It's been three weeks since Microsoft released its December security patches, and a bad conflict with the Active Directory Admin Center (and, by some accounts, SCCM) is only now reaching the mainstream. Those of you running Active Directory take note.
The good news: Uninstalling the wayward patch solves the problem. The bad news: Nobody seems to know exactly which patches trigger the crash.
[ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan. 15, 2017: Use code 8TIISZ4Z. ]
Back on Dec. 27, poster Paul on AskWoody reported a troubling conflict for Windows admins:
Did the security only update (KB3205394) break anyone else’s applications? In an enterprise environment, it broke AD Admin Center console when trying to edit any object’s properties, and it also broke SCCM consoles. Removing just this patch resolved both situations.
- KB 3206632 – Win10 v 1611 Dec. 13 cumulative update 14393.576
- KB 3205386 – Win10 v 1511 Dec. 13 cumulative update 10586.713
- KB 3205400 – Win 8.1 Dec. 13 Security-only patch
- KB 3205394 – Win7 Dec. 13 Security-only patch
I haven't seen any reports yet for the following patches, but wouldn’t be surprised if they move into the “bad” box as well, sooner or later:
- KB 3205383 – Win10 “v 1507” Dec. 13 cumulative update 10240.17202
- KB 3205401 – Win 8.1 Dec. 13 Monthly Rollup (presumably includes the bad bits in 3205400)
- KB 3207752 – Win7 Dec. 13 Monthly Rollup (guilty by association with 3205394)
If you can verify problems with any of those, please hit me in the comments.
Based on the crashing module name, kernelbase.dll, I would point the finger at MS 16-151, the “Security Update for Windows Kernel-Mode Drivers,” which has become a monthly recurring theme of late.
I haven’t seen any acknowledgment of the problem from Microsoft.
Given the new patching method that was set in place by the patchocalypse, admins have a straightforward choice: Use Active Directory Admin Center to edit users/groups, or remove all December security patches.
Rock, meet hard place.
Thanks to Paul and MH.