Thursday, November 12, 2015

How To Fix Botched MS Update MS15-115 KB-3097877; Affects More Than Outlook

Microsoft released a botched update that was supposed to fix opentype vulnerabilities but has caused logon issues, blank screens, etc.... The first reported problem with this hotfix was that Outlook would crash when opening HTML email.

They have since fixed the issue with this patch and have re-released it, as Infoworld reports.
 Microsoft has since replaced the troublesome security patch with a new one by the same KB number, at least for Windows 7
Fix #1: Use Remote Desktop/MSTSC and RDP into the machine and remove the update with this command:

wusa /uninstall /quiet /norestart /kb:3097877


You will still need to go into Windows Update, click Check for updates, and right click on update 3097877, then right-click it and choose Hide this update. You will not need to hide this update anymore, as this patch has been rereleased today.

Fix #2: As reported by Ryan Seabury on Infoworld's coverage, disconnect all secondary and tertiary (extra monitors) video monitors and reboot, then you should be able to login again. Then you can remove the update, and the working update that was re-released today (Thursday, November 12) will download again through Windows Update. Be sure to upgrade video driver to latest, as this update may corrupt display drivers.


Links:

https://social.technet.microsoft.com/Forums/en-US/482486ba-a378-4dcd-bd21-08ae19760b93/crashes-since-111115-updates-in-both-outlook-2010-and-2013-when-viewing-html-emails?forum=officeitproprevious

https://social.technet.microsoft.com/Forums/windows/en-US/336eae75-b5f4-41ea-bd2b-5f0248585a66/blank-screen-after-pressing-ctrlaltdel-for-login-after-windows-updates-no-way-of-logging-in-on?s=ecym&tduid=(32295f03de2fa23337fa02ecc12bc906)(256380)(2459594)(TnL5HPStwNw-ih3ZE4nGDMdpOi4RcapOeQ)()

https://www.reddit.com/r/sysadmin/comments/3seii6/outlook_issues_after_windows_update_1111/

https://www.google.com/search?q=KB+3097877

http://www.dshield.org/forums/diary/November+2015+Microsoft+Patch+Tuesday/20359/

http://www.pcworld.com/article/3004638/business-security/patch-tuesday-windows-security-update-rendered-outlook-unusable-for-many.html

http://www.zdnet.com/article/outlook-crashing-after-windows-security-updates-you-are-not-alone/

http://www.infoworld.com/article/3004441/microsoft-windows/microsoft-surreptitiously-reissues-botched-patch-kb-3097877-for-windows-7.html

http://news.softpedia.com/news/kb3097877-update-causing-issues-on-windows-7-windows-8-1-496053.shtml


Also in some unrelated news, but still interesting, you can now test you Android for all 22 security vulnerabilities with VTS for Android by NowSecure OSS . My LG Leon LTE is vulnerable to stagefright.