Flexis August 2019 Patch Review And Recommendations

• KB4512517 – 2019-08 Cumulative Update for Windows Server 2016 for x64-based Systems
• KB4512488 – 2019-08 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
• KB4512506 – 2019-08 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based System

Impacted Products:

• Microsoft Windows
• Internet Explorer
• Microsoft Edge
• Microsoft Office and Microsoft Office Services and Web Apps
• Visual Studio
• Online Services
• Active Directory
• Microsoft Dynamics

 

Please note the following information regarding the security updates:

•  A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is only present in only the IE Cumulative package.

 

Microsoft Security Advisories:

• ADV190014 | Microsoft Live Accounts Elevation of Privilege Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190014

 

Known Issues:

 

KB4511553 Applies to: Windows 10 version 1809, Windows Server version 1809, Windows Server 2019 all versions

 https://support.microsoft.com/en-us/help/4511553/windows-10-update-kb4511553

 Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”

 

We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.” This issue occurs in this update and in all the updates before June 18, 2019.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
2. Select Check for Updatesand install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

1. Go to the Settings app > Recovery.
2. Select Get Startedunder the Reset this PC recovery option.
3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.

To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

 

We are working on a resolution and will provide an update in an upcoming release.

 

For mitigation instructions, see KB4512816.

 

We are working on a resolution and will provide an update in an upcoming release.

 

This issue is resolved in KB4512534, which is an optional update. It is available on the following release channels:

Microsoft Update Catalog.

Windows Update.

Microsoft Update.

Windows Server Update Services (WSUS).

As with any optional update, you will need to Check for updates to receive and install KB4512534. For instructions, see Update Windows 10.

 

Note Windows Update for Business customers should apply the update using the Microsoft Update Catalog or Windows Server Update Services (WSUS).

 

KB4511872 Applies to: Internet Explorer 11 on Windows Server 2012 R2, Internet Explorer 11 on Windows Server 2012, Internet Explorer 11 on Windows Server 2008 R2 SP1, Internet Explorer 11 on Windows 8.1 Update, Internet Explorer 11 on Windows 7 SP1, Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 on Windows Server 2008 SP2

https://support.microsoft.com/en-us/help/4511872/cumulative-security-update-for-internet-explorer

Symptoms:

This cumulative security update 4511872 for Internet Explorer 10 might be offered for installation through Windows Server Update Services (WSUS) or other update management solutions, even after you install KB4492872 (Internet Explorer 11 for Windows Server 2012 and Windows Embedded 8 Standard) and upgrade to Internet Explorer 11.

 

For Windows 7 SP1 and Windows Server 2008 R2 SP1, VBscript in Internet Explorer 11 should be disabled by default after installing updates starting with KB4507437 (Preview of Monthly Rollup released July 16, 2019) or KB4511872 (Internet Explorer Cumulative Update released August 13, 2019) but in some circumstances, may not be disabled as intended.

 

Workaround:

Although this cumulative security update for Internet Explorer 10 might be offered for installation, this issue will not affect the functionality of Internet Explorer 11. However, you should also install KB4511872 to apply the security fixes that are resolved this month for Internet Explorer 11.

Microsoft is working on a resolution for this issue and will provide an update in an upcoming release.

 

To work around this issue, follow these steps:

1. In Internet Explorer 11, select Tools or press and hold the Alt key on your keyboard and then select the letter X to see the menu.
2. Select Internet Options.
3. Select the Security tab.
4. Select the Internet icon in the Select a zone to view or change security settings field.
5. Select the Default Level button.
6. Select the Ok button to accept settings and close the dialog box.
7. Close Internet Explorer 11, on next start, VBScript will now be disabled.

 

We are working on a resolution and will provide an update in an upcoming release.

 

KB4512476 Applies to: Windows Server 2008 Service Pack 2

 https://support.microsoft.com/en-us/help/4512476/windows-server-2008-update-kb4512476

 Symptoms:

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

For mitigation instructions, see KB4512816.

We are working on a resolution and will provide an update in an upcoming release.

This issue is resolved in KB4517301, which is an optional update. It is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

 

KB4512482 Applies to: Windows Server 2012, Windows Embedded 8 Standard

 https://support.microsoft.com/en-us/help/4512482/windows-server-2012-update-kb4512482

 Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

For mitigation instructions, see KB4512816.

