December’s Patch Tuesday seems to be causing few problems — no doubt because it’s a very minimal crop, with very few announced bug fixes. The 'exploited' security flaw is a yawner. A one-off patch for Autopilot, KB 4532441, has already been pulled, reminiscent of the October debacle. But Win7 does get a full-screen nag, and 1909 hasn’t been fixed. Happy holidays. Credit: Thinkstock/Microsoft Patch Tuesday in December rarely brings anything worthwhile — everybody’s on vacation, or wants to be on vacation — and this month’s no exception. We got patches for 36 separately identified security holes and two new advisories, full of sound and fury but covering very little. The one “exploited” security hole — CVE-2019-1458 Win32k Elevation of Privilege Vulnerability — shouldn’t cause any heartburn. Microsoft says: To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Then Microsoft gives the hole an “Important” severity rating, a big step below the “Critical” that’s de rigeur. Short version: Although you need to patch sooner or later, you don’t need to worry about any of the security holes right now. The return of Autopilot Remember back in October when Microsoft mysteriously pushed out a patch for Autopilot, a little-known app that helps companies set up new machines? I wrote about it in “Microsoft pushes, then yanks, rogue kinda-security patch KB 4523786, ostensibly for Autopilot.” Looks like the cows are out of the barn again. Microsoft released KB 4532441 yesterday, the latest “Cumulative update for Autopilot in Windows 10, versions 1903 and 1909: December 10, 2019.” Once again, many folks saw that they were being offered the patch (although this time it apparently only went out to 1903 and 1909 Pro customers). Once again, the patch was offered repeatedly, even after it was installed properly. Once again, Microsoft yanked the patch, then updated the KB article to say: This update was available through Windows Update. However, we have removed it because it was being offered incorrectly. When an organization registers or configures a device for Windows Autopilot deployment, the device setup automatically updates Windows Autopilot to the latest version. Note There is no effect on Windows Autopilot being offered to Windows 10 devices. If you were offered this update and do not use Autopilot, installing this update will not affect you. Windows Autopilot update should not be offered to Windows 10 Home. Those who cannot remember the past are condemned to repeat it. Odd and sundry patches In addition to the usual laundry list of patches, we also saw: A new Malicious Software Removal Tool. Folks who downloaded the patches early may have missed it, because MS didn’t push it until several hours after the initial patching payload. Updates for .Net Framework 3.5.x, 4.6.x, 4.7.x, 4.8 and more. Dozens of them. Martin Brinkmann has the full list on ghacks.net. As well as the usual assortment of Office security patches. There are new Servicing Stack Updates for Server 2008 and Server 2012, with manual download links as usual in ADV990001. If you don’t know about Servicing Stack Updates, don’t sweat it. The easily dismissed Win7 End of life nag December’s Windows 7/Server 2008 R2 Monthly Rollup brings a full-screen nag for upgrading to Windows 10, due to appear starting on January 15. Here’s what Microsoft says: IMPORTANT Starting on January 15, 2020, a full-screen notification will appear that describes the risk of continuing to use Windows 7 Service Pack 1 after it reaches end of support on January 14, 2020. The notification will remain on the screen until you interact with it. This notification will only appear on the following editions of Windows 7 Service Pack 1: Starter. Home Basic. Home Premium. Professional. If you have purchased the Extended Security Update (ESU), the notification will not appear. For more information, see How to get Extended Security Updates for eligible Windows devices and Lifecycle FAQ-Extended Security Updates. Ultimate. Note The notification will not appear on domain-joined machines or machines in kiosk mode. The Security-only patch, KB 4530692, includes the nag, which is embodied in the program EOSNotify.exe. Apparently the nag will only appear once, take up the whole screen and, once you’ve dismissed it, never return again. You’ll be forgiven if you recall similar promises during the “Get Windows 10” GWX campaign. For those of you who can’t be bothered to dismiss the nag screen (or worry that it won’t go away as easily as Microsoft says), you can set this registry key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionEOSNotify To have the value “DiscontinueEOS”=dword:00000001 We’ll be covering that nag and its aftereffects extensively as details unfold. Remember that more than a quarter of all Windows users are on Win7. Watch the bugs come out of the, uh, woodwork on AskWoody. Related content opinion On a personal note... Woody Leonhard looks back a bit, looks ahead to retirement — and shares good news about who's picking up the Windows patching torch. By Woody Leonhard Nov 09, 2020 3 mins Small and Medium Business Computers Windows news analysis Get Microsoft's October patches installed — and seriously consider Win10 2004 Odd ancillary patches have their problems, but the mainstream October patches look pretty reliable. The big question: Is Win10 version 2004 up to your stability standards. I’m skeptical -- especially because it has few worthwhile improvements. By Woody Leonhard Oct 30, 2020 6 mins Small and Medium Business Microsoft Computers news analysis Microsoft Patch Alert: October 2020 The big news with this month’s patches – aside from the usual smorgasbord of strange errors – has more to do with the patches that are outside the regular cumulative update stream. Remarkably, we didn’t get any security fixes By Woody Leonhard Oct 22, 2020 189 mins Small and Medium Business Microsoft Office Microsoft news analysis With Patch Tuesday here, be sure Windows Update is paused With all the flotsam floating around, it’s easy to lose sight of Second Tuesdays. October’s arrives tomorrow and, with it, another round of Windows and Office patches. Take a minute to make sure you aren’t in the front lines, as eve By Woody Leonhard Oct 12, 2020 5 mins Small and Medium Business Microsoft Windows Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe