Patch Tuesday Megathread (2024-12-10)

[-]

TheFiZi@reddit

Anyone else having issues installing KB5048667 into Windows Server 2025 Standard (Core)?

I'm getting "Installation Failure: Windows failed to install the following update with error 0x80073701: 2024-12 Cumulative Update for Microsoft server operating system version 24H2 for x64-based Systems (KB5048667)."

I'm trying the troubleshooting steps from here: https://support.microsoft.com/en-us/topic/when-trying-to-install-updates-from-windows-update-you-might-receive-updates-failed-there-were-problems-installing-some-updates-but-we-ll-try-again-later-with-errors-0x80073701-0x800f0988-e74b3505-f054-7f15-ec44-6ec0ab15f3e0

Which is basically run dism /online /cleanup-image /startcomponentcleanup, reboot and try again.

Will report if that clears it up.

My two Windows Server 2025 Standard (GUI) boxes patched no problem.

[-]

FCA162@reddit

Have a look in my post for the resolution to fix WU error 0x80073701.
100% guarantee of success !

https://www.reddit.com/r/sysadmin/comments/1fda3gu/comment/lmzzbe2/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

[-]

drslechapeau@reddit

I just made an account today to say u/FCA162 your script is a lifesaver. Had problems on an Exchange Server with Windows Server 2022 not able to update, whatever I tried.

After running your script the update installed succesfully. Thank you very much for sharing your knowledge!!

[-]

TheFiZi@reddit

Fixed it: https://www.pickysysadmin.ca/2025/02/12/windows-updates-failing-after-upgrading-to-windows-server-2025-core/

TL;DR: Mount the Windows Server ISO to the server and run a repair installation of Windows.

[-]

TheFiZi@reddit

Ran your script, watched it mark 100+ packages as corrupted heh.

Rebooted, tried Windows Update again, failed again.

I'm thinking it's a bad patch at this point.

[-]

TheFiZi@reddit

Shockingly this did not solve the problem, manual patch installation fails as well.

[-]

Clark_Kempt@reddit

Same! Any fix? If this update continues to fail will I be able to install the next one and move on with my life?

[-]

TheFiZi@reddit

Fixed it: https://www.pickysysadmin.ca/2025/02/12/windows-updates-failing-after-upgrading-to-windows-server-2025-core/

TL;DR: Mount the Windows Server ISO to the server and run a repair installation of Windows.

[-]

TheFiZi@reddit

I haven't found a fix yet.

[-]

TheFiZi@reddit

Hello darkness my old friend, it appears I'm getting ERROR_SXS_ASSEMBLY_MISSING and the script I typically use for it is not working.

Lines from my CBS.log

2024-12-10 20:19:32, Error                 CSI    0000001c@2024/12/11:04:19:32.025 (F) onecore\base\wcp\sil\ntsystem.cpp(3486): Error STATUS_OBJECT_NAME_NOT_FOUND originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile expression: (null)

2024-12-10 20:19:34, Error                 CSI    0000001d (F) STATUS_OBJECT_NAME_NOT_FOUND #413644# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile(flags = 0, handle = {provider=NULL, handle=0, name= ("null")}, da = (FILE_GENERIC_READ), oa = @0xa61807d9a8->OBJECT_ATTRIBUTES {s:48; rd:null; on:[140]'\??\C:\WINDOWS\WinSxS\Manifests\amd64_microsoft-windows-t..oyment-languagepack_31bf3856ad364e35_10.0.26100.1_en-us_bf12458d5ec2a5a9.manifest'; a:(OBJ_CASE_INSENSITIVE)}, iosb = @0xa61807dd08, as = (null), fa = (FILE_ATTRIBUTE_[gle=0xd0000034]
2024-12-10 20:19:34, Error                 CSI    NORMAL), sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), cd = FILE_OPEN, co = (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT|FILE_OPEN_FOR_BACKUP_INTENT), eab = NULL, eal = 0, disp = Invalid)
2024-12-10 20:19:34, Error                 CSI    0000001e (F) STATUS_OBJECT_NAME_NOT_FOUND #413643# from Windows::Rtl::SystemImplementation::CSystemIsolationLayer::OpenFilesystemFile(flags = 0, da = (FILE_GENERIC_READ), fn = [l:137]'\SystemRoot\WinSxS\Manifests\amd64_microsoft-windows-t..oyment-languagepack_31bf3856ad364e35_10.0.26100.1_en-us_bf12458d5ec2a5a9.manifest', sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), oo = (FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE|FILE_OPEN_FOR_BACKUP_INTENT), file = NULL, disp = Invalid)
2024-12-10 20:19:34, Error                 SXS    Could not open \SystemRoot\WinSxS\Manifests\amd64_microsoft-windows-t..oyment-languagepack_31bf3856ad364e35_10.0.26100.1_en-us_bf12458d5ec2a5a9.manifest: STATUS_OBJECT_NAME_NOT_FOUND
2024-12-10 20:19:34, Error                 SXS    WIL Origination: onecore\base\servicing\turbostack\lib\turbostackutil.cpp(80)\TurboStack.dll!00007FF86E70070E: (caller: 00007FF86E700394) Exception(1) tid(1ba0) C0000034 Object Name not found.
2024-12-10 20:19:34, Error                 CSI    0000001f@2024/12/11:04:19:34.045 (F) onecore\base\servicing\turbostack\lib\turbostackutil.cpp(80): Error HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) originated in function (null) expression: (null)
2024-12-10 20:19:34, Error                 SXS    WIL Origination: onecore\base\servicing\turbostack\lib\query.cpp(999)\TurboStack.dll!00007FF86E76A16C: (caller: 00007FF86E6885C9) LogHr(1) tid(1ba0) 80070002 The system cannot find the file specified.
2024-12-10 20:19:34, Error                 CSI    00000020@2024/12/11:04:19:34.073 (F) onecore\base\servicing\turbostack\lib\query.cpp(999): Error HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) originated in function (null) expression: (null)

2024-12-10 20:19:49, Error                 CBS    Failed to load C:\WINDOWS\TEMP\SSS_e79cd3ea834bdb0101000000ac04b80e\cmsofflineservicing.dll.: HRESULT_FROM_WIN32(ERROR_MOD_NOT_FOUND)

2024-12-10 20:33:13, Error                 CSI    0000029a@2024/12/11:04:33:13.852 (F) Attempting to mark store corrupt with category [l:15 ml:16]'CorruptManifest'[gle=0x80004005]
2024-12-10 20:33:13, Error                 CSI    0000029b@2024/12/11:04:33:13.852 (F) onecore\base\wcp\componentstore\csd_locking.cpp(97): Error STATUS_SXS_ASSEMBLY_MISSING originated in function CCSDirectTransaction::LockComponent expression: (null)
2024-12-10 20:33:13, Error                 CSI    0000029c (F) STATUS_SXS_ASSEMBLY_MISSING #9858843# from CCSDirectTransaction::OperateEnding at index 0 of 1 operations, disposition 2[gle=0xd015000c]
2024-12-10 20:33:13, Error                 CSI    0000029d (F) HRESULT_FROM_WIN32(ERROR_SXS_ASSEMBLY_MISSING) #9858735# from Windows::ServicingAPI::CCSITransaction::ICSITransaction_UnpinDeployment(Flags = 0, a = Microsoft-Windows-Internet-Naming-Tools-Deployment, version 10.0.26100.1882, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35}, cb = (null), s = (null), rid = 'Microsoft-Windows-Internet-Naming-Tools-Package~31bf3856ad364e35~amd64~~10.0.26100.1882.WINS-Server-Tools', disp = 0)[gle=0x80073701]
2024-12-10 20:33:13, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x80073701 - ERROR_SXS_ASSEMBLY_MISSING]

2024-12-10 20:33:17, Error                 CBS    Failed to perform operation.  [HRESULT = 0x80073701 - ERROR_SXS_ASSEMBLY_MISSING]

Strange the package it's complaining about is WINS-Server-Tools. Who still has WINS installed on Windows Server?

