Flexis December 2019 Patch Review And Recommendations

KB4530715 – 2019-12 Cumulative Update for Windows Server 2019 for x64-based Systems

• KB4530689 – 2019-12 Cumulative Update for Windows Server 2016 for x64-based Systems
• KB4530717 – 2019-12 Cumulative Update for Windows Server 2016 (1803) for x64-based Systems
• KB4530691 – 2019-12 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems
• KB4530702 – 2019-12 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
• KB4530695 – 2019-12 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems
• KB4530734 – 2019-12 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems

Impacted Products:

• Microsoft Windows
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• SQL Server
• Visual Studio
• Skype for Business

 

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is only present in only the IE Cumulative package.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

Microsoft Security Advisories:

• ADV990001 | Latest Servicing Stack Updates

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001

• ADV190026 | Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190026

 

Known Issues:

 

KB4530689 Applies to: Windows 10 version 1607; Windows Server 2016

https://support.microsoft.com/en-us/help/4530689/windows-10-update-kb4530689

Symptoms:

After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4530691 Applies to: Windows Server 2012; Windows Embedded 8 Standard

https://support.microsoft.com/en-us/help/4530691/windows-server-2012-update-kb4530691

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4530698 Applies to: Windows Server 2012; Windows Embedded 8 Standard

 

https://support.microsoft.com/en-us/help/4530698/windows-server-2012-update-kb4530698

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4530702 Applies to: Windows 8.1; Windows Server 2012 R2; Windows Embedded 8.1 Industry Enterprise; Windows Embedded 8.1 Industry Pro

https://support.microsoft.com/en-us/help/4530702/windows-8-1-kb4530702

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4530714 Applies to: Windows 10 version 1709

https://support.microsoft.com/en-us/help/4530714/windows-10-update-kb4530714

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

 

Note: This issue does not affect using a Microsoft Account during OOBE.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.

 

KB4530715 Applies to: Windows 10 version 1809; Windows Server version 1809; Windows Server 2019 all versions

https://support.microsoft.com/en-us/help/4530715/windows-10-update-kb4530715

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”

When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

 

Note: This issue does not affect using a Microsoft Account during OOBE.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

• Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
• Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

 

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

1. Go to the Settings app > Recovery.
2. Select Get Started under the Reset this PC recovery option.
3. Select Keep my Files.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4530717 Applies to: Windows 10 version 1803

https://support.microsoft.com/en-us/help/4530717/windows-10-update-kb4530717

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages.

 

Note This issue does not affect using a Microsoft Account during OOBE.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

To mitigate this issue, set the keyboard language to English during user creation or use a Microsoft Account to complete OOBE. You can set the keyboard language back to your preferred language after user creation. Once the OOBE is done and you are at the desktop, you can rename the current user using these instructions. If you prefer to create a new local user, see KB4026923.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4530730 Applies to: Windows 8.1; Windows Server 2012 R2; Windows Embedded 8.1 Industry Enterprise; Windows Embedded 8.1 Industry Pro

https://support.microsoft.com/en-us/help/4530730/windows-8-1-kb4530730

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4530734 Applies to: Windows 7 Service Pack 1; Windows Server 2008 R2 Service Pack 1; Windows Embedded Standard 7 Service Pack 1; Windows Embedded POS Ready 7 Windows Thin PC

https://support.microsoft.com/en-us/help/4530734/windows-7-update-kb4530734

Improvements and fixes:

This security update includes improvements and fixes that were a part of update KB4525251 (released November 19, 2019) and addresses the following issues:

• Security updates to Windows Input and Composition, Windows Virtualization, Windows Kernel, Windows Peripherals, the Microsoft Scripting Engine, and Windows Server.

 

For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.