MICROSOFT’S November 2016 PATCH RELEASES

MICROSOFT’S November 2016 PATCH RELEASES

by | Nov 13, 2016 | Deployment, Patch Management, Patch Releases, SCCM, Security

MICROSOFT’S November 2016 PATCH RELEASES

Make Patching Great Again

Microsoft have released 14 new Patch Tuesday releases for deployment this month of November.

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS16-129 – Critical

Cumulative Security Update for Microsoft Edge (3199057)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-130 – Critical

Security Update for Microsoft Windows (3199172)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.

MS16-131 – Critical

Security Update for Microsoft Video Control (3199151)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.

MS16-132 – Critical

Security Update for Microsoft Graphics Component (3199120)
This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-133 – Important

Security Update for Microsoft Office (3199168)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-134 – Important

Security Update for Common Log File System Driver (3193706)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker who successfully exploits this vulnerability could run processes in an elevated context.

MS16-135 – Important

Security Update for Windows Kernel-Mode Drivers (3199135)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-136 – Important

Security Update for SQL Server (3199641)
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.

MS16-137 – Important

Security Update for Windows Authentication Methods (3199173)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change requests.

MS16-138 – Important

Security Update to Microsoft Virtual Hard Disk Driver (3199647)
This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.

MS16-139 – Important

Security Update for Windows Kernel (3199720)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by using this method.

MS16-140 – Important

Security Update for Boot Manager (3193479)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.

MS16-141 – Critical

Security Update for Adobe Flash Player (3202790)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS16-142 – Critical

Cumulative Security Update for Internet Explorer (3198467)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.

Microsoft Patch KB3179575 causing authentication issues with Windows 2012 servers

Microsoft Patch KB3179575 causing authentication issues with Windows 2012 servers

by | Aug 23, 2016 | Errors, Fixes, How To, Patch Releases

Microsoft Patch KB3179575 causing authentication issues with Windows 2012 servers

Seems yet another Microsoft security patch is causing issues this month. KB3179575 which was in the August Patch Tuesday deployment is to fix issues with the Windows 2012 (not R2) operating system.

Oh No Not Again

Taken directly from the Microsoft site, this update includes quality improvements but no new operating system features are being introduced.

The key changes include:

  • Addressed issue that required users to wait up to 30 seconds after booting-up, before the device was available and ready for use.
  • Addressed issue that prevents the automatic deletion of old Dynamic Host Configuration Protocol (DHCP) backup files—Extensible Storage Engine (ESE) transaction logs.
  • Addressed issue that caused Cluster service on remaining nodes to stop unexpectedly when a failover cluster node experiences a power outage.
  • Addressed issue that causes a NFS service to stop responding on a two-node Windows cluster deployment, affecting clients to not be able reach an NFS share.
  • Addressed issue after installing KB3146706 that causes Office 2010 to stop responding when Enhanced Mitigation Experience Toolkit (EMET) is enabled.

At this stage it seems to be only affecting logons (authentication) to Windows 2012 Domain Controllers, again at this stage the only fix is to uninstall this update, or if you deployed this security update using Microsoft’s SCCM and SnaPatch, you can roll this update deployment back. There is no known fix at this stage.

You may also be interested in some other Microsoft patches KB3177725 & KB3176493 which are known to cause printing issues. These two security patches were also released this month as well as KB3176934 breaks Windows 10 Powershell.

Microsoft patches KB3177725 & KB3176493 causing printing issues

Microsoft patches KB3177725 & KB3176493 causing printing issues

by | Aug 18, 2016 | Deployment, Errors, Fixes, Security

Microsoft August Patch Tuesday Release Causes Printing Issues: How to Fix it

Are you experiencing printing problems on your Windows PC after installing the latest security updates from Microsoft? If yes, then you are not alone. Two recent patches released by Microsoft, KB3177725 and KB3176493, seem to be causing printing issues on multiple Windows versions. In this article, we will discuss the details of this issue and how to fix it.

What are KB3177725 and KB3176493?

KB3177725 and KB3176493 are two security updates released by Microsoft in its August Patch Tuesday Release. These updates were designed to patch security vulnerabilities that could allow remote code execution on Windows 7, 8, 8.1, 10, and server editions of their software, including Windows server 2008, 2008 R2, 2012, and 2012 R2.

STOP SIGN

What is the issue caused by these updates?

The issue caused by these updates is the inability to print more than one page at a time. Some users have reported that it corrupts all print jobs with an error. Initially, Microsoft claimed that the problem was due to incompatibility issues between Windows and Printer Drivers. However, the company later acknowledged that the issue was caused by these two updates.

Update

What is the fix for this issue?

UPDATE:  Previously we mentioned the only work around is to uninstall either or both KB3177725 and KB3176493.

Well Microsoft have come through and have released another patch that will fix the issues caused by these two security updates. KB3187022 – Print functionality is broken after any of the MS16-098 security updates are installed

Patch is available to download from the Microsoft site https://support.microsoft.com/en-us/kb/3187022

There has been other issues this month, caused by the August Security Patches. Microsoft Patch KB3179575 causing authentication issues with Windows 2012 servers and KB3176934 breaks Windows 10 Powershell

If you are a SnaPatch customer, you are in luck. SnaPatch allows you to quickly and easily roll back your virtual machines to the prior security update deployment snapshot, thereby avoiding further issues. To learn more about what SnaPatch offers and how it can help you avoid similar issues, click the link provided.