I am chalking this up to a bug in the patch for now and will wait and see.

Has anoyne successfully patched a 2025 Core box?

[-]

TeRRoRByteZz2007@reddit

KB5048652 broke some of our Windows 10 kiosk devices - customshellhost.exe would crash every second. Uninstalling KB5048652 resolved the issue

[-]

FISKER_Q@reddit

Have you engaged Microsoft support on this or heard of any other workarounds that aren't uninstalling the update?

[-]

TeRRoRByteZz2007@reddit

We managed to get most of them uninstalled and paused the updates on the kiosks after moving them to their own update ring. The kiosks that were broken we just rebuilt as they were critical to parts of the business.

[-]

FISKER_Q@reddit

In case you're still suffering from this, I discovered that new installations don't suffer this issue, but I wanted to make sure that the updates themselves weren't causing it.

So reinstalling windows 10 (or 11) with the January update works, the February update yesterday didn't break it.

[-]

Liquidretro@reddit

Anyone having AD accounts lock out quickly after applying updates? I am seeing far more lockout help requests than I normally do.

[-]

phatmario@reddit

Did you manage to solve this one? We may be in the same boat.

[-]

LaCabraPoseida@reddit

I am having these issues too. Seems to be NTLM related, it is sending our (external) maildomain credentials to our on-prem domain which causes lockouts.

[-]

Liquidretro@reddit

It was only a problem for one day, haven't had any reports since. I think it was a fluke and less of a patch issue.

[-]

spondgebob1a@reddit

Anyone with 0x80244007 errors on PCs? The PCs are not reporting to wsus since the day i pushed out december updates. It looks like there is a problem with "targetGroupNames" key.

In wsus logs i see:
SimpleAuth.GetAuthorizationCookie: System.ArgumentException: The specified string is invalid. Parameter name: targetGroupNames

[-]

MikeTheCannibal@reddit

Making the report if no one else is aware, brace yourselves and pray MSFT releases an OOB before it affects you... Secure channel functionality breaks completely with latest patch cycle on 2019 domain controllers. Hasn't shown up yet for many, but heavily utilized, large enterprise has begun to see the effects within the past three days. MSFT isn't saying anything public yet, but we along with three others orgs are feeling the pain. Uninstalling patching doesn't remove the change, luckily doesn't destroy the schema so we've been forced to rebuild a good 20+ domain controllers. Fair warning, spin up and be prepared with new DC's ready to promote on standby.

And good luck dealing with the Azure DC's.

God speed fam.

[-]

NoEvilYamMayLiveOn@reddit

Installed for several 2019 DCs and haven’t seen anything to suggest issues with Secure Channel after two days.

Will be interested to see what comes of your comment and if there’s a mention of it in upcoming CU.

[-]

MikeTheCannibal@reddit

So good news, we were able to find out what they did. Patches had a memory leak, somehow affected by a sense update and RPC filter that caused everything to implode. As a work around MS deployed an update behind the scenes that hit all customers removing it and fixing the broken secure channel comms. Lasted about two-three days, was rough. From what I’ve heard four or five fortune companies were affected and brought everyone to practically a standstill. It’s a huuuge deal, I’d suspect some major fallout between MSFT and clients in the coming weeks…

So in theory, those who weren’t affected shouldn’t be now as it was slipped in behind the scenes with defender/atp stuff not requiring patching for end users. We shall see

[-]

NoEvilYamMayLiveOn@reddit

Thanks for further detailing what was happening for your org. That does indeed sound very rough.

Finding your comment the day before we decided to roll this out left us with far less confidence things would go smoothly. There’s a reason December patches have a bad reputation.

[-]

MikeTheCannibal@reddit

Agreed. Normally we refuse to patch during our end of year freeze, first time we have in years and presto- this happens. Easiest way to check is to run the commands: Netsh rpc filter show filter

See if any filters are in place.

[-]

jordanl171@reddit

just installed the Dec patches on 1 of our 3 DC's. 1 (the one I installed dec on) is 2022, the 2 other's are 2019. what exactly breaks? I feel like if it was major it would have been reported by other users here?? i hope!

[-]

Thin_Ad_4574@reddit

I'm not putting my card in to get an AVG ANTI-VIRUS payment I bought two cards and put €30 on them you think I could get it no because they robbed the money of my swirl cards but no I was told by AVG ANTI-VIRUS payment didn't go into it then I get a a MasterCard one swirl and again I done it the same thing happened to it and you can and I never can see a way out off this just lift up I back every single day and they put foils foil phone a portfolio for my phone see I didn't say nothing like that so Gesto remixes will be not playing anymore ever since or put up pictures HDH like that they didn't do anything but taken from my phone no like I let them they stop me fome using the mic put up words they not Im not good at spelling words they put the wrong words up when I us it they have toa Game out of Nokia games hot-air balloon old games black and white you have to get the coins it's like the first game what came out and they have that on a Link that what I was told buy when they uploaded something into my phone I don't know how there getting into every new phone and any device I bought there init and how can they a bill to get into all my new phone keep charging password and more there something else because they something to do with INDIA that's what I'm getting told but I have to bring everything done to the GARDA I have letter from the company that how time have I phone was had to be left in to be fixed they took put a new motherboard into it but they said they were going to find out what going on with not one 3 time I had to get new motherboard into two different phones that not a fault that's scammer who now that they I thing it is YouTube because mam and Dad phone they have me link up to them so don't tell me that I'm not hacked I be talking to Microsoft about my Xbox they robbed out of my flat But I have the serial number off the Xbox I need to get it turned off on

[-]

TheLostITGuy@reddit

Not a single . in sight.

[-]

OhYeah-@reddit

One of our old servers running Server 2022 was updated last Wednesday evening and just got a BSOD out of nowhere today. The machine is old, but has been rock solid so far, proper old Dell PowerEdge. Nothing else had changed apart from the OS updates.

BSOD was IRQL_NOT_LESS_OR_EQUAL. Will keep investigating.

[-]

kulovy_plesk@reddit

Have you tried analyzing the memory dump in WinDbg? That may shed some light on what caused the machine to crash.

