dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4552

NICK ADSL UK
MVM
join:2004-02-22
united kingd

6 recommendations

NICK ADSL UK

MVM

Microsoft August 2019 Security Updates

August 2019 Security Updates
Release Date: August 13, 2019

The August security release consists of security updates for the following software:

Microsoft Windows
Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office and Microsoft Office Services and Web Apps
Visual Studio
Online Services
Active Directory
Microsoft Dynamics
Please note the following information regarding the security updates:

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is present only in the IE Cumulative package.
The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

ADV190014*
CVE-2019-1030
CVE-2019-1078
CVE-2019-1143
CVE-2019-1146
CVE-2019-1147*
CVE-2019-1148
CVE-2019-1149
CVE-2019-1151
CVE-2019-1153
CVE-2019-1154
CVE-2019-1155 *
CVE-2019-1156 *
CVE-2019-1157 *
CVE-2019-1158
CVE-2019-1161 *
CVE-2019-1171
CVE-2019-1172
CVE-2019-1181 *
CVE-2019-1182 *
CVE-2019-1199
CVE-2019-1200
CVE-2019-1201
CVE-2019-1202
CVE-2019-1203
CVE-2019-1204
CVE-2019-1205
CVE-2019-1218 *
CVE-2019-1224
CVE-2019-1225
CVE-2019-1227
CVE-2019-1228
CVE-2019-9511 *
CVE-2019-9512 *
CVE-2019-9513 *
CVE-2019-9514 *
CVE-2019-9518 *
Known Issues

KB Article Applies To
4511553 Windows 10, version 1809, Windows Server 2019
4511872 Internet Explorer
4512476 Windows Server 2008 SP2 (Monthly Rollup)
4512482 Windows Server 2012 (Security-only update)
4512486 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
4512488 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4512489 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4512491 Windows Server 2008 SP2 (Security-only Update)
4512497 Windows 10
4512501 Windows 10, version 1803, Windows Server version 1803
4512506 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4512507 Windows 10, version 1703
4512508 Windows 10, version 1903, Windows Server version 1903
4512516 Windows 10, version 1709
4512517 Windows 10, version 1607, Windows Server 2016
4512518 Windows Server 2012 (Monthly Rollup)

»portal.msrc.microsoft.co ··· 3a33a34d
Frodo
join:2006-05-05

1 edit

1 recommendation

Frodo

Member

Write-up on what is patched is here.
»www.zerodayinitiative.co ··· e-review

An interesting aspect pointed out is, to shore up bluetooth, a registry edit is necessary along with the patch.
»portal.msrc.microsoft.co ··· 019-9506
quote:
To address the vulnerability Microsoft has released a software update that enforces a default 7-octet minimum key length to ensure that the key negotiation does not trivialize the encryption. This functionality is disabled by default when the update is installed. Customers must enable this functionality by setting a specific flag in the registry.

This might not work with some bluetooth devices, such as my $4 usb one. We'll see.

:edit
I'm not doing anything with this one today. It says:
HKLM\System\CurrentControlSet\Policies\Hardware\Bluetooth
I'm not seeing it.
encircle
join:2006-08-20

encircle to NICK ADSL UK

Member

to NICK ADSL UK
I can't install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004.

Multiple restarts and retries result in same error.

Anyone else seeing this?
Frodo
join:2006-05-05

2 recommendations

Frodo to NICK ADSL UK

Member

to NICK ADSL UK
On Win 8.1, Win 10 1703, 1803, and 1809, Net 4.8 came in. After the systems rebooted, I manually checked for updates, and there was further Net updates on all of these systems. The 2nd net update didn't require a reboot.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to encircle

Premium Member

to encircle
said by encircle:

I can't install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004.

Multiple restarts and retries result in same error.

Anyone else seeing this?

No problems in my 3 64-bit W7 HPE SP1 machines. Maybe check its logs?
redwolfe_98
Premium Member
join:2001-06-11

redwolfe_98 to Frodo

Premium Member

to Frodo
said by Frodo:

I manually checked for updates, and there was further Net updates

i noticed the same thing. i think that what happened was that there was an august update for .NETFramework but then the OLD july update was installed on top of it. in other words, i think MS screwed up.
tlbepson
Premium Member
join:2002-02-09
dc metro

1 recommendation

tlbepson

Premium Member


redwolfe_98:
>> i think MS screwed up.

Ohhhhh...quelle surprise...



Dustyn
Premium Member
join:2003-02-26
Ontario, CAN

4 recommendations

Dustyn to NICK ADSL UK

Premium Member

to NICK ADSL UK
Hey Microsoft... can we have a patch Tuesday where patches are applied dynamically without requiring a reboot? Goals.
bobk4000
join:2003-10-17
Saint Paul, MN

1 recommendation

bobk4000 to encircle

Member

to encircle
peternm22 - I can't install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004.

By chance are you running Symantec Endpoint Protection? I spotted this in the Reddit Sysadmin thread about patch Tuesday for August:

»www.reddit.com/r/sