Flexis July 2022 Patch Recommendation

• KB5015811:- 2022-07 Cumulative Update for Windows Server 2019 for x64-based Systems
• KB5015808:- 2022-07 Cumulative Update for Windows Server 2016 for x64-based Systems
• KB5016058:- 2022-07 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
• KB5015874 :- 2022-07 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems
• KB5015863 :- 2022-07 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems

 Impacted Products: 

• Microsoft Windows 
• Microsoft Windows 
• Microsoft Edge (Edge HTML-based) 
• Microsoft Edge (Chromium-based) 
• Internet Explorer 
• Microsoft Office and Microsoft Office Services and Web Apps 
• Windows Defender 
• Visual Studio 
• ASP.NET Core 
• Chakra Core 
• Online Services 
• Microsoft Dynamics 
• .NET Framework 
• .NET Core 

Please note the following information regarding the security updates: 

• For information regarding enabling Windows 10, version 1809 features and later, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs. There is no change to the cumulative monthly security update 
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. 

• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet. 
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. 
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update. 
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features. 

Known Issues: 

KB5015811: – Applies to: Windows 10 Enterprise 2019 LTSC Windows 10 IoT Enterprise 2019 LTSC Windows 10 IoT Core 2019 LTSC 

https://support.microsoft.com/en-us/topic/july-12-2022-kb5015811-os-build-17763-3165-f3bdb13c-d767-47dc-a077-0ea0e9421a96

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system. 

This security update includes improvements that were a part of update KB5014669 (released June 23, 2022) and also addresses the following issues:  

Addresses an issue that redirects the PowerShell command output so that transcript logs do not contain any content. Transcript logs might contain decrypted passwords if you turn PowerShell logging on. Consequently, the transcript logs lose the decrypted passwords. 

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device. 

KB5015808: – Applies to Windows 10, version 1607, all editions Windows Server 2016, all editions 

https://support.microsoft.com/en-us/topic/july-12-2022-kb5015808-os-build-14393-5246-c29be220-d42d-4be7-8f9f-ee004dfe3705

This security update includes quality improvements. Key changes include: 

Addresses an issue that causes searchindexer.exe to stop responding during a dismount operation in the Remote Desktop setup environment. 

Addresses an issue that redirects the PowerShell command output so that transcript logs do not contain any content. Transcript logs might contain decrypted passwords if you turn PowerShell logging on. Consequently, the transcript logs lose the decrypted passwords. 

Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the internet after a client device connects. 

Addresses an issue that prevents the use of Encrypted File System (EFS) files over a Web-based Distributed Authoring and Versioning (WebDAV) connection. 

Addresses an issue that causes Microsoft NTLM authentication using an external trust to fail. This issue occurs when a domain controller that contains the January 11, 2022 or later Windows update services the authentication request, is not in a root domain, and does not hold the Global Catalog role. The affected operations might log the following errors: 

The security database has not been started. 

The domain was in the wrong state to perform the security operation. 

0xc00000dd (STATUS_INVALID_DOMAIN_STATE). 

Addresses an issue that causes the primary domain controller (PDC) of the root domain to generate warning and error events in the System log. This issue occurs when the PDC incorrectly tries to scan outgoing-only trusts. 

Addresses an issue that might damage BitLocker virtual machine-based (VM) system files if you expand the BitLocker partition while the VM is offline. 

Addresses a known issue that prevents Windows servers that use the Routing and Remote Access Service (RRAS) from correctly directing internet traffic. Devices that connect to the server might not connect to the internet, and servers might lose connection to the internet after a client device connects to them. 

KB5016058- Applies to: Windows Server 2012 Windows Embedded 8 Standard 

https://support.microsoft.com/en-us/topic/kb5016058-servicing-stack-update-for-windows-10-version-1607-and-server-2016-july-12-2022-e48fd91f-7071-4531-8d62-e2641ad9c46b

Summary 

Learn more about this cumulative security update, including improvements, any known issues, and how to get the update. 

