Yesterday Microsoft pushed out KB4480966 to Windows 10 users on the April 2018 Update.
The emergency patch addressed a remotely exploitable bug which Microsoft titled “Windows DHCP Client Remote Code Execution Vulnerability“, saying:
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.
To exploit the vulnerability, an attacker could send a specially crafted DHCP responses to a client.
The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Now somewhat predictably, users are reporting major issues with the patch, ranging from difficulty installing the patches requiring users hard restart their PC to difficulty connecting to internal network IP addresses to network-based apps failing.
On Tenforums one user complains:
This is terrible, since this patch, my task manager doesn’t reliable list my drives anymore… And Microsoft doesn’t even have that listed amongst “known issues” ! Wow, Microsoft. Am uninstalling the update now, waiting for MS to realize what they caused here.
Edge can no longer open the web UI admin page for my router since this update (either by url http://bthub.home or IP address 192.168.1.254) IE still can. This bug is also reported for the Jan. 8 update for 1809.
A third complains:
This update broke windows Hello for me! now it says windows hello not available on this computer and finger scan login is no longer available! this is the first time such thing happen on my laptop!
On twitter a user complains of an image editing app no longer working:
Someone else reports a bluescreen:
Windows 10 Update
January 8, 2019—KB4480966 (OS Build 17134.523)
has made run into a blue screen and took me an hour to solve it, so if anyone getting prompted for this update
donot do it!#Windows10 #WindowsUpdate #StickyNotesFailure
— Mostafa Amine (@mostafa_amine) January 10, 2019
Another Windows 10 user says he has been asked to uninstall the app and disable automatic updates:
@CegidGroup vous êtes sérieusement en train de demander à vos client de désinstaller la KB4480966 et désactiver les mises à jour automatiques de leur poste de travail ?!?!?! Ping @microsoftfrance @ANSSI_FR
— unblogdetrop (@unblogdetrop) January 9, 2019
As a security patch users, of course, have no choice about whether this patch will be installed or not, so we only hope the issues are not widespread.
Are any of our readers affected? Let us know below.
Thanks, MakoD for the tip.