[-]

OhYeah-@reddit

Nothing specific at all came up in bluescreenview, but I'll give WinDbg a try as well, thanks.

[-]

upcboy@reddit

Anyone having issues with the start menu not working after the update? Seeing it on windows 11 23H2 machines.

Event viewer shows some errors like the following

Faulting application name: StartMenuExperienceHost.exe, version: 10.0.22621.4541, time stamp: 0xaaca2cc0 Faulting module name: MSVCP140_APP.dll, version: 14.30.30704.0, time stamp: 0x615a9216

[-]

Sure-Recover5654@reddit

Am seeing this as well for both 23h2 and 24h2 with VDA 2402 installed

[-]

Sure-Recover5654@reddit

This registry addition has corrected this issue.

HKEY_LOCAL_MACHINE\Software\Citrix\CtxHook
‘ExcludedImageNames’=‘StartMenuExperienceHost.exe’

[-]

PawnEnPassant@reddit

Thank you for sharing this, what does it do exactly?

[-]

ditka@reddit

Well, just a second there, professor. It, uh, it fixes the glitch. So the start menu won't be crashing any more. Everything else will just work itself out naturally.

[-]

PawnEnPassant@reddit

Hahah you’re funny

[-]

upcboy@reddit

We found uninstalling the VDA and reinstalling it, seems to fix the issue.

[-]

PawnEnPassant@reddit

Is there a way to uninstall/reinstall vda at scale?

[-]

Dragon_Ranger_@reddit

Anyone found a fix for this yet that doesn’t involve rolling back a patch?

[-]

mike-at-trackd@reddit

Not sure if you saw u/Sure-Recover5654's comment above, so linked.

[-]

PawnEnPassant@reddit

Thank you for posting your solution I found this works for us too. How did you uninstall/reinstall? One by one?

[-]

upcboy@reddit

Sadly we have a very small VDI environment. Our Citrix team has been manually doing the reinstall as this comes up.

[-]

PawnEnPassant@reddit

Are you guys using Rubicon by chance?

[-]

PawnEnPassant@reddit

Yes but for some reason it’s only affecting Windows VDI

[-]

AdviceDifficult@reddit

same here

[-]

mike-at-trackd@reddit

\~\~ December 2024 Microsoft Patch Tuesday Damage Report \~\~

** 2 weeks later **

Thankfully this month has persisted in being relatively quiet with nothing major of note regarding widespread system instabilities.

Everyone have a great holiday season and rest of the year! Let’s hope Microsoft’s new year’s resolution is to release updates that don’t break shit 🙂

Server 2022

Point and Print capability disrupted with suggested driver update required

Server 2016

Microsoft Print to PDF not working

Windows 11

Start menu not working on VDI Citrix hosts

Miscellaneous

Lockout timing seemingly shorter than expected

[-]

Uberbohne256@reddit

Anyone run into KB5048654 breaking Point and Print GPO settings? As soon as it applies, all workstations scream that there's a driver update that needs to apply. As soon as we uninstall the KB it works as it should.

[-]

joshtaco@reddit

I'm afraid my condition has left me cold to your pleas of mercy. Ready to push this out to 9000 workstations/servers.

[-]

GnarlyCharlie88@reddit

Godspeed.

[-]

IC_kfisc@reddit

I love the tone this sets.

[-]

bTOhno@reddit

I'm really trying to convince my org to start letting me patch at least quicker, I just took over patch management and the previous guy waited 1 week after release to patch test devices and 2 weeks to patch production and workstations. Boss asked me how we get lower risk scores and all I had to say was "actually patch in a realistic timetable instead of pushing updates late as hell". In the 2.5 years I've been at this org we haven't had a single issue with patching, but people are paranoid because one person they know knows someone who had an issue with patching.

Currently I'm drafting a schedule that at least gets me completely patched by a week.

[-]

LSMFT23@reddit

We deploy to test starting the Sunday night AFTER patch Tuesday, which gives us time to hear the community screaming if the patch is bad, and MS either has to release an OOB fix or recall the patch.

Prod patching starts the Sunday night after that.

[-]

therabidsmurf@reddit

When I came on it was test servers for week, non critical for a week, crit for a week, then DCs so you finished just in time for next patch Tuesday. Nixed that quick....

[-]

cosine83@reddit

Yeah, the neverending patch cycle is not the life.

[-]

bTOhno@reddit

That's basically what it feels like...we have like a single week of patches being fully applied. It always felt lazy to me so when I inherited it I wanted to move it at a faster pace. Before I inherited the responsibility I kept bringing up that our patch cycle was too slow and the previous person was always arguing it was fine.

[-]

deltashmelta@reddit

For us, it's a one day delay/deferral to avoid "bad launch" KBs. Then, test environment goes the following day, and production is the following Tuesday provided there are no internal issues or major reported issues on the interwebs.

[-]

TigDaily@reddit

same in our environment.

[-]

DeltaSierra426@reddit

Yes, two weeks is too long to patch Windows in modern times. That should only be for edge cases like offline laptops, machines having trouble installing patches, etc. Start testing in 1-3 days, have a goal to have everything patched in 7 (assuming no major issues(s) with the patches).

[-]

bTOhno@reddit

I'm shooting for 9 days right now, Test Thursday, DR following Tuesday, and Production/Laptops/Desktops following Thursday.

[-]

1grumpysysadmin@reddit

I run our patching schedule for my org... I patch on release day to my test environment and my own workstation. I then have a few others in my team do the same. If things don't go sideways within a day or two then I approve server updates through our internal WSUS. Rest of org gets updates via Intune 15 days after release which I am looking to move up to 7 days.

[-]

Liquidretro@reddit

Ya I mean there is risk too with patching stuff too late too. Your cyber insurance policies may have some wording to help you too.

[-]

Smardaz@reddit

Sounds similar. I took it over a few years ago for the healthcare org I work for and was handed the schedule as well. We push to testers immediately and they test for a week. Then it goes to the org with a 2 week window before deadline. My only gripe is, in the monthly meetings we have with the Security team, they always point to some patch and scream "why isn't this remediated?!" And every month I gotta say "It will be....at deadline."

[-]

BALLS_SMOOTH_AS_EGGS@reddit

Yeah a week is a bit overkill imo. We typically begin patching production the Friday after patch Tuesday.

[-]

EEU884@reddit

We set our updates to Thursday to allow us to intervene if the world starts crying about a given update.

[-]

ceantuco@reddit

We typically wait a few days to patch servers and one week to patch Exchange. Win 10 and 11 workstations get updated on the night of patch Tuesday.

[-]

FCA162@reddit

Ah, Patch Tuesday - that monthly rollercoaster ride where Windows updates come hurtling down like confetti at a tech party! 🎉 Let’s dive into the December 2024 edition and see what surprises Microsoft had in store for us.
So, buckle up, fellow digital adventurers! 🚀 Pushing this update out to 200 Domain Controllers (Win2016/2019/2022) in coming days.

[-]

TheFiZi@reddit

Are any of your 2025's Core? or all full GUI?

[-]

FCA162@reddit

We do not use Core edition. All full GUI.

