Patch Management

July 2019 Microsoft Non-security Updates Available Today

If you’re still updating Office apps that are installed completely local using MSIs, there’s a few updates for you today. Office 2016 Update for Microsoft Access 2016 (KB4462237) Update for Microsoft Office 2016 (KB4032236) Update for Microsoft Office 2016 (KB4464582) Update for Microsoft Office 2016 (KB4464595) Update for Microsoft Office 2016 Language Interface Pack (KB4475515) Update for Microsoft Project 2016 (KB4475518) Update for Microsoft Word 2016 (KB4475521) Office 2013 Update for Microsoft Word 2013 (KB4475525) Office 2010 Update for Microsoft Filter Pack 2.0 (KB3114879) Update for Microsoft Office 2010 (KB3114397)

Microsoft Delivers Intel Microcode Updates for Windows 10 Variants

Microsoft has now made available updates to Windows 10 to help further mitigate security issues with Intel processors. Here’s what’s available: KB4494175: Intel microcode updates for Windows 10, version 1607, and Windows Server 2016 KB4494452: Intel microcode updates for Windows 10, version 1709 KB4494453: Intel microcode updates for Windows 10, version 1703 KB4494454: Intel microcode updates for Windows 10 RTM MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques. Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see. MDS techniques are based on a sampling of data leaked from small structures within the CPU using a loca...

KB4497936 Breaks Windows Sandbox, Fix Might Come in June

Microsoft has admitted that a recent update, KB4497936, has broken one of the anticipated features of Windows 10 1903. Windows Sandbox may fail to start with error code “0x80070002” Windows Sandbox may fail to start with “ERROR_FILE_NOT_FOUND (0x80070002)” on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903. Affected platforms: Client: Windows 10, version 1903 Next steps: We are working on a resolution and estimate a solution will be available in late June.

Changes You are Required to Make to Enable ConfigMgr and WSUS to Deploy Windows 10 1903

After Microsoft began making Windows 10 1903 available publicly this week, the company announced some changes in how its Configuration Manager and WSUS environments handle this update. The changes require that administrators of these systems make some quick changes. For Configuration Manager: In order to deploy feature and quality updates to devices running Windows 10, version 1903 or Windows Server, version 1903 (and later), you will need to ensure that you are running the current branch of System Center Configuration Manager, which is version 1902. Then, in the Configuration Manager console, enable the Software Update point to download updates for Windows 10, version 1903 and later and/or Windows Server, version 1903 and later. For WSUS:  If you are using Windows Server Update Services (...

Over the Weekend Microsoft Fixes Internet Explorer for UK Sites

Microsoft delivered a weekend update for users affected by an introduced bug. This bug, brought on by this month’s regular security updates, kept certain UK government websites from being accessed. This update for Internet Explorer 11 includes the quality improvements from KB4498206, in addition to these key changes: Addresses an issue that may prevent access to some websites that don’t support HTTP Strict Transport Security (HSTS) when using Internet Explorer 11 or Microsoft Edge. Details: KB4505050 This update is available as an Optional Update.

Addressing the Disclosed MDS Vulnerability for Azure VMs

A recently disclosed vulnerability affects many modern processors and operating systems including Intel, AMD, and ARM. Referred to as “speculative execution side-channel attacks,” this serious vulnerability can allow attackers to read privileged data across trust boundaries. Microsoft Azure platforms are fully protected and mitigation has already been deployed. However, customers managing their own VMs and virtual environments in Azure need to be aware that actions may need to be performed. Microsoft has supplied guidance for this scenario: Guidance for mitigating speculative execution side-channel vulnerabilities in Azure Customers that are running untrusted code within their VM need to take action to protect against these vulnerabilities by reading below for additional guidan...

Microsoft Patches Severe Bug in Remote Desktop Services

One of the more critical security holes that Microsoft is patching this month is one in its Remote Desktop Services. Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that...

Non-security Microsoft Office Updates for May 2019 Now Available

Microsoft’s monthly updates for Office – the one’s that generally kick-off each month on the 1st Tuesday – are now available. These are updates for fixing bugs and adding features, and not necessarily to solve security woes. Here’s whats’s available now… Office 2010 Update for Microsoft Outlook 2010 KB4464524 Office 2013 Update for Microsoft Office 2013 KB4011677 Update for Microsoft Outlook 2013 KB4464546 Update for Skype for Business 2015 (Lync 2013) KB4464547 Update for Microsoft Word 2013 KB4464545 Office 2016 Update for Microsoft Office 2016 KB4461477 Update for Microsoft Office 2016 KB4462119 Update for Microsoft Office 2016 KB4461441 Update for Microsoft Office 2016 KB2902717 Update for Microsoft Office 2016 KB4462238 Update for Microsoft Of...

Windows 10 1809 Gets Its Second Big Update in as Many Days

Microsoft today has rolled out a new update for Windows 10 1809. This update comes just two days after a May 1st release that, among other things, fixes bugs with Japanese language pieces. Here’s what’s new: May 3, 2019—KB4495667 (OS Build 17763.475) Allows the built-in Administrator account to run Microsoft Office setup after downloading the installer in Microsoft Edge. Addresses an issue that causes Internet Explorer Automation to fail in certain instances. Addresses an issue that may prevent Custom URI Schemes for Application Protocol handlers from starting the corresponding application for local intranet and trusted sites on Internet Explorer. Addresses an issue that prevents certain apps from launching when you set folder redirection for the Roaming AppData folder to a net...

Tip: Keep Track of Content Changes Each Month for WSUS

Did you know that Microsoft publicly records the updates (and other content) pushed to Software Update Services and Windows Server Update Services each month? Administrators that need to understand when Microsoft adds things, or makes changes, need to bookmark and monitor changes for this supplied document: Description of Software Update Services and Windows Server Update Services changes in content for 2019 The document is updated each time new updates are made available for SUS and WSUS, and when changes occur.

Microsoft Delivers a May 1st Surprise Update for Windows 10 Version 1809

Depending on how positive you want to start the month of May, Microsoft has kicked off the the month with a cumulative update for Windows 10 1809. Here’s what’s fixed: Addresses an issue that prevents the CALDATETIME structure from handling more than four Japanese Eras. For more information, see KB4469068. Updates the NLS registry to support the new Japanese Era. For more information, see KB4469068. Addresses an issue that causes the DateTimePicker to display the date incorrectly in the Japanese date format. For more information, see KB4469068. Addresses an issue that causes the Date and Time Settings control to cache old Eras and prevents the control from refreshing when the time enters the new Japanese Era. For more information, see KB4469068. Updates fonts to support the new...

Remove USB devices or SD cards before upgrading to the Windows 10 May 2019 Update

As Microsoft prepares to unleash its latest Windows 10 version on the masses, the company is working feverishly to minimize similar damage that was caused with the last release. As the moment of Windows 10 May 2019 release gets closer, the company should continue to produce warnings about pieces of potentially errant technology that customers need to be aware of. In the latest warning, Microsoft suggests removing any USB devices or SD cards from PCs prior to performing the upgrade. Microsoft will actively block the upgrade from PCs with USB or SD hardware installed to help eliminate potential problems. Full details: “This PC can’t be upgraded to Windows 10” error on a computer that has a USB device or SD card attached