Flexis September 2019 Patch Review And Recommendations

• KB4512574 – 2019-09 Servicing Stack update for Windows Server 2016 for x64- based Systems
• KB4516044 – 2019-09 Cumulative Update for Windows Server 2016 for x64-based systems
• KB4516067 – Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
• KB4474419 – 2019-09 Security update for Windows Server 2008 R2 for x64-based Systems
• KB4516065 – 2019-09 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems

Impacted Products:

• Microsoft Windows
• Internet Explorer
• Microsoft Edge
• Microsoft Office and Microsoft Office Services and Web Apps
• Adobe Flash Player
• Microsoft Lync
• Visual Studio
• Microsoft Exchange Server
• .NET Framework
• Microsoft Yammer
• ASP.NET
• Team Foundation Server

 

Please note the following information regarding the security updates:

•  A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is only present in only the IE Cumulative package.

 

Microsoft Security Advisories:

• ADV190022 | September 2019 Adobe Flash Security Update

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190022

• ADV990001 | Latest Servicing Stack Updates

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001

 

Known Issues:

 

KB4512578 Applies to: Windows 10 version 1809; Windows Server version 1809; Windows Server 2019 all versions

 https://support.microsoft.com/en-us/help/4512578/windows-10-update-kb4512578

 Symptoms:

 

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”

 

We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.

 

Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.” This issue occurs in this update and in all the updates before June 18, 2019.

 

After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.”

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
2. Select Check for Updatesand install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note: If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

1. Go to the Settings app > Recovery.
2. Select Get Startedunder the Reset this PC recovery option.
3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.

To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

 

We are working on a resolution and will provide an update in an upcoming release.

 

To mitigate the issue, use the following steps:

1. Close the Windows Mixed Reality Portal, if it is running.
2. Open Task Manager by selecting the Start button and typing “task manager”.
3. In Task Manager, under the Processes tab, right-click Windows Explorer and select Restart.
4. Open the Windows Mixed Reality Portal.

 

We are working on a resolution and will provide an update in an upcoming release.

 

KB4515384 Applies to: Windows 10 version 1903; Windows Server version 1903

https://support.microsoft.com/en-us/help/4515384/windows-10-update-kb4515384

 

Improvement and Fixes:

This security update includes quality improvements. Key changes include:

• Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 32-Bit (x86) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). Use the registry settings as described in the Windows Client and Windows Server articles. (These registry settings are enabled by default for Windows Client OS editions and Windows Server OS editions.)
• Addresses an issue that causes high CPU usage from SearchUI.exe for a small number of users. This issue only occurs on devices that have disabled searching the web using Windows Desktop Search.
• Security updates to Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Fundamentals, Windows Authentication, Windows Cryptography, Windows Datacenter Networking, Windows Storage and Filesystems, Windows Wireless Networking, the Microsoft JET Database Engine, Windows Kernel, Windows Virtualization, and Windows Server.

 

If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

 

KB4515832 Applies to: Exchange Server 2019; Exchange Server 2016

 https://support.microsoft.com/en-us/help/4515832/security-update-for-exchange-server-2019-and-2016

 Symptoms:

When you try to manually install this security update by double-clicking the update file (.msp) to run it in Normal mode (that is, not as an administrator), some files are not correctly updated.

 

When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. However, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

 

To avoid this issue, follow these steps to manually install this security update:

1. Select Start, and type cmd.
2. In the results, right-click Command Prompt, and then select Run as administrator.
3. If the User Account Control dialog box appears, verify that the default action is the action that you want, and then select Continue.
4. Type the full path of the .msp file, and then press Enter.

 

This issue does not occur when you install the update through Microsoft Update.

Exchange services may remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition may occur if the service control scripts experience a problem when they try to return Exchange services to its usual state.

 

Workaround:

To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated Command Prompt window, see Start a Command Prompt as an Administrator.

 

KB4516044 Applies to: Windows 10 version 1607; Windows Server 2016

 https://support.microsoft.com/en-us/help/4516044/windows-10-update-kb4516044

 Symptoms:

After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

 

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4516046 Applies to: Internet Explorer 11 on Windows Server 2012 R2; Internet Explorer 11 on Windows Server 2012; Internet Explorer 11 on Windows Server 2008 R2 SP1; Internet Explorer 11 on Windows 8.1 Update; Internet Explorer 11 on Windows 7 SP1; Internet Explorer 10 on Windows Server 2012; Internet Explorer 9 on Windows Server 2008 SP2

 https://support.microsoft.com/en-us/help/4516046/cumulative-security-update-for-internet-explorer

Symptoms:

Users who have upgraded to Internet Explorer 11 by installing KB4492872 on Windows Server 2012 and Windows Embedded 8 Standard may still be offered “Cumulative Security Update for Internet Explorer 10” through Windows Server Update Services (WSUS) or other update management solutions.

