Virtual Administrator’s November 2018 Patch Recommendations
This month Microsoft released patches for 62 vulnerabilities with 12 of them rated “Critical”, 48 “Important” and 2 “Moderate”.
All November patches have been approved in our patch policy. (KB4461529 see Warning below)
This month has a zero-day security flaw CVE-2018-8589 included in Monthly Rollup/Cumulative Update. CVE-2018-8566 is a BitLocker vulnerability addressed with a Servicing Stack Update (SSU). Windows 10 October 2018 Update (version 1809) was re-release on November 13. There are reported issues with mapped drives failing to reconnect (see below). Our advice is to defer the update.
3 Microsoft Security Advisories were released – ADV180025, ADV180028, ADV990001 (links below).
Warning: Microsoft Outlook 2010 update (KB4461529) causes outlook to crash on startup
https://www.reddit.com/r/sysadmin/comments/9×2366/new_microsoft_outlook_2010_update_kb4461529/
Uninstalling KB4461529 will fix
Heads Up! Known Issues for Windows 10 versions 1607/1703/1709/1803 now include this .NET problem. This is caused by patches released in September.
SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates
Applies to: .NET Framework 4.6/4.7
After you install the August Preview of Quality Rollup or September 11, 2018, .NET Framework update, instantiation of SqlConnection can throw an exception.
IMPORTANT: Servicing Stack Update (SSU)
ADV990001 was posted this month and lists the current SSU for all operation systems. The current SSU is required to scan and patch reliably. Some newer patches require the latest SSU before they will be installed. Often a second pass is required before a machine is fully patched. The first pass installs the latest SSU which, once installed, detects the newer patches.
RE-RELEASE Windows 10 1809 “October 2018 Update”
https://support.microsoft.com/en-us/help/4464619/windows-10-update-history
Known Issue: Mapped drives may fail to reconnect after starting and logging onto a Windows device.
Upgrade block in place:Microsoft and Trend Micro have identified a compatibility issue with Trend Micro’s OfficeScan and Worry-Free Business Security software when attempting to update to Windows 10, version 1809.
Upgrade block in place: After updating to Window 10, version 1809, Microsoft Edge tabs may stop working when a device is configured with AMD Radeon HD2000 or HD4000 series video cards.
As with all Windows 10 version upgrades you cannot deny the upgrade as it is not a specific KB. You can defer the upgrade. VA has agent procedure posted on ClubMSP to enable the deferral for 180 days. Script name is: “Windows Creators Defer Update”
Zero Day CVE-2018-8589 included in Monthly Rollup/Cumulative Update
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8589
Second find for Kaspersky reporting this vulnerability in Win32k.sys which is similar to last month’s “FruityArmor” exploit CVE-2018-8453.
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
Affected software include:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- ChakraCore
- .NET Core
- Skype for Business
- Azure App Service on Azure Stack
- Team Foundation Server
- Microsoft Dynamics 365 (on-premises) version 8
- PowerShell Core
- Microsoft.PowerShell.Archive 1.2.2.0
Microsoft Security Advisories
ADV180025 | November 2018 Adobe Flash Security Update (Published: 11/13/2018)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180025
This security update addresses the following vulnerability, which is described in Adobe Security Bulletin APSB18-39: CVE-2018-15978.
ADV180028 | Guidance for configuring BitLocker to enforce software encryption (Published: 11/06/2018)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028
Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives (SEDs). Customers concerned about this issue should consider using the software only encryption provided by BitLocker Drive Encryption.
ADV990001 | Latest Servicing Stack Updates (Published: 11/13/2018)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001
This is a list of the latest servicing stack updates for each operating system. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
Known Issues: KB4467691, KB4467696, KB4467686, KB4467702, KB4467107
KB4467691 (Cumulative Update)
Applies to: Windows 10 version 1607, Windows Server 2016
https://support.microsoft.com/en-us/help/4467691/windows-10-update-kb4467691
Symptom: After installing this update, installation and client activation of Windows Server 2019 and 1809 LTSC Key Management Service (KMS) (CSVLK) host keys do not work as expected.
Workaround: None. Microsoft is working on a resolution and will provide an update in an upcoming release.
Symptom: After installing this update, Windows Server 2016 promotions that create non-root domains fail in forests in which optional features like Active Directory recycle have been enabled. The error is, “The replication operation encountered a database error”.
