Microsoft pushes, then yanks, rogue kinda-security patch KB 4523786, ostensibly for Autopilot


Let’s put this in perspective.

Microsoft warned us at the beginning of the Win10 onslaught four-plus years ago that it wouldn’t dole out patches one by one. Except for emergency security fixes, patches would be released as part of cumulative updates. Over the years, that promise has evolved into a common pace of two cumulative updates per month: the first on Patch Tuesday, and a second “optional, non-security” cumulative update sometime later in the month.

It’s one of the ways “Windows as a service” is a service, doncha know.

Last month we were treated to an unholy pileup of Windows security patches as Microsoft released, then re-released, then finally pushed a fix to the Internet Explorer zero-day vulnerability known as CVE-2019-1367. Of course, nobody’s seen any widespread exploits attributable to that security hole, but the bugs — three different sets of them, corresponding to the three botched out-of-band patches — were breathtaking.

This month, it looks like we’re headed in a similar direction.

Yesterday, Microsoft released an odd patch for Win10 version 1903 that’s supposed to be a “Cumulative update for Autopilot in Windows 10 version 1903: October 22, 2019.” Whether it’s a security patch or a non-security patch is debatable. But there are all sorts of problems:



www.computerworld.com