MICROSOFT’S December 2016 PATCH RELEASES

MICROSOFT’S December 2016 PATCH RELEASES

by | Dec 14, 2016 | Deployment, Fixes, Patch Management, Patch Releases, Risk, SCCM, Security

MICROSOFT’S December 2016 PATCH RELEASES

patch tuesday aliens

Microsoft have released 12 new Patch Tuesday releases for deployment this month of December.

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS16-144 – Critical

Cumulative Security Update for Internet Explorer (3204059)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-145 – Critical

Cumulative Security Update for Microsoft Edge (3204062)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-146 – Critical

Security Update for Microsoft Graphics Component (3204066)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-147 – Critical

Security Update for Microsoft Uniscribe (3204063)
This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-148 – Critical

Security Update for Microsoft Office (3204068)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-149 – Important

Security Update for Microsoft Windows (3205655)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

MS16-150 – Important

Security Update for Secure Kernel Mode (3205642)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).

MS16-151 – Important

Security Update for Windows Kernel-Mode Drivers (3205651)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-152 – Important

Security Update for Windows Kernel (3199709)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.

MS16-153 – Important

Security Update for Common Log File System Driver (3207328)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.

MS16-154 – Critical

Security Update for Adobe Flash Player (3209498)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS16-155 – Important

Security Update for .NET Framework (3205640)
This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.

Azure VM Scheduler tasks not running

Azure VM Scheduler tasks not running

by | Dec 7, 2016 | AVMS, Azure, Cloud Computing, Errors, Fixes, How To, Schedule

Troubleshooting Azure VM Scheduler (AVMS) Task Issues

If your scheduled AVMS tasks aren’t running as expected, don’t worry — this guide will walk you through common issues and how to resolve them quickly.

Error 1: Proxy Authentication Required

Check the AVMS log file located at:

C:\Program Files (x86)\SMIKAR Software\AVMS\avms.log

Look for entries similar to the following:

01/11/2016 11:23:46 AM Attempting to ADD-azureaccount using account XXXX@XXXX.onmicrosoft.com
01/11/2016 11:23:46 AM Failed to ADD-azureaccount using account XXXX@XXXX.onmicrosoft.com - error user_realm_discovery_failed: User realm discovery failed: The remote server returned an error: (407) Proxy Authentication Required.

This typically means your on-site proxy server requires authentication. The AVMS console works under your domain account (which has proxy access), but the scheduled task runs under the system account — which usually doesn’t.

To fix this:

  • Open Control Panel → Task Scheduler
  • Find the AVMS task, right-click, and choose Properties
  • Change the user from System to a domain account with proxy permissions

Azure VM Scheduler Tasks

Azure VM Scheduler Tasks Properties

Your scheduled task should now run successfully using this authenticated user.

Error 2: Email Notification Hang

Check the log again for an incomplete sequence like this:

01/11/2016 12:46:56 PM Started code block to Stop VMs
01/11/2016 12:46:56 PM Adding servers to array for email
01/11/2016 12:46:56 PM email form created notifying task has started

If the log halts here, it’s likely due to an issue with your email notification settings. Confirm that:

  • Your SMTP server address, port, and credentials are correctly configured in AVMS
  • Firewall or outbound rules aren’t blocking mail traffic

Alternatively, you can disable email notifications if you don’t need them — but note that you won’t receive job start/complete alerts.

Need More Help?

Still having issues? Contact support@smikar.com or visit our AVMS page for more resources.

KB3176934 breaks Windows 10 Powershell

KB3176934 breaks Windows 10 Powershell

by | Aug 26, 2016 | Errors, Patch Management, Patch Releases, Risk, Security

Windows 10 has been a reliable operating system for many users, but recently, some patches released by Microsoft have caused various issues. One of the latest problems is caused by KB3176934, which appears to break Windows 10 PowerShell. In particular, it affects the Desired State Configuration (DSC) functionality in PowerShell, rendering it useless.

What is KB3176934?

KB3176934 is a security update released by Microsoft in August. The patch was meant to fix some security issues with the operating system, but instead, it caused a problem with PowerShell. The issue is related to a missing .MOF file in the build package, causing the update to break DSC.

The Consequences of the Issue

The missing .MOF file leads to all DSC operations resulting in an “Invalid Property” error. This means that if you are using DSC on any Windows client, or from any Windows client, you should uninstall the update. The PowerShell function will be completely unusable until the KB3176934 update is removed.

what is happening

Other Issues Caused by Recent Patches

This isn’t the only issue caused by the August releases of patches by Microsoft. Two other known issues were caused by security patches, namely Microsoft patches KB3177725 and KB3176493 causing printing issues, and Microsoft Patch KB3179575 causing authentication issues with Windows 2012 servers. Fortunately, a fix for the printing issue problem (KB3187022) has been released. Still, there has been no correspondence regarding the authentication issues, making it unclear whether a fix is coming soon.

How to Fix the PowerShell Issue

If you have experienced this issue on your Windows 10 machine, don’t worry. There is a solution, and it’s relatively easy to implement. The only way to fix this problem is to uninstall KB3176934 from the affected machine. Once you have removed the update, DSC functionality should be restored to PowerShell

Conclusion

If you use PowerShell for DSC, KB3176934 is a patch you need to avoid. While it’s essential to keep your operating system up to date, this update is not worth the trouble. The missing .MOF file breaks DSC functionality, leading to an “Invalid Property” error, rendering it useless. It’s crucial to stay aware of the latest updates from Microsoft and to remove any problematic ones as soon as possible.