[-]

Aggravating_Refuse89@reddit

I have tried to use core and some stuff and most junior admins hate it and are loud

[-]

SomeWhereInSC@reddit

Be aware the date/time in the corner is now abbreviated, had some questions about that today. The year is dropped entirely.

I'm not sure I follow and would appreciate a little more explanation, our system servers and workstations display time 08:04 AM and under that is date 12-Dec-24, where are you seeing it abbreviated?

[-]

frac6969@reddit

It’s a new feature called shortened time (abbreviated time in Settings) and hides AM/PM and year even if you have that set in regional settings. It’s not appearing for all users and I’m afraid it might wreck havoc in our environment because we have very strict time and date and regional settings.

https://www.elevenforum.com/t/enable-or-disable-show-shortened-time-and-date-on-taskbar-in-windows-11.26235/

[-]

DeltaSierra426@reddit

Yeah, I'm not seeing abbreviated time on this 2024-12 patched 24H2 laptop.

[-]

joshtaco@reddit

Are you on Windows 11 24H2? It's a gradual change, so not everyone gets it remember

[-]

SomeWhereInSC@reddit

Ahh, thanks for reply... We are still gripping 23H2 hard....

[-]

joshtaco@reddit

Yeah, all of my updates on these are always going to be with the latest feature updates for consistency.

[-]

TheJesusGuy@reddit

How can you abbreviate xx/xx/xxxx ?

[-]

joshtaco@reddit

It just drops the year entirely

[-]

MediumFIRE@reddit

It would be hilarious if you really only have 9 workstations/servers and everyone follows your lead with bated breath.

[-]

ceantuco@reddit

lol what if it is only a desktop, laptop and server at HOME? lol

[-]

MediumFIRE@reddit

real talk: you probably want feedback from the sysadmin who rolls it out to a smaller group of computers but on a network that's kind of chaotic with servers hosting a multitude of roles on the same VM and desktops with a bunch of rando hardware configurations. Taco probably has a very efficient streamlined operation with standardization and well-defined server roles. If the chaotic network guy has no issues, then we're probably good ;)

[-]

joshtaco@reddit

Always test patches yourself, don't trust anyone

[-]

Smardaz@reddit

My lead constantly tells me "trust, but verify"

[-]

1grumpysysadmin@reddit

That's a wise lead.

[-]

ceantuco@reddit

you are correct! we do not add too many roles per server to prevent issues. one or two roles and done lol

I run file, print, DHCP, AD, wireless controller, in one server lol

[-]

iswearbydeodorant@reddit

Print server couples with anything makes me want to die at the thought of it.

[-]

ceantuco@reddit

hahahaha I hear you lol I hate printers.

[-]

iswearbydeodorant@reddit

An issue with a print server at my last job, led me to quit. I was so sick of rebuilding that server and the MSP gaslighting about it being caused by "networking." lol

[-]

ceantuco@reddit

I don't blame you... a software vendor kept blaming our network for their program crashing... meanwhile, our monitoring system show no network issues. bleh

[-]

cheeley@reddit

All containerised, on a Raspberry Pi.

[-]

ceantuco@reddit

lol

[-]

MichaelParkinbum@reddit

gif

[-]

LifeStoryx@reddit

It would be funny, but he has explained the situation before. MSP maybe? I can't remember exactly, but it seemed likely to encompass a lot of potential environments. Of course, I have been known to have an impacted memory of late due to years on chemo, so I apologize if I am misrecalling. I'm really just hoping u/joshtaco will remind me again. :)

[-]

joshtaco@reddit

I've explained it before but I'll avoid answering again partly due to confidentiality

[-]

Talgonadia@reddit

Guys.. He's Microsoft's QA department.

[-]

skipITjob@reddit

I was thinking of the same, but it's likely that they've got a good selection of devices, they have reported some issues that were later reported by others. (joshtaco was the first to report)

[-]

joshtaco@reddit

Rhetorically, what would that then indicate in terms of endemic bias towards Microsoft versus the actual reality of how patches do/do not affect downtime in a mean environment these days?

[-]

Character-Act-7826@reddit

I trust joshtaco with my entire soul

[-]

naimastay@reddit

How's it looking?

[-]

joshtaco@reddit

we don't reboot during working hours. they don't reboot until tonight. always the day after before we can tell. My PC is fine I guess, but that's just one PC.

[-]

KindlyGetMeGiftCards@reddit

gif

[-]

PappaFrost@reddit

I also trust Josh Taco with my life's work on Taco Tuesday...BUT it would be pretty funny if he had one home laptop and he named it "9000 workstations/servers"...LOL

[-]

vectravl400@reddit

Must be real... Can't put slashes in a Windows computer name.

I'll be back tomorrow to see what happens. Either way I feel better about pushing out my Dec updates on Dec 24 @ 6 PM. /s

[-]

Trooper27@reddit

Yes! About to approve a bunch of updates here. Phew.

[-]

uninspiredalias@reddit

Had to manually update a dozen or so W11 systems so far to 24H2 and had a really varied set of issues with them. Mostly it was "the machine is acting really bizarre" - generally frequent unerelated crashes, but often just when the update wasn't even downloading yet - just at the point where it's sitting in the update thing ready to download. After much babysitting, SFCs, rebooting, disk checking and cleaning up, pretty much all of them have gone through.

[-]

poprox198@reddit

Performing the exchange 2019 SUv2 tonight:

https://techcommunity.microsoft.com/blog/exchange/re-release-of-november-2024-exchange-server-security-update-packages/4341892

Wish us luck!

[-]

ceantuco@reddit

how did it go? did you have any issues? Planning on doing this tomorrow... ugh a week before Christmas lol

[-]

poprox198@reddit

Everything is working so far. I didn't have any issues with my transport rules on V1 and the localization issue was on OWA, we are still on outlook classic.

Transport agents are working fine and I wish I had dev time to mess with the malware scanner changes.

[-]

ceantuco@reddit

good to hear! I am installing the update now... fingers crossed.

[-]

ceantuco@reddit

please let us know if you have any issues. I wanted to apply v2 patch today but I saw someone having issues with V2 even after the workaround so I decided to postpone for now.

Good luck!

[-]

bostjanc007@reddit

Pushed exchange 2019 v2 update at three customers with no issue

[-]

ceantuco@reddit

that's great. Did you do the work around?

[-]

philrandal@reddit

Do not forget the follow-up timezone bug fix.

[-]

jbl0@reddit

Thank you for mentioning it. If you've time, please share details re: the bug and fix you've mentioned. I am unable to find reference to it.

[-]

BragawSt@reddit

Not OP, but I think they may be talking about this:
https://support.microsoft.com/en-us/topic/time-zone-exception-occurs-after-installing-exchange-server-november-2024-su-version-1-or-version-2-851b3005-6d39-49a9-a6b5-5b4bb42a606f

[-]

philrandal@reddit

That's the one. The powershell script seems to be easiest fix and works here.

[-]

stetze88@reddit

I have the Problem, that the Patch is allready installled and listed in the Update history (Windows Server 2022, WSUS Environment), But the Update will be find and installed / Download again. And After That it still search / find and will installl it again and again. I don‘t know why.

