Patch Management

Addressing the Disclosed MDS Vulnerability for Azure VMs

A recently disclosed vulnerability affects many modern processors and operating systems including Intel, AMD, and ARM. Referred to as “speculative execution side-channel attacks,” this serious vulnerability can allow attackers to read privileged data across trust boundaries. Microsoft Azure platforms are fully protected and mitigation has already been deployed. However, customers managing their own VMs and virtual environments in Azure need to be aware that actions may need to be performed. Microsoft has supplied guidance for this scenario: Guidance for mitigating speculative execution side-channel vulnerabilities in Azure Customers that are running untrusted code within their VM need to take action to protect against these vulnerabilities by reading below for additional guidan...

Microsoft Patches Severe Bug in Remote Desktop Services

One of the more critical security holes that Microsoft is patching this month is one in its Remote Desktop Services. Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that...

Non-security Microsoft Office Updates for May 2019 Now Available

Microsoft’s monthly updates for Office – the one’s that generally kick-off each month on the 1st Tuesday – are now available. These are updates for fixing bugs and adding features, and not necessarily to solve security woes. Here’s whats’s available now… Office 2010 Update for Microsoft Outlook 2010 KB4464524 Office 2013 Update for Microsoft Office 2013 KB4011677 Update for Microsoft Outlook 2013 KB4464546 Update for Skype for Business 2015 (Lync 2013) KB4464547 Update for Microsoft Word 2013 KB4464545 Office 2016 Update for Microsoft Office 2016 KB4461477 Update for Microsoft Office 2016 KB4462119 Update for Microsoft Office 2016 KB4461441 Update for Microsoft Office 2016 KB2902717 Update for Microsoft Office 2016 KB4462238 Update for Microsoft Of...

Windows 10 1809 Gets Its Second Big Update in as Many Days

Microsoft today has rolled out a new update for Windows 10 1809. This update comes just two days after a May 1st release that, among other things, fixes bugs with Japanese language pieces. Here’s what’s new: May 3, 2019—KB4495667 (OS Build 17763.475) Allows the built-in Administrator account to run Microsoft Office setup after downloading the installer in Microsoft Edge. Addresses an issue that causes Internet Explorer Automation to fail in certain instances. Addresses an issue that may prevent Custom URI Schemes for Application Protocol handlers from starting the corresponding application for local intranet and trusted sites on Internet Explorer. Addresses an issue that prevents certain apps from launching when you set folder redirection for the Roaming AppData folder to a net...

Tip: Keep Track of Content Changes Each Month for WSUS

Did you know that Microsoft publicly records the updates (and other content) pushed to Software Update Services and Windows Server Update Services each month? Administrators that need to understand when Microsoft adds things, or makes changes, need to bookmark and monitor changes for this supplied document: Description of Software Update Services and Windows Server Update Services changes in content for 2019 The document is updated each time new updates are made available for SUS and WSUS, and when changes occur.

Microsoft Delivers a May 1st Surprise Update for Windows 10 Version 1809

Depending on how positive you want to start the month of May, Microsoft has kicked off the the month with a cumulative update for Windows 10 1809. Here’s what’s fixed: Addresses an issue that prevents the CALDATETIME structure from handling more than four Japanese Eras. For more information, see KB4469068. Updates the NLS registry to support the new Japanese Era. For more information, see KB4469068. Addresses an issue that causes the DateTimePicker to display the date incorrectly in the Japanese date format. For more information, see KB4469068. Addresses an issue that causes the Date and Time Settings control to cache old Eras and prevents the control from refreshing when the time enters the new Japanese Era. For more information, see KB4469068. Updates fonts to support the new...

Remove USB devices or SD cards before upgrading to the Windows 10 May 2019 Update

As Microsoft prepares to unleash its latest Windows 10 version on the masses, the company is working feverishly to minimize similar damage that was caused with the last release. As the moment of Windows 10 May 2019 release gets closer, the company should continue to produce warnings about pieces of potentially errant technology that customers need to be aware of. In the latest warning, Microsoft suggests removing any USB devices or SD cards from PCs prior to performing the upgrade. Microsoft will actively block the upgrade from PCs with USB or SD hardware installed to help eliminate potential problems. Full details: “This PC can’t be upgraded to Windows 10” error on a computer that has a USB device or SD card attached  

Antivirus Vendors Still Struggling to Support Microsoft’s Latest Windows Update

Some headway has been made to support Microsoft’s latest Windows update with Arcabt and Avast releasing emergency fixes – but for many other antivirus firms, the latest round of Windows updates is still causing many PCs to become unstable and fail to boot. Microsoft is still blocking the update from installing on those PCs that are detected to run the troublesome antivirus packages. Those still without final resolutions remain: Sophos Avira McAfee While Microsoft continues to work with the antivirus vendors, guidance for temporarily resolving problems has been released from some of them: Sophos support article Arcabit support article Avast support KB article McAfee Security (ENS) Threat Prevention 10.x McAfee Host Intrusion Prevention (Host IPS) 8.0 Note that these issues only ...

Microsoft Blocks April 2019 Windows Updates Causing Boot Problems

Microsoft has now blocked a few updates from being downloaded and installed due to a problem that exists between Sophos Antivirus and the updates. The updates affected are: KB4493467 KB4493446 KB4493448 KB4493472 KB4493450 KB4493451 Per the Known Issue note: Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update. Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available. For more information see the Sophos support article.

KB4493467 from April 9, 2019 Causing Windows PXE Boot Issues

Customers have reported and Microsoft has now identified issues with KB4493467 that those deploying this update for Windows 8.1 and Windows Server 2012 R2 should be aware of. Issue:  After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension. Workarounds:  To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options: Option 1: Open an Administrator Command prompt and type the following: Wdsutil /Set-Transpo...

Microsoft Gives Update Control Back to Users in May 2019 Windows 10 Upgrade

That whole thing about forcing users to upgrade because new features are great? Well, that’s now a thing of the past. After complaints of bluescreens, bad drivers, and lackluster new features for the past few years, Microsoft is finally giving control back to its customers on when they want to update to new versions of Windows 10. In a blog post today, Microsoft’s Mike Fortin puts a happy face on what is really a solemn moment. The idea behind constant and forced updating has turned out to be a failure. And, customers are rejoicing everywhere. We are adding new features that will empower users with control and transparency around when updates are installed. In fact, all customers will now have the ability to explicitly choose if they want to update their device when they “check...

.NET Framework Gets Its Own Update History Page

As the company has done with Windows 10 cumulative updates, Microsoft has now delivered a history page for .NET Framework updates. .NET Framework updates began being delivered as cumulative updates with Windows 10 1809. Here’s the page to frequent: History of Cumulative Updates for .NET Framework for Windows 10