Archive for the ‘NOC Services’ Category

Flexis April 2019 Patch Review And Recommendations

  • KB4493451 – 2019-04 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems
  • KB4493446 – 2019-04 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
  • KB4493472 – 2019-04 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems
  • KB4493509 – 2019-04 Cumulative Update for Windows 10 Version 1809 for x64-based Systems
  • KB4493478 – 2019-04 Security Update for Adobe Flash Player for Windows 10 Version 1809 for x64-based Systems

 

Impacted Products:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ASP.NET
  • Microsoft Exchange Server
  • Team Foundation Server
  • Azure DevOps Server
  • Open Enclave SDK
  • Windows Admin Center

 

Please note the following information regarding the security updates:

  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

 

Microsoft Security Advisories:

  • ADV190011 | April 2019 Adobe Flash Security Update

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190011

  • ADV990001 | Latest Servicing Stack Updates

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001

 

Known Issues:

 

KB4487563 Applies to: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

https://support.microsoft.com/en-us/help/4487563/description-of-the-security-update-for-microsoft-exchange-server

Symptoms:

When you try to manually install this security update by double-clicking the update file (.msp) to run it in “normal mode” (that is, not as an administrator), some files are not correctly updated.

When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to its usual state.

Workaround:

To avoid this issue, follow these steps to manually install this security update:

  • Select Start, and type cmd.
  • In the results, right-click Command Prompt, and then select Run as administrator.
  • If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.
  • Type the full path of the .msp file, and then press Enter.

This issue does not occur when you install the update from Microsoft Update.

 

To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated command prompt, see Start a Command Prompt as an Administrator.

 

KB4491413 Applies to: Exchange Server 2010 Service Pack 3

https://support.microsoft.com/en-us/help/4491413/update-rollup-27-for-exchange-server-2010-service-pack-3

Symptoms:

When you try to manually install this security update by double-clicking the update file (.msp) to run it in “normal mode” (that is, not as an administrator), some files are not correctly updated.

When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services

Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to its usual state.

Workaround:

To avoid this issue, follow these steps to manually install this security update:

  • Select Start, and type cmd.
  • In the results, right-click Command Prompt, and then select Run as administrator.
  • If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.
  • Type the full path of the .msp file, and then press Enter.

This issue does not occur when you install the update from Microsoft Update.

 

To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated command prompt, see Start a Command Prompt as an Administrator.

 

KB4493441 Applies to: Windows 10, version 1709

https://support.microsoft.com/en-us/help/4493441/windows-10-update-kb4493441

Symptoms:

After installing this update, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

Workaround:

Right-click the URL link to open it in a new window or tab.

Or

Enable Protected Mode in Internet Explorer for local intranet and trusted sites.

  • Go to Tools > Internet options > Security.
  • Within Select a zone to view or change security settings, select Local intranet and then select Enable Protected Mode.
  • Select Trusted sites and then select Enable Protected Mode.
  • Select OK.

You must restart the browser after making these changes.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4493446 Applies to: Windows 8.1, Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446

Symptoms:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Open Windows Deployment Services from Windows Administrative Tools.

Expand Servers and right-click a WDS server.

Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4493448 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 

https://support.microsoft.com/en-us/help/4493448/windows-7-update-kb4493448

Symptoms:

After installing this update, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.

Workaround:

To mitigate this issue, use one of the following options:

Option 1: Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.

Option 2: If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.

Option 3: Use constrained delegation.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available. For more information see the Sophos support article.

 

KB4493450 Applies to: Windows Server 2012, Windows Embedded 8 Standard

https://support.microsoft.com/en-us/help/4493450/windows-server-2012-update-kb4493450

Symptoms:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.

Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Open Windows Deployment Services from Windows Administrative Tools.

Expand Servers and right-click a WDS server.

Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available. For more information see the Sophos support article.

 

KB4493451 Applies to: Windows Server 2012, Windows Embedded 8 Standard

https://support.microsoft.com/en-us/help/4493451/windows-server-2012-update-kb4493451

Symptoms:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.

Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Open Windows Deployment Services from Windows Administrative Tools.

Expand Servers and right-click a WDS server.

Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available. For more information see the Sophos support article.

 

KB4493458 Applies to: Windows Server 2008 Service Pack 2

https://support.microsoft.com/en-us/help/4493458/windows-server-2008-update-kb4493458

Symptoms:

After installing this update, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.

Workaround:

To mitigate this issue, use one of the following options:

Option 1: Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.

Option 2: If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.

Option 3: Use constrained delegation.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available. For more information see the Sophos support article.

 

KB4493464 Applies to: Windows 10 version 1803

https://support.microsoft.com/en-us/help/4493464/windows-10-update-kb4493464

Symptoms:

After installing this update, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Workaround:

Right-click the URL link to open it in a new window or tab.

Or

Enable Protected Mode in Internet Explorer for local intranet and trusted sites.

Go to Tools > Internet options > Security.

Within Select a zone to view or change security settings, select Local intranet and then select Enable Protected Mode.

Select Trusted sites and then select Enable Protected Mode.

Select OK.

You must restart the browser after making these changes.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Open Windows Deployment Services from Windows Administrative Tools.

Expand Servers and right-click a WDS server.

Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4493467 Applies to: Windows 8.1, Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4493467/windows-8-1-update-kb4493467

Symptoms:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.

Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Open Windows Deployment Services from Windows Administrative Tools.

Expand Servers and right-click a WDS server.

Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available. For more information see the Sophos support article.

 

KB4493470 Applies to: Windows 10 version 1607, Windows Server 2016

https://support.microsoft.com/en-us/help/4493470/windows-10-update-kb4493470

Symptoms:

After installing this update, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Workaround:

Right-click the URL link to open it in a new window or tab.

Or

Enable Protected Mode in Internet Explorer for local intranet and trusted sites.