[-]

WoTpro@reddit

is anyone else seeing alot of BSOD's with NetAdapterCx.sys lately ? I have alot of these issues across my fleet of Lenovo laptops, mainly its been P15V gen 3 and P1 Gen 4 that has been affected, the only fix is to clean up the USB Realtek driver (takes ages to do that manually since there are many version that needs to be removed manually before getting back to the first installed driver, the installing the latest USB driver from Lenovo and then the crashes stops. I just updated my own machine to test the new patch, and i just suddenly got a BSOD in the middle of working and same NetAdapterCx.sys crash in the dumpfile, what is going on?

[-]

Local_Breath_2775@reddit

Yes you need to download the Realtek USB Gbe Ethernet Family Controller auto installer from Realteks website, uninstall your current ones through the installer. Then running the installer again and installing the driver again through that.

[-]

WoTpro@reddit

Yep that's what i have been doing, but very tedious to do manually for 250 endpoints

[-]

Local_Breath_2775@reddit

I actually created a script for this. It basically runs the auto installer twice on a group of machines. Fixed the issue.

Do you have the infrastructure and the experience to run remote scripts on a large number of devices?

[-]

joshtaco@reddit

no

[-]

Historical-Leg-1706@reddit

windows 11 patch update ;

After the recent update, I now have two boot files after patching last night (GMT +8). I'm concerned that this could cause issues for other banking companies, as they use encryption software that might be affected.

[-]

Historical-Leg-1706@reddit

After the recent update, I now have two boot files after patching last night (GMT +8). I'm concerned that this could cause issues for other banking companies, as they use encryption software that might be affected.

[-]

atsnut@reddit

Not having any luck with the 2024-12 Cumulative Update for Windows Server 21H2. Not able to get it installed on any server with the WSUS role installed, throwing an 0x8007000d error. I've already tried the Windows Update repairs as well as fully reimaging several servers. I might have to open a case with Microsoft.

[-]

atsnut@reddit

The only way I was able to get this KB installed on a server with the IIS/WSUS roles was to reimage the servers and install the KB before adding any roles.

[-]

Other-Development404@reddit

did anyone ever get an 0x8007054f error after attempting to install the update after rebooting? after the restart it gets to about 35% and then error's and backs out. renamed software distro folder and attempted the normal sfc/dism fixes with no success. running windows server IOT version

[-]

linuxfingers@reddit

Is anyone getting user reports of their desktop background being changed due to Windows Spotlight after KB5048652?

[-]

eobiont@reddit

It may be possible to block this behavior by using GPP or other method to set this registry setting in user hive prior to the patch being installed ... we have not fully tested this and I cant find it documented anywhere. The user can still set their background option to spotlight if they want, but this appears to stop it being automatically set for users.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DesktopSpotlight\Settings
DWORD32 "OneTimeUpgrade" = 0x00000000

[-]

joshtaco@reddit

yes, but no complaints about it lol

[-]

Rickm19@reddit

I started getting reports immediately after deploying the updates. I'm investigating options.

[-]

GullibleFly249@reddit

In testing, this seems to only occur if you are using one of the standard in-the-box backgrounds. If you've set a custom background manually/via gpo/bginfo/etc, it doesn't happen.

[-]

ceantuco@reddit

yup! Microsoft once again forcing their changes to users lol

[-]

WasteWorker7431@reddit

I've just installed this update on my device and have the same behaviour, was previously solid colour now switched to Windows Spotlight.

[-]

rollem_21@reddit

I just built a fresh WIM with KB5048652 injected also noticed windows spotlight as default.

[-]

Heisenberg1961@reddit

what patch addresses this one - CVE-2024-49138? I havent seen anything in WSUS yet

[-]

JustaWelshMan@reddit

After the update last night a variety of services timed out & did not start. (on multiple Server2019 servers)
They start manually but continually fail to start during a reboot.

These are Hyper-V guests with lots of resources. We've never experienced this before so something has occurred as a result of the updates.

I haven't located the cause yet but looking into it.

The SQLServerReportingServices service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

[-]

schuhmam@reddit

Because of curiosity and impatience, I decided to first update the servers from my customers and then my own.

Both Hyper-V Servers. Once an only 2019 Server environment and the other mixed with 2022 and 2019. All Server Core except on application server. Fortunately, I could not recognize any errors. The 2019 only environment also has got an Exchange Server; both have got SQL 2022 with just databases. Also, there were no errors.

The servers only have local SSD drives. No fancy SAN or something like that. They are only very small environments.

[-]

icq-was-the-goat@reddit

I got multiple servers @ 1 location out of 100's where most of the 2019's have this problem. On reboot most services are stopped, app services, RMM services, etc. Starting them manually works. Still stopped on reboots. Any known cause?

[-]

the_lazy_sysadmin@reddit

I would also like to know how this is going, as my org's scheduled patch window for servers is over the weekend.

[-]

K4p4h4l4@reddit

How's going so far? this is the only comment that got me worried this month :/

[-]

schuhmam@reddit

Is this the “only” service which is affected? Or do you see this error within other services?

[-]

timbotheny26@reddit

I'm just hoping that January's updates don't have another KB5034441.

[-]

m0us3c0p@reddit

I was so over that mess. I still have the PowerShell scripts I ran to jank up the partition tables and get the new recovery installed.

[-]

timbotheny26@reddit

I spent so much time reading up about that stupid update and why it kept failing the name is forever burned into my memory, and I'm not even a sysadmin. (Yet.)

I also remember reading through the documentation of the vulnerability it was supposed to patch and apparently it could only be exploited through physical access.

[-]

m0us3c0p@reddit

I'm not a sysadmin either, but I work alongside some, and I assist with patches. I never knew the exploit could only be carried out while physically in front of a machine.

[-]

alexkidd4@reddit

Well, the exploit worked while rebooting to the recovery environment which means you'd have to have KVM (physical) or remote BMC (ILO/DRAC/IP KVM) console access. You could theoreitcally exploit remotely with a compromised BMC module.

[-]

ceantuco@reddit

my Win 10 VM stopped getting KB5034441 installation error. It was never installed nor I ran the script to resize the partition.

[-]

timbotheny26@reddit

Yeah, because Microsoft delisted the update but only after 8 months or so.

[-]

Stormblade73@reddit

They released a replacement update that does exactly the same thing (dont have the KB number offhand), BUT it will only install on devices that can be automatically updated, so the new update does not have failures, but it leaves devices that technically need the patch unpatched if they require manual adjustments to install successfully.

[-]

timbotheny26@reddit

Ahh, thank you for the breakdown! I had no idea about any of this.

[-]

ceantuco@reddit

hahahah I didn't know lol it doesnt matter. once October 2025 comes, i am nuking that win 10 VM. lol

[-]

BinWu_Lex@reddit

anyone has problem with KB5048671 on Windows 2016 server which breaks Microsoft Print to PDF printer? Couldn't find related information anywhere yet.