 
Microsoft Patch KB3179575 causing authentication issues with Windows 2012 servers

Microsoft Patch KB3179575 causing authentication issues with Windows 2012 servers

by | Aug 23, 2016 | Errors, Fixes, How To, Patch Releases

Microsoft Patch KB3179575 causing authentication issues with Windows 2012 servers

Seems yet another Microsoft security patch is causing issues this month. KB3179575 which was in the August Patch Tuesday deployment is to fix issues with the Windows 2012 (not R2) operating system.

Oh No Not Again

Taken directly from the Microsoft site, this update includes quality improvements but no new operating system features are being introduced.

The key changes include:

  • Addressed issue that required users to wait up to 30 seconds after booting-up, before the device was available and ready for use.
  • Addressed issue that prevents the automatic deletion of old Dynamic Host Configuration Protocol (DHCP) backup files—Extensible Storage Engine (ESE) transaction logs.
  • Addressed issue that caused Cluster service on remaining nodes to stop unexpectedly when a failover cluster node experiences a power outage.
  • Addressed issue that causes a NFS service to stop responding on a two-node Windows cluster deployment, affecting clients to not be able reach an NFS share.
  • Addressed issue after installing KB3146706 that causes Office 2010 to stop responding when Enhanced Mitigation Experience Toolkit (EMET) is enabled.

At this stage it seems to be only affecting logons (authentication) to Windows 2012 Domain Controllers, again at this stage the only fix is to uninstall this update, or if you deployed this security update using Microsoft’s SCCM and SnaPatch, you can roll this update deployment back. There is no known fix at this stage.

You may also be interested in some other Microsoft patches KB3177725 & KB3176493 which are known to cause printing issues. These two security patches were also released this month as well as KB3176934 breaks Windows 10 Powershell.

VMWare PowerCLI Installation Failed

VMWare PowerCLI Installation Failed

by | Jul 12, 2016 | Errors, Fixes, How To, VMWare

VMWare PowerCLI Installation Failed

If you are installing VMWare’s PowerCLI for remote administration of your VMWare farm, or for SnaPatch or Snapshot Master you may at times receive the following error, “Setup has detected that the installation package is corrupted. Please be aware that this installer may have been tampered with.” One of the possible causes for this is that the root certificate for VeriSign isnt installed on your computer. There are a few ways to fix this issue, one is to download the root certificate from VeriSign themselves and then to install it to the local computer account under Third-Party Root Certification Authorities-Certificates, or to export it from the VMWare PowerCLI installation package.

VMWare PowerCLI setup error

These screenshots show the error you would receive while trying to install the VMWare PowerCLI installer.

VMWare PowerCLI Setup error

VMWare PowerCLI Installation error

How to Manually install the root certificate

First off we will see if the root certificate is in fact already installed or not. From a command prompt type mmc.exe to open up the Microsoft Management Console.

VMWare PowerCLI ERROR MMC

 Now go to File, then Add/Remove Snap-in

VMWare PowerCLI ERROR MMC 2

Next we have to choose the Certificates addin. Highlight Certificates then click on Add.

VMWare PowerCLI setup error

You will now need to select Computer Account and then click Next.

VMWare PowerCLI setup error 2

Choose Local Computer for the location that this snap-in will manage then click Next.

VMWare PowerCLI setup error 3

Now click OK and the Certificates Snap-in will be available.

VMWare PowerCLI setup error 4

Expand Certificates, then Third-Party Root Certification Authorities and finally Certificates. You will now need to look for the Root Certificate, VeriSign Class 3 Public Primary Certification Authority – G5. In this example you can see that the certificate is installed. If it isnt installed you can download and install the certificate to the shown location. If you cannot download the root certificate it is possible to import the certificate from the VMWare PowerCLI installation package, as shown in further steps.

VMWare PowerCLI setup error 5

How to import the certificate from the VMWare package

Now you will need to export the Root Certificate from the VMWare PowerCLI installation package. To do so, locate the EXE file and right click it then choose properties.

PowerCLI Setup

Change the tab to Digital Signatures then click Details.

PowerCLI ERROR Details

As you can see in this example, “the certificate in the signature cannot be verified”. Click View Certificate to proceed.

PowerCLI ERROR certificate

Change to the Certification Path tab and make sure you select the top of the certification path. In this example, you can see it highlighted as VeriSign Class 3 Public Primary Certification Authority – G5. Once selected click View Certificate.

VeriSign Root Certificate

Again, in the next window go to the Details tab then click Copy to File.

VMWare PowerCLI Certificate Error

The Certificate Export Wizard starts next. Click on Next to proceed with the Wizard.

Certificate Export Wizard

Leave the Format as DER and then click on Next.

PowerCLI Certificate Issue

Choose the location and filename where you want to save the exported certificate and then click Next.

PowerCLI Issues

Certificate Export Successful

You can now click Finished and the Certificate Export Wizard will then close.

PowerCLI Vmware

Next we need to import the VeriSign Root Certificate to the correct location. Right click the exported certificate and select Install Certificate.

Install Certificate

The Certificate Import Wizard now starts. Click Next.

Certificate Import Wizard

Select Place all certificates in the following store and then choose Third-Party Root Certification Authorities. Click Next when ready to do so.

Third-Party Root Certification Authorities

Now click Finish.

Certificate Wizard Finish

The Root Certificate from VeriSign should now have installed in to the correct location and you can then restart the installation of VMWare PowerCLI.

Certificate Import Successful