3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
By Susan Bradley
Business patchers take heed.
Usually, monthly updates have the same impact on both business and consumer PCs. This month, applying patches to consumer machines is generally safe, which would have earned a MS-DEFCON level of 4. But business machines are another matter; I’ve lowered the level to 3.
For the most part, I think the business issues are resolved as of the publication of this alert. But we’re experiencing one of those media frenzies which is vastly overstating the occurrence of blue screens of death (BSOD).
That said, there are some isolated issues with some hardware for which Windows 11 KB5035853 is triggering BSODs. It appears to be limited to Lenovo laptops with AMD chips. I am not seeing issues with HP or Dell laptops.
I am seeing some reports with third-party Windows Explorer patch tools, so if you are a fan of ExplorerPatcher, make sure you are on the latest release.
Consumers
Blue screens of death are one of the worst side effects of updating. Dealing with the aftermath is not fun. So if you are at all squeamish about installing the March updates on your Lenovo computer and you aren’t quite sure if you have an Intel or AMD, I wouldn’t blame you if you ensured that your deferral was kicked down the road until the April updates are released.
Most computers ship with some sort of badging that clearly indicates which brand of CPU the PC is based upon. But even if you can’t find such badging, Settings | System | About will tell you. Either way, knowing which processor is involved can help you decide whether to proceed with updates or defer for a month until the problem is known to have been resolved. This situation points out that Windows is deployed by many different vendors on many different hardware configurations and cannot (or does not) test every one.
I don’t have any factual statistics to guide me on this, but over the years I have seen odd issues pop up with AMD processors. It’s my opinion, not fact, that the relationship between Intel and Microsoft seems a bit stronger than the one with AMD. Given that the March updates also did not include any critical patch issues for consumer operating systems and applications, if you want to sit out March updates and join in on the fun in April just to be safe, I wouldn’t blame you one bit.
To recap my recommendations for consumers:
- If you have installed the March updates with no issues, leave them installed. You are fine.
- If you have not installed the March updates and you have a Lenovo computer with an AMD chip, keep deferring the updates or use BlockAPatch to hide them on the Windows 11 platform.
- If you have not installed the March updates and you have any other brand of computer with an Intel chip, you can keep deferring them or use BlockAPatch to hide them on the Windows 11 platform.
We’re still seeing Copilot in dribble mode. Savvy forum participant WCHS noted that once Edge Beta was installed, it also seemed to bring along a new Microsoft Copilot app — for Windows 10! It is not installed if you merely have Edge, but gets installed with the current Edge beta.
It’s unclear what exactly it is or does, especially given that it was installed on a computer that does not have Microsoft Copilot plus or Microsoft 365 Copilot. I’m making inquires about this. Remember, you can also disable Copilot in the Edge browser. I’ll let you know if we need to also uninstall an app going forward.
Businesses
A problem arose with patches earlier this month for domain controllers. Microsoft noted, “Extreme memory leaks may cause LSASS to crash, which triggers an unscheduled reboot of underlying domain controllers (DCs).”
However, this was resolved very quickly with out-of-band (OOB) updates. The chart below shows the original KB for each server mentioned and the KB for the resolution.
| Server Version | Message ID | Original KB | Resolved KB |
| Windows Server 2022 | WI748847 | KB5035857 | KB5037422 |
| Windows Server 2019 | WI748848 | KB5035849 | KB5037425 |
| Windows Server 2016 | WI748849 | KB5035855 | KB5037423 |
| Windows Server 2012 R2 | WI748850 | KB5035885 | KB5037426 |
If you use Lenovo’s Vantage program, it appears that a recent firmware update has triggered issues asking for BitLocker recovery keys. If you’ve started rolling out Lenovo firmware updates, you might want to either hold back or do additional testing if other systems under your control are impacted.
Exchange patchers who installed the March security updates will have to use a workaround to fix searching. After installing the March updates, if you run a search in Microsoft Outlook Cached mode you will receive an error message. Microsoft has provided a workaround and is working on a fix.
For those who need to dig into windows update logs, it’s often been a black box. I stumbled on a post that may help to identify what is going on if you need deeper investigation. I still wish that the log files were clearer, but this may help to shed some light on situations where you think a user has inadvertently clicked on something triggering the system to install an update when you hadn’t yet approved the update in your network.
For those of you with Lenovo systems with AMD processors, review the guidance for consumers above. Defer updates until this issue is resolved.
Resources
- Susan’s Master Patch List
- The MS-DEFCON System explained
- BlockAPatch — Tools to help you hide or block updates
- Steve Gibson’s excellent InControl to manage feature releases
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.