Go to Tools > Internet options > Security.

Within Select a zone to view or change security settings, select Local intranet and then select Enable Protected Mode.

Select Trusted sites and then select Enable Protected Mode.

Select OK.

You must restart the browser after making these changes.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Open Windows Deployment Services from Windows Administrative Tools.

Expand Servers and right-click a WDS server.

Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4493471 Applies to: Windows Server 2008 Service Pack 2

https://support.microsoft.com/en-us/help/4493471/windows-server-2008-update-kb4493471

Symptoms:

After installing this update, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.

Workaround:

To mitigate this issue, use one of the following options:

Option 1: Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.

Option 2: If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.

Option 3: Use constrained delegation.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available. For more information see the Sophos support article.

 

KB4493472 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472

Symptoms:

After installing this update, some customers report that authentication fails for services that require unconstrained delegation after the Kerberos ticket expires (the default is 10 hours). For example, the SQL server service fails.

Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.

Workaround:

To mitigate this issue, use one of the following options:

Option 1: Purge the Kerberos tickets on the application server. After the Kerberos ticket expires, the issue will occur again, and you must purge the tickets again.

Option 2: If purging does not mitigate the issue, restart the application; for example, restart the Internet Information Services (IIS) app pool associated with the SQL server.

Option 3: Use constrained delegation.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available. For more information see the Sophos support article.

 

KB4493474 Applies to: Windows 10 version 1703

https://support.microsoft.com/en-us/help/4493474/windows-10-update-kb4493474

Symptoms:

After installing this update, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

Workaround:

Right-click the URL link to open it in a new window or tab.

Or

Enable Protected Mode in Internet Explorer for local intranet and trusted sites.

Go to Tools > Internet options > Security.

Within Select a zone to view or change security settings, select Local intranet and then select Enable Protected Mode.

Select Trusted sites and then select Enable Protected Mode.

Select OK.

You must restart the browser after making these changes.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4493509 Applies to: Windows 10 version 1809, Windows Server 2019 all versions

https://support.microsoft.com/en-us/help/4493509/windows-10-update-kb4493509

Symptoms:

After installing this update, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Workaround:

Right-click the URL link to open it in a new window or tab.

Or

Enable Protected Mode in Internet Explorer for local intranet and trusted sites.

Go to Tools > Internet options > Security.

Within Select a zone to view or change security settings, select Local intranet and then select Enable Protected Mode.

Select Trusted sites and then select Enable Protected Mode.

Select OK.

You must restart the browser after making these changes.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Open Windows Deployment Services from Windows Administrative Tools.

Expand Servers and right-click a WDS server.

Open its properties and clear the Enable Variable Window Extension box on the TFTP tab.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4493730 Applies to: Windows Server 2008 Service Pack 2

https://support.microsoft.com/en-us/help/4493730/servicing-stack-update-for-windows-server-2008-sp2

Symptoms:

After you install a servicing stack update together with other updates, a restart may be required to complete the installation. During this restart, you may find yourself stuck at a particular stage and see a “Stage 2 of 2” or “Stage 3 of 3” message.

 

If you experience this issue, press Ctrl+Alt+Delete to continue to log on. This should occur only one time and does not prevent updates from installing successfully.

 

KB4493435 Applies to: Internet Explorer 11 on Windows Server 2012 R2, Internet Explorer 11 on Windows 8.1 Update, Internet Explorer 11 on Windows Server 2008 R2 SP1, Internet Explorer 11 on Windows 7 SP1, Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 on Windows Server 2008 SP

https://support.microsoft.com/en-us/help/4493435/cumulative-security-update-for-internet-explorer-april-12-2019

Symptoms:

After this security update is installed on Windows 10, version 1607 and later operating systems, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

Workaround:

Right-click the URL link to open it in a new window or tab.

Or:

Enable Protected Mode in Internet Explorer for local intranet and trusted sites.

Go to Tools > Internet options > Security.

Within Select a zone to view or change security settings, select Local intranet and then select Enable Protected Mode.

Select Trusted sites, and then select Enable Protected Mode.

Select OK.

You must restart the browser after you make these changes.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

Flexis March 2019 Patch Review And Recommendations

  • KB4489899 – 2019-03 Cumulative Update for Windows Server 2019 for x64-based Systems
  • KB4489882 – 2019-03 Cumulative Update for Windows Server 2016 for x64-based Systems
  • KB4489881 – 2019-03 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
  • KB4489878 – 2019-03 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems

 

Impacted Products:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office SharePoint
  • Team Foundation Server
  • Skype for Business
  • Visual Studio

 

Please note the following information regarding the security updates:

  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

 

Microsoft Security Advisories:

  • ADV190008 | March 2019 Adobe Flash Security Update

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190008

  • ADV190010 | Best Practices Regarding Sharing of a Single User Account Across Multiple Users

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190010

  • ADV990001 | Latest Servicing Stack Updates

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001

 

Known Issues:

KB4489878, KB4489881, KB4489882, KB4489883, KB4489884, KB4489885, KB4489891, KB4489899

 

KB4489878 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

 https://support.microsoft.com/en-us/help/4489878/windows-7-update-kb4489878

 Symptoms:

After installing this update, Internet Explorer 10 may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:

  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.

Workaround:

Create unique user accounts so that two people don’t share the same user account when logging on to a Windows Server machine. Additionally, disable multiple RDP sessions for a single user account for a specific Windows Server.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 KB4489881 Applies to: Windows 8.1, Windows Server 2012

https://support.microsoft.com/en-us/help/4489881/windows-8-1-update-kb4489881

Symptoms:

After installing this update, Internet Explorer 11 may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:

  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.

Group Policy editor may also be affected when editing a Group Policy Object (GPO) that contains a Group Policy Preference for Internet Settings.

