MICROSOFT’S March 2017 PATCH RELEASES

MICROSOFT’S March 2017 PATCH RELEASES

by | Mar 15, 2017 | Fixes, Patch Management, Patch Releases, SCCM, Security

MICROSOFT’S March 2017 PATCH RELEASES

Well after an absence last month of the usual Microsoft Patch Tuesday releases, Microsoft have bundled more in to this months release, with 18 Windows Updates for the month of March 2017.

March 2017 Patch Tuesday

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS17-006 – Critical

Cumulative Security Update for Internet Explorer (4013073)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS17-007 – Critical

Cumulative Security Update for Microsoft Edge (4013071)
This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS17-008 – Critical

Security Update for Windows Hyper-V (4013082)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

MS17-009 – Critical

Security Update for Microsoft Windows PDF Library (4010319)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

MS17-010 – Critical

Security Update for Microsoft Windows SMB Server (4013389)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

MS17-011 – Critical

Security Update for Microsoft Uniscribe (4013076)
This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS17-012 – Critical

Security Update for Microsoft Windows (4013078)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.

MS17-013 – Critical

Security Update for Microsoft Graphics Component (4013075)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS17-014 – Important

Security Update for Microsoft Office (4013241)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS17-015 – Important

Security Update for Microsoft Exchange Server (4013242)
This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

MS17-016 – Important

Security Update for Windows IIS (4013074)
This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

MS17-017 – Important

Security Update for Windows Kernel (4013081)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.

MS17-018 – Important

Security Update for Windows Kernel-Mode Drivers (4013083)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS17-019 – Important

Security Update for Active Directory Federation Services (4010320)
This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.

MS17-020 – Important

Security Update for Windows DVD Maker (3208223)
This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.

MS17-021 – Important

Security Update for Windows DirectShow (4010318)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

MS17-022 – Important

Security Update for Microsoft XML Core Services (4010321)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

MS17-023 – Important

Security Update for Adobe Flash Player (4014329)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Cloner – Quickly and easily clone your Azure VMs, you can even migrate your VMs between ARM and ASM.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.

MICROSOFT’S January 2017 PATCH RELEASES

MICROSOFT’S January 2017 PATCH RELEASES

by | Jan 11, 2017 | How To

MICROSOFT’S January 2017 PATCH RELEASES

Microsoft have released 4 new Patch Tuesday releases for deployment this month of January. Quite a small deployment of updates this month 🙂

January 2017 Patch Tuesday

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS17-001 – Important

Security Update for Microsoft Edge (3199709)
This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges

MS17-002 – Important

Security Update for Microsoft Office (3214291)
This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS17-003 – Critical

Security Update for Adobe Flash Player (3214628)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS17-004 – Important

Security Update for Local Security Authority Subsystem Service (3216771)
A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system’s LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.

KB3209501 Update for SCCM 1610

KB3209501 Update for SCCM 1610

by | Dec 15, 2016 | Fixes, How To, Patch Releases, SCCM

How to update to KB3209501 for Microsoft SCCM 1610

If you’re experiencing issues with Microsoft SCCM 1610, the recently released update KB3209501 might just be the fix you need. This update resolves various problems related to Configuration Manager version 1606 to version 1610 upgrade, Software Center, BITS for Windows Express Update Files, Task Sequences, and more. In this article, we’ll guide you through the process of updating SCCM 1610 to KB3209501, step-by-step.

KB3209501 FAQs

Question Answer

What is KB3209501?

 KB3209501 is an update for Microsoft SCCM 1610 that was released in December 2016. It fixes various issues with SCCM 1610.

What issues does KB3209501 fix?

 KB3209501 fixes issues such as the SMS Agent Host process using 100% of available CPU time, Task sequence deployments failing, and more.

How do I update to KB3209501 for Microsoft SCCM 1610?

 To update to KB3209501, open your SCCM console, navigate to Administration > Cloud Services > Update and Servicing, and follow the steps.

Should I install updates in preproduction prior to production?

 It is always good practice to install any updates in preproduction prior to production.

Is KB3209501 installation time-consuming?

 Yes, KB3209501 installation may take some time to finish, so be prepared to be patient.

 Update to KB3209501

So now that you know what KB3209501 fixes now just follow the below tasks to update your SCCM environment.

Open your SCCM console and navigate to Administration, Cloud Services and highlight Update and Servicing

KB3209501 Installing

Next, highlight update KB3209501, then right click and choose Run Prerequisite Check.

KB3209501 prerequisite check

Give the prerequisite checks sometime to complete.

KB3209501 checking prerequisites

Keep refreshing the console to see when it has completed.

