Patch Tuesday Brings Several Windows 10 Updates

Starting today Microsoft is rolling out a brand new cumulative update for Windows 10 that brings several new security updates and under the hood improvements and fixes. These updates are rolling out today as part of “Patch Tuesday”.

Patch Tuesday Updates for Windows 10 (Build 15063.540)

The updates include:

  • Addressed issue where the policies provisioned using Mobile Device Management (MDM) should take precedence over policies set by provisioning packages.
  • Addressed issue where the Site to Zone Assignment List group policy (GPO) was not set on machines when it was enabled.
  • Addressed issue where the AppLocker rules wizard crashes when selecting accounts.
  • Addressed issue where the primary computer relationship is not determined when you have a disjoint NetBIOS domain name for your DNS Name. This prevents folder redirection and roaming profiles from successfully blocking your profile or redirects folders to a non-primary computer.
  • Addressed issue where an access violation in the Mobile Device Manager Enterprise feature causes stop errors.
  • Security updates to Microsoft Edge, Microsoft Windows Search Component, Microsoft Scripting Engine, Microsoft Windows PDF Library, Windows Hyper-V, Windows Server, Windows kernel-mode drivers, Windows Subsystem for Linux, Windows shell, Common Log File System Driver, Internet Explorer, and the Microsoft JET Database Engine.

Microsoft provides one known issue for the cumulative update rolling out today: Installing this KB (4034674) may change Czech and Arabic languages to English for Microsoft Edge and other applications.

The update is rolling out to everyone on the stable version of the Windows 10 Creators Update (including Insider Release Preview) right now under the name KB4034674. Users on the Anniversary Update, November Update and original Windows 10 release are also receiving cumulative updates today too.

Share This:

Patch Tuesday Brings New Windows 10 Update

As for the Creators Update, Microsoft is releasing Windows 10 Build 15063.413 for PCs and Build 15063.414 for Mobile devices. The build includes security updates for some of the core components of Windows, and it also includes a fix for the lock screen on Windows 10. Here’s the full changelog:

  • Addressed issue where the user may need to press the space bar to dismiss the lock screen on a Windows 10 machine to log in, even after the logon is authenticated using a companion device.
  • Addressed issue with slow firewall operations that sometimes results in timeouts of Surface Hub’s cleanup operation.
  • Addressed issue with a race condition that prevents Cortana cross-device notification reply from working; users will not be able to use the remote toast activation feature set.
  • Addressed issue where the Privacy Separator feature of a Wireless Access Point does not block communication between wireless devices on local subnets.
  • Addressed issue on the Surface Hub device where using ink may cause a break in the touch trace that could result in a break in inks from the pen.
  • Addressed issue where Internet Explorer 11 may ignore the “Send all sites not included in the Enterprise Mode Site List to Microsoft Edge” policy when opening a Favorites link.
  • Addressed additional issues with time-zone information and Internet Explorer.
  • Security updates to Windows kernel, Microsoft Windows PDF, Windows kernel-mode drivers, Microsoft Uniscribe, Device Guard, Internet Explorer, Windows Shell, and Microsoft Edge. For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

Head over to Windows Update to grab the latest patches, and have the best patch Tuesday ever!

Share This:

First Patch Arrives for Windows 10 Creators Update

Last month Microsoft released the Creators Update for Windows 10 and although not all users have been offered the updated version of the OS on Windows Update many did manually install the new version of Windows.

Image result for windows 10 creators update

So what’s in this scheduled patch?

There is also a security update for Adobe Flash Player for Windows 10 Version 1703 (KB4020821) and the standard monthly release of the updated Windows Malicious Software Removal Tool (KB890830).

There are also other updates for Microsoft software on this Patch Tuesday and we will explore those later today to let you know what you should be focused on in this batch of updates.

So, KB4016871 is cumulative security update that is available for PCs (Build 15063.296) and Mobile (15063.297) and addresses the following issues:

  • Addressed issue with Surface Hub devices waking from sleep approximately every four minutes after the first two hours. 
  • Addressed issue where autochk.exe can randomly skip drive checks and not fix corruptions, which may lead to data loss. 
  • Addressed an issue where Microsoft Edge users in networking environments that do not fully support the TCP Fast Open standard may have problems connecting to some websites. Users can re-enable TCP Fast Open in about:flags
  • Addressed issues with Arc Touch mouse Bluetooth connectivity.
  • Security updates to Microsoft Edge, Internet Explorer, Microsoft Graphics Component, Windows SMB Server, Windows COM, Microsoft Scripting Engine, Windows kernel, Windows Server, and the .NET Framework.

As with any other cumulative update, there are no new system features in this patch but the updates & fixes noted above are very important.