Workaround:

Create unique user accounts so that two people don’t share the same user account when logging on to a Windows Server machine. Additionally, disable multiple RDP sessions for a single user account for a specific Windows Server.

Microsoft is working on a resolution and will provide an update in an upcoming release.

  

KB4489882 Applies to: Windows 10 version 1607, Windows Server 2016

 https://support.microsoft.com/en-us/help/4489882/windows-10-update-kb4489882

  Symptoms:

After installing this update, Internet Explorer 11 may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:

  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.

Group Policy editor may also be affected when editing a Group Policy Object (GPO) that contains a Group Policy Preference for Internet Settings.

Workaround:

Create unique user accounts so that two people don’t share the same user account when logging on to a Windows Server machine. Additionally, disable multiple RDP sessions for a single user account for a specific Windows Server.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4489883 Applies to: Windows 8.1, Windows Server 2012 R2

 https://support.microsoft.com/en-us/help/4489883/windows-8-1-update-kb4489883

 Symptoms:

After installing this update, Internet Explorer 11 may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:

  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.

Group Policy editor may also be affected when editing a Group Policy Object (GPO) that contains a Group Policy Preference for Internet Settings.

Workaround:

Create unique user accounts so that two people don’t share the same user account when logging on to a Windows Server machine. Additionally, disable multiple RDP sessions for a single user account for a specific Windows Server.

Microsoft is working on a resolution and will provide an update in an upcoming release.

  

KB4489884 Applies to: Windows Server 2012, Windows Embedded 8 Standard

 https://support.microsoft.com/en-us/help/4489884/windows-server-2012-update-kb4489884

Symptoms:

After installing this update, Internet Explorer 10 may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:

  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.

Group Policy editor may also be affected when editing a Group Policy Object (GPO) that contains a Group Policy Preference for Internet Settings.

Workaround:

Create unique user accounts so that two people don’t share the same user account when logging on to a Windows Server machine. Additionally, disable multiple RDP sessions for a single user account for a specific Windows Server.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4489885 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

 https://support.microsoft.com/en-us/help/4489885/windows-7-update-kb4489885

 Symptoms:

After installing this update, Internet Explorer 10 may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:

  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.

Workaround:

Create unique user accounts so that two people don’t share the same user account when logging on to a Windows Server machine. Additionally, disable multiple RDP sessions for a single user account for a specific Windows Server.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4489891 Applies to: Windows Server 2012, Windows Embedded 8 Standard

 https://support.microsoft.com/en-us/help/4489891/windows-server-2012-update-kb4489891

Symptoms:

After installing this update, Internet Explorer 10 may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:

  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.

Group Policy editor may also be affected when editing a Group Policy Object (GPO) that contains a Group Policy Preference for Internet Settings.

Workaround:

Create unique user accounts so that two people don’t share the same user account when logging on to a Windows Server machine. Additionally, disable multiple RDP sessions for a single user account for a specific Windows Server.

Microsoft is working on a resolution and will provide an update in an upcoming release.

  

KB4489899 Applies to: Windows 10 version 1809, Windows Server 2019, all versions

 https://support.microsoft.com/en-us/help/4489899/windows-10-update-kb4489899

 Symptoms:

After installing this update, Internet Explorer 11 may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:

  • Cache size and location show zero or empty.
  • Keyboard shortcuts may not work properly.
  • Webpages may intermittently fail to load or render correctly.
  • Issues with credential prompts.
  • Issues when downloading files.

After installing this update on machines that have multiple audio devices, applications that provide advanced options for internal or external audio output devices may stop working unexpectedly. This issue occurs for users that select an audio output device different from the “Default Audio Device”. Examples of applications that may stop working include:

  • Windows Media Player
  • Realtek HD Audio Manager
  • Sound Blaster Control Panel

Workaround:

Create unique user accounts so that two people don’t share the same user account when logging on to a Windows Server machine. Additionally, disable multiple RDP sessions for a single user account for a specific Windows Server.

As a temporary solution, select the “Default Audio Device” in the options provided by the application; please refer to the application’s user manual for details.

For example, to set the Default Audio Device in Windows Media Player:

Open Windows Media Player > Tools > Options > Devices.

Select the device and choose Properties.

On the next dialog, from the drop-down menu under Select the Audio Device, choose Default Audio Device from the list.

You can then send audio from the application to the audio device you want in the per-application audio settings found under Settings > System > Sound > App Volume and device preferences.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 

Flexis February 2019 Patch Review And Recommendations

  • KB4487026 – 2019-02 Cumulative Update for Windows Server 2016 for x64-based Systems
  • KB4485447 – 2019-02 Servicing Stack Update for Windows Server 2016 for x64-based Systems
  • KB4487080 – 2019-02 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64
  • KB4487000 – 2019-02 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
  • KB4487038 – 2019-02 Security Update for Adobe Flash Player for Windows Server 2012 R2 for x64-based Systems
  • KB4487078 – 2019-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64
  • KB4486563 – 2019-02 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems

 

Impacted Products:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • .NET Framework
  • Microsoft Exchange Server
  • Microsoft Visual Studio
  • Microsoft Dynamics
  • Team Foundation Server

 

Please note the following information regarding the security updates:

  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

 

Microsoft Security Advisories:

  • ADV190003 | February 2019 Adobe Flash Security Update

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190003

  • ADV190006 | Guidance to mitigate unconstrained delegation vulnerabilities

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190006

  • ADV190007 | Guidance for “PrivExchange” Elevation of Privilege Vulnerability

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190007

  • ADV990001 | Latest Servicing Stack Updates

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001

 

Known Issues:

KB4345836, KB4486563, KB4486564, KB4486993, KB4487000, KB4487019, KB4487020, KB4487023, KB4487025, KB4487026, KB4487028, KB4486996, KB4487017, KB4487044, KB4487052

 

KB4345836 Applies to: Exchange Server 2013

https://support.microsoft.com/en-us/help/4345836/cumulative-update-22-for-exchange-server-2013

Symptoms:

In multidomain Active Directory forests in which Exchange is installed or has been prepared previously by using the /PrepareDomain option in SETUP, this action must be completed after the /PrepareAD command for this cumulative update has been completed and the changes are replicated to all domains. Setup will try to execute the /PrepareAD command during the first server installation. Installation will finish only if the user who initiated SETUP has the appropriate permissions.

