4 Replies Latest reply on Aug 14, 2018 7:46 PM by todd.schell

    Microsoft July 2018 patch issues

    jmjonsun Rookie

      Several of our end user machines are still getting Blue Screens caused by TCPIP.sys after the July patches.  Microsoft says that they have corrected but we are still fighting this issue with some of our users.  I was curious what kind of testing (if any) does Ivanti do for patches being released.

        • 1. Re: Microsoft July 2018 patch issues
          anthony.swanson SupportEmployee

          Hello,

           

          Thank you for you post. Out testing of patches primarily consists of ensuring that our detection logic is accurately showing missing patches to the applicable OS and 3rd party applications. There is limited or no testing of potential failures or BSOD's on patches as we are not always able to reproduce these types of issues.

           

          Are these updates you're having issues with the patches released on Patch Tuesday? If so, there are fix updates that you would want to install and those should help with the issues you're facing, according to Microsoft's documentation on this. You can find more information on the fix patches in the link below.

           

          Issue with July Updates for Windows on an Exchange Server – You Had Me At EHLO…

           

          Thank you,

           

          Anthony

          • 2. Re: Microsoft July 2018 patch issues
            jmjonsun Rookie

            Thanks for the response Anthony.  The link you provided deals with Microsoft Servers and Exchange issues.  The issues we are seeing is with users Windows 10 computers.  I have excluded the offending patches from our patch definitions in the Ivanti patch console. 

            • 3. Re: Microsoft July 2018 patch issues
              anthony.swanson SupportEmployee

              Hello,

               

              Thank you for your reply. Depending on the Windows 10 version you're on, the KB4345418 will apply to build 1607 for Windows 10 as well. What other builds of Windows 10 are you currently working with?

               

              Regards,

               

              Anthony

              • 4. Re: Microsoft July 2018 patch issues
                todd.schell SupportEmployee

                Hello,

                 

                The content team performs a complete patch cycle test as part of their QA procedure.  In addition to testing detection logic as Anthony mentioned, we do apply the patch, reboot, and run a second patch scan to ensure the patch is properly applied and detected as installed.  As part of this procedure we will detect if there are problems with reboot or if there is a BSOD.  We will detect if there are any major issues with the patch.

                 

                Just to add further detail here.  We also test with several update models depending upon the patch.  For example, we will always test starting with the previous patched version and applying the new update.  This is the most common field scenario.  If the patch supports major updates, we will also test updating from an RTM release to the current version.  This gives us further evidence we are detecting and applying the patch properly.

                 

                We DO NOT test that the patch is fixing a known issue.  We have to assume the vendor is fixing the proper issue in their product.  We also DO NOT test for 'side effects' or related problems from the patch.  We do not test product functionality.  We can only verify the patch is applied and the system/application restarts properly.

                 

                Please understand that we are testing starting from our known good configurations.  We cannot duplicate field situations where there are multiple apps running or some elements on the endpoint are corrupted.  I hope that provides more perspective on the process.

                 

                Regards,

                Todd Schell