 

We are working on a resolution and will provide an update in an upcoming release.

 

This issue is resolved in KB4517302, which is an optional update. It is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

 

KB4512486 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

 https://support.microsoft.com/en-us/help/4512486/windows-7-update-kb4512486

Symptoms:

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:

 

“File: \Windows\system32\winload.efi

Status: 0xc0000428

Info: Windows cannot verify the digital signature for this file.”

 

Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

For mitigation instructions, see KB4512816.

We are working on a resolution and will provide an update in an upcoming release.

To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.

Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Guidance for Symantec customers can be found in the Symantec support article.

 

This issue is resolved in KB4517297, which is an optional update. It is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

 

KB4512488 Applies to: Windows 8.1, Windows Server 2012 R2

 https://support.microsoft.com/en-us/help/4512488/windows-8-1-update-kb4512488

 Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

For mitigation instructions, see KB4512816.

We are working on a resolution and will provide an update in an upcoming release.

 

This issue is resolved in KB4517298, which is an optional update. It is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

 

KB4512489 Applies to: Windows 8.1, Windows Server 2012 R2

 https://support.microsoft.com/en-us/help/4512489/windows-8-1-update-kb4512489

Symptoms:

 

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

For mitigation instructions, see KB4512816.

 

We are working on a resolution and will provide an update in an upcoming release.

 

This issue is resolved in KB4517298, which is an optional update. It is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

KB4512491 Applies to: Windows Server 2008 Service Pack 2

 https://support.microsoft.com/en-us/help/4512491/windows-server-2008-update-kb4512491

 Symptoms:

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

For mitigation instructions, see KB4512816.

We are working on a resolution and will provide an update in an upcoming release.

 

This issue is resolved in KB4517301, which is an optional update. It is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

 

KB4512497 Applies to: Windows 10

 https://support.microsoft.com/en-us/help/4512497/windows-10-update-kb4512497

 Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

This issue is resolved in KB4517276, which is an optional update. It is available on the following release channels:

• Microsoft Update Catalog.
• Windows Update.
• Microsoft Update.
• Windows Server Update Services (WSUS).

As with any optional update, you will need to Check for updates to receive and install KB4517276. For instructions, see Update Windows 10.

 

Note Windows Update for Business customers should apply the update using the Microsoft Update Catalog or Windows Server Update Services (WSUS).

 

KB4512501 Windows 10 version 1803

 https://support.microsoft.com/en-us/help/4512501/windows-10-update-kb4512501

 Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

We are working on a resolution and will provide an update in an upcoming release.

 

For mitigation instructions, see KB4512816.

 

We are working on a resolution and will provide an update in an upcoming release.

 

Microsoft is working on a resolution and estimates a solution will be available in the coming days. This optional update will be available on the following release channels:

• Microsoft Update Catalog.
• Windows Update.
• Microsoft Update.
• Windows Server Update Services (WSUS).

As with any optional update, you will need to Check for updates to receive the update once it is released.

 

Note Windows Update for Business customers should apply the update using the Microsoft Update Catalog or Windows Server Update Services (WSUS).

 

KB4512506 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

 https://support.microsoft.com/en-us/help/4512506/windows-7-update-kb4512506

 Symptoms:

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:

“File: \Windows\system32\winload.efi

Status: 0xc0000428

Info: Windows cannot verify the digital signature for this file.”

 

Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

VBScript in Internet Explorer 11 should be disabled by default after installing KB4507437 (Preview of Monthly Rollup) or KB4511872 (Internet Explorer Cumulative Update) and later. However, in some circumstances, VBScript may not be disabled as intended.

 

Workaround:

For mitigation instructions, see KB4512816.

We are working on a resolution and will provide an update in an upcoming release.

To resolve this issue please follow the steps outlined in the SHA-2 support FAQ article for error code 0xc0000428.

Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.

Guidance for Symantec customers can be found in the Symantec support article.

 

This issue is resolved in KB4517297, which is an optional update. It is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).