Workaround:

This cumulative update fixes the issues that are described in the following Microsoft Knowledge Base articles:

  • 4487603 “The action cannot be completed” error when you select many recipients in the Address Book of Outlook in Exchange Server 2013
  • 4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access
  • 4490059 Reducing permissions required to run Exchange Server using Shared Permissions Model

 

KB4486563 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

https://support.microsoft.com/en-us/help/4486563/windows-7-update-kb4486563

Symptoms: After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft is working on a resolution and estimates a solution will be available by mid-February 2019.

 

KB4486564 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

 https://support.microsoft.com/en-us/help/4486564/windows-7-update-kb4486564

 Symptoms: After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft is working on a resolution and estimates a solution will be available by mid-February 2019.

 

KB4486993 Applies to: Windows Server 2012, Windows Embedded 8 Standard

https://support.microsoft.com/en-us/help/4486993/windows-server-2012-update-kb4486993

Symptoms: After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft is working on a resolution and estimates a solution will be available by mid-February 2019.

 

KB4487000 Applies to: Windows 8.1, Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4487000/windows-8-1-update-kb4487000

Symptoms: After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft is working on a resolution and estimates a solution will be available by mid-February 2019.

 

KB4487019 Applies to: Windows Server 2008 Service Pack 2

https://support.microsoft.com/en-us/help/4487019/windows-server-2008-update-kb4487019

Symptoms: After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft is working on a resolution and estimates a solution will be available by mid-February 2019.

 

KB4487020 Applies to: Windows 10, version 1703

 https://support.microsoft.com/en-us/help/4487020/windows-10-update-kb4487020

 Symptoms: After installing this update, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Workaround: Modify the registry with the two- character abbreviation for Japanese eras as follows:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Calendars\Japanese\Eras]

“1868 01 01″=”明治_明_Meiji_M”

“1912 07 30″=”大正_大_Taisho_T”

“1926 12 25″=”昭和_昭_Showa_S”

“1989 01 08″=”平成_平_Heisei_H”

Microsoft is working on a resolution and will provide an update in an upcoming release.

  

KB4487023 Applies to: Windows Server 2008 Service Pack 2

 https://support.microsoft.com/en-us/help/4487023/windows-server-2008-update-kb4487023

 Symptoms: After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft is working on a resolution and estimates a solution will be available by mid-February 2019.

 

KB4487025 Applies to: Windows Server 2012, Windows Embedded 8 Standard

 https://support.microsoft.com/en-us/help/4487025/windows-server-2012-update-kb4487025

Symptoms: After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft is working on a resolution and estimates a solution will be available by mid-February 2019.

 

KB4487026 Applies to: Windows 10 version 1607, Windows Server 2016

https://support.microsoft.com/en-us/help/4487026/windows-10-update-kb4487026

Symptoms:

  1. For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update. Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts.
  2. After installing KB4467691, Windows may fail to start on certain Lenovo laptops that have less than 8 GB of RAM.
  3. After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.
  4. After installing this update, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Workaround:

1. Run mofcomp on the following mof files on the affected host:

Scvmmswitchportsettings.mof

VMMDHCPSvr.mof

Follow the best practices while patching to avoid a stop error in vfpext.sys in an SDN v2 environment (NC managed hosts).

2. Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart. If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

Microsoft is working with Lenovo and will provide an update in an upcoming release.

3. Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.

4. Modify the registry with the two- character abbreviation for Japanese eras as follows:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Calendars\Japanese\Eras]

“1868 01 01″=”明治_明_Meiji_M”

“1912 07 30″=”大正_大_Taisho_T”

“1926 12 25″=”昭和_昭_Showa_S”

“1989 01 08″=”平成_平_Heisei_H”

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4487028 Applies to: Windows 8.1, Windows Server 2012 R2

 https://support.microsoft.com/en-us/help/4487028/windows-8-1-update-kb4487028

Symptoms: After installing this update, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Workaround: After installing this update, shut down the virtual machines before restarting the host. Microsoft is working on a resolution and estimates a solution will be available by mid-February 2019.

 

KB4486996 Applies to: Windows 10, version 1709

 https://support.microsoft.com/en-us/help/4486996/windows-10-update-kb4486996

Symptoms: After installing this update, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Workaround: Modify the registry with the two- character abbreviation for Japanese eras as follows:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Calendars\Japanese\Eras]

“1868 01 01″=”明治_明_Meiji_M”

“1912 07 30″=”大正_大_Taisho_T”

“1926 12 25″=”昭和_昭_Showa_S”

“1989 01 08″=”平成_平_Heisei_H”

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4487017 Applies to: Windows 10, version 1803

https://support.microsoft.com/en-us/help/4487017/windows-10-update-kb4487017

Symptoms: After installing this update, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Workaround: Modify the registry with the two- character abbreviation for Japanese eras as follows:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Calendars\Japanese\Eras]

“1868 01 01″=”明治_明_Meiji_M”

“1912 07 30″=”大正_大_Taisho_T”

“1926 12 25″=”昭和_昭_Showa_S”

“1989 01 08″=”平成_平_Heisei_H”

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4487044 Applies to: Windows 10, version 1809, Windows Server 2019, all versions

https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044

Symptoms: After installing this update, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Workaround: Modify the registry with the two- character abbreviation for Japanese eras as follows:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Calendars\Japanese\Eras]

“1868 01 01″=”明治_明_Meiji_M”

“1912 07 30″=”大正_大_Taisho_T”

“1926 12 25″=”昭和_昭_Showa_S”

“1989 01 08″=”平成_平_Heisei_H”

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4487052 Applies to: Exchange Server 2010 Service Pack 3

https://support.microsoft.com/en-us/help/4487052/update-rollup-26-for-exchange-server-2010-service-pack-3

Symptoms: When you try to manually install this security update by double-clicking the update file (.msp) to run it in “normal mode” (that is, not as an administrator), some files are not correctly updated.

