Windows 10 patch KB 3074683 fixes Explorer crash caused by KB 3074681

Microsoft actually provides documentation on the new patch, but it's befuddling for several reasons

Windows 10 patch KB 3074683 fixes Explorer crash caused by KB 3074681
Credit: Joseph Mischyshyn

Overnight, Microsoft released a patch, dubbed KB 3074683, which appears to fix the problems caused by a Windows 10 Technical Preview build 10240 update; the KB 3074681 patch triggered Explorer crashes in certain circumstances. If you're using build 10240, your machine probably rebooted and the fix is installed.

While KB 3074681 remains undocumented (aside from the usual "a security issue has been identified in a Microsoft software product" pablum), we have a little bit of insight into KB 3074683. It's a cumulative security update for Windows 10, dated July 24. I have no idea why it's dated July 24, when it was delivered overnight on July 27, but there you have it. (On July 24, my PCs say they received KB 3074680 and 3074686.)

According to the KB article, last night's patch plugs the OpenType font hole from MS15-078, updates Flash per Security Advisory 2755801, and fixes a new vulnerability if Windows Installer runs rogue scripts.

As we've grown accustomed to seeing, "additionally, this update includes non-security-related changes to enhance the functionality of Windows 10 through new features and improvements." It's another hybrid security/non-security patch.

Of course, this is a beta and Microsoft can (and should) do anything possible to keep the beta moving forward -- especially with tomorrow being D-for-Download Day. But a couple of nuances struck me.

First, Microsoft already patched MS15-078, the OpenType font hole in Windows 10, when it released patch KB 3074667 last week. That's a squirrelly patch because Microsoft first released it as MS15-077, then as MS15-078; apparently both were directed at the OpenType vulnerability. Could there be a problem with the OpenType patch for other Windows versions?

Second, Microsoft already patched SA 2755801 in Windows 10. That was patch KB 3074679, issued late last week.

I'm also tickled by the admonition:

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

That's a bit galling in a forced-update patching apocalypse like Windows 10.

Want to see something else befuddling? Open the KB 3074679 article and the KB 3074683 article and compare them. The first one, from last week, says it is the Cumulative Security Update for Windows 10: July 23, 2015. The second, from last night, says it's the Cumulative Security Update for Windows 10: July 24, 2015. There's a (huge) list of files in the first one and no files listed in the second one, but as best I can tell they are in all other respects identical -- even down to the formatting.

Security patch documentation via cut-and-paste. Now that's a novel approach.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.