Flexis February 2020 Patch Review And Recommendations

• KB4532691 – 2020-02 Cumulative Update for Windows Server 2019 for x64-based Systems
• KB4537764 – 2020-02 Cumulative Update for Windows Server 2016 for x64-based Systems
• KB4537814 – 2020-02 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems
• KB4537821 – 2020-02 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
• KB4502496 – 2020-02 Security Update for Windows Server 2012 R2 for x64-based Systems
• KB4538124 – 2020-02 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Server 2012 R2 for x64

Impacted Products:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based)
• Internet Explorer
• Microsoft Exchange Server
• Microsoft SQL Server
• Microsoft Office and Microsoft Office Services and Web Apps
• Windows Malicious Software Removal Tool
• Microsoft Surface Hub

 

Please note the following information regarding the security updates:

• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Microsoft Security Advisories:

• ADV200003 | February 2020 Adobe Flash Security Update

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200003

 

Known Issues:

KB4532691 Applies to: Windows 10 version 1809; Windows Server version 1809; Windows Server 2019 all versions

https://support.microsoft.com/en-us/help/4532691/windows-10-update-kb4532691

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

 

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

1. Go to the Settings app > Recovery.
2. Select Get Started under the Reset this PC recovery option.
3. Select Keep my Files.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4536987 Applies to: Exchange Server 2016; Exchange Server 2019

https://support.microsoft.com/en-us/help/4536987/security-update-for-exchange-server-2019-and-2016

Symptoms:

When you try to manually install this security update by double-clicking the update file (.msp) to run it in Normal mode (that is, not as an administrator), some files are not correctly updated.

When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. However, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working.

 

This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

 

Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to their usual state.

 

Workaround:

To avoid this issue, follow these steps to manually install this security update:

1. Select Start, and type cmd.
2. In the results, right-click Command Prompt, and then select Run as administrator.
3. If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.
4. Type the full path of the .msp file, and then press Enter.

 

This issue does not occur when you install the update through Microsoft Update.

 

To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated Command Prompt window, see Start a Command Prompt as an Administrator.

 

KB4536988 Applies to: Exchange Server 2013

https://support.microsoft.com/en-us/help/4536988/description-of-the-security-update-for-microsoft-exchange-server-2013

Symptoms:

When you try to manually install this security update by double-clicking the update file (.msp) to run it in Normal mode (that is, not as an administrator), some files are not correctly updated.

 

When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. However, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working.

 

This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

 

Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to their usual state.

 

Workaround:

To avoid this issue, follow these steps to manually install this security update:

1. Select Start, and type cmd.
2. In the results, right-click Command Prompt, and then select Run as administrator.
3. If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.
4. Type the full path of the .msp file, and then press Enter.

 

This issue does not occur when you install the update through Microsoft Update.

 

To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated Command Prompt window, see Start a Command Prompt as an Administrator.

 

KB4536989 Applies to: Exchange Server 2010 Service Pack 3

https://support.microsoft.com/en-us/help/4536989/security-update-for-exchange-server-2010

Symptoms:

When you try to manually install this security update by double-clicking the update file (.msp) to run it in “Normal mode” (that is, not as an administrator), some files are not correctly updated.

 

When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. However, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

 

Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to its usual state. To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually.

 

Workaround:

To avoid this issue, follow these steps to manually install this security update:

1. Select Start, and type cmd.
2. In the results, right-click Command Prompt, and then select Run as administrator.
3. If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.
4. Type the full path of the .msp file, and then press Enter.

 

This issue does not occur when you install the update through Microsoft Update.

 

To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated Command Prompt window, see Start a Command Prompt as an Administrator.

 

KB4537762 Applies to: Windows 10 version 1803

https://support.microsoft.com/en-us/help/4537762/windows-10-update-kb4537762

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4537764 Applies to: Windows 10 version 1607; Windows Server 2016

https://support.microsoft.com/en-us/help/4537764/windows-10-update-kb4537764

Symptoms:

After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

 

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4537776 Applies to: Windows 10

https://support.microsoft.com/en-us/help/4537776/windows-10-update-kb4537776

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4537789 Applies to: Windows 10 version 1709

https://support.microsoft.com/en-us/help/4537789/windows-10-update-kb4537789

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

KB4537794 Applies to: Windows Server 2012, Windows Embedded 8 Standard

https://support.microsoft.com/en-us/help/4537794/windows-server-2012-update-kb4537794

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4537803 Applies to: Windows 8.1; Windows Server 2012 R2; Windows Embedded 8.1 Industry Enterprise; Windows Embedded 8.1 Industry Pro

https://support.microsoft.com/en-us/help/4537803/windows-8-1-kb4537803

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4537813 Applies to: Windows 7 Service Pack 1; Windows Server 2008 R2 Service Pack 1; Windows Embedded Standard 7 Service Pack 1; Windows Embedded POSReady 7; Windows Thin PC

https://support.microsoft.com/en-us/help/4537813/windows-7-update-kb4537813

Symptoms:

After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History.

 

Workaround:

This is expected in the following circumstances:

• If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
• If you do not have an ESU MAK add-on key installed and activated.

 

If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the “How to get this update” section of this article.

KB4537814 Applies to: Windows Server 2012; Windows Embedded 8 Standard

https://support.microsoft.com/en-us/help/4537814/windows-server-2012-update-kb4537814

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4537821 Applies to: Windows 8.1; Windows Server 2012 R2; Windows Embedded 8.1 Industry Enterprise; Windows Embedded 8.1 Industry Pro

https://support.microsoft.com/en-us/help/4537821/windows-8-1-kb4537821

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.