 

To mitigate this issue, follow these steps:

1. In Internet Explorer 11 select the Tools icon or press and hold the alt key on your keyboard and press the letter x to see the menu.
2. Select Internet Options.
3. Select the Security tab.
4. Select the Internet icon in the Select a zone to view or change security settings field.
5. Select the Default Level button.
6. Select the Ok button to accept settings and close the dialog.
7. Close Internet Explorer 11. On the next start, VBScript will be disabled.

 

We are working on a resolution and will provide an update in an upcoming release.

 

KB4512507 Applies to: Windows 10 Version 1703

 https://support.microsoft.com/en-us/help/4512507/windows-10-update-kb4512507

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

This issue is resolved in KB4512474, which is an optional update. It is available on the following release channels:

• Microsoft Update Catalog.
• Windows Update.
• Microsoft Update.
• Windows Server Update Services (WSUS).

As with any optional update, you will need to Check for updates to receive and install KB4512474. For instructions, see Update Windows 10.

Note Windows Update for Business customers should apply the update using the Microsoft Update Catalog or Windows Server Update Services (WSUS).

 

KB4512508 Applies to: Windows 10 Version 1903, Windows Server version 1903

 https://support.microsoft.com/en-us/help/4512508/windows-10-update-kb4512508

 Symptoms:

Windows Sandbox may fail to start with “ERROR_FILE_NOT_FOUND (0x80070002)” on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

Devices connected to a domain that is configured to use MIT Kerberos realms may not start up or may continue to restart after installation of this update. Devices that are domain controllers or domain members are both affected.

 

If you are not sure if your device is affected, contact your administrator. Advanced users can check if this registry key exists HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\MitRealms or for “Define interoperable Kerberos v5 realm settings” policy under Computer Configuration -> Policies -> Administrative Templates > System -> Kerberos.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Microsoft is working on a resolution and will provide an update in an upcoming release.

For mitigation instructions, see KB4512816.

At this time, we suggest that devices in an affected environment do not install this update. We are working on a resolution and estimate a solution will be available in late August.

 

Microsoft is working on a resolution and estimates a solution will be available in late August. This optional update will be available on the following release channels:

• Microsoft Update Catalog.
• Windows Update.
• Microsoft Update.
• Windows Server Update Services (WSUS).

 

As with any optional update, you will need to Check for updates to receive the update once it is released.

Note Windows Update for Business customers should apply the update using the Microsoft Update Catalog or Windows Server Update Services (WSUS).

 

KB4512516 Applies to: Windows 10 version 1709

 https://support.microsoft.com/en-us/help/4512516/windows-10-update-kb4512516

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

For mitigation instructions, see KB4512816.

 

This issue is resolved in KB4512494, which is an optional update. It is available on the following release channels:

• Microsoft Update Catalog.
• Windows Update.
• Microsoft Update.
• Windows Server Update Services (WSUS).

As with any optional update, you will need to Check for updates to receive and install KB4512494. For instructions, see Update Windows 10.

 

Note Windows Update for Business customers should apply the update using the Microsoft Update Catalog or Windows Server Update Services (WSUS).

 

KB4512517 Applies to: Windows 10 version 1607, Windows Server 2016

https://support.microsoft.com/en-us/help/4512517/windows-10-update-kb4512517

Symptoms:

After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

 

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

For mitigation instructions, see KB4512816.

 

This issue is resolved in KB4512495, which is an optional update. It is available on the following release channels:

• Microsoft Update Catalog.
• Windows Update.
• Microsoft Update.
• Windows Server Update Services (WSUS).

As with any optional update, you will need to Check for updates to receive and install KB4512495. For instructions, see Update Windows 10.

 

Note Windows Update for Business customers should apply the update using the Microsoft Update Catalog or Windows Server Update Services (WSUS).

 

KB4512518 Applies to: Windows Server 2012, Windows Embedded 8 Standard

https://support.microsoft.com/en-us/help/4512518/windows-server-2012-update-kb4512518

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error “Status: 0xc0000001, Info: A required device isn’t connected or can’t be accessed” after installing this update on a WDS server.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

For mitigation instructions, see KB4512816.

 

This issue is resolved in KB4517302, which is an optional update. It is now available on Microsoft Update Catalog and Windows Server Update Services (WSUS).