Patch Management

ManageEngine Enters the Cross-platform Patch Management Game

ManageEngine today has announced a new product offering that enables customers to deliver patches automatically across Windows, Mac, and Linux. Called Patch Manager Plus, the product promises easy installation with a one-time setup. ManageEngine offers 3-editions: Free (for up to 25 PCs), Professional, and Enterprise. Press Release Automatic Patching for Windows, Mac, Linux, Third-Party Applications Easy installation and one-time setup; saves time, effort and cost Supports over 750 applications Download a fully-functional, 30-day free trial of Patch Manager Plus at http://ow.ly/d5lF309Y5Z1   PLEASANTON, Calif. – March 21, 2017 – ManageEngine, the real-time IT management company, today announced the launch of Patch Manager Plus, its simple and effective patch management sof...

Extra Windows 10 CU for This Month Rolling Out Now (KB4015438)

Microsoft is rolling out a second cumulative update for Windows 10 today –  just a week after the first. This one is intended to fix some bugs and issues that were introduced by the first one. KB4015438 is available now through Windows Update and here’s what it fixes: Addressed a known issue with KB4013429 that caused Windows DVD Player (and 3rd party apps that use Microsoft MPEG-2 handling libraries) to crash. Addressed a known issue with KB4013429, that some customers using Windows Server 2016 and Windows 10 1607 Client with Switch Embedded Teaming (SET) enabled might experience a deadlock or when changing the physical adapter’s link speed property. This issue is most commonly seen as a DPC_WATCHDOG_VIOLATION or when verifier is enabled a VRF_STACKPTR_ERROR is seen in the Mem...

Windows 10 March CU KB4013429 Breaks Data Display for Dynamics CRM 2011

UPDATE March 23, 2017: A fix is now available: Microsoft Releases Fix for Form Display Issue for CRM 2011 on IE11 If you’re a Microsoft customer using the combination of Windows 10 and Dynamics CRM 2011, you’ll want to be aware of that this month’s cumulative update for Windows 10 causes display issues for forms and data display in Microsoft’s customer relationship server. A community support thread is located here: Win10 March cumulative update KB 4013429 breaks display of forms in MS Dynamics CRM 2011 The workaround currently is to uninstall the CU. Additionally, some users are also reporting that Windows 7 and Windows 8.1 PCs have the same issue. For Windows 7 uninstalling KB4012212 solves the issue, for Windows 8.1 its KB4012216. Microsoft has yet to acknowledge...

Microsoft Delays Ending Security Bulletin Demise

In a blog post announcing the security updates for March 2017, Microsoft also distributed the following terse blurb: Security bulletins were also published this month to give customers extra time to ensure they are ready to transition their processes. Missing from the statement is a new deadline date.  Does this mean the company has moved it by a month since it skipped delivering security updates to customers in February – or is the date still undetermined? We’re reaching out to Microsoft for clarification. Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

Patch Tuesday for March 2017 is Coming But Its Guesswork

Famously now, Microsoft skipped patching its Windows platform in February 2017 for an uncited reason and stated that it would restart the updating engines for March’s Patch Tuesday. Patch Tuesday is now just a day away and Microsoft has  a lot of catching up to do. Will the company provide security fixes for the myriad of zero-day flaws that have cropped up since the last security update? Will customers see fixes for vulnerabilities that have been left unfixed since late 2016? Can customers count on Microsoft to patch wide-open security holes that 3rd parties have take upon themselves to provide their own patches for Microsoft’s own customers? Missing a single month has had wide-ranging repercussions. For those tasked with keeping corporate assets safe it may have seemed like a...

Microsoft Pulls Bad Device Driver and Offers Workarounds

Just a couple days ago on March 8th, Microsoft delivered a device driver (Microsoft – WPD – 2/22/2016 12:00:00 AM – 5.2.5326.4762) that would not correctly detect mobile phones or portable devices like it should. After a big thread and help from the community that installed old drivers to both prove the problem and , Microsoft relented and removed the device driver from Windows Update. However, there are those that installed the device driver before Microsoft had the chance to pull it. Those people may still experience issues. In the thread the company representative offers some workarounds for those that soldiered in and installed all their updates quickly. These workarounds include using a System Restore Point, rolling back the specific device driver, and blocking it from installin...

