Your company's ad could live here! Reach over 30,000 people a month!

Patch Tuesday

Microsoft Plugs Open Hole in Word that Was Being Actively Exploited

To close the loop, the zero-day Word vulnerability we reported just a day ago in, Zero-day Word Vulnerability Attacks Spotted in the Wild, Microsoft has now resolved the exploit in the April Patch Tuesday updates. The fix is this one: Description of the security update for Office 2010: April 11, 2017 (KB3141538) Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

Errors During WSUS Update Synchronization for April 2017 Updates

There have been multiple reports where WSUS and SCCM administrators are seeing the following error message when trying to sync updates: SoapException: Fault occurred at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetUpdateData(Cookie cookie, UpdateIdentity[] updateIds) at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetUpdateData(UpdateIdentity[] updateIds, List`1 allMetadata, List`1 allFileUrls, List`1& updatesWithSecureFileData, Boolean isForConfig) at Microsoft.UpdateServic...

Installing Four of April’s Updates on an AMD Carrizo DDR4 Processor Blocks Future Updates

Four of this month’s updates for Windows 7 SP1 and Windows Server 2008 R2 SP1  provide an interesting “known issue” that should be highlighted: If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates. – Microsoft is working on a resolution and will provide an update in an upcoming release. The four affected updates are: 4015549 4015546 4015550 4015547   Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

Patch Tuesday Security Updates for April 2017

Microsoft’s Patch Tuesday for April 2017 is underway with the updates for the following products deploying now through Windows Update: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps Visual Studio for Mac .NET Framework Silverlight Adobe Flash Player   Here’s the full list of what’s available today… KB Article Product Platform 4015219 Microsoft Edge Windows 10 Version 1511 for 32-bit Systems 4015219 Microsoft Edge Windows 10 Version 1511 for x64-based Systems 4015217 Microsoft Edge Windows 10 Version 1607 for x64-based Systems 4015217 Microsoft Edge Windows 10 Version 1607 for 32-bit Systems 4015583 Microsoft Edge Windows 10 Version 1703 for x64-based Systems 4015583 Microsoft Edge Windows 10 Versio...

Microsoft Releases Fix for Form Display Issue for CRM 2011 on IE11

We noted last week that a recent CU for Windows 10 users broke data display for CRM 2011 customers using Internet Explorer 11. See that here: Windows 10 March CU KB4013429 Breaks Data Display for Dynamics CRM 2011 Microsoft has now delivered a fix for this issue with March 22, 2017—KB4016635 (OS Build 14393.970). The fix also includes a resolution to the problem where some customers 0x80070216 error when trying to update apps from the Windows Store. The update is available through Windows Update, or can be downloaded manually from here: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4016635 Because this is another CU, it replaces the previously released update KB4015438. Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connec...

Veeam Finds that KB4013429 Breaks Hyper-V 2016 Backup

Microsoft’s monthly updates always provides fodder for complaint – and that’s just with Microsoft’s own products. But, the inability to test against 3rd party products is another potential pitfall of Microsoft updates. That’s why its so important to test the updates before deployment. Case in point: Veeam has found that the recent KB4013429 breaks the company’s Hyper-V 2016 Backup product. Veeam’s alert here: Microsoft KB4013429 breaks Hyper-V 2016 Backup The KB alert states that… …the issue persists if the following conditions are met: Cluster resource owner node is not upgraded VM owner node is upgraded   Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in ...

Extra Windows 10 CU for This Month Rolling Out Now (KB4015438)

Microsoft is rolling out a second cumulative update for Windows 10 today –  just a week after the first. This one is intended to fix some bugs and issues that were introduced by the first one. KB4015438 is available now through Windows Update and here’s what it fixes: Addressed a known issue with KB4013429 that caused Windows DVD Player (and 3rd party apps that use Microsoft MPEG-2 handling libraries) to crash. Addressed a known issue with KB4013429, that some customers using Windows Server 2016 and Windows 10 1607 Client with Switch Embedded Teaming (SET) enabled might experience a deadlock or when changing the physical adapter’s link speed property. This issue is most commonly seen as a DPC_WATCHDOG_VIOLATION or when verifier is enabled a VRF_STACKPTR_ERROR is seen in the Mem...

Windows 10 March CU KB4013429 Breaks Data Display for Dynamics CRM 2011

UPDATE March 23, 2017: A fix is now available: Microsoft Releases Fix for Form Display Issue for CRM 2011 on IE11 If you’re a Microsoft customer using the combination of Windows 10 and Dynamics CRM 2011, you’ll want to be aware of that this month’s cumulative update for Windows 10 causes display issues for forms and data display in Microsoft’s customer relationship server. A community support thread is located here: Win10 March cumulative update KB 4013429 breaks display of forms in MS Dynamics CRM 2011 The workaround currently is to uninstall the CU. Additionally, some users are also reporting that Windows 7 and Windows 8.1 PCs have the same issue. For Windows 7 uninstalling KB4012212 solves the issue, for Windows 8.1 its KB4012216. Microsoft has yet to acknowledge...

Microsoft Delays Ending Security Bulletin Demise

In a blog post announcing the security updates for March 2017, Microsoft also distributed the following terse blurb: Security bulletins were also published this month to give customers extra time to ensure they are ready to transition their processes. Missing from the statement is a new deadline date.  Does this mean the company has moved it by a month since it skipped delivering security updates to customers in February – or is the date still undetermined? We’re reaching out to Microsoft for clarification. Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

Patch Tuesday for March 2017 is Coming But Its Guesswork

Famously now, Microsoft skipped patching its Windows platform in February 2017 for an uncited reason and stated that it would restart the updating engines for March’s Patch Tuesday. Patch Tuesday is now just a day away and Microsoft has  a lot of catching up to do. Will the company provide security fixes for the myriad of zero-day flaws that have cropped up since the last security update? Will customers see fixes for vulnerabilities that have been left unfixed since late 2016? Can customers count on Microsoft to patch wide-open security holes that 3rd parties have take upon themselves to provide their own patches for Microsoft’s own customers? Missing a single month has had wide-ranging repercussions. For those tasked with keeping corporate assets safe it may have seemed like a...

ACROS Security Takes Up Slack Left by Absent Microsoft with Zero Day Patch

Its best to be very wary of any non-vendor patches for specific vendor flaws. But, this is just another effect of what Microsoft has caused due to skipping an entire month of security patches in February 2017 while zero-day flaws in its operating systems continue to be reported. If skipping patching platform security isn’t bad enough, the company has failed to communicate in any meaningful way about why it skipped a month. ACROS Security has developed a patch for the recently communicated flaw in gdi32.dll and talks about it in the following blog: 0patching a 0-day: Windows gdi32.dll memory disclosure (CVE-2017-0038) According to the ACROS site… ACROS, located in Slovenia, is a family owned, self-funded company. An equal-opportunity employer with extremely low staff turnover, i...

While Customers Wait for March, Microsoft Software Flaws Continue to Mount

As Microsoft continues to lackadaisically count down the days until its March Patch Tuesday, yet another zero-day bug has been publicly unveiled. This new bug, also announced by Google’s security research team, affects both Internet Explorer 11 and Microsoft Edge: Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement This makes the second bug revealed in just a few weeks time.  Microsoft customers were already waiting for a third bug to be completely fixed since late 2016 – which Microsoft failed to acknowledge with a fix in January. Microsoft then skipped February’s Patch Tuesday altogether, stating it would resume security patching in March. The company hasn’t been forthcoming about why it skipped providing security patches for its plat...