Share This:

Microsoft’s March Patches Arrive

Microsoft’s batch of security patches for March is one of the largest ever and includes fixes for several vulnerabilities that are publicly known and actively exploited.

Microsoft published 17 security bulletins covering 135 vulnerabilities in its own products and one separate bulletin for Flash Player, which has its security patches distributed through Windows Update. Nine bulletins are rated critical and nine are rated as important.

The affected products include Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Exchange, Skype for Business, Microsoft Lync, and Silverlight.

The highest priority should be given to the MS17-013 security bulletin, which addresses remote code execution, privilege escalation, and information disclosure flaws in the Windows Graphics Component, Graphics Device Interface (GDI), and Color Management. These vulnerabilities affect Windows, Office, Skype, Lync, and Silverlight.

The remote code execution flaws can be exploited by tricking users into opening a specially crafted website or document. What’s worse is that one of the vulnerabilities is publicly known and another is already actively exploited.

Another important bulletin is MS17-012, which fixes a vulnerability in the Windows SMB network file-sharing protocol that was publicly disclosed over a month ago.

The MS17-006 and MS17-007 bulletins for Microsoft Edge and Internet Explorer also contain vulnerabilities that have been publicly disclosed, including a critical remote code execution one.

On the server side, the Microsoft Exchange and IIS bulletins, MS17-015 and MS17-016, should be prioritized because these systems are typically exposed to the internet. Server administrators should also direct their attention to the bulletins for Hyper-V virtualization (MS17-008) and Active Directory Federation Server (MS17-019).

The high number of patches in this release are because Microsoft decided to postpone by a month the security updates it had originally scheduled for February. This unprecedented decision was made due to an unspecified last-minute issue and especially since there were a number of publicly known flaws.

Also, it seems that Microsoft has backtracked on its plan to stop organizing patch information into security bulletins, at least for this month. The company had planned to stop using bulletins in favor of a new portal called the Security Updates Guide.

Share This:

Microsoft’s Patch Tuesday Hits a Snag

As far as I am aware this is a first from Microsoft.

Today Microsoft took the unprecedented step of postponing an entire month’s slate of security updates for Windows and its other products just hours before the patches were to begin rolling out to customers.

“We discovered a last-minute issue that could impact some customers and was not resolved in time for our planned updates today,” Microsoft said in a post to the MSRC (Microsoft Security Research Center) blog. “After considering all options, we made the decision to delay this month’s updates.”

Today was set as Patch Tuesday, the monthly release of security fixes from Microsoft. Normally, Microsoft issues the updates around 10 a.m. PT (1 p.m. ET). Although Microsoft did not time stamp its blog post, the SAN Institute’s Internet Storm Center (ISC) pointed out the delay at 8:22 a.m. PT (11:22 ET).

This past AUgust Microsoft announced that it would offer only cumulative security updates for Windows 7 and 8.1, ending the decades-old practice of letting customers choose which patches they applied. The new maintenance model for the older editions was a direct transplant from Windows 10, which has relied on cumulative updates since its mid-2015 launch.

By “cumulative,” Microsoft meant that each update included the contents of all previous releases, along with new fixes. But the label also referred to the structure of updates: They were unified entities that could not be broken into their parts.

Previously, Microsoft could delay a single patch – but not today.

Microsoft’s announcement of the delayed patches reads like this:

“We apologize for any inconvenience caused by this change to the existing plan,” Microsoft said on the MSRC blog. Microsoft did not say when it would issue February’s security updates.

I am guessing the new cumulative update will be held until next month.

Share This:

Microsoft’s August Patch Tuesday

August brings us another Patch Tuesday from Microsoft. This month brings a relatively light series of updates, with five rated as critical and the remaining four rated as important.

Aside from the relatively few updates from Microsoft, there are no zero-day or publicly disclosed vulnerabilities this month. Microsoft has also chosen to update a number of relatively minor components this month with the exception of MS16-098 (another kernel update).

Let’s take a look at the updates Microsoft has in store for all of our PCs.

MS16-095 — Critical

The first update rated as critical for this August Microsoft Patch Tuesday follows the standard release cycle pattern with an update to Microsoft Internet Explorer (IE). MS16-095 attempts to resolve nine privately reported memory corruption issues that if left un-patched could lead to a remote code execution scenario. This is a pretty standard “technical hygiene” update from Microsoft that does not have to address any urgent “zero-day” vulnerabilities. As is this case for these types of updates, a full application “binaries” refresh will be included in this update, which applies to all currently supported versions of IE. Add this update to your standard desktop deployment effort.

MS16-096 — Critical

Unusually, the update to Microsoft Edge is more serious than the patches to IE for this month. MS16-096 attempts to resolve 10 issues that could also lead to a remote code execution scenario. The more serious of these reported privately reported issues could lead to an attacker assuming the same security privileges as the logged in user by simply navigating to a specially crafted web page containing malicious JavaScript. Make this patch a priority for your Windows 10 deployment.