When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

To avoid this issue, follow these steps to manually install this security update:

Select Start, select All Programs, and then select Accessories.

Right-click Command prompt, and then select Run as administrator.

If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.

Type the full path of the .msp file, and then press Enter.

This issue does not occur when you install the update from Microsoft Update.

Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to its usual state. To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update from an elevated command prompt. For more information about how to open an elevated command prompt, visit the following Microsoft webpage: Start a Command Prompt as an Administrator.

Workaround: This cumulative update fixes the issues that are described in the following Microsoft Knowledge Base article:

4490060 Exchange Web Services Push Notifications can be used to gain unauthorized access

 

 

Flexis January 2019 Patch Review And Recommendations

  • KB4480961 – 2019-01 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4480961)
  • KB4481484 – 2019-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64
  • KB4480963 – 2019-01 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems and Windows 8.1 for x64-based Systems
  • KB4480979 – 2019-01 Security Update for Adobe Flash Player for Windows Server 2012 R2 for x64-based Systems and Windows 8.1 for x64-based Systems
  • KB4480970 – 2019-01 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems and Windows 7 for x64-based Systems
  • KB4480966 – 2019-01 Cumulative Update for Windows 10 Version 1803 for x64-based Systems

 

 

Impacted Products:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • .NET Framework
  • ASP .NET
  • Microsoft Exchange Server
  • Microsoft Visual Studio

 

Please note the following information regarding the security updates:

  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

 

Microsoft Security Advisories:

  • ADV190001 | January 2019 Adobe Flash Update

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190001

 

Known Issues:

KB4480961, KB4480973, KB4480978, KB4480966, KB4480970, KB4480116, KB4480962, KB4480963, KB4480975, 4468742, KB4471389

 

 

KB4480961 Applies to: Windows 10, version 1607, Windows Server 2016

https://support.microsoft.com/en-us/help/4480961/windows-10-update-kb4480961

Symptoms:

  1. System Center Virtual Machine Manager (SCVMM) managed workloads are noticing infrastructure management issues after VMM refresh as the Windows Management Instrumentation (WMI) class around network port is being unregistered on Hyper-V hosts.
  2. After installing this update on Windows Server 2016, instant search in Microsoft Outlook clients fail with the error, “Outlook cannot perform the search”.
  3. After installing KB4467691, Windows may fail to startup on certain Lenovo laptops that have less than 8 GB of RAM.
  4. After installing this update, third-party applications may have difficulty authenticating hotspots.

Workaround:

  1. Run mofcompfor the mofVMMDHCPSvr.mof, and other relevant SCVMM MOF Files. Please upgrade thru the SCVMM 2016 Update Rollup 6 (UR6) to expedite the Host Refresh activities after running mofcomp command.
  2. To alleviate the symptoms, run sfc /scannow as described in step 3 of Use the System File Checker tool to repair missing or corrupted system files. Then restart Microsoft Outlook. Microsoft is working on a resolution and will provide an update in an upcoming release.
  3. Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.
    If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.
    Microsoft is working with Lenovo and will provide an update in an upcoming release.
  4. Microsoft is working on a resolution and estimates a solution will be available mid-January.

 

 

KB4480973 Applies to: Windows 10, version 1703

https://support.microsoft.com/en-us/help/4480973/windows-10-update-kb4480973

Symptoms: After installing this update, third-party applications may have difficulty authenticating hotspots.

Workaround: Microsoft is working on a resolution and estimates a solution will be available mid-January.

 

 

KB4480978 Applies to: Windows 10, version 1709

https://support.microsoft.com/en-us/help/4480978/windows-10-update-kb4480978

Symptoms: After installing this update, third-party applications may have difficulty authenticating hotspots.

Workaround: Microsoft is working on a resolution and estimates a solution will be available mid-January.

 

 

KB4480966 Applies to: Windows 10, version 1803

https://support.microsoft.com/en-us/help/4480966/windows-10-update-kb4480966

Symptoms:

  1. After you install the August Preview of Quality Rollupor September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.
  2. After installing this update, some users cannot pin a web link on the Startmenu or the taskbar.
  3. After installing KB4467682, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.
  4. After installing this update, third-party applications may have difficulty authenticating hotspots.

Workaround:

  1. Microsoft is working on a resolution and will provide an update in an upcoming release.
  2. Microsoft is working on a resolution and will provide an update in an upcoming release.
  3. Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.
    Microsoft is working on a resolution and will provide an update in an upcoming release.
  4. Microsoft is working on a resolution and estimates a solution will be available mid-January.

 

 

KB4480970 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

https://support.microsoft.com/en-us/help/4480970/windows-7-update-kb4480970

Symptoms:

  1. After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.
  2. After installing this update, some users are reporting the KMS Activation error, “Not Genuine”, 0xc004f200 on Windows 7 devices.
  3. Local users who are part of the local “Administrators“ group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing the January 8th, 2019 security updates. This does not affect domain accounts in the local “Administrators” group.

Workaround:

  1. To locate the network device, launch devmgmt.msc. It may appear under Other Devices.
  • To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
    • Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.
  1. We are aware of this incident and are presently investigating it. We will provide an update when available.
  2. To work around this issue use either a local account that is not part of the local “Administrators” group or any domain user (including domain administrators).
    We recommend this workaround until a fix is available in a future release.

