Microsoft pushes, then yanks, rogue kinda-security patch KB 4523786, ostensibly for Autopilot
Let’s put this in perspective.
Microsoft warned us at the beginning of the Win10 onslaught four-plus years ago that it wouldn’t dole out patches one by one. Except for emergency security fixes, patches would be released as part of cumulative updates. Over the years, that promise has evolved into a common pace of two cumulative updates per month: the first on Patch Tuesday, and a second “optional, non-security” cumulative update sometime later in the month.
It’s one of the ways “Windows as a service” is a service, doncha know.
Last month we were treated to an unholy pileup of Windows security patches as Microsoft released, then re-released, then finally pushed a fix to the Internet Explorer zero-day vulnerability known as CVE-2019-1367. Of course, nobody’s seen any widespread exploits attributable to that security hole, but the bugs — three different sets of them, corresponding to the three botched out-of-band patches — were breathtaking.
This month, it looks like we’re headed in a similar direction.
Yesterday, Microsoft released an odd patch for Win10 version 1903 that’s supposed to be a “Cumulative update for Autopilot in Windows 10 version 1903: October 22, 2019.” Whether it’s a security patch or a non-security patch is debatable. But there are all sorts of problems:
- It’s a standalone patch, KB 4523786. It isn’t part of a Windows cumulative update, security or non-security.
- It’s supposed to be a cumulative update for Autopilot, but I’ll be hanged if I can find any earlier cumulative update for Autopilot. First of its lineage, no doubt, although poster Pejole2165 on Tenforums has found vestiges of earlier updates.
- It’s for Autopilot (here’s a description; don’t worry, I had to look it up, too), which “is a zero-touch, self-service Windows deployment platform introduced with Windows 10, version 1703.” In other words, Autopilot (apparently?) only runs on domain-connected Win10 1903 computers. But the patch was installed on machines that had never seen Autopilot.
- More than that, the patch…