MS16-097 — Critical

MS16-097 follows a long pedigree of Microsoft updates that attempt to resolve issues in how Windows platforms handle embedded fonts. This month’s update attempts to resolve three vulnerabilities that following successful web-page for file-based attacks could lead to the execution of arbitrary code on a non-patched or compromised system. As this patch affects all Windows (desktop and server) platform, Microsoft Office and Lync, please add this update to your prioritised patch deployment effort.

MS16-099 — Critical

MS16-099 is a huge update for Microsoft that attempts to resolve seven high risk exploits that at worst could lead to a remote code execution scenario. In addition to numerous security patches, this update also includes a significant feature level update to several versions of Microsoft Outlook (Outlook 2007, 2013, 2106 – both 32 and 64-bit editions). It also looks like attackers could use three approaches to compromise a system including: specially crafted web pages, special files and emails. Make this update a priority for your patch deployment effort.

MS16-102 — Critical

MS16-0102 addresses a single (as of yet, unrated by Microsoft and privately reported) vulnerability in the built-in PDF viewer in Windows 8.x and Windows 10 systems. This update is linked to the July cumulative update for Windows 10 that included an update to the PDF handler as well. If a user opens a specially crafted PDF file, it appears that with deploying this update or employing several registry related security restrictions, a remote code execution scenario will occur on the compromised system. Add this update to your priority patch deployment effort.

MS16-098 — Important

MS16-098 attempts to address four serious (but privately reported) vulnerabilities in the Windows kernel mode drivers that if left unpatched could lead to an elevation of privilege scenario. This is a tricky update with a long history of past issues and problems with these types of patches. I would deploy this update to IT first, and then wait a little while.

MS16-100 — Important

MS16-100 represents the perfect summer update. It’s a simple, single fix to a low profile Windows component, with low deployment risk. Add this update to your standard patch deployment effort.

MS16-101 — Important

MS16-101 addresses two privately reported vulnerabilities in the Windows authentication engine. Both vulnerabilities are relatively tough to exploit and require physical access to domain-joined systems. However, as this update affects all currently supported versions of both desktop and server systems from Microsoft, it needs to be added to your standard update deployment effort.

MS16-103 — Important

MS16-103 is the final update for this August that attempts to address a difficult to exploit, privately reported vulnerability in a relatively minor component of Windows 10 desktop systems. Add to your standard Windows 10 deployment effort.

Share This:

Microsoft’s Patch Tuesday “Fixes” 40 Vulnerabilities

Microsoft fixed more than 40 vulnerabilities in its products Tuesday, including critical ones in Windows, Internet Explorer, Edge and Office.

The vulnerabilities are covered in 16 security bulletins, six of which are marked as critical and the rest as important. This puts the total number of Microsoft security bulletins for the past six months to more than 160, a six-month record for the past decade.

Attackers can exploit this vulnerability by sending specifically crafted DNS requests to a Windows Server 2012 or a Windows Server 2012 R2 deployment configured as a DNS server.

The critical bulletins for Internet Explorer and Edge, namely MS16-063 and MS16-068, should also be high on the priority list because they cover remote code execution flaws that can be exploited by simply browsing to a specially crafted website.

Next on the list should be the Microsoft Office security bulletin, MS16-070, because the applications in the Office suite are a common target for attackers, particularly through malicious email attachments.

The most important vulnerability in the Microsoft Office bulletin is a remote code execution flaw tracked as CVE-2016-0025 that stems from the Microsoft Word RTF format. Since RTF can be used to attack through Outlook’s preview pane, the flaw can be triggered with a simple e-mail without user interaction.

To check for Windows updates

  1. Open Windows Update by clicking the Start button Picture of the Start button, clicking All Programs, and then clicking Windows Update.

  2. In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.

  3. If any updates are found, click Install updates. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Share This:

Microsoft Seeks to Log It’s Update History for Everyone

This latest news from Microsoft really does show off the “new Microsoft”. In the past Windows updates have been forgotten – almost as soon as they were released and applied. However the problem is that actually knowing what updates were applied – and when can go along way in respect to troubleshooting Windows issues.

464768-windows-10-ditches-patch-tuesday-for-security-s-sake

During Windows 10’s relatively short life, updates have been steady and regular. What they haven’t been is transparent. Until now.

To coincide with Patch Tuesday, the day Microsoft’s monthly security patches are released Microsoft is also creating a Windows 10 update history site.

The site will include detailed logs to every Windows 10 update in an effort to improve transparency, starting today.

