Patch Tuesday arrives with Access error, 1909 in tow, and a promise of no more 'optional' patches this year

November's Patch Tuesday packed a wallop — errors in Access; an annoying carousel of never-ending Malicious Software Removal Tool installations, now fixed; several new Servicing Stack updates; another IE 'exploited' security hole shrouded in secrecy; a promise that we won’t see any more 'optional non-security' cumulative updates this year; and a new but not new version 1909 rollout.

patch on top of Windows logo
Thinkstock/Microsoft

Editor's note: An earlier version of this story incorrectly included references to a re-released version of Windows 10 1809. That version of Windows has not been re-released.

The patches haven’t yet been out for 24 hours and already we’re seeing a lot of activity. Here’s where we stand with the initial wave of problems.

Malicious Software Removal Tool installation error 800B0109 

Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again. Poster IndyPilot80 says:

It sits at “Installing: 0%” for a couple minutes then goes away. When I hit “Check for Updates” it shows up again and does the same thing.

There are hundreds of reports online of people who found that the MSRT installer threw an 800B0109 and wouldn’t install; or installed but then reinstalled on reboot; showed up multiple times in the Installed Updates list; didn’t show up in the Installed Updates list in spite of running; and several variations on those themes.

Ends up, it was all Microsoft’s fault. By last night, MSRT was behaving itself.

Access '3340 query is corrupted' errors

Günter Born first described this problem, based on reports on German-language sites, including deskmodder.de:

Microsoft Office security updates released on Patchday (November 12, 2019) cause Access to fail to access databases. An error 3340 ‘Query is corrupted’ will be dropped. …

It appears that a security update for the CVE-2019-1402 vulnerability in each version of Microsoft Office causes this error. Here is the list of Office security updates that you can uninstall.

Office 2010: Description of the security update for Office 2010: November 12, 2019 (KB4484127)

Office 2013: Description of the security update for Office 2013: November 12, 2019 (KB4484119)

Office 2016: Description of the security update for Office 2016: November 12, 2019 (KB4484113)

At least from what I’ve seen so far, uninstalling this security update seems to allow database access again.

Born says that he’s reported the problem to Microsoft, but it doesn’t yet appear on the official Fixes or workarounds for recent issues in Access list.

Servicing Stack Updates

Microsoft released new updates for the Servicing Stack on all supported versions of Windows. Notably, Win7 and 8.1 also have new SSUs. (You only have to worry about SSUs if you manually download and install updates. If you use Windows Update, they should be installed automatically. Should.) There’s a complete list of the new SSUs in Security Advisory ADV990001.

Another mysterious 'exploited' Internet Explorer security hole

Tell me if this sounds familiar

Yesterday’s patches includes one for an Internet Explorer security hole, dubbed  CVE-2019-1429, an “exploited” vulnerability. Just like the August “exploited” IE zero-day Keystone Kops episode, this appears to be a genuine flaw in IE. Just like the August doppelganger, Microsoft isn’t telling us very much. 

Dustin Childs says it best in his Zero Day Initiative post:

This patch for IE corrects a vulnerability in the way that the scripting engine handles objects in memory. This vague description for memory corruption means that an attacker can execute their code if an affected browser visits a malicious web page or opens a specially crafted Office document. That second vector means you need this patch even if you don’t use IE. Microsoft gives no information on the nature of the active attacks, but they are likely limited at this time. 

No doubt the Chicken Littles of the Windows reporting industry will bill this as a huge threat to 800 million Windows users — or some such drivel. In fact, it’s likely the discovered exploit appeared in a honed attack directed at a major governmental or industrial target.

Until we hear more about it (we haven’t heard of any attacks based on August’s exploit, have we?), you should be fine.

A reprieve from 'optional non-security' updates for the rest of the year

This should come as good news for Windows patchers of all stripes.

Microsoft has officially announced that it’s giving up on its practice of releasing (at least) two cumulative updates per month, through the end of this year. Tucked away in a neglected corner of the Windows Release Information page lies this little gem:

Timing of Windows 10 optional update releases (November/December 2019)

There will be no more optional “C” or “D” releases for the balance of this calendar year. Note There will be a December Security Update Tuesday release, as usual.

For those of you who don’t speak the A-B-C-D-E jargon, that means we won’t have second cumulative updates in November or December. The “optional, non-security” patches (which frequently contain fixes for bugs introduced by security updates) are a strange artifact that solidified in early 2017. Prior to that, Microsoft released one cumulative update on the second Tuesday of most months, then patched again at an arbitrary time, should the need arise — primarily to fix bugs introduced by the first patch.

Starting in 2017 or so (it’s difficult to pinpoint a date), somebody decided that it would be good to give Windows patchers a preview of the next month’s non-security patches, generally during the 3rd or 4th week of the month (thus, “C” and “D” week). The approach resembled something of an Insider Preview shot at the next month’s non-security patches. You could get a preview of the next month’s patches, but only if you downloaded and installed them manually, or (horrors!) became a Seeker and clicked “Check for updates.”

It looks like Microsoft is shutting that down, at least for the next two months, and I say good riddance. If there’s to be an Insider Preview ring for each version of Win10, I’m all for it — let people opt in, and give them a reliable way to report bugs. But playing footsie with Seekers just hangs too many innocent bystanders out to dry.

It isn’t clear if we’ll be spared the same indignity with Windows 7 and 8.1 “Monthly Rollup Previews.” Stay tuned.

The end of 1803 and the rise of 1909

As widely advertised, this month’s cumulative update for Win10 version 1803 is destined to be its last (unless we have a major security problem and Microsoft changes things). If you’re running Win10 version 1803, there’s no need to panic; in the normal course of events, you wouldn’t get another security patch until next month anyway. I’ll have more about the journey from 1803 in a subsequent column.

Those who have installed the Win10 1903 November cumulative update, KB 4524570, and rebooted, will see an offer on your Windows Update setting page (screenshot).

1903 after reboot installing 449 Woody Leonhard/IDG

Right now, there’s no pressing reason to click that “Download and install now” link. Let’s wait and see what problems arise. 

Quite a haul for the first 24 hours, eh? 

Thx, @abbodi86, @PKCano, @gborn and many more

Join us for the usual patching follies on AskWoody.com.

Copyright © 2019 IDG Communications, Inc.

Download: EMM vendor comparison chart 2019
  
Shop Tech Products at Amazon