw its release entirely halted has been fixed, other blocking issues have restricted its rollout. It has so far only been available to those who manually check Windows Update for updates, and even there, Microsoft has restricted the speed at which it’s distributed.

This particular speed bump has now been removed, and manual checking for updates is now unthrottled. That means a manual check for updates will kick off the update process so long as your system isn’t actively blacklisted (and there are a few outstanding incompatibilities that mean it could be).

Microsoft is saying that this upgrade route is for “advanced” users. Everyone else should wait for the fully automatic deployment, which doesn’t seem to have started yet. That’ll have its own set of throttles and perhaps even new blacklists if further problems are detected. A number of the remaining compatibility problems are more likely to strike corporate users, as they involve corporate VPN and security software. Companies will need to apply the relevant patches for the third-party applications before they can roll out the Windows 10 update.

Read 1 remaining paragraphs | Comments

Now it’s Office’s turn to have a load of patches pulled

Now it’s Office’s turn to have a load of patches pulled

After endless difficulties with the Windows 10 October 2018 update—finally re-released this month with the data-loss bug fixed—it seems that now it’s the Office team’s turn to release some updates that need to be un-released.

On November’s Patch Tuesday two weeks ago, Microsoft released a bunch of updates for Office to update its Japanese calendars. In December 2017, Emperor Akihito announced that he would abdicate and that his son Naruhito would take his role as emperor. Each emperor has a corresponding era name, and calendars must be updated to reflect that new name. The Office patches offer updates to handle this event.

Two of these updates, KB2863821 and KB4461522, both for Office 2010, are apparently very broken, causing application crashes. The company has suspended delivery of the patches, but the problem is so severe that Microsoft is recommending that anyone who has installed the updates already should uninstall them pronto (see instructions for KB2863821 here and for KB4461522 here).

Read 2 remaining paragraphs | Comments

Microsoft’s problem isn’t how often it updates Windows—it’s how it develops it

Windows 10 during a product launch event in Tokyo in July 2015.

It’s fair to say that the Windows 10 October 2018 Update has not been Microsoft’s most successful update. Reports of data loss quickly emerged, forcing Microsoft to suspend distribution of the update. It has since been fixed and is currently undergoing renewed testing pending a re-release.

This isn’t the first Windows feature update that’s had problems—we’ve seen things like significant hardware incompatibilities in previous updates—but it’s certainly the worst. While most of us know the theory of having backups, the reality is that lots of data, especially on home PCs, has no real backup, and deleting that data is thus disastrous.

Windows as a service

Microsoft’s ambition with Windows 10 was to radically shake up how it develops Windows 10. The company wanted to better respond to customer and market needs, and to put improved new features into customers’ hands sooner. Core to this was the notion that Windows 10 is the “last” version of Windows—all new development work will be an update to Windows 10, delivered through feature updates several times a year. This new development model was branded “Windows as a Service.” And after some initial fumbling, Microsoft settled on a cadence of two feature updates a year; one in April, one in October.

Read 49 remaining paragraphs | Comments

Next Windows 10 update nearing completion as it gets its official name

The last few Windows Insider preview builds of Windows 10 have offered few new features; instead these have focused on fixing bugs.

The latest build, released today, takes a step towards completion: it’s changed the operating system’s version stamp. Until now the previews have called themselves version 1803, the release from earlier this year. Today’s build updates that version label to 1809, showing that Microsoft intends to wrap up its development in September with an October release likely to follow.

Version 1809 will be the last of the five Redstone-codenamed Windows releases. The next release, likely to come in April 2019, is codenamed simply “19H1,” with Microsoft opting for date-based codenames to go with its date-based releases.

Read 3 remaining paragraphs | Comments

Windows 10 will try not to reboot when you’re just grabbing a cup of coffee

The next semi-annual update to Windows 10 will use machine learning models to make automatic rebooting for updates a bit less annoying. The models will attempt to predict when you’re likely to return to your PC and not update if you’re expected back soon.

In prior versions of Windows, it was routine for systems to be compromised through flaws that were patched months previously because Windows users deferred installing those updates or even disabled Windows Update entirely. Windows 10 goes to some lengths to ensure that Windows users, especially home users, apply the monthly security patches in a timely fashion through a policy of automatically rebooting when a patch is available. Last year, Microsoft gave users greater control over this feature, allowing those reboots to be explicitly scheduled, but the policy of automatic installation and rebooting remains fundamentally in place.

Read 1 remaining paragraphs | Comments

Microsoft offers extended support for Windows, SQL 2008: but with a catch

Windows Server 2008 and 2008 R2, as well as SQL Server 2008 and 2008 R2, are due to move out of extended support over the next few years; SQL Server in July 2019, and Windows Server in January 2020. For organizations still using that software, this offers a few options: keep using the software and accept that it won’t receive any more security updates, migrate to newer equivalents that are still supported, or pay Microsoft for a custom support contract to continue to receive security updates beyond the cutoff dates.

Today, Microsoft added a fourth option: migrate to Azure. Microsoft is extending the support window by three years (until July 2022 for SQL Server, January 2023 for Windows Server) for workloads hosted on Azure in the cloud. This extended support means that customers that make the switch to the cloud will receive another three years of security fixes. After those three years are up, customers will be back to the original set of choices: be insecure, upgrade, or pay for a custom support contract.

Microsoft isn’t requiring customers to demonstrate that they have any kind of migration plan in place, and this support scheme incurs no additional costs beyond those already imposed by running software on Azure in the first place.

Read 2 remaining paragraphs | Comments