We’re committed to our customers and strive to incorporate their feedback, both in how we deliver Windows as a service and the info we provide about Windows 10. In response to this feedback, we’re providing more details about the Windows 10 updates we deliver through Windows Update. You’ll see a summary of important product developments included in each update, with links to more details. This page will be regularly refreshed, as new updates are released.

Windows 10’s update history went live earlier today, and should be updated with each system patch.

Good move Microsoft.

Share This:

Microsoft Releases Critical Patches for All Windows Verisons

Microsoft has reported in its latest monthly security bulletin, otherwise known as “Patch Tuesday”  that users of Windows Vista and later, including Windows 10, should patch immediately to prevent a serious flaw in how the operating system handles certain files.

Windows security patches

The serious vulnerability (MS16-013) could allow an attacker to run arbitrary code as the logged-in user. Administrator accounts are at the greatest risk. An attacker would have to trick a user into opening a specially-crafted Journal file, which would let the attacker run programs, delete data, and create new accounts with full user rights.

Windows Server 2016 Tech Preview 4 is also affected by the vulnerability, and requires patching. The good news is that Microsoft said it was not aware of an attacker actually exploiting the flaw.

Microsoft also released three other critical flaws affecting Windows and Office.

Additional Patches Released This Month by Microsoft

MS16-012 addresses a vulnerabilities which could allow an attacker to run code on an affected system by tricking a user into opening a specially-crafted PDF file. Users on Windows 8.1 and Windows 10 are mostly affected. The flaw was privately reported to Microsoft, and is not thought to have been exploited by attackers.

MS16-015 fixes a number of memory corruption flaws in Microsoft Office, which could let an attacker to remotely execute code if a user opens a specially-crafted Office file. An attacker would have the same access to the system as the logged-in user. The flaws were privately reported, except a separate SharePoint cross-site scripting flaw, which was publicly disclosed.

MS16-022 patches more than two-dozen separate vulnerabilities with Adobe Flash Player on all Windows 8.1 and higher.

Microsoft  also rolled out a cumulative patch to Internet Explorer (MS16-009) and its newer browser, Microsoft Edge for Windows 10 (MS16-011).

Of the most serious flaws, an attacker could exploit flaws in how Internet Explorer and the Edge browser handles objects in memory and parse HTTP responses.

All of the vulnerabilities were privately reported to Microsoft, and are not thought to have been exploited by attackers.

Microsoft also released four other patches — MS16-014, MS16-016, MS16-017, MS16-018, MS16-019, MS16-020, and MS16-021— for “important” issues, such as address elevation of privileges and denial-of-service issues.

These patches are of course available as critical updates through Windows Update.

Share This:

Microsoft Issues for Fixes of 2016

Microsoft has released the first batch of security updates for 2016 and which include critical fixes for remote code execution flaws in Windows, Office, Edge, Internet Explorer, Silverlight and Visual Basic.

 

Microsoft has also fixed remote code execution and elevation of privilege vulnerabilities in Windows and an address spoofing flaw in Exchange Server, that were rated important, not critical, due to various mitigating factors.

In total, Microsoft issued nine security bulletins covering patches for 24 vulnerabilities.

Administrators should prioritize the MS16-005 security bulletin, especially for systems running Windows Vista, 7 and Server 2008.

This patch addresses a remote code execution vulnerability tracked as CVE-2016-0009 that has been publicly disclosed, making attacks more likely.

The second most important bulletin, according to Qualys, is MS16-004, which addresses six vulnerabilities in Microsoft Office. This bulletin is rated critical, which has been unusual for Microsoft Office in the recent past.

The culprit for this severity rating is one particular remote code execution vulnerability tracked as CVE-2016-0010 that’s present in all versions of Office from 2007 to 2016, even those running on Mac and Windows RT.

Additional patches are covered in the MS16-001 and MS16-002 security bulletins and will be the last ones that Internet Explorer versions 8 and 10 will ever receive. IE 9 will continue to be supported on Windows Vista and Windows Server 2008 SP2.

If you are in an organization that uses Outlook Web Access (OWA) you should also take a look at MS16-010. Even though this bulletin is rated by Microsoft only as important, the vulnerability it covers can allow attackers to launch so-called business e-mail compromise (BEC) attacks.

Such attacks have cost companies around the world $1.2 billion. This type of attack involves cyber-criminals compromising business emails, or spoofing email addresses, to instruct employees and business partners to initiate unauthorized wire transfers.

Finally, the MS16-006 bulletin, which addresses a vulnerability in Silverlight, should be on the priority list as well because the flaw could enable remote code execution attacks through the browser plug-in. Attackers are known to have used Silverlight exploits in the past.

This month’s updates were also the last ones for Windows 8, which Microsoft will no longer support going forward. Windows 8 users will have to upgrade to Windows 8.1 or 10 in order to continue receiving security patches.

Share This:

1 2 3