Microsoft News – 19 October 2015

It turns out that Microsoft has been doing some things that are not Surface-related. Here’s a summary of what’s been happening in the last while …



Windows Server

Windows Client


Office 356


Microsoft News – 30 September 2015

Microsoft announced a lot of stuff at AzureCon last night so there’s lots of “launch” posts to describe the features. I also found a glut of 2012 R2 Hyper-V related KB articles & hotfixes from the last month or so.


Windows Server


Office 365


MS15-068–SERIOUS Hyper- V Security Vulnerability

This is one of those rare occasions where I’m going to say: put aside everything you are doing, test this MS15-068 patch now, and deploy it as soon as possible.

The vulnerabilities could allow remote code execution in a host context if a specially crafted application is run by an authenticated and privileged user on a guest virtual machine hosted by Hyper-V. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability.

This security update is rated Critical for Windows Hyper-V on Windows Server 2008, Windows Server 2008 R2, Windows 8 and Windows Server 2012, and Windows 8.1 and Windows Server 2012 R2. For more information, see the Affected Software section.

The security update addresses the vulnerabilities by correcting how Hyper-V initializes system data structures in guest virtual machines.

I don’t know if this is definitely what we would call a “breakout attack” (I’m awaiting confirmation), one where a hacker in a compromised VM can reach out to the host, but it sure reads like it. This makes it the first one of these that I’ve heard of in the life of Hyper-V (since beta of W2008) – VMware fanboys, you’ve had a few of these so be quiet.


Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was originally issued Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

It sounds like a reasonable organization found and privately disclosed this bug, thus allowing Microsoft to protect their customers before it became public knowledge. Google could learn something here.

So once again:

  1. Test the patch quickly
  2. Push it out to secure hosts and other VMs


Some digging by Flemming Riis (MVP) discover that credit goes to Thomas Garnier, Senior Security Software Development Engineer at Microsoft (a specialty in kernel, hypervisor, hardware, cloud and network security), and currently working on Azure OS (hence the Hyper-V interest, I guess). He is co-author of Sysinternals Sysmon with Mark Russinovich.


Microsoft News – 24 February 2015

Here is the latest news in the world of Microsoft infrastructure:


Windows Server

System Center


Office 365


Microsoft News – 20 November 2014

There are a lot of upset people because of (1) the Azure outage and (2) how Microsoft communicated during the outage. We had a couple of affected customers. The only advice I can give to Microsoft is:

  1. Don’t deploy your updates to everything at the same time.
  2. Now you know how customers feel when bad updates are issued. Bring back complete testing.
  3. Communicate clearly during an issue – that includes sending emails to affected customers. You’ve got monitoring systems & automation – use them. Heck, you even blogged about how (Azure) Automation could be used by customers to trigger actions.




Microsoft News Summary – 10 September 2014

In other news, Apple proves that wearable devices are a pointless Gartner-esque fad, and those preachy tax-avoiding frakkers, U2, suck donkey balls.


System Center Operations Manager

  • OM12 Sizing Helper: This is a Windows Phone app version of the OpsMgr 2012 Sizing Helper document.



  • Microsoft rumored to be poised to buy Minecraft creator for $2 billion: This blocky game is the hottest thing with kids. I’ve spent many an hour *cough* helping *yes, helping* with constructions & adventures on an iPad and Xbox. And to be honest, it is a good problem solving game and it encourages kids to interact, based on what I’ve observed.

BEWARE! Microsoft Released September 2014 Update Rollups For Windows Server

Both Windows Server 2012 and Windows Server 2012 R2 (as well as their desktop OS and RT variants) received update rollups last night.

You know the drill: only install these updates before they are one month old if you want to shut down your business, get fired, and become an IT pariah. Let some other mug do the testing for you. You can do your own pilot testing and approve after that.

The WS2012 release includes a fix for SMB troubleshooting (including other fixes):

  • 2980749 Event log data for troubleshooting SMB in Windows 8 and Windows Server 2012

The WS2012 R2 release highlights for me are:

  • KB2984324 Clussvc.exe or cluster node crashes when a node sends a message to another node in a Windows Server 2012 R2 cluster
  • KB2982348 Broadcast storm occurs after a virtual switch duplicates a network packet in Windows 8.1
  • KB977219 Updates to improve the compatibility of Azure RemoteApp in Windows 8.1 or Windows Server 2012 R2

KB2990170 – MPIO Identifies Different Disks As The Same Disk

Microsoft posted a fix for Windows Server 2012, Windows 8, Windows Server 2012 R2, Windows 8.1, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 for when multipath I/O identifies different disks as the same disk in Windows.


The code in Microsoft Windows that converts a hexadecimal device ID to an ASCII string may drop the most significant nibble in each byte if the byte is less than 0x10. (The most significant nibble is 0.) This causes different disks to be identified as the same disk by Multipath I/O (MPIO). At the very least, this may cause problems in mounting affected disks. And architecturally, this could cause data corruption.


When you apply this hotfix, the conversion algorithm is fixed. Disks that were masked by this issue before you installed the hotfix may be raw disks that still have to be partitioned and formatted for use. After you apply this hotfix, check in Disk Management or Diskpart for previously hidden disks.

A supported hotfix is available from Microsoft Support.

KB2989586 – Stop Error 0x000000D1 After Installing Hyper-V Role On WS2012

Microsoft posted a hotfix for when you get a stop error 0x000000D1 after you install the Hyper-V role on a computer that’s running Windows Server 2012.


After you install the Hyper-V role on a computer that’s running Windows Server 2012, you may receive the following Stop error message:

0x000000D1 (parameter1 , parameter2 , parameter3 , parameter4 )


  • The parameters in this error message vary, depending on the configuration of the computer.
  • Not all "0x000000D1" Stop errors are caused by this problem.


This problem occurs because of incorrect handling of the IP address structure inside the Vmswitch.sys file.

A supported hotfix is available from Microsoft Support.

Microsoft Fraks Up Patches AGAIN

I’m sick of this BS.

Microsoft is investigating behavior in which systems may crash with a 0x50 Stop error message (bugcheck) after any of the following updates are installed:

2982791 MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014
2970228 Update to support the new currency symbol for the Russian ruble in Windows
2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012

This condition may be persistent and may prevent the system from starting correctly.

If you are affected by any of the above then the repair process (see Known Issue 3) is an ungodly nightmare.

This is exactly why I tell people to delay deploying updates for 1 month. That’s easy using SCCM (an approval rule will do the delaying and supersede for you). WSUS – not so easy and that requires manual approval, which sadly we know almost never works.

Feedback, private and public from MVPs hasn’t worked. Negative press from the tech media hasn’t worked. What will, Microsoft? Nadella oversaw this clusterfrak of un-testing before he was promoted. Is sh1te quality the rule from now on across all of Microsoft? Should we tell our customers to remain un-patched, because catching malware is cheaper than being secure and up-to-date? Really? Does Microsoft need to be the defendant of a class action suit to wake up and smell the coffee? Microsoft has already lost the consumer war to Android. They’re doing their damndest to lose the cloud and enterprise market to their competition with this bolloxology.