 

 

KB4480116 Applies to: Windows 10, version 1809, Windows Server 2019, all versions

https://support.microsoft.com/en-us/help/4480116/windows-10-update-kb4480116

Symptoms: After installing this update, third-party applications may have difficulty authenticating hotspots.

Workaround: Microsoft is working on a resolution and estimates a solution will be available late January.

 

 

KB4480962 Applies to: Windows 10

https://support.microsoft.com/en-us/help/4480962/windows-10-update-kb4480962

Symptoms: After installing this update, third-party applications may have difficulty authenticating hotspots.

Workaround: Microsoft is working on a resolution and estimates a solution will be available early February.

 

 

KB4480963 Applies to: Windows 8.1, Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4480963/windows-8-1-update-kb4480963

Symptoms: After installing this update, third-party applications may have difficulty authenticating hotspots.

Workaround: Microsoft is working on a resolution and estimates a solution will be available mid-January.

 

KB4480975 Applies to: Windows Server 2012, Windows Embedded 8 Standard

https://support.microsoft.com/en-us/help/4480975/windows-server-2012-update-kb4480975

Symptoms: After installing this update, third-party applications may have difficulty authenticating hotspots.

Workaround: Microsoft is working on a resolution and estimates a solution will be available mid-January.

 


4468742 Applies to: Exchange Server 2010

https://support.microsoft.com/en-us/help/4468742/update-rollup-25-for-exchange-server-2010-service-pack-3

Symptoms: When you try to manually install this security update by double-clicking the update file (.msp) to run it in “normal mode” (that is, not as an administrator), some files are not correctly updated.

When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

Workaround: To avoid this issue, follow these steps to manually install this security update:

1. Select Start, select All Programs, and then select Accessories.

2. Right-click Command prompt, and then select Run as administrator.

3. If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.

4. Type the full path of the .msp file, and then press Enter.

This issue does not occur when you install the update from Microsoft Update.

 

4471389 Applies to: Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

https://support.microsoft.com/en-us/help/4471389/description-of-the-security-update-for-microsoft-exchange-server-2019

Symptoms: When you try to manually install this security update by double-clicking the update file (.msp) to run it in “normal mode” (that is, not as an administrator), some files are not correctly updated.

When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

Workaround: To avoid this issue, follow these steps to manually install this security update:

1. Select Start, select All Programs, and then select Accessories.

2. Right-click Command prompt, and then select Run as administrator.

3. If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.

4. Type the full path of the .msp file, and then press Enter.

This issue does not occur when you install the update from Microsoft Update.

 

Flexis December 2018 Patch Review And Recommendations

  • KB4471321 – 2018-12 Cumulative Update for Windows Server 2016 for x64-based Systems
  • KB4471320 – 2018-12 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
  • KB4471989 – 2018-12 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64
  • KB4471318 – 2018-12 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems
  • KB4471987 – 2018-12 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64
  • KB4471318 – 2018-12 Security Monthly Quality Rollup for Windows 7 for x86-based Systems
  • KB4471320 – 2018-12 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems
  • KB4471324 – 2018-12 Cumulative Update for Windows 10 Version 1803 for x64-based Systems

 

Impacted Products:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • .NET Framework
  • Microsoft Exchange Server
  • Microsoft Visual Studio
  • Windows Azure Pack (WAP)

 

Please note the following information regarding the security updates:

  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

 

Known Issues:

KB4471321, KB4471327, KB4471329, KB4471324, KB4471318

 

KB4471321 Applies to: Windows 10 – version 1607, Windows Server 2016

https://support.microsoft.com/en-us/help/4471321/windows-10-update-kb4471321

Symptoms: After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 

KB4471327 Applies to: Windows 10 – version 1703

https://support.microsoft.com/en-us/help/4471327/windows-10-update-kb4471327

Symptoms: After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 

KB4471329 Applies to: Windows 10 – version 1709

https://support.microsoft.com/en-us/help/4471329/windows-10-update-kb4471329

Symptoms: After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 

KB4471324 Applies to: Windows 10 – version 1803

https://support.microsoft.com/en-us/help/4471324/windows-10-update-kb4471324

Symptoms: After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 

KB4471318 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

https://support.microsoft.com/en-us/help/4471318/windows-7-update-kb4471318

Symptoms: After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.

Workaround:

  1. To locate the network device, launch devmgmt.msc. It may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
    • Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.

 

Flexis November 2018 Patch Review And Recommendations

  • KB4465659 – 2018-11 Update for Windows Server 2016 for x64-based Systems
  • KB4467691 – 2018-11 Cumulative Update for Windows Server 2016 for x64-based Systems
  • KB4467701 – 2018-11 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems
  • KB4467697 – 2018-11 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
  • KB4467694 – 2018-11 Security Update for Adobe Flash Player for Windows Server 2012 R2 for x64-based Systems
  • KB4467107 – 2018-11 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems

 

Impacted Products:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • .NET Core
  • Skype for Business
  • Azure App Service on Azure Stack
  • Microsoft Dynamics 365 (On-Premises) version 8
  • PowerShell Core

 

Please note the following information regarding the security updates:

  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

 

Microsoft Security Advisories:

  • ADV180025 | November 2018 Adobe Flash Security Update

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180025

 

Known Issues:

KB4467691, KB4467696, KB4467686, KB4467702, KB4467107, KB4461529

 

KB4467691 Applies to: Windows 10 – version 1607, and Windows Server 2016

 https://support.microsoft.com/en-us/help/4467691/windows-10-update-kb4467691

Symptoms: After installing this update, installation and client activation of Windows Server 2019 and 1809 LTSC Key Management Service (KMS) (CSVLK) host keys do not work as expected. After installing this update, Windows Server 2016 promotions that create non-root domains fail in forests in which optional features like Active Directory recycle have been enabled. The error is, “The replication operation encountered a database error”.