Workaround: Use servers running Windows Server 2012 R2 or earlier to promote the first domain controller in a non-root domain until a resolution is available.
Microsoft is working on a resolution and will provide an update in an upcoming release.
Symptom: After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:
4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.
Workaround: None. Microsoft is working on a resolution and will provide an update in an upcoming release.
KB4467696 (Cumulative Update)
Applies to: Windows 10 version 1703
https://support.microsoft.com/en-us/help/4467696/windows-10-update-kb4467696
Symptom: After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:
4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.
Workaround: None. Microsoft is working on a resolution and will provide an update in an upcoming release.
KB4467686 (Cumulative Update)
Applies to: Windows 10 version 1709
https://support.microsoft.com/en-us/help/4467686/windows-10-update-kb4467686
Symptom: After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:
4470809 Sql Connection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.
Workaround: None. Microsoft is working on a resolution and will provide an update in an upcoming release.
KB4467702 (Cumulative Update)
Applies to: Windows 10 version 1803
https://support.microsoft.com/en-us/help/4467702/windows-10-update-kb4467702
Symptom: After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base:
4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.
Workaround: None. Microsoft is working on a resolution and will provide an update in an upcoming release.
Symptom: After installing this update, some users cannot set Win32 program defaults for certain app and file type combinations using the Open with… command or Settings > Apps > Default apps.
In some cases, Microsoft Notepad or other Win32 programs cannot be set as the default.
Workaround: In some cases, attempting to set application defaults again will succeed.
Microsoft is working on a resolution and estimates a solution will be available in late November 2018.
KB4467107 (Monthly Rollup)
Applies to: Windows 7 SP1, Windows Server 2008 R2 SP1
https://support.microsoft.com/en-us/help/4467107/windows-7-update-kb4467107
Symptom: After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem<number>.inf. The exact problematic configurations are currently unknown.
Workaround:
- To locate the network device, launch devmgmt.msc. It may appear under Other Devices.
- To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
- Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.
Monthly Rollup/Security Only/Windows 10/Server 2016 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB4467107 – Windows 7, Windows Server 2008 R2
- KB4467697 – Windows 8.1, Windows Server 2012 R2
- KB4467701 – Windows Server 2012
- KB4467706 – Windows Server 2008
Security Only Update
- KB4467106 – Windows 7, Windows Server 2008 R2
- KB4467703 – Windows 8.1, Windows Server 2012 R2
- KB4467678 – Windows Server 2012
- KB4467700 – Windows Server 2008
Cumulative Update for Windows 10
- KB4467680 – Original release version 1507 (OS Build 10240)
- None – Version 1511 (OS Build 10586)
- KB4467691 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB4467696 – Version 1703 “Creators Update” (OS Build 15063)
- KB4467686 – Version 1709 “Fall Creators Update” (OS Build 16299)
- KB4467702 – Version 1803 “Spring Creators Update” (OS Build 17134)
- KB4467708 – Version 1809 “October 2018 Update” (OS Build 17763)
Note: Server 2016 uses the same KB as Windows 10 Version 1607
KB4466536 – Cumulative Security Update for Internet Explorer 9/10/11
This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.
.NET Framework
Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
- KB4467240 – Windows 7, Windows Server 2008 R2
- KB4467242 – Windows 8.1, Windows Server 2012 R2
- KB4467241 – Windows Server 2012
- KB4467243 – Windows Server 2008 (.NET Framework 2.0, 3.0, 4.5.2, 4.6)
KB4467694 – Security Update for Adobe Flash Player
November 2018 updates for Microsoft Office
https://support.microsoft.com/en-us/help/4469617/november-2018-updates-for-microsoft-office
Notable CVEs
CVE-2018-8476 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability (Published: 11/13/2018)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8476
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory.
An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.
CVE-2018-8566 | BitLocker Security Feature Bypass Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8566
A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data.
To exploit the vulnerability, an attacker must gain physical access to the target system prior to the next system reboot.
The security update fixes the vulnerability by ensuring Windows resumes BitLocker Device Encryption.
CVE-2018-8589 | Windows Win32k Elevation of Privilege Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8589
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys.
An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.
The update addresses the vulnerability by correcting how Windows handles calls to Win32k.
CVE-2018-8609 | Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability (Published: 11/13/2018)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8609
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 (on-premises) version 8 validates and sanitizes user input.