 

For Windows 7 SP1 and Windows Server 2008 R2 SP1, VBscript in Internet Explorer 11 should be disabled by default after installing updates starting with KB4507437 (Preview of Monthly Rollup released July 16, 2019) or KB4511872 (Internet Explorer Cumulative Update released August 13, 2019) but in some circumstances, may not be disabled as intended.

 

Workaround:

This issue is now resolved on the server-side and requires no action from users. The Internet Explorer 10 version of this update should no longer be offered if you have Internet Explorer 11 installed.

 

To work around this issue, follow these steps:

1. In Internet Explorer 11, select Tools or press and hold the Alt key on your keyboard and then select the letter X to see the menu.
2. Select Internet Options.
3. Select the Security tab.
4. Select the Internet icon in the Select a zone to view or change security settings field.
5. Select the Default Level button.
6. Select the Ok button to accept settings and close the dialog box.
7. Close Internet Explorer 11, on next start, VBScript will now be disabled.

 

We are working on a resolution and will provide an update in an upcoming release.

KB4516055 Applies to: Windows Server 2012; Windows Embedded 8 Standard

 https://support.microsoft.com/en-us/help/4516055/windows-server-2012-update-kb4516055

 Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4516058 Applies to: Windows 10 version 1803

 https://support.microsoft.com/en-us/help/4516058/windows-10-update-kb4516058

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

We are investigating reports that a small number of devices may startup to a black screen during the first logon after installing updates.

 

After installing this update, Windows Mixed Reality Portal users may intermittently receive a “15-5” error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

To mitigate this issue, press Ctrl+Alt+Delete, then select the Power button in the lower right corner of the screen and select Restart. Your device should now restart normally.

 

We are working on a resolution and will provide an update in an upcoming release.

 

To mitigate the issue, use the following steps:

1. Close the Windows Mixed Reality Portal, if it is running.
2. Open Task Manager by selecting the Start button and typing “task manager”.
3. In Task Manager, under the Processes tab, right-click Windows Explorer and select Restart.
4. Open the Windows Mixed Reality Portal.

 

We are working on a resolution and will provide an update in an upcoming release.

KB4516062 Applies to: Windows Server 2012; Windows Embedded 8 Standard

 https://support.microsoft.com/en-us/help/4516062/windows-server-2012-update-kb4516062

 Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4516064 Applies to: Windows 8.1; Windows Server 2012 R2

 https://support.microsoft.com/en-us/help/4516064/windows-8-1-kb4516064

 Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4516065 Applies to: Windows 7 Service Pack 1; Windows Server 2008 R2 Service Pack 1

 https://support.microsoft.com/en-us/help/4516065/windows-7-update-kb4516065

 Symptoms:

VBScript in Internet Explorer 11 should be disabled by default after installing KB4507437 (Preview of Monthly Rollup) or KB4511872 (Internet Explorer Cumulative Update) and later. However, in some circumstances, VBScript may not be disabled as intended.

 

After installing this update, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in the Event Log related to cryptnet.dll.

 

Workaround:

To mitigate this issue, follow these steps:

1. In Internet Explorer 11 select the Tools icon or press and hold the alt key on your keyboard and press the letter x to see the menu.
2. Select Internet Options.
3. Select the Security tab.
4. Select the Internet icon in the Select a zone to view or change security settings field.
5. Select the Default Level button.
6. Select the Ok button to accept settings and close the dialog.
7. Close Internet Explorer 11. On the next start, VBScript will be disabled.

 

We are working on a resolution and will provide an update in an upcoming release.

Microsoft is working with Dynabook to resolve this issue and estimates a solution will be available in late September.

 

KB4516066 Applies to: Windows 10 version 1709

 https://support.microsoft.com/en-us/help/4516066/windows-10-update-kb4516066

 Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

KB4516067 Applies to: Windows 8.1; Windows Server 2012 R2

 https://support.microsoft.com/en-us/help/4516067/windows-8-1-kb4516067

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4516068 Applies to: Windows 10 version 1703

 https://support.microsoft.com/en-us/help/4516068/windows-10-update-kb4516068

 Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4516070 Applies to: Windows 10

 https://support.microsoft.com/en-us/help/4516070/windows-10-update-kb4516070

Symptoms:

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.

 

Workaround:

Do one of the following:

• Perform the operation from a process that has administrator privilege.
• Perform the operation from a node that doesn’t have CSV ownership.

 

Microsoft is working on a resolution and will provide an update in an upcoming release.