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 

KB4467696 Applies to: Windows 10 – version 1703

https://support.microsoft.com/en-us/help/4467696/windows-10-update-kb4467696

Symptoms: After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 

KB4467686 Applies to: Windows 10 – version 1709

https://support.microsoft.com/en-us/help/4467686/windows-10-update-kb4467686

Symptoms: After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 

KB4467702 Applies to: Windows 10 – version 1803

 https://support.microsoft.com/en-us/help/4467702/windows-10-update-kb4467702

 Symptoms: After installing this update, some users cannot set Win32 program defaults for certain app and file type combinations using the Open with… command or Settings > Apps > Default apps.

In some cases, Microsoft Notepad or other Win32 programs cannot be set as the default.

Workaround: In some cases, attempting to set application defaults again will succeed. Microsoft is working on a resolution and estimates a solution will be available in late November 2018.

 

 

KB4467107 Applies to: Windows 7 – Service Pack 1, and Windows Server 2008 R2 – Service Pack 1

 https://support.microsoft.com/en-us/help/4467107/windows-7-update-kb4467107

Symptoms: After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.

Workaround:

  1. To locate the network device, launch devmgmt.msc. It may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
    • Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.

 

 

KB4461529 Applies to: Outlook 2010, Microsoft Office 2010 – Service Pack 2

 https://support.microsoft.com/en-us/help/4461529/description-of-the-security-update-for-outlook-2010-november-13-2018

Symptoms: After you install the 64-bit version of this security update, Outlook may crash on start-up.

Workaround: Microsoft is researching this problem and will post more information in this article when the information becomes available.

 

 

Flexis October 2018 Patch Review And Recommendations

Patches Microsoft released in October 2018

  • KB4462917 – 2018-10 Cumulative Update for Windows Server 2016 for x64-based systems
  • KB4462926 – 2018-10 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
  • KB4462923 – 2018-10 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems
  • KB4463097 – 2018-10 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems

 


Impacted Products:

 

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • .NET Core
  • PowerShell Core
  • SQL Server Management Studio
  • Microsoft Exchange Server
  • Azure IoT Edge

 

Please note the following information regarding the security updates:

 

  • Customers running Windows 7 or Windows Server 2008 R2 need to ensure they have Servicing Stack Update (SSU) 3177467 installed before installing the October 2018 security updates, to avoid a failure to install. See Microsoft Knowledge Base Article 3177467for more information about this SSU.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

 

Microsoft Security Advisories:

  • ADV180026 | Microsoft Office Defense in Depth Update

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180026

 

Known Issues:

KB4459266, KB4462917, KB4462923, KB4092470, KB4461450

 

KB4459266 Applies to: Exchange Server 2016, Exchange Server 2013

 

https://support.microsoft.com/en-us/help/4459266/description-of-the-security-update-for-microsoft-exchange-server-2013

Symptoms: When you try to manually install this security update in “normal mode” (not running the update as an administrator) by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update was not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update does not correctly stop certain Exchange-related services.

 

Workaround: To avoid this issue, run the security update in elevated mode, as an administrator. To do this, right-click the update file, and then click Run as administrator.

 

 

KB4462917 Applies to: Windows 10, version 1607; Windows Server 2016

 

https://support.microsoft.com/en-us/help/4462917/windows-10-update-kb4462917

 

Symptoms: After installing this update, installing Window Server 2019 Key Management Service (KMS) host keys (CSVLK) on Window Server 2016 KMS hosts does not work as expected.

 

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 

KB4462923 Applies to: Applies to: Windows 7 Service Pack 1; Windows Server 2008 R2 Service Pack 1

 

https://support.microsoft.com/en-us/help/4462923/windows-7-update-kb4462923

 

Symptoms: After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.

 

Workaround:

  1. To locate the network device, launch devmgmt.msc. It may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
  • Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.

 

KB4092470 Applies to: Microsoft SharePoint Server 2013 Service Pack 1

 

https://support.microsoft.com/en-us/help/4092470/description-of-the-security-update-for-sharepoint-enterprise-server

 

Symptoms: When you try to move document sets to a records center after applying KB4092470, you may see an unexpected error.

 

Workaround: To resolve this issue, install the October 9, 2018, cumulative update for SharePoint Enterprise Server 2013 (KB4461458).

 

 

KB4461450 Applies to: Microsoft SharePoint Server 2013 Service Pack 1

 

https://support.microsoft.com/en-us/help/4461450/description-of-the-security-update-for-sharepoint-enterprise-server

 

Symptoms: When you try to move document sets to a records center after applying KB4461450, you may see an unexpected error.

 

Workaround: To resolve this issue, install the October 9, 2018, cumulative update for SharePoint Enterprise Server 2013 (KB4461458).

 

 

New Autotask PSA Features Enable MSPs to Improve Resource Allocation and Enhance Client Collaboration

Datto announced the latest update to Autotask PSA, Datto’s Autotask PSA 2018.2, on September 26, 2018. The new release will provide a highly configurable ticketing and timekeeping functionality, redesigned Client Portal homepage, and new contract visibility options.

 

Features of Autotask PSA 2018.2 include:

 

  • Start/End Time-off Requests: Technicians can request time off for specific time frames.

 

  • Configurable Time Entries for Tickets: The time entry screen will be configurable with additional quick edit fields, such as Queue and Due Date.

 

  • Re-designed Client Portal Homepage: Clients can access the Client Portal with a new friendly URL with a view of open Service Tickets and Projects.

 

  • New Contract Visibility Options:The Visibility options (no visibility, limited, or full) ensures staff and clients to only see the minimum level of contract information needed.

