Understanding Out of Band Windows Updates and KIRs


For many years, the term “Microsoft out-of-band update” meant that Microsoft released a special patch for a security issue identified as being under active attack. The patch was urgent enough to be released outside of the normal “Patch Tuesday” security updates released on the second Tuesday of every month.

But recently, Microsoft released out-of-band updates that address issues introduced with monthly security updates. Often people install monthly security updates without realizing that there are other ways Microsoft fixes the problems introduced by its patches.

Since Windows 10 and 11 updates are cumulative, when you install an update, it’s an all-or-nothing rollout. There is no way to install some components of the update without installing everything. Depending on where the underlying problem of a patch is, Microsoft may use an out-of-band update or a known issue rollback to introduce a fix into the system. Let’s explore these two methods.

Out-of-Band Windows Updates

Recently, we’ve seen a bumper crop of out-of-band updates addressing issues introduced in previous patch releases. For example, October 28 KB5020853 Update for Windows 10 22H2 is an out-of-band release addressing issues introduced by previous updates. It “specifically fixes an issue that causes Microsoft OneDrive to stop working. This happens after you unpair your device, stop syncing, or sign out of your account.

Unfortunately, these out-of-band updates are not delivered through Windows Update or Windows Software Update Services (WSUS). You have to download and install them manually on all your systems.

For known issues with updates, I always start with the Windows Release Health Dashboard. There, Microsoft lists issues with Windows Updates that it has documented or is investigating, along with instructions for mitigating issues, if any.

For example, November 8e security patches introduced changes in Kerberos handling that caused authentication issues. Microsoft then had to release patches for Windows servers to fix these issues. As noted in Windows Release Health Dashboardthese patches should be applied to the affected domain controllers to correct the authentication side effects introduced by the November updates.

Adding to the confusion, Microsoft often introduces changes in out-of-band “Preview” updates that are then rolled into the following month’s security updates. Unfortunately, sometimes the preview updates themselves cause issues. Example: a recent change that was slipped into the September 20 update for Windows 10 21H2, named KB5017380 Preview. Buried in the documentation, Microsoft noted that the update “disables Transport Layer Security (TLS) 1.0 and 1.1 by default in Microsoft browsers and applications. For more information, see KB5017811.”

This change triggered side effects in old line-of-business applications and in mail clients connecting to old mail servers. Without the update, the mail client would connect just fine; with the update, the connection would fail.

This KB5017380 Preview update was later rolled into the October 11 security update, KB5018410. So if you experienced any side effects that manifested as TLS or SSL errors after installing the October security update, you can uninstall this update, check the footnotes of the update and find yourself scratching your head because no TLS or SSL issues were listed. Instead, you should know that TLS/SSL issues were introduced in the previous preview build.

Rollbacks of Known Issues

There are times, however, when side effects can be corrected with a process called Restoring a known issue (KIR), a methodology developed by Microsoft to roll back offending parts of a patch without requiring you to uninstall the entire update. When the code that triggered the side effect can be removed from the system without reintroducing a security issue, Microsoft issues a KIR.

As noted on the Windows 10 Version Health Dashboard, for example, a recent side effect introduced with the August KB5016688 update that caused the desktop or taskbar to disappear or become unresponsive has been resolved with Microsoft initiating a rollback. Also, on October 25e update introduces problems with direct access, a Microsoft technology that enables secure remote access to a network. Microsoft has also addressed this issue through the Known Issues Rollback.

First stop: Windows Release Health Dashboard

Understanding how to deal with side effects of updates while keeping security updates installed can often lead to digging into the Windows Release Health Dashboard to see if any side effect you are experiencing has been noted and documented. When issues are widespread, they will be documented on this site. For issues that are outliers, you often have to dig a little deeper.

One thing to keep in mind with the issues you are having is that there are lots of other software that updates on your computers, often around the same time that Windows security updates are installed. So, if you suddenly notice problems with your computers, don’t just assume the problem is caused by a Microsoft update; there may be additional updates of other software that trigger issues.

Conclusion: Changes to your operating system not only occur with OS updates, but also with browser, extension, and antivirus updates. Regularly, your system undergoes changes. Be sure to check out the various resources and look for any out of band fixes that Microsoft might release. Bugs introduced by monthly security updates may be fixed with another update. Before uninstalling an update, check the Windows Release Health Dashboard to see if it has already been fixed with an out-of-band restore or update.

Copyright © 2022 IDG Communications, Inc.


About Author

Comments are closed.