In conclusion, if you are experiencing printing issues on your Windows PC after installing the latest security updates from Microsoft, then you are not alone. The patches causing these problems are KB3177725 and KB3176493. However, Microsoft has released a fix for this issue in the form of KB3187022. We recommend that you download and install this patch to resolve the issue.

SnaPatch Home Screen

MICROSOFT’S August 2016 PATCH RELEASES

MICROSOFT’S August 2016 PATCH RELEASES

by | Aug 11, 2016 | Fixes, Patch Management, Patch Releases, SCCM, Security

MICROSOFT’S August 2016 PATCH RELEASES

The following nine Patch Tuesday updates / patches have been released by Microsoft for the August 2016 Update deployment.

Are you ready to start deploying and remove the patching risk using SnaPatch Patch Management Software?

MS16-095 – Critical

Cumulative Security Update for Internet Explorer (3177356)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-096 – Critical

Cumulative Security Update for Microsoft Edge (3177358)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-097 – Critical

Security Update for Microsoft Graphics Component (3177393)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-098– Critical

Security Update for Windows Kernel-Mode Drivers (3178466)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-099 – Critical

Security Update for Microsoft Office (3177451)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-100 – Important

Security Update for Secure Boot (3179577)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs an affected boot manager and bypasses Windows security features.

MS16-101 – Important

Security Update for Windows Authentication Methods (3178465)
This security update resolves multiple vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system.

MS16-102 – Critical

Security Update for Microsoft Windows PDF Library (3182248)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-103– Important

Security Update for ActiveSyncProvider (3182332)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Universal Outlook fails to establish a secure connection.

VMWare PowerCLI Installation Failed

VMWare PowerCLI Installation Failed

by | Jul 12, 2016 | Errors, Fixes, How To, VMWare

VMWare PowerCLI Installation Failed

If you are installing VMWare’s PowerCLI for remote administration of your VMWare farm, or for SnaPatch or Snapshot Master you may at times receive the following error, “Setup has detected that the installation package is corrupted. Please be aware that this installer may have been tampered with.” One of the possible causes for this is that the root certificate for VeriSign isnt installed on your computer. There are a few ways to fix this issue, one is to download the root certificate from VeriSign themselves and then to install it to the local computer account under Third-Party Root Certification Authorities-Certificates, or to export it from the VMWare PowerCLI installation package.

VMWare PowerCLI setup error

These screenshots show the error you would receive while trying to install the VMWare PowerCLI installer.

VMWare PowerCLI Setup error

VMWare PowerCLI Installation error

How to Manually install the root certificate

First off we will see if the root certificate is in fact already installed or not. From a command prompt type mmc.exe to open up the Microsoft Management Console.

VMWare PowerCLI ERROR MMC

 Now go to File, then Add/Remove Snap-in

VMWare PowerCLI ERROR MMC 2

Next we have to choose the Certificates addin. Highlight Certificates then click on Add.

VMWare PowerCLI setup error

You will now need to select Computer Account and then click Next.

VMWare PowerCLI setup error 2

Choose Local Computer for the location that this snap-in will manage then click Next.

VMWare PowerCLI setup error 3

Now click OK and the Certificates Snap-in will be available.

VMWare PowerCLI setup error 4

Expand Certificates, then Third-Party Root Certification Authorities and finally Certificates. You will now need to look for the Root Certificate, VeriSign Class 3 Public Primary Certification Authority – G5. In this example you can see that the certificate is installed. If it isnt installed you can download and install the certificate to the shown location. If you cannot download the root certificate it is possible to import the certificate from the VMWare PowerCLI installation package, as shown in further steps.

VMWare PowerCLI setup error 5

How to import the certificate from the VMWare package

Now you will need to export the Root Certificate from the VMWare PowerCLI installation package. To do so, locate the EXE file and right click it then choose properties.

PowerCLI Setup

Change the tab to Digital Signatures then click Details.

PowerCLI ERROR Details

As you can see in this example, “the certificate in the signature cannot be verified”. Click View Certificate to proceed.

PowerCLI ERROR certificate

Change to the Certification Path tab and make sure you select the top of the certification path. In this example, you can see it highlighted as VeriSign Class 3 Public Primary Certification Authority – G5. Once selected click View Certificate.

VeriSign Root Certificate

Again, in the next window go to the Details tab then click Copy to File.

VMWare PowerCLI Certificate Error

The Certificate Export Wizard starts next. Click on Next to proceed with the Wizard.

Certificate Export Wizard

Leave the Format as DER and then click on Next.

PowerCLI Certificate Issue

Choose the location and filename where you want to save the exported certificate and then click Next.

PowerCLI Issues

Certificate Export Successful

You can now click Finished and the Certificate Export Wizard will then close.

PowerCLI Vmware

Next we need to import the VeriSign Root Certificate to the correct location. Right click the exported certificate and select Install Certificate.

Install Certificate

The Certificate Import Wizard now starts. Click Next.

Certificate Import Wizard

Select Place all certificates in the following store and then choose Third-Party Root Certification Authorities. Click Next when ready to do so.

Third-Party Root Certification Authorities

Now click Finish.

Certificate Wizard Finish

The Root Certificate from VeriSign should now have installed in to the correct location and you can then restart the installation of VMWare PowerCLI.

Certificate Import Successful