[-]

OldSchoolCoolCat@reddit

Today I've been validating the 2024-12 updates with my Test MECM environment at work. I updated 7 of 8 Windows Server 2022 machines successfully via MECM. However the last server (The MECM Primary Server of all things) is failing to install via MECM or manual installation of the KB5048654 package.

KB5048654 fails to install on Server 2022 21H2

The Windows Event log shows the following even for a Manual installation

Windows update "Security Update for Windows (KB5048654)" could not be installed because of error 2147942413 "The data is invalid."

(Command line: ""C:\Windows\system32\wusa.exe" "C:\Users\USERNAME\Downloads\windows10.0-kb5048654-x64_ef51e63024cd96187ed7a777b1b6bbafb4c2b226.msu" ")

Note: I've also tried renaming the C:\Windows\SoftwareDistribution directory and rebooting the device to rebuild it. same result with a failed install.

Oh Joy. Has anyone submitted a ticket to Microsoft on this yet?

[-]

FCA162@reddit

Try this resolution from my post

[-]

nobody554@reddit

Is anyone else noticing KB5048654 (CU for Server 2022) not being detected by some Server 2022 systems. My homelab isn't seeing it when I hit WU directly, but I can download and manually install the patch. And at work, I've got a few Server 2022 systems that are not showing as needed in WSUS.

[-]

Green_Tea_w_Lemon@reddit

21H1 or 21H2?

[-]

nobody554@reddit

21H1

[-]

mike-at-trackd@reddit

\~\~ December 2024 Microsoft Patch Tuesday Damage Report \~\~

** 72 Hours Later **

Scattered reports of odd disruptions across a variety of Windows versions this month, none though, seemingly systemic. Not quite the holiday gift I was hoping for, but at least no sweeping Blue Screen of Deaths this month.

No disruptions detected or reported on the trackd platform.

Server 2025

Kerberos Local Key Distribution Center not starting

Server 2022

One obscure claim Server 2022 update bricked a handful of devices?

Server 2019

Services not starting automatically on Hyper-V guests

Windows 10

Shell launcher crashing every second

Miscellaneous

[-]

jwckauman@reddit

Isn't there another thread and/or site that keeps track of changes being caused by previous month's updates. like an update that was installed in Feb with an optional setting, is becoming a default setting this month.

[-]

pcrwa@reddit

This was the last time I saw someone try to pull them together:

https://www.reddit.com/r/sysadmin/comments/150j751/microsoft_ticking_timebombs_july_2023_edition/

[-]

rosskoes05@reddit

RIP

[-]

kulovy_plesk@reddit

Take a look at the monthly EMEA Security Briefing Call PDF, there is a section "Reminder: Upcoming Updates/deprecations" that may interest you: https://aka.ms/EMEADeck

[-]

FCA162@reddit

Thanks for spotlighting this link ! ;-)

[-]

Actual_Lingonberry98@reddit

I notice one thing: KB5048654 (Server 2022 21h1) fails to install on my SUP's in SCCM (v2309).

In my LAB environment did it fail, and today in my TA enviroment too. The error is 'Access is denied'.

Anyone else notices this ?

[-]

Green_Tea_w_Lemon@reddit

I was able to install this without any issues.

[-]

naps1saps@reddit

All of my RSAT addons are gone. A webcam that has 3rd party OS level companion software install popped up again after update on all machines. We've also had 10+ workstations imaged as far back as January re-activating and failing Windows activation after update. (might be my fault having the wrong key? not sure). One user's machine crashed on reboot and won't rollback. They are stuck at home and might have COVID. Extremely inconvenient. SFC and CHKDSK clean. I think this is after the latest monthly security rollup.

[-]

Ravigon@reddit

This release of Windows 11 24H2 2024-12B (KB5048667) is supposed to fix the eSCL scanning issue from the previous 24H2 release that would break USB scanners from HP, Brother, Canon, Fujitsu, etc.

https://www.neowin.net/news/kb5048667-microsoft-removing-windows-11-24h2-usb-related-54762729-update-block-soon/

https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24H2#3446msgdesc

[-]

TheDarkBrewer@reddit

It required a re-install of the driver/software, but I can report that my HP Scanjet Pro s3000 is working in 24H2 now.

[-]

MeanE@reddit

This update broke the only two USB scanners we have. I came here looking for a fix.

[-]

Parlormaster@reddit

Any SCCM folks getting 503 errors "Failed to download" in their ruleengine.log? I'm noticing that my software update groups are not populating the December updates even though they are appearing in the ADR preview. Ruleengine.log is littered with these errors this month for me.

[-]

Mayimbe007@reddit

Just checked on mine and they appear to have downloaded correctly. What does your "Software Update Point Synchronization Status" Report look like? Mine was Status=Completed. The ADR I usually run had the December updates listed.

[-]

Parlormaster@reddit

Thanks for confirming. Both of my syncs were successful today and the latest updates do show up in the preview. Perhaps I need to space out my rules as they might be running/downloading too close to each other. One of them appears to have resolved now after manually re-running. Thank you!

[-]

bdam55@reddit

Do your ADRs tend to finish before the next one starts? Downloading usually isn't the issue but if multiple ADRs run simultaneously I've seen it create SQL deadlocks that the product teams has just shrugged their shoulders at because it's not strictly reproduceable.

[-]

Parlormaster@reddit

I'm wondering if this is what bit me this month (despite the 503 errors misleading me), as I did tighten the ADR schedules up to a 30 minute gap between each rule instead of an hour. I observed my rules finishing in about 15min on average so figured this would be more efficient for my pilot group to not have their Win10/11 & O365 client patches hit appx. an hour apart. Flew too close to the sun it seems.

Thanks for the reply, I'm a big fan of your blog! :)

[-]

bdam55@reddit

FWIW: If that's what's happening the ruleengine.log (?) file will make is super clear. If memory serves, literally start spitting out lines saying "SQL Deadlock". So if you don't see any of those, then it's not that.

[-]

InvisibleTextArea@reddit

MS Servers tend to get overloaded, especially US Azure regions, on patch day. It'll work eventually.

[-]

Parlormaster@reddit

Thanks, I was able to get it working yesterday after resynchronizing my SUP and then manually running the rules. They must have changed something in the catalog that was causing the error (or my wsus db is dying!). Either way just a fluke.

[-]

rollem_21@reddit

Any .NET this month or am I blind.

[-]

calamarimeister@reddit

MSRT skipped for December. Was skipped December last year too. Must be a December thing.

No new version of .NET8 as well.

[-]

kingdead42@reddit

Christmas miracles prevent malicious software from being released.

[-]

IndyPilot80@reddit

Not seeing .NET or Malicious Software Removal Tool on my end this month.

[-]

FCA162@reddit

Check this link for latest updates of MSRT: Microsoft Update Catalog

[-]

HoJohnJo@reddit

They usually don't release one in December.

[-]

Fragrant-Hamster-325@reddit

Must mean there’s no more malicious software. They did it, they finally finished Windows.

[-]

rollem_21@reddit

Ah just noticed that also, looks like MS is on holidays already.

[-]

FCA162@reddit

You can use this link Microsoft Update Catalog to check for any .NET updates.
This month zero updates for .NET.

