7/23 Update: Microsoft released new patches/updates to fix the issues in the current month patch release. The fixes appears to be working and safe to install. It is important to note that while Exchange server issue is resolved with the updated patches, the Azure ADConnect service issue is still not fixed (listed below in known issues) . Here is the link with details for exchange patch issue:
Update: There were number of issues reported in this month cumulative/roll up patches. Microsoft pulled then re-released a number of patches. We recommend delaying patch installation until Monday July 23rd.
All patches are approved as per our patch testing procedure.
- KB4338814 – 2018-07 Security Monthly Quality Rollup for Windows Server 2016 for x64-based Systems
- KB4338815 – 2018-07 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
- KB4338815 – 2018-07 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
- KB4340558 – 2018-07 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Server 2012 R2 for x64
- KB4338832 – 2018-07 Security Update for Adobe Flash Player for Windows Server 2012 R2 for x64-based Systems
- KB4291391 – 2018-07 Security Update for Windows Server 2008 for x86-based Systems
- KB4293756 – 2018-07 Security Update for Windows Server 2008 for x86-based Systems
- KB4295656 – 2018-07 Security Update for Windows Server 2008 for x86-based Systems
- KB4339291 – 2018-07 Security Update for Windows Server 2008 for x86-based Systems
- KB4339503 – 2018-07 Security Update for Windows Server 2008 for x86-based Systems
- KB4339854 – 2018-07 Security Update for Windows Server 2008 for x86-based Systems
- KB4340583 – 2018-07 Security Update for Windows Server 2008 for x86-based Systems
- KB4340559 – 2018-07 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2
- KB4339093 – Cumulative Security Update for Internet Explorer 9 for Windows Server 2008
- KB4338818 – 2018-07 security Monthly Quality Rollup for Windows Servers 2008 R2 for x64-based systems
Impacted Products:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Adobe Flash Player
- .NET Framework
- ASP.NET
- Skype for Business and Microsoft Lync
- PowerShell Editor Services
- PowerShell Extension for Visual Studio Code
- Web Customizations for Active Directory Federation Services.
Please note the following information regarding the security updates:
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Microsoft Security Advisories:
- ADV180017 | July 2018 Adobe Flash Security Update
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180017
- ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- CVE-2018-8289 | Microsoft Edge Information Disclosure Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8289
Known Issues:
KB4338825, KB4338818
KB4338825 Applies to: Windows 10, version 1709
https://support.microsoft.com/en-us/help/4338825/windows-10-update-kb4338825
Symptoms: Some non-English platforms may display the following string in English instead of the localized language: “Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you’ve created and Device Guard is enabled.
Resolution: Microsoft is working on a resolution and will provide an update in an upcoming release.
Prerequisite: The servicing stack update (SSU) (KB4339420) must be installed before installing the latest cumulative update (LCU) (KB4338825). The LCU will not be reported as applicable until the SSU is installed.
KB4338818 Applies to: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
https://support.microsoft.com/en-us/help/4338818/windows-7-update-kb4338818
Symptoms: There is an issue with Windows and third-party software related to a missing file (oem<number>.inf). After you apply this update, the network interface controller will stop working.
Workaround:
- To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
- To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu
Alternatively, install the drivers for the network device by right-clicking the device and selecting Update. Then select Search automatically for updated driver software or Browse my computer for driver software.
How to Fix microsoft.online.reporting.monitoringagent.startup High CPU
After installing the latest cumulative Windows Update patch, some people are experiencing high CPU issues being used by the “Azure AD Connect Health Sync Monitor” (microsoft.online.reporting.monitoringagent.startup) (AzureADConnectHealthSyncMonitor) version 1.1.819.0.
If you have the Azure AD Connect utility installed on a server, this is a service that goes along with it. According to Microsoft, they will be releasing an update to the Azure AD Connect Utility to resolve this issue, but there is no ETA yet for this update. There are two options you have to temporarily resolve the high CPU issues. The first option is to stop the Azure AD Connect Health Sync Monitor service and set it to manual until the updated utility is released. The second option is to remove the latest patches you installed on the server.