Improvements 

This cumulative security update includes improvements that are part of update KB5014011 (released May 10, 2022) and includes new improvements for the following issue: 

Printing to a NUL port from a Low Integrity Level (LowIL) process application could cause printing failures. 

KB5016058 :- Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 Windows Embedded 8.1 Industry Enterprise Windows Embedded 8.1 Industry Pro 

https://support.microsoft.com/en-us/topic/july-12-2022-kb5015874-monthly-rollup-f7d12c29-5f30-4038-a614-0ed0de7aa931

REMINDER Windows 8.1 will reach end of support on January 10, 2023 for all editions, at which point technical assistance and software updates will no longer be provided. If you have devices running Windows 8.1, we recommend upgrading them to a more current, in-service, and supported Windows release. If devices do not meet the technical requirements to run a more current release of Windows, we recommend that you replace the device with one that supports Windows 11. 

Microsoft will not be offering an Extended Security Update (ESU) program for Windows 8.1. Continuing to use Windows 8.1 after January 10, 2023 may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations. 

Starting with this release, we are displaying a dialog box to remind users about the End of Support (EOS) for Windows 8.1 in January 2023. If you click Remind me later, the dialog box will appear once every 35 days. If you click Remind me after the end of support date, the dialog box will not appear again until after the EOS date. This reminder does not appear on the following: 

Managed Pro and Enterprise devices. 

Windows Embedded 8.1 Industry Enterprise and Windows Embedded 8.1 Industry Pro devices. 

When you use Encrypting File System (EFS) files over a remote Web Distributed Authoring and Versioning (WebDAV) protocol connection, the connection might be unsuccessful. 

NTLM authentication through an external trust is unsuccessful when serviced by a domain controller that has the January 11, 2022 or later Windows update installed. This issue occurs if the DC is in a non-root domain and does not hold the global catalog (GC) role. Impacted operations may log the following errors: 

The security database has not been started. 

The domain was in the wrong state to perform the security operation. 

0xc00000dd (STATUS_INVALID_DOMAIN_STATE) 

Applications might not run after an AppLocker publisher rule is deployed. 

Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the Internet after a client device connects. 

Addresses a known issue in which Windows Servers that use the Routing and Remote Access Service (RRAS) might be unable to correctly direct Internet traffic. Devices which connect to the server might not connect to the Internet, and servers can lose connection to the Internet after a client device connects. 

Symptom 

Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. 

Next step 

Do one of the following: 

Perform the operation from a process that has administrator privilege. 

Perform the operation from a node that doesn’t have CSV ownership. 

We are working on a resolution and will provide an update in an upcoming release.

KB5015863 :- Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 Windows Embedded 8.1 Industry Enterprise Windows Embedded 8.1 Industry Pro 

https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=61734712-5df9-49c5-b0c6-37747eaa00ce

Description: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system. 

This cumulative security update contains improvements that are part of update KB5014747 (released June 14, 2022) and includes new improvements for the following issues: 

When you use Encrypting File System (EFS) files over a remote Web Distributed Authoring and Versioning (WebDAV) protocol connection, the connection might be unsuccessful. 

NTLM authentication through an external trust is unsuccessful when serviced by a domain controller that has the January 11, 2022 or later Windows update installed. This issue occurs if the DC is in a non-root domain and does not hold the global catalog (GC) role. Impacted operations may log the following errors: 

The security database has not been started. 

The domain was in the wrong state to perform the security operation. 

0xc00000dd (STATUS_INVALID_DOMAIN_STATE) 

Addresses a known issue that might prevent you from using the Wi-Fi hotspot feature. When attempting to use the hotspot feature, the host device might lose the connection to the Internet after a client device connects. 

Addresses a known issue in which Windows Servers that use the Routing and Remote Access Service (RRAS) might be unable to correctly direct Internet traffic. Devices which connect to the server might not connect to the Internet, and servers can lose connection to the Internet after a client device connects