CONTACT US
Twitter Linkedin Facebook

Flexis May 2019 Patch Review And Recommendations

 

Impacted Products:

 

Please note the following information regarding the security updates:

 

Microsoft Security Advisories:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190012

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190013

 

Known Issues:

 

KB4493730 Applies to: Windows Server 2008 Service Pack 2

 https://support.microsoft.com/en-us/help/4493730/servicing-stack-update-for-windows-server-2008-sp2

 Symptoms:

Restart stuck on “Stage 2 of 2” or “Stage 3 of 3”

After you install a servicing stack update together with other updates, a restart may be required to complete the installation. During this restart, you may find yourself stuck at a particular stage and see a “Stage 2 of 2” or “Stage 3 of 3” message.

Workaround:

If you experience this issue, press Ctrl+Alt+Delete to continue to log on. This should occur only one time and does not prevent updates from installing successfully.

Note In managed environments, such as by using Windows Server Update Services (WSUS), you can avoid this issue by deploying this update as a standalone update.

 

 KB4494440 Applies to: Windows 10 – version 1607, Windows Server 2016

https://support.microsoft.com/en-us/help/4494440/windows-10-update-kb4494440

Symptoms:

For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot enumerate and manage logical switches deployed on the host after installing the update.

Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the hosts.

After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Workaround:

  1. Run mofcomp on the following mof files on the affected host:
  1. Follow the best practices while patching to avoid a stop error in vfpext.sys in an SDN v2 environment (NC managed hosts).

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

Do one of the following:

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4494441 Applies to: Windows 10 – version 1809, Windows Server 2019 – all versions

 https://support.microsoft.com/en-us/help/4494441/windows-10-update-kb4494441

 Symptoms:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive the error, “Your printer has experienced an unexpected configuration problem. 0x80070007e.”

After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”

Some customers report that KB4494441 installed twice on their device.

In certain situations, installing an update requires multiple download and restart steps. If two intermediate steps of the installation complete successfully, the View your Update history page will report that installation completed successfully twice.

Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Do one of the following:

Microsoft is working on a resolution and will provide an update in an upcoming release.

You can use another browser, such as Internet Explorer to print your documents.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.

Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

Go to the Settings app > Recovery.

Select Get Started under the Reset this PC recovery option.

Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

No action is required on your part. The update installation may take longer and may require more than one restart, but will install successfully after all intermediate installation steps have completed.

We are working on improving this update experience to ensure the Update history correctly reflects the installation of the latest cumulative update (LCU).

 

KB4497936 Applies to: Windows 10 – version 1903

https://support.microsoft.com/en-us/help/4497936/windows-10-update-kb4497936

Symptoms:

After installing this update, users may experience error “0x800705b4” when launching Windows Defender Application Guard or Windows Sandbox.

Workaround:

Use the credentials of a local admin to create and set the following registry keys on the Host OS then restart the Host:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Containers\CmService\Policy]

“DisableClone”=dword:00000001

“DisableSnapshot”=dword:00000001

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4498206 Applies to: Internet Explorer 11 on Windows Server 2012 R2, Internet Explorer 11 on Windows Server 2012, Internet Explorer 11 on Windows Server 2008 R2 SP1, Internet Explorer 11 on Windows 8.1 Update, Internet Explorer 11 on Windows 7 SP1, Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 on Windows Server 2008 SP2

https://support.microsoft.com/en-us/help/4498206/cumulative-security-update-for-internet-explorer-may-14-2019

Symptoms:

After this security update is installed for Internet Explorer 11 on supported operating systems, Custom URI Schemes for Application Protocol handlers may not start the corresponding application for local intranet and trusted sites on Internet Explorer.

This cumulative security update 4498206 for Internet Explorer 10 might be offered for installation through Windows Server Update Services (WSUS) or other update management solutions, even after you install KB4492872 (Internet Explorer 11 for Windows Server 2012 and Windows Embedded 8 Standard) and upgrade to Internet Explorer 11.

Workaround:

Right-click the URL link to open it in a new window or tab.

Or:

Enable Protected mode in Internet Explorer for local intranet and trusted sites:

Go to Tools > Internet options > Security.

In the Select a zone to view or change security settings area, select Local intranet, and then select Enable Protected Mode.

Select Trusted sites, and then select Enable Protected Mode.

Select OK.

You must restart the browser after you make these changes.

Status

Microsoft is working on a resolution and will provide an update in an upcoming release.

Although this cumulative security update for Internet Explorer 10 might be offered for installation, this issue will not affect the functionality of Internet Explorer 11. However, you should also install KB4498206 to apply the security fixes that are resolved this month for Internet Explorer 11.

Status

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4499151 Applies to: Windows 8.1, Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4499151/windows-8-1-update-kb4499151

Symptoms:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.

If previous dictionary updates are installed, the Japanese input method editor (IME) doesn’t show the new Japanese Era name as a text input option.

Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Do one of the following:

Microsoft is working on a resolution and will provide an update in an upcoming release.

We are presently investigating this issue with McAfee.

Guidance for McAfee customers can be found in the following McAfee support articles:

If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.

 

KB4499154 Applies to: Windows 10

https://support.microsoft.com/en-us/help/4499154/windows-10-update-kb4499154

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Workaround:

Do one of the following:

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4499158 Applies to: Windows Server 2012, Windows Embedded 8 Standard

https://support.microsoft.com/en-us/help/4499158/windows-server-2012-update-kb4499158

Symptoms:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Do one of the following:

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4499164 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1

https://support.microsoft.com/en-us/help/4499164/windows-7-update-kb4499164

Symptoms:

Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.

Workaround:

We are presently investigating this issue with McAfee.

Guidance for McAfee customers can be found in the following McAfee support articles:

 

KB4499165 Applies to: Windows 8.1, Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4499165/windows-8-1-update-kb4499165

Symptoms:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Do one of the following:

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4499167 Applies to: Windows 10 – version 1803

https://support.microsoft.com/en-us/help/4499167/windows-10-update-kb4499167

Symptoms:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Do one of the following:

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4499171 Applies to: Windows Server 2012, Windows Embedded 8 Standard

https://support.microsoft.com/en-us/help/4499171/windows-server-2012-update-kb4499171

Symptoms:

After installing this update, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

If previous dictionary updates are installed, the Japanese input method editor (IME) doesn’t show the new Japanese Era name as a text input option.

Workaround:

To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:

Option 1:

Open an Administrator Command prompt and type the following:

Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No

Option 2:

Use the Windows Deployment Services UI.

Option 3:

Set the following registry value to 0:

“HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP\EnableVariableWindowExtension”.

Restart the WDSServer service after disabling the Variable Window Extension.

Microsoft is working on a resolution and will provide an update in an upcoming release.

Do one of the following:

Microsoft is working on a resolution and will provide an update in an upcoming release.

If you see any of the previous dictionary updates listed below, uninstall it from Programs and features > Uninstall or change a program. New words that were in previous dictionary updates are also in this update.

 

KB4499179 Applies to: Windows 10 – version 1709

https://support.microsoft.com/en-us/help/4499179/windows-10-update-kb4499179

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Workaround:

Do one of the following:

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4499181 Applies to: Windows 10 – version 1703

https://support.microsoft.com/en-us/help/4499181/windows-10-update-kb4499181

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Workaround:

Do one of the following:

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

  • 408-940-3235
  • 2005 De La Cruz Blvd Suite 128, Santa Clara, California, 95050

About us

NOC Services

SOC Services

Help Desk