 

Read more by clicking here.

Flexis September 2018 Patch Review And Recommendations

Below are the patches approved in our NOC monthly patch testing procedure.

  • KB4457131 – 2018-09 Cumulative Update for Windows Server 2016 for x64-based systems
  • KB4457129 – 2018-09 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
  • KB4457129 – 2018-09 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
  • KB4458010 – 2018-09 Security Monthly Quality Rollup for Windows Server 2008 for x86-based System
  • KB4457144 – 2018-09 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems

 

Impacted Products:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Adobe Flash Player
  • .NET Framework
  • Microsoft Data OData
  • NET

 

Please note the following information regarding the security updates:

 

  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

 

Microsoft Security Advisories:

  • ADV180022 | Windows Denial of Service Vulnerability

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180022

  • ADV180023 | September 2018 Adobe Flash Security Update

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180023

 

Known Issues:

KB4457128, KB4457144, KB4458321

 

KB4457128 Applies to: Windows 10, version 1803

 

https://support.microsoft.com/en-us/help/4457128/windows-10-update-kb4457128

 

Symptoms: An issue that causes the Program Compatibility Assistant (PCA) service to have excessive CPU usage. This occurs when the concurrency of two simultaneous add and remove programs (ARP) monitoring threads is not handled correctly.

 

Workaround: Microsoft is currently not aware of any issues with this update.

 

 

KB4457144 Applies to: Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1

 

https://support.microsoft.com/en-us/help/4457144/windows-7-update-kb4457144

 

Symptoms: After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.

 

Workaround:

  • To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
  • To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
  1. a. Alternatively, install the drivers for the network device by right-clicking the device and selecting Update. Then select Search automatically for updated driver software or Browse my computer for driver software.

 

KB4458321 Applies to: Exchange Server 2010 Service Pack 3

 

https://support.microsoft.com/en-us/help/4458321/update-rollup-24-for-exchange-server-2010-service-pack-3

 

Symptoms: When you try to manually install this security update in “normal mode” (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update is not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update does not correctly stop certain Exchange-related services.

 

Workaround: To avoid this issue, run the security update in elevated mode, as an administrator. To do this, right-click the update file, and then click Run as administrator.

Flexis August 2018 Patch Review And Recommendations

All patches are approved in our NOC monthly patch testing procedure.

  • KB4343898 – 2018-08 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
  • KB4343898 – Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
  • KB4338380 – 2018-08 security Update for windows server 2008 for x86 based Systems
  • KB4340937 – 2018-08 security Update for windows server 2008 for x86 based Systems
  • KB4340939 – 2018-08 security Update for windows server 2008 for x86 based Systems
  • KB4341832 – 2018-08 security Update for windows server 2008 for x86 based Systems
  • KB4343674 – 2018-08 security Update for windows server 2008 for x86 based Systems
  • KB4344104 – 2018-08 security Update for windows server 2008 for x86 based Systems
  • KB4343205 – Cumulative Security Update for Internet Explorer 9 for Windows Server 2008
  • KB4343900 – 2018-08 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems
  • KB4343205 – Cumulation Security Update for Internet Explorer 11 for Windows server 2008 R2 x64-based systems

 

Impacted Products:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Adobe Flash Player
  • .NET Framework
  • Microsoft Exchange Server
  • Microsoft SQL Server
  • Visual Studio

 

Please note the following information regarding the security updates:

  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

 

Microsoft Security Advisories:

  • ADV180016 | Microsoft Guidance for Lazy FP State Restore

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180016

  • ADV180018 | Microsoft Guidance to mitigate L1TF variant

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180018

  • ADV180020 | August 2018 Adobe Flash Security Update

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180020

 

Known Issues:

KB4340731, KB4340733, KB4343897, KB4343900, KB4343887

 

KB4343897 Applies to: Windows 10, version 1709

https://support.microsoft.com/en-us/help/4343897/windows-10-update-kb4343897

 

Symptoms: Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you’ve created and Device Guard is enabled

 

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

 

 

KB4343900 Applies to: Windows 7 Service Pack 1Windows Server 2008 R2 Service Pack 1

https://support.microsoft.com/en-us/help/4343900/windows-7-update-kb4343900

 

Symptoms: There is an issue with Windows and third-party software that is related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.

 

Workaround:

  • To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
  • To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
  1. a. Alternatively, install the drivers for the network device by right-clicking the device and selecting Update. Then select Search automatically for updated driver software or Browse my computer for driver software.

 

 

KB4340731 Applies to: Exchange Server 2010 Enterprise Exchange Server 2013 Enterprise Exchange Server 2016 Enterprise Edition

https://support.microsoft.com/en-us/help/4340731/description-of-the-security-update-for-microsoft-exchange-server-2013

 

Symptoms: When you try to manually install this security update in “normal mode” (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update is not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update does not correctly stop certain Exchange-related services.

 

Workaround: To avoid this issue, run the security update in elevated mode, as an administrator. To do this, right-click the update file, and then click Run as administrator.

 

 

KB4340733 Applies to: Exchange Server 2010 Enterprise

https://support.microsoft.com/en-us/help/4340733/update-rollup-23-for-exchange-server-2010-service-pack-3

 

Symptoms: When you try to manually install this security update in “normal mode” (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update is not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC).

 

Workaround: The issue occurs because the security update does not correctly stop certain Exchange-related services. To avoid this issue, run the security update in elevated mode, as an administrator. To do this, right-click the update file, and then click Run as administrator.

 

KB4343887 Applies to: Windows 10, version 1607, Windows Server 2016

 

https://support.microsoft.com/en-us/help/4343887/windows-10-update-kb4343887

 Symptoms: This security issue has been identified in Microsoft software product that could affect your system with high CPU utilization.

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release but for the time being please avoid this patch.