Microsoft Office Updates for March 2017

Microsoft is currently rolling out its monthly updates for its Office products as normal. We’ll have to wait another week to see if the company can find its way to delivering security updates for March 2017, after skipping February. Here’s what’s rolling out now: Office 2013 Update for Microsoft Office 2013 (KB3162058) Update for Microsoft Office 2013 (KB3162039) Update for Microsoft OneDrive for Business (KB3178645) Update for Microsoft Project 2013 (KB3178650) Update for Microsoft Visio 2013 (KB3172437) Office 2016 Update for Microsoft Access 2016 (KB3128054) Update for Microsoft Office 2016 (KB3141452) Update for Microsoft OneDrive for Business (KB3141458) Update for Microsoft Office 2016 (KB3178661) Update for Microsoft Office 2016 (KB3178663) Update for Microsoft Off...

ACROS Security Takes Up Slack Left by Absent Microsoft with Zero Day Patch

Its best to be very wary of any non-vendor patches for specific vendor flaws. But, this is just another effect of what Microsoft has caused due to skipping an entire month of security patches in February 2017 while zero-day flaws in its operating systems continue to be reported. If skipping patching platform security isn’t bad enough, the company has failed to communicate in any meaningful way about why it skipped a month. ACROS Security has developed a patch for the recently communicated flaw in gdi32.dll and talks about it in the following blog: 0patching a 0-day: Windows gdi32.dll memory disclosure (CVE-2017-0038) According to the ACROS site… ACROS, located in Slovenia, is a family owned, self-funded company. An equal-opportunity employer with extremely low staff turnover, i...

February’s Flash Security Update on the Wires from Microsoft

Microsoft decided to at least deliver one security patch this month, this one for a critical Adobe Flash vulnerability. The update is available now over Windows Update. Associated KB article: MS17-005: Security update for Adobe Flash Player: February 21, 2017 This security update resolves vulnerabilities in Adobe Flash Player if Flash Player is installed on any supported edition of Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows 10, Windows 10 Version 1511, Windows 10 Version 1607, Windows 8.1, or Windows RT 8.1. Microsoft has promised to resume normal Patch Tuesday operations in March. Customers are hoping the March updates will plug a couple zero-day holes. One was partially fixed last year, and the other has yet to receive an update thought its been known for 9...

Download Microsoft Security Bulletin History

Microsoft has made available free, downloadable Excel spreadsheets that detail security bulletin history from 2008 to the present. The plan is to update this information regularly. What’s available: Excel files that contains affected software, bulletin replacement, reboot requirements, and CVE information from the Microsoft security bulletins. BulletinSearch.xlsx contains bulletin information from November 2008 to the present. BulletinSearch1998-2008.xlsx has all of the rest of the historical data. A zip file that contains security bulletins in the Common Vulnerability Reporting Framework (CVRF) format (since June 2012)   Download: Microsoft Security Bulletin Data Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kic...

Microsoft Delays February’s Patches

UPDATE: Microsoft Skips February’s Patch Tuesday Altogether Microsoft today has announced that it will delay its release of February 2017 updates. Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan. MSRC Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

MS16-135 is the Fix for the Google-outed Windows Flaw

Much to Microsoft’s chagrin, Google recently publicly outed a major Windows vulnerability just 10 days after disclosing it to Microsoft. The flaw affects all currently supported versions of Windows including Windows 10 and Windows Server 2016. Amid this month’s Patch Tuesday updates, Microsoft has delivered a fix for this reported flaw. Bulletin: Microsoft Security Bulletin MS16-135 KB Article: Security Update for Windows Kernel-Mode Drivers (3199135) Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!