Enterprise Windows 10 users, Microsoft has some 'quality' patches coming your way
Third bunch of fixes aimed at pleasing business types
Running Windows 10 in the enterprise? Took the advice of Microsoft when it said the April 2018 Update was ready for the big leagues? You probably want to install last night's "quality improvements".
In what is starting to feel a little more frequent than it should, Microsoft pushed out a raft of fixes for the 1803 incarnation of Windows 10 (aka the April 2018 Update), marking the third such update in July and taking the build number to 17134.191.
While there are new toys in the updates, admins will be delighted to see their existing playthings stuck back together with the computing equivalent of Krazy Glue in the release, which is documented in KB4340917.
A number of fixes stand out. The first, for Intune (or other third-party mobile device management services), addresses a bug that could turn an admin deathly white. Installation of a provisioning package update could cause devices to unenroll themselves from the management service.
A device taking itself off Intune is obviously a bad day all round for carefully crafted policies.
Another deals with a memory leak when a local SQL Server encrypts data using a certificate-based symmetric key, and the user runs queries that open and close the key in a recursive loop.
Login and logout issues that stopped Roaming User Profile folder synchronisation are dealt with, as is a problem that had an SSO-enabled environment submitting two authentication requests resulting in the potential for premature account lock-outs.
Help the aged
Old versions of Windows 10 also got their third dose of patch goodness for July. The Fall Creators Update (1709) received KB4338817, taking its build number to 16299.579. Like its younger sibling, the patch deals with devices unexpectedly unenrolling themselves from the Intune MDM service as well as a slew of other fixes that make 1803 look like a paragon of virtue in comparison.
The Creators Update (1703) saw its build number jump to 15063.1235 as a result of KB4338827, which, while it did not contain the Intune fix needed by its newer counterparts among the torrent of "quality improvements", also received a fix for the SSO-enabled environment dual authentication request issue shared by both 1709 and 1803.
Test, test and test some more
While flinging these patches at expectant Windows 10 machines would be a good idea, admins do need to exercise caution and should perform some testing first. All three packages suffer from a known issue where installing the July 2018 .NET Framework Security Updates could bork some COM components with a System.UnauthorizedAccessException error triggered when an affected application tries to load them.
Microsoft lists hitting a Sharepoint website, launching the BizTalk Administration Console or creating COM objects in IIS with Classic ASP as scenarios that could fail.
Redmond does helpfully provide some workarounds, although it warned that using them could make a computer more vulnerable. At some point the software giant promises to emit another fix to deal with the problem.
It is indeed the summer of patches. ®
Sponsored: Becoming a Pragmatic Security Leader