Patch Management

April .NET Update Breaks PowerShell’s Stop-Computer Command

This issue is currently tracking, but those that applied the .NET update for April 2017 can no longer issue a stop-computer command (used to shutdown the computer) in PowerShell. This happens both when run as a non-administrator or using administrator credentials. A workaround is offered here: https://superuser.com/questions/1199285/stop-computer-privilege-not-held The issue is being investigated by Microsoft and, if this affects you, you are asked to open a support case. Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

Customer Petition to Bring Back the Old Microsoft Security Bulletins

In November of last year, Microsoft announced that it would end how it distributed security patch information. The company said that it would stop using the old format and would migrate to the new Security Updates Guide which is located here: https://portal.msrc.microsoft.com/en-us/security-guidance This month, the complaints are starting to mount in the communities. A thread has been started in the forums for the Security TechCenter to Bring the old Security Bulletins back. The please is pretty simple… While it’s appreciated to have a searchable database in the Security Update Guide, it is too cumbersome to use to quickly get the information needed on Update Tuesday… …It seems the desire is to simply say, “The updates are in cumulative packages so you have to...

.NET Framework Update Issue Suggested Workaround is to Allow Remote Code Execution

Among the patches Microsoft is delivering to supported Windows platforms this month, there’s one specific to the .NET Framework 3.5.1 for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1. This particular update has a known issue: Some Windows Management Instrumentation (WMI) applications may experience errors caused by using unsecured remote connections. Applications may return an error that has the following message: Get-WmiObject : The method or operation is not implemented. Microsoft’s workaround? …temporarily disable the secure mode from this update…Warning: Enabling this registry entry could allow security vulnerabilities including Remote Code Execution. Full details along with the registry modification here: Description of the Security and Qu...

Microsoft Plugs Open Hole in Word that Was Being Actively Exploited

To close the loop, the zero-day Word vulnerability we reported just a day ago in, Zero-day Word Vulnerability Attacks Spotted in the Wild, Microsoft has now resolved the exploit in the April Patch Tuesday updates. The fix is this one: Description of the security update for Office 2010: April 11, 2017 (KB3141538) Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

Errors During WSUS Update Synchronization for April 2017 Updates

There have been multiple reports where WSUS and SCCM administrators are seeing the following error message when trying to sync updates: SoapException: Fault occurred at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetUpdateData(Cookie cookie, UpdateIdentity[] updateIds) at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetUpdateData(UpdateIdentity[] updateIds, List`1 allMetadata, List`1 allFileUrls, List`1& updatesWithSecureFileData, Boolean isForConfig) at Microsoft.UpdateServic...

Microsoft Breaks Skype Room Systems v2 Updating Capability with an Update

Skype Room Systems version 2 has an update waiting for it in the Windows Store. Unfortunately, due to the March 22, 2017 update for Windows 10 (KB4016635), the app cannot be updated. Microsoft is expected to release a fix for the problem – over Windows Update. Customers who need it fixed now can update manually. Details in KB4018816. Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

A Patcher’s PSA: Adobe Acrobat and Reader Getting Major Version Number Updates in April

According to Adobe… Starting in April, 2017, all customers on the Continuous track will move from 15.xx to 17.xx after the patch is deployed. There will be no change for customers on Classic track or older versions like Acrobat/Reader XI. … New version number will appear on splash screens, MSI queries, ARP, DLL file versions, About box and application version (for Mac). SCCM/Casper will also start reporting the new version. If there are any software audit scripts that check for version number, they will start reporting 17.xx version. … Remember, if there are any patch deployment scripts which use version number checks before applying a patch, they may need changes to handle 17.xx version number. Full announcement: Acrobat’s getting a new version number (Reader too!) Looki...

Microsoft Releases Fix for Form Display Issue for CRM 2011 on IE11

We noted last week that a recent CU for Windows 10 users broke data display for CRM 2011 customers using Internet Explorer 11. See that here: Windows 10 March CU KB4013429 Breaks Data Display for Dynamics CRM 2011 Microsoft has now delivered a fix for this issue with March 22, 2017—KB4016635 (OS Build 14393.970). The fix also includes a resolution to the problem where some customers 0x80070216 error when trying to update apps from the Windows Store. The update is available through Windows Update, or can be downloaded manually from here: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4016635 Because this is another CU, it replaces the previously released update KB4015438. Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connec...

Veeam Finds that KB4013429 Breaks Hyper-V 2016 Backup

Microsoft’s monthly updates always provides fodder for complaint – and that’s just with Microsoft’s own products. But, the inability to test against 3rd party products is another potential pitfall of Microsoft updates. That’s why its so important to test the updates before deployment. Case in point: Veeam has found that the recent KB4013429 breaks the company’s Hyper-V 2016 Backup product. Veeam’s alert here: Microsoft KB4013429 breaks Hyper-V 2016 Backup The KB alert states that… …the issue persists if the following conditions are met: Cluster resource owner node is not upgraded VM owner node is upgraded   Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in ...

Micosoft Separates Internet Explorer Security Updates from Windows Security Updates

As it has done with Windows 10, Microsoft continues to monkey around with Windows 7 SP1 and Windows 8.1 updates for efficiency. In the latest round of changes, Microsoft’s Configuration Manager team blog has revealed that this month (March) starts a new process where Internet Explorer updates have been separated from general security updates. IE updates will remain separate and will need to be deployed separately.  This is an effort to “simplify servicing” and reduce the size of the downloads. With this separation, the Security Only Quality Update package size will be significantly reduced, but you will need to deploy and install the Cumulative Security Update for Internet Explorer to remain secure for the latest supported version of the browser if you elect not to deploy...

ManageEngine Enters the Cross-platform Patch Management Game

ManageEngine today has announced a new product offering that enables customers to deliver patches automatically across Windows, Mac, and Linux. Called Patch Manager Plus, the product promises easy installation with a one-time setup. ManageEngine offers 3-editions: Free (for up to 25 PCs), Professional, and Enterprise. Press Release Automatic Patching for Windows, Mac, Linux, Third-Party Applications Easy installation and one-time setup; saves time, effort and cost Supports over 750 applications Download a fully-functional, 30-day free trial of Patch Manager Plus at http://ow.ly/d5lF309Y5Z1   PLEASANTON, Calif. – March 21, 2017 – ManageEngine, the real-time IT management company, today announced the launch of Patch Manager Plus, its simple and effective patch management sof...

Extra Windows 10 CU for This Month Rolling Out Now (KB4015438)

Microsoft is rolling out a second cumulative update for Windows 10 today –  just a week after the first. This one is intended to fix some bugs and issues that were introduced by the first one. KB4015438 is available now through Windows Update and here’s what it fixes: Addressed a known issue with KB4013429 that caused Windows DVD Player (and 3rd party apps that use Microsoft MPEG-2 handling libraries) to crash. Addressed a known issue with KB4013429, that some customers using Windows Server 2016 and Windows 10 1607 Client with Switch Embedded Teaming (SET) enabled might experience a deadlock or when changing the physical adapter’s link speed property. This issue is most commonly seen as a DPC_WATCHDOG_VIOLATION or when verifier is enabled a VRF_STACKPTR_ERROR is seen in the Mem...