Patch Tuesday updates for Win7, KB 4480970 and KB 4480960 knock out networking

[Karlston]

Reports are popping up all over that yesterday’s Win7 Monthly Rollup and Security-only patches are causing big problems with networks using SMBv2 shares. The known solution is to uninstall the patch. There’s also a registry fix that may or may not work.

Thinkstock

It’s Reboot Wednesday (the day following Microsoft's Patch Tuesday) and, like roses unto spring, bugs are starting to crawl out of the woodwork. This time, if you have a network that uses SMBv2, this month’s Win7 patches may knock your network upside the head.

 

I first read about it on Günter Born’s site:

The KB4480970 (Monthly Rollup) and KB4480960 (Security only) updates were released by Microsoft on January 8, 2018 for Windows 7 SP1 and Windows Server 2008 R2 SP1. The updates seem to cause serious network issues for some people. Network shares can no longer be achieved via SMBv2 in certain environments.

He goes on to cite the German-language site administrator.de, which says (Google translation):

Update 01/2019 is no SMB2 connection to a W7 Share more, here the Wireshark Trace from the client who wants to access the W7 Share: always leads to the error message Invalid Handle!

On Reddit’s sysadmin forum, BenScobie posts:

We've ran into the same issue on a Windows 2008 R2 server. We also cannot authenticate with our TFS server hosted on the same box. ... Uninstalling the update fixed both issues for us.

After all of the SMBv1 controversy in June of last year, and WannaCry’s ugly appearance, many folks thought that SMBv2 was sacrosanct. Or at least functional. What fools these patching mortals be.

 

At this point, the best advice is to not install the patch. (Raise your hand if you’ve heard me say that before.)

 

There’s a possible registry fix. Andi on administrator.de says:

If the Windows 7 user accesses a share, and he is an administrator on the remote system, this should work on the W7 that hosts the share (elevated cmd):

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

Afterwards you have to reboot the system

I have no idea if that works in general, but as the U.S. wakes up to yet another Win7 bork, we’ll likely find out soon.

 

Go ahead. Make my day. Tell me that Microsoft tests this stuff, on the AskWoody Lounge.

 

Source: Patch Tuesday updates for Win7, KB 4480970 and KB 4480960 knock out networking (ComputerWorld - Woody Leonhard)

[steven36]

19 minutes ago, Karlston said:

On Reddit’s sysadmin forum, BenScobie posts:

We've ran into the same issue on a Windows 2008 R2 server. We also cannot authenticate with our TFS server hosted on the same box. ... Uninstalling the update fixed both issues for us.

Quote

 

[–]the_spad  26 points 6 hours ago 

And this is why we wait a couple of days before installing the monthly updates, because Microsoft's patch QA is questionable at best.

 

 

 

I dont even bother to patch the Windows 7 laptop on my network since i patched it for wantacry and its just been fine using it  with ESET Smart Security.. End of Life for Windows 7 updates is 370 days unless you are a business and are going to pay for extended  support . No extra 2 years like they gave xp unless you pay its all about money now . Windows 7 as a service .

 

Even on Windows 8.1 i wait tell the end of the month  to do updates . I done updates for it Monday before the new ones comes out and it dont even have a warning for every update you may lose your network when you update its a on going issue with Windows 7.

[Karlston]

Same here with my 8.1 and KIS. Only Office 2016 updates, and then only when Woody says they're safe.

[steven36]

2 minutes ago, Karlston said:

Same here with my 8.1 and KIS. Only Office 2016 updates, and then only when Woody says they're safe.

Microsoft says there is no known issues with Windows 8.1 updates for January  but they never know about issues  tell they end up pulling and update  and i dont always catch when Woody says there safe i just do them  the week or days  before patch Tuesday and if i forget  i just wait 2 months to do them i be on Linux a lot and dont even be paying any mind to whats going on  Windows unless i see it on here .

[Karlston]

3 minutes ago, steven36 said:

i just wait 2 months to do them

 

Do you download and update them manually, after 2 months Windows Update will have later ones.

[steven36]

48 minutes ago, Karlston said:

 

Do you download and update them manually, after 2 months Windows Update will have later ones.

You can go to the catalog and get any updates you want  here is the security  only update for  Dec 2018 

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4471322

 

But also they was a out of bounds security update for IE  in DEC its found here

https://www.catalog.update.microsoft.com/search.aspx?q=KB4470199

 

Security  only update for .Net Windows 8.1 for  Dec 2018

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4471322

 

Windows 7 is the same way you just have to search  for the updates you missed and install them . Windows 8.1 use to be a joy if you was using OEM  Windows 8   the OEM key would not let you install Windows 8.1 so you had to update via the store and you had to find all prerequisites updates and install it to upgrade  unless you done some work around

https://www.pcsteps.com/627-install-windows-8-1-without-product-key/

 

I download me Windows 8.1 iso from adguard and it lets you install Windows 8.1 without a key then i can activate with my OEM keys is how i got around it.