Latest updates for .NET (dec-2024): Microsoft Update Catalog

[-]

asfasty@reddit

nope - i was wondering about it in the october one I believe - none here for server 2016 and 2022 let alone win11 and win10 - guess they spare it for new year celebration of windows update as they did last year stating too much etc. for december - so happy new year to all of you already - btw. small environment does ok so far - the biggest one I am waiting for is the HV host *looool* - getting keys and car ready..

[-]

belgarion90@reddit

Also did not see one. Handy, because I'm teaching a Service Desk guy to do the monthly updates.

[-]

therabidsmurf@reddit

Nothing coming across on mine. Looks like just the cumulative.

[-]

m0us3c0p@reddit

I haven't seen one.

[-]

Sengfeng@reddit

I haven't been able to troubleshoot, but my home lab 2025 server is utterly borked right now. Been running a week, basic DNS, DHCP, Ubiquiti controller, Plex, and Veeam. Ran updates, it took a LONG time to reboot (an hour) and now it's back up, barely. Can't get into event log, file explorer just hourglasses, Unifi says it's running, but you can't connect to the site... Working on replacing the boot drive from a replica right now.

[-]

Sengfeng@reddit

Unifi just came back - 1.5 hours after server "boot." This is damn icky.

[-]

Sengfeng@reddit

Event logs finally loaded as well, looks like the update half installed. Windows Update says there was an error installing the cumulative, and apparently it is still trying to do stuff. Beware any early adopters!

[-]

AwsumO2000@reddit

KB5048654 bricked like.. 7 computers at work.. probably because they're being impatient

[-]

Different_Home_1183@reddit

2022 computers? Did it take a long time like last month's CU ?

[-]

Automatic-Ad7994@reddit

Really random question folks but could anyone in the UK try going to Word and seeing if CTRL + B to bold text no longer works. Had a few reports of it this morning and the only thing I can think is that this Windows update has done something that interferes with the language detection? Very strange

[-]

ZAFJB@reddit

In UK. Updated this morning.

M365 Word. Control-B works as expected

[-]

Del-Griffin@reddit

Just patched my workstation, Word version 2410 (Build 18129.20200 Click-to-Run) working fine

[-]

PetsnCattle@reddit

Can confirm I'm seeing this issue in the UK on Office 2019. Ctrl+I for italicisation works fine still.

[-]

JoelWolli@reddit

Not from the UK but we've had similar issues in the past few weeks where people couldn't use their Keyboard shortcuts (CTRL+F, CTRL+Shift+C/V, etc.) as somehow these got deleted or changed.
If you need a quick workaround for this or similar issues with shortcuts not working you can view and edit all shortcuts in File>Options>Customize Ribbon>Customize (next to "Keyboard Shortcuts" at the bottom of the page. "Bold" is the first option in the "Home Tab" Category.
You can then change the shortcut back to CTRL+B. This also works for other shortcuts that somehow stopped working.

[-]

Zaphod_The_Nothingth@reddit

Any word on the Excel bug that November CU introduced?

[-]

mish_mash_mosh_@reddit

We were having all sorts of excel issues this month, then worked out that making a different printer in Windows settings the default fixed all the issues. No idea why one would affect the other, but hay it's Microsoft.

[-]

jaritk1970@reddit

If you mean Excel 2016 add in problem, download fix here https://support.microsoft.com/en-us/topic/november-19-2024-update-for-excel-2016-kb4484305-c7fdc4c1-5061-c276-254f-5a090a462e4a

[-]

Zaphod_The_Nothingth@reddit

This one seems to fix it for some users, but not others. It's become a real issue for us.

[-]

SirNorthfield@reddit

The 2024-12 update, did not fix our excel 2016 issue. It still hangs.

[-]

NeverDocument@reddit

we actually just got this issue, Nov didn't affect us but dec is starting to hang as splash only. Works in safemode, the patch that u/jaritk1970 mentioned is already installed. O365 licensing can't come soon enough (even though it's not always perfect)

[-]

Zaphod_The_Nothingth@reddit

Bugger. Thanks.

[-]

Difficult-Tree-156@reddit

And they're off!

[-]

Difficult-Tree-156@reddit

December 10, 2024—KB5048661 (OS Build 17763.6659) - Not much info about it on the support site.

[-]

DrunkRecTeq@reddit

failed to install for me. Any idea why it would fail to install, or how to get it to successfully install?

[-]

1grumpysysadmin@reddit

It's patch time. Away we go with testing Windows 10/11, Server 2016, 2019 and 2022. More to come later.

[-]

1grumpysysadmin@reddit

So far so good. Looks like everyone is having the same so far relatively quiet deployment window. I'm starting rollout to servers in my org today.. workstations seem to be pretty good as well at this point.

[-]

JBurlison92@reddit

Is anybody running into issues updating their Server Core 2019 (or potentially any Server 2019/2022/2025 Core boxes) for the CU's of November and December? Getting the same error for the December update, KB5048661, that we got in November. I've got a case open with Microsoft on it, but we aren't getting much help on it.

Can not identify matching versions for component Microsoft-Windows-SPP-Main, version 10.0.17763.4377

[-]

jwckauman@reddit

Anyone having an issue with the Kerberos Local Key Distribution Center (KDC)? per this thread: Kerberos Local Key Distribution Center Wont start server 2025 : r/WindowsServer

[-]

Natural-Brilliant-89@reddit

Some users have problems with Edge (at least) shortcuts after the update, anyone else encountered this? It opens the browser, but just displays a white page with information about the URL and doesn't go any further.

[-]

ceantuco@reddit

Updated Windows 10 and 11 workstations without issues.

Updated test Server 2016 and 2019 without issues.

[-]

Talgonadia@reddit

Anybody else having an issue where you click on a Teams Chat window and it opens in a new window? I'm having that issue, working from home and about 50% of my chats are opening randomly in a new window.

[-]

kjweitz@reddit

Anything about the ntlm issue that 0agentbwanted us all to use their fix for?

[-]

Oc_GER@reddit

Why using NTLM? we denied it via GPO and only using NTLMv2.

[-]

ogiakul@reddit

This also affects NTLMv2: https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html?showComment=1733488623403#c6890146735206969591

[-]

FCA162@reddit

You mean this vulnerability?
CVE-2024-43451 - Security Update Guide - Microsoft - NTLM Hash Disclosure Spoofing Vulnerability

[-]

ogiakul@reddit

He means this one: https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch/

[-]

Juvelandia@reddit

will they have solved the remote desktop gateway problem?

[-]

techvet83@reddit

If you are talking about the problem that surfaced in July, that problem was solved in November, AFAIK. We patched our gateways in November without issue.

[-]

Juvelandia@reddit

November: installed the patch on rds gateway users complain about inability to connect or continuous disconnections every 20 minutes, I had set a snapshot I performed the revert and everything is working again. Same problem with Parallels Remote Application Server, the same patch breaks the PARALLES RAS Secure Gateways.

On rds gateway I had skipped the patches since July, they said that the October patch had solved it, but it didn't solve anything.

