CONTACT US
Twitter Linkedin Youtube

Flexis December 2024 Patch Recommendation

Patches Microsoft released in November 2024:

 

  • KB5048654: – 2024-12 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems
  • KB5048661: – 2024-12 Cumulative Update for Windows Server 2019 for x64-based Systems
  • KB5048671: – 2024-12 Cumulative Update for Windows Server 2016 for x64-based Systems

Impacted Products:

Microsoft-Windows

Microsoft Windows

Microsoft-Edge

Microsoft Edge

(HTML-based)

Microsoft-Edge

Microsoft Edge

 (Chromium-based)

Internet-Explorer

Internet Explorer

Microsoft-Office

Microsoft Office and Microsoft Office Services and Web Apps

Windows-Defenser

Windows Defender

Visual-Studio

Visual Studio

6

ASP.NET Core

Untitled design (1)

Chakra Core

Microsoft-Dynamics

Microsoft Dynamics

NET-Framework

.NET Framework

NET-Core

.NET Core

Please note the following information regarding the security updates:

Windows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of support (EOS) on October 9, 2018. These editions will no longer be offered servicing stack updates.

Windows 10, version 1607 IoT Core edition reached the end of support on April 10, 2018. This edition will no longer be offered servicing stack updates.

Windows 10, version 1607 IoT Core Enterprise edition reached the end of support on April 9, 2019. This edition will no longer be offered servicing stack updates.

Windows 10, version 1607 Enterprise, Education, Pro, Home, and Pro for Workstation reached end of support on January 10, 2023. These editions will no longer be offered servicing stack updates.

Windows 10 Enterprise N 2016 LTSB and Windows 10 IoT Enterprise 2016 LTSB will reach the end of support on October 13, 2026.

To continue receiving these updates, we recommend updating to the latest update of Windows. For more information, see Get the latest Windows update.

Windows Server 2016 Datacenter edition, Nano Server installation, and Standard edition, Nano Server installation options reached the end of support on October 9, 2018.

Windows Server 2016 Essentials, Datacenter, Standard, Multipoint Premium Server, and Hyper-V Server will reach the end of support on January 12, 2027.

KB5048654: Windows Server 2022

Link to Microsoft Support

Improvements

This security update includes quality improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.

[Motherboard replacement] Fixed: Windows does not activate after you replace a motherboard. ​​​​​​​

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

Known issues in this update

Symptom

Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process.

 

This issue is affecting both enterprises, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro editions of Windows are affected.

Workaround

Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps:

  1. Open PowerShell as an Administrator.
  2. Update the permissions for C:\ProgramData\ssh and C:\ProgramData\ssh\logs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed.

Use the following commands to update the permissions:

$directoryPath = “C:\ProgramData\ssh” $acl = Get-Acl -Path $directoryPath $sddlString = “O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)” $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm(“All”)) Set-Acl -Path $directoryPath -AclObject $acl

    1. Repeat the above steps for C:\ProgramData\ssh\logs.

Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.

KB5048661: Win 10 Ent LTSC 2019 Win 10 IoT Ent LTSC 2019 Windows 10 IoT Core LTSC Windows Server 2019

Link to Microsoft Support

Improvements

This security update includes improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.

[Motherboard replacement] Fixed: Windows does not activate after you replace a motherboard. ​​​​​​​

Known issues in this update

Symptom

Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process.

This issue is affecting both enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro editions of Windows are affected. 

Workaround

Customers can temporarily resolve the issue by updating permissions (ACLs) on the affected directories. Follow these steps:

  1. Open PowerShell as an Administrator.
  2. Update the permissions for C:\ProgramData\ssh and C:\ProgramData\ssh\logs to allow full control for SYSTEM and the Administrators group, while allowing read access for Authenticated Users. You can restrict read access to specific users or groups by modifying the permissions string if needed.

Use the following commands to update the permissions:

$directoryPath = “C:\ProgramData\ssh” $acl = Get-Acl -Path $directoryPath $sddlString = “O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)” $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm(“All”)) Set-Acl -Path $directoryPath -AclObject $acl

  1. Repeat the above steps for C:\ProgramData\ssh\logs.

Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or additional workarounds are available.

KB5048671: Windows 10, version 1607, all editions Windows Server 2016, all editions

Link to Microsoft Support

Improvements

This security update includes quality improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting. 

  • This update makes miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.

Known issues in this update

Microsoft is not currently aware of any issues with this update.​​​​​​​

  • 408-940-3235
  • 2005 De La Cruz Blvd Suite 128, Santa Clara, California, 95050

About us

NOC Services

SOC Services

Help Desk