KB3209501 prerequisite passed

Once the KB3209501 prerequisite checks have passed, again highlight the update and then right click and choose Install Update Pack.

KB3209501 Install

You are now presented with the Configuration Manager Updates Wizard. Select whether you want to ignore any prerequisite check warnings if you received them or not and then click Next.

KB3209501 Install 2

On the Client Update Options tab, you can select to update without validating against your preproduction environment before updating your production environment. As this is one of our many labs, I have chosen to go ahead without validating. While this is a lab, not everyone can has his luxury, so remember It is always good practice to install any updates in preproduction prior to production.

KB3209501 Install 3

On the License Tab page, confirm you accept the license terms and privacy statement and then click Next.

KB3209501 Install 4

Confirm what is shown is on the Summary Tab is correct and then click Next.

KB3209501 Install 5

The installation will no be performed in the background, so on the Completion Tab click Close.

KB3209501 Install 6

As you can see, KB3209501 is installing in the background. For my lab, it did take some time to finish so prepare to be patient.

KB3209501 Installing

Updating SCCM 1610 to KB3209501 is a straightforward process that can help you resolve a range of issues and improve the overall performance of your Configuration Manager environment. By following the steps outlined above, you can ensure a smooth and successful update. Don’t forget to install updates in pre-production first to avoid potential conflicts

MICROSOFT’S December 2016 PATCH RELEASES

MICROSOFT’S December 2016 PATCH RELEASES

by | Dec 14, 2016 | Deployment, Fixes, Patch Management, Patch Releases, Risk, SCCM, Security

MICROSOFT’S December 2016 PATCH RELEASES

patch tuesday aliens

Microsoft have released 12 new Patch Tuesday releases for deployment this month of December.

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS16-144 – Critical

Cumulative Security Update for Internet Explorer (3204059)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-145 – Critical

Cumulative Security Update for Microsoft Edge (3204062)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-146 – Critical

Security Update for Microsoft Graphics Component (3204066)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-147 – Critical

Security Update for Microsoft Uniscribe (3204063)
This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-148 – Critical

Security Update for Microsoft Office (3204068)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-149 – Important

Security Update for Microsoft Windows (3205655)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

MS16-150 – Important

Security Update for Secure Kernel Mode (3205642)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).

MS16-151 – Important

Security Update for Windows Kernel-Mode Drivers (3205651)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-152 – Important

Security Update for Windows Kernel (3199709)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.

MS16-153 – Important

Security Update for Common Log File System Driver (3207328)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.

MS16-154 – Critical

Security Update for Adobe Flash Player (3209498)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS16-155 – Important

Security Update for .NET Framework (3205640)
This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.

Azure VM Scheduler tasks not running

Azure VM Scheduler tasks not running

by | Dec 7, 2016 | AVMS, Azure, Cloud Computing, Errors, Fixes, How To, Schedule

Troubleshooting Azure VM Scheduler (AVMS) Task Issues

If your scheduled AVMS tasks aren’t running as expected, don’t worry — this guide will walk you through common issues and how to resolve them quickly.

Error 1: Proxy Authentication Required

Check the AVMS log file located at:

C:\Program Files (x86)\SMIKAR Software\AVMS\avms.log

Look for entries similar to the following:

01/11/2016 11:23:46 AM Attempting to ADD-azureaccount using account XXXX@XXXX.onmicrosoft.com
01/11/2016 11:23:46 AM Failed to ADD-azureaccount using account XXXX@XXXX.onmicrosoft.com - error user_realm_discovery_failed: User realm discovery failed: The remote server returned an error: (407) Proxy Authentication Required.

This typically means your on-site proxy server requires authentication. The AVMS console works under your domain account (which has proxy access), but the scheduled task runs under the system account — which usually doesn’t.

To fix this:

  • Open Control Panel → Task Scheduler
  • Find the AVMS task, right-click, and choose Properties
  • Change the user from System to a domain account with proxy permissions

Azure VM Scheduler Tasks

Azure VM Scheduler Tasks Properties

Your scheduled task should now run successfully using this authenticated user.

Error 2: Email Notification Hang

Check the log again for an incomplete sequence like this:

01/11/2016 12:46:56 PM Started code block to Stop VMs
01/11/2016 12:46:56 PM Adding servers to array for email
01/11/2016 12:46:56 PM email form created notifying task has started

If the log halts here, it’s likely due to an issue with your email notification settings. Confirm that:

  • Your SMTP server address, port, and credentials are correctly configured in AVMS
  • Firewall or outbound rules aren’t blocking mail traffic

Alternatively, you can disable email notifications if you don’t need them — but note that you won’t receive job start/complete alerts.

Need More Help?

Still having issues? Contact support@smikar.com or visit our AVMS page for more resources.