Flexis July 2023 Patch Recommendation
Patches Microsoft released in August 2023:
- KB5029250: 2023-08 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems
- KB5029247: 2023-08 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems
- KB5029242: 2023-08 Cumulative Update for Windows Server 2016 for x64-based Systems
- KB5029312: 2023-08 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
Impacted Products:
Microsoft Windows
Microsoft Edge
(HTML-based)
Microsoft Edge
(Chromium-based)
Internet Explorer
Microsoft Office and Microsoft Office Services and Web Apps
Windows Defender
Visual Studio
ASP.NET Core
Chakra Core
Microsoft Dynamics
.NET Framework
.NET Core
Please note the following information regarding the security updates:
- For information regarding enabling Windows 10, version 1809 features and later, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs. There is no change to the cumulative monthly security update
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
KB5029250: Applies to Windows 10 Enterprise 2019 LTSC, Windows 10 IoT Enterprise 2019 LTSC, and Windows 10 IoT Core 2019 LTSC
Improvements
This update addresses an issue that affects Microsoft Teams. It fails to send you notifications under certain conditions.
This update addresses an issue that affects the Windows Management Instrumentation (WMI) repository. This causes an installation error. The issue occurs when a device does not shut down properly.
This update addresses an issue that affects Event Forwarding Subscriptions. When you add an Event Channel to the subscription, it forwards events you do not need.
This update addresses an issue that affects apps that use DirectX on older Intel graphics drivers. You might receive an error from apphelp.dll.
This update enhances hinting for some of the letters of the Verdana Pro font family.
This update addresses an issue that might affect your computer when you are playing a game. Timeout Detection and Recovery (TDR) errors might occur.
This update addresses an issue that affects the software-defined networking (SDN) firewall In Memory Object Store DB. Its migration fails.
This update affects text edit controls in XAML. You cannot edit the controls again after they become read only. This occurs when you use the new Microsoft Input Method Editor for Japanese, Chinese, and Korean.
This update addresses an issue that affects applications that perform certain actions in a callback. The applications might stop working. These actions include closing a Window (WM_CLOSE).
This update addresses a deadlock in Internet Protocol Security (IPsec). When you configure servers with IPsec rules, they stop responding. This issue affects virtual and physical servers.
This update addresses an issue that affects Networking-MPSSVC-Svc. The issue causes a system to enter a restart loop. The stop code is 0xEF.
This update addresses an issue that causes Windows to fail. This occurs when you use BitLocker on a storage medium that has a large sector size.
This update affects the Windows Kernel Vulnerable Driver Blocklist, DriverSiPolicy.p7b. It adds drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
This update addresses an issue that affects Active Directory Federation Services (AD FS). It might take several attempts to sign in to AD FS successfully. This is because the time calculation for the expiration of a single sign on cookie is wrong.
This update addresses an issue that affects repair storage jobs. The jobs are suspended. This occurs after two physical disks in two different rack-level fault domains (three fault domain in total) lose communication.
This update addresses an issue that affects AD Domains and Trusts snap-ins. They fail to enumerate domain trusts. The error message is, “The parameter is incorrect.”
Symptom
After installing this update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are affected by this issue. Affected versions of VMware ESXi are versions vSphere ESXi 7.0.x and below.
Workaround
Please see VMware’s documentation to mitigate this issue.
Microsoft and VMware are investigating this issue and will provide more information when it is available.
KB5029247: Applies to Windows 10, version 1607, all editions Windows Server 2016, all editions
Improvements
This update addresses an issue that affects apps that use DirectX on older Intel graphics drivers. You might receive an error from apphelp.dll.
This update affects user mode printer drivers. They unload unexpectedly. This occurs when you print from multiple print queues to the same printer driver.
This update enhances hinting for some of the letters of the Verdana Pro font family.
This update affects the Windows Kernel Vulnerable Driver Blocklist, DriverSiPolicy.p7b. It adds drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
This update addresses an issue that affects Kerberos constrained delegation (KCD). It fails on read-write domain controllers. The error message is, “KRB_AP_ERR_MODIFIED.” This occurs after you install the November 2022 security updates.
This update addresses an issue that affects the Windows Management Instrumentation (WMI) repository. This causes an installation error. The issue occurs when a device does not shut down properly.
This update addresses an issue that affects Event Forwarding Subscriptions. When you add an Event Channel to the subscription, it forwards events you do not need.
This update addresses a deadlock in Internet Protocol Security (IPsec). When you configure servers with IPsec rules, they stop responding. This issue affects virtual and physical servers.
This update addresses an issue that affects Active Directory Federation Services (AD FS). It might take several attempts to sign in to AD FS successfully. This is because the time calculation for the expiration of a single sign on cookie is wrong.
This update addresses an issue that affects AD Domains and Trusts snap-ins. They fail to enumerate domain trusts. The error message is, “The parameter is incorrect.”
Symptom
After installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found
Workaround
This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue.
For more information about the specific errors, cause, and workaround for this issue, please see KB5003571.
KB5029242: Windows 10, version 1607, all editions Windows Server 2016, all editions
Improvements
This update addresses an issue that affects Kerberos constrained delegation (KCD). It fails on read-write domain controllers. The error message is, “KRB_AP_ERR_MODIFIED.” This occurs after you install the November 2022 security updates.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
KB5029312: Windows Server 2012 R2
Windows 8.1 reached end of support on January 10, 2023, at which point technical assistance and software updates are no longer provided. If you have devices running Windows 8.1, we recommend upgrading them to a more current, in-service, and supported Windows release. If devices do not meet the technical requirements to run a more current release of Windows, we recommend that you replace the device with one that supports Windows 11.
Microsoft will not be offering an Extended Security Update (ESU) program for Windows 8.1. Continuing to use Windows 8.1 after January 10, 2023 may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations. For more information, see Windows 8.1 support will end on January 10, 2023.
This cumulative security update includes improvements that are part of update KB5028228 (released July 11, 2023). This update also makes improvements for the following issue:
Kerberos constrained delegation (KCD) might fail with the error message KRB_AP_ERR_MODIFIED on read/write domain controllers after installing the November 2022 security updates.