[-]

ntmaven247@reddit

which issue is that? I was thinking about an RDG deployment for some of our internal servers...

[-]

D1TAC@reddit

Another month of job security. /s

[-]

RiceeeChrispies@reddit

Related to patches (ish), is anyone seeing issues with Azure Update Manager?

I have loads of Arc enabled machines but only a handful are showing in AUM.

[-]

wrootlt@reddit

Hopefully our AWS workspaces on Windows Server 2016 will have less troubles with patches than in November. For years it was nothing special during patching. But last month so many got broken, had to be rebooted many times or rebuilt from scratch. Good that we are mostly on 2022 now.

[-]

FCA162@reddit

Tenable's report: https://www.tenable.com/blog/microsofts-november-2024-patch-tuesday-addresses-87-cves-cve-2024-43451-cve-2024-49039

Bleepingcomputer's report: Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

[-]

Kuipyr@reddit

Here's hoping they fix the remote guard issue with 24H2 so I can start pushing it.

[-]

RiceeeChrispies@reddit

Don’t think so, nothing in preview builds yet.

[-]

Kuipyr@reddit

Yep, I've had to pause my passwordless rollout and pray they fix it before 23H2 goes EOL next November for Pro.

[-]

asfasty@reddit

if anyone is wondering like me - here is a link in german clarifying remote guard issue - i have to pursue this further or keep it in mind for the future.

Windows Server 2025 und Windows 11 24H2 Remote Credential Guard erneut defekt - Administrator

[-]

EsbenD_Lansweeper@reddit

The last Patch Tuesday of this year brings us 71 new fixes, with 16 rated as critical and 1 exploited, including a Windows Common Log File System Driver Elevation of Privilege vulnerability that has been exploited, a whole list of critical Windows RDS RCE vulnerabilities and more, you can read more and grab the audit to find all unpatched devices from our blog.

[-]

JoeyFromMoonway@reddit

Alrighty, last patch day this year. Let's hope Santa doesn't bring his gifts too early. :)

Testing on 30 Servers/71 Clients. Let's go! :)

[-]

FCA162@reddit

Microsoft EMEA security briefing call for Patch Tuesday December 2024

The slide deck can be downloaded at aka.ms/EMEADeck (not yet available)

The live event starts on Wednesday 10:00 AM CET (UTC+1) at aka.ms/EMEAWebcast.

The recording is available at aka.ms/EMEAWebcast.

The slide deck also contains worth reading documents by Microsoft.

What’s in the package?:

A PDF copy of the EMEA Security Bulletin Slide deck for this month
ESU update information for this month and the previous 12 months
MSRC Reports in .CSV format, for this month’s updates including detailed FAQ’s and Known Issues data.
Microsoft Intelligence Slide
A Comprehensive Handbook on "Navigating Microsoft Security Update Resources" !

Also included in the downloadable package are handy reference reports produced using the MSRC Security Portal PowerShell Developer Functionality: https://portal.msrc.microsoft.com/en-us/developer

December 2024 Security Updates - Release Notes - Security Update Guide - Microsoft

KB5048667 Windows Server 2025

KB5048654 Windows Server 2022

KB5048661 Windows Server 2019

KB5048671 Windows Server 2016

KB5048735 Windows Server 2012 R2

KB5048699 Windows Server 2012

KB5048667 Windows 11, version 24H2

KB5046633 Windows 11, version 22H2, Windows 11, version 23H2

KB5044280 Windows 11, version 21H2 (All editions of Windows 11, version 21H2 are at end of service)

KB5048652 Windows 10, version 21H2, Windows 10, version 22H2

Download: Microsoft Update Catalog

Keep an eye on https://aka.ms/wri for product known issues

[-]

Automox_@reddit

This month comes with a lineup of 70 vulnerabilities (and 1 advisory). We think you should pay special attention to:

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

If an attacker successfully exploits this flaw, they could use the elevated privileges to move laterally across the environment, accessing sensitive data and potentially compromising additional systems.

Windows Remote Desktop Services Remote Code Execution Vulnerability

While the technical requirements make this vulnerability difficult to exploit today, attackers are continually refining their methods. Over time, it's likely they’ll develop tools that simplify the attack process.

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Early indicators suggest that attackers might exploit this bug by using Windows APIs to manipulate log files or corrupt log data, triggering the vulnerability. The potential impact is substantial.

Listen to the Autonomous IT Patch Tuesday podcast or read Automox's write up here. Happy patching!

[-]

kammerfruen@reddit

Nothing from Josh the taco yet? I sure hope he's okay.

[-]

Tyler_sysadmin@reddit

The patch isn't released yet. 10AM PST (PDT in the summer,) that's 1PM EST/EDT and 6/5PM UTC.

[-]

ntmaven247@reddit

I've always wondered why patch tuesday KB details aren't released a bit earlier to keep us sysadmins informed :)

[-]

e-a-d-g@reddit

Presumably because if they released information vulnerabilities without making the patches available, there would be more time to exploit unpatched systems.

[-]

SoonerMedic72@reddit

This is why. The info usually gives away too much. Remember when ConnectWise had the patch earlier this year with no info other than "patch immediately, it is really bad?" As soon as the info got out, there were PoCs on YouTube in 15 minutes as people just poked around and found the hole. If I remember correctly, you could rerun the setup from the web portal, which would wipe the admin table, create it new with default/entered creds, and give you access to the entire org. Combined with its on board tools, it was essentially remote root access to an entire environment in 5-10 minutes using point and click menus.

[-]

Google Chrome: Fixed 12 vulnerabilities in version 131, including a high-severity flaw in Blink.
Mozilla Firefox: Resolved 18 vulnerabilities, including zero-day CVE-2024-11691 affecting Apple M-Series devices.
Mitel MiCollab: Patched a zero-day linked to CVE-2024-41713, enabling arbitrary file reads.
Cisco NX-OS: Fixed critical CVE-2024-20397, allowing firmware bypass on over 100 devices.
Veeam: Addressed critical CVE-2024-42448 (RCE) and CVE-2024-42449 (NTLM hash theft).
Zabbix: Fixed CVE-2024-42327 (SQL injection, CVSS 9.9) and related vulnerabilities.
WordPress: Patched CVE-2024-10542 and CVE-2024-10781 (RCE, CVSS 9.8) in CleanTalk plugin.
7-Zip: Fixed CVE-2024-11477 (CVSS 7.8) allowing RCE in version 24.07.
Linux: Patched five privilege escalation vulnerabilities in needrestart utility.
Citrix: Fixed CVE-2024-8068 and CVE-2024-8069 (RCE and privilege escalation).
Apple: Emergency fixes for zero-days CVE-2024-44308 and CVE-2024-44309 in macOS and iOS.
Palo Alto Networks: Patched CVE-2024-0012 (critical authentication bypass) and CVE-2024-9474.
VMware: Fixed CVE-2024-38812 (heap overflow, CVSS 9.8) in vCenter Server.
Ivanti: Addressed over 50 vulnerabilities, including CVE-2024-38655 and CVE-2024-50330.