Patch Management

No C and D Optional Windows 10 Releases for the Remainder of 2019

Along with delivering Windows 10 1909 this week, Microsoft has also given patching administrators a bit of good news. In a statement on the Windows Message Center: Timing of Windows 10 optional update releases (November/December 2019) There will be no more optional “C” or “D” releases for the balance of this calendar year. Note There will be a December Security Update Tuesday release, as usual. So, patching admins can rest easy for the rest of the year – except for the normal delivery of December’s Patch Tuesday.

Update: Microsoft and Symantec Work to Give Customers a Reprieve But for This Month Only

This month’s security updates for Windows 7 and Windows 2008 customers caused those that choose to use Symantec security products to not get the updates. See: So it Begins – Microsoft Puts an Update Block in Place for Windows 7 PCs Running Symantec Software Microsoft put in a block to keep the updates from delivering to the affected systems, but that block has now been lifted, according to an update to Symantec’s support document on this issue. See: Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed However, customers still need to be wary and vigilant. Windows 7 and Windows 2008 reach end of life in early 2020 and more issues like this could crop up between now and the end of support. But, bigger still, th...

So it Begins – Microsoft Puts an Update Block in Place for Windows 7 PCs Running Symantec Software

Windows 7 and Windows 2008 PCs that are running Symantec security software are having issues installing updates today. The issue is due to security signing. Windows 7, of course, is scheduled for the trash heap in February 2020. Symantec and Microsoft are working on a temporary fix. Symantec’s support doc: Windows 7/Windows 2008 R2 updates that are only SHA-2 signed are not available with Symantec Endpoint Protection installed Microsoft’s support doc: August 13, 2019—KB4512486 (Security-only update) Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during ins...

July 2019 Microsoft Non-security Updates Available Today

If you’re still updating Office apps that are installed completely local using MSIs, there’s a few updates for you today. Office 2016 Update for Microsoft Access 2016 (KB4462237) Update for Microsoft Office 2016 (KB4032236) Update for Microsoft Office 2016 (KB4464582) Update for Microsoft Office 2016 (KB4464595) Update for Microsoft Office 2016 Language Interface Pack (KB4475515) Update for Microsoft Project 2016 (KB4475518) Update for Microsoft Word 2016 (KB4475521) Office 2013 Update for Microsoft Word 2013 (KB4475525) Office 2010 Update for Microsoft Filter Pack 2.0 (KB3114879) Update for Microsoft Office 2010 (KB3114397)

Microsoft Delivers Intel Microcode Updates for Windows 10 Variants

Microsoft has now made available updates to Windows 10 to help further mitigate security issues with Intel processors. Here’s what’s available: KB4494175: Intel microcode updates for Windows 10, version 1607, and Windows Server 2016 KB4494452: Intel microcode updates for Windows 10, version 1709 KB4494453: Intel microcode updates for Windows 10, version 1703 KB4494454: Intel microcode updates for Windows 10 RTM MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques. Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see. MDS techniques are based on a sampling of data leaked from small structures within the CPU using a loca...

KB4497936 Breaks Windows Sandbox, Fix Might Come in June

Microsoft has admitted that a recent update, KB4497936, has broken one of the anticipated features of Windows 10 1903. Windows Sandbox may fail to start with error code “0x80070002” Windows Sandbox may fail to start with “ERROR_FILE_NOT_FOUND (0x80070002)” on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903. Affected platforms: Client: Windows 10, version 1903 Next steps: We are working on a resolution and estimate a solution will be available in late June.

Changes You are Required to Make to Enable ConfigMgr and WSUS to Deploy Windows 10 1903

After Microsoft began making Windows 10 1903 available publicly this week, the company announced some changes in how its Configuration Manager and WSUS environments handle this update. The changes require that administrators of these systems make some quick changes. For Configuration Manager: In order to deploy feature and quality updates to devices running Windows 10, version 1903 or Windows Server, version 1903 (and later), you will need to ensure that you are running the current branch of System Center Configuration Manager, which is version 1902. Then, in the Configuration Manager console, enable the Software Update point to download updates for Windows 10, version 1903 and later and/or Windows Server, version 1903 and later. For WSUS:  If you are using Windows Server Update Services (...

Over the Weekend Microsoft Fixes Internet Explorer for UK Sites

Microsoft delivered a weekend update for users affected by an introduced bug. This bug, brought on by this month’s regular security updates, kept certain UK government websites from being accessed. This update for Internet Explorer 11 includes the quality improvements from KB4498206, in addition to these key changes: Addresses an issue that may prevent access to some gov.uk websites that don’t support HTTP Strict Transport Security (HSTS) when using Internet Explorer 11 or Microsoft Edge. Details: KB4505050 This update is available as an Optional Update.

Addressing the Disclosed MDS Vulnerability for Azure VMs

A recently disclosed vulnerability affects many modern processors and operating systems including Intel, AMD, and ARM. Referred to as “speculative execution side-channel attacks,” this serious vulnerability can allow attackers to read privileged data across trust boundaries. Microsoft Azure platforms are fully protected and mitigation has already been deployed. However, customers managing their own VMs and virtual environments in Azure need to be aware that actions may need to be performed. Microsoft has supplied guidance for this scenario: Guidance for mitigating speculative execution side-channel vulnerabilities in Azure Customers that are running untrusted code within their VM need to take action to protect against these vulnerabilities by reading below for additional guidan...

Microsoft Patches Severe Bug in Remote Desktop Services

One of the more critical security holes that Microsoft is patching this month is one in its Remote Desktop Services. Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that...

Non-security Microsoft Office Updates for May 2019 Now Available

Microsoft’s monthly updates for Office – the one’s that generally kick-off each month on the 1st Tuesday – are now available. These are updates for fixing bugs and adding features, and not necessarily to solve security woes. Here’s whats’s available now… Office 2010 Update for Microsoft Outlook 2010 KB4464524 Office 2013 Update for Microsoft Office 2013 KB4011677 Update for Microsoft Outlook 2013 KB4464546 Update for Skype for Business 2015 (Lync 2013) KB4464547 Update for Microsoft Word 2013 KB4464545 Office 2016 Update for Microsoft Office 2016 KB4461477 Update for Microsoft Office 2016 KB4462119 Update for Microsoft Office 2016 KB4461441 Update for Microsoft Office 2016 KB2902717 Update for Microsoft Office 2016 KB4462238 Update for Microsoft Of...

Windows 10 1809 Gets Its Second Big Update in as Many Days

Microsoft today has rolled out a new update for Windows 10 1809. This update comes just two days after a May 1st release that, among other things, fixes bugs with Japanese language pieces. Here’s what’s new: May 3, 2019—KB4495667 (OS Build 17763.475) Allows the built-in Administrator account to run Microsoft Office setup after downloading the installer in Microsoft Edge. Addresses an issue that causes Internet Explorer Automation to fail in certain instances. Addresses an issue that may prevent Custom URI Schemes for Application Protocol handlers from starting the corresponding application for local intranet and trusted sites on Internet Explorer. Addresses an issue that prevents certain apps from launching when you set folder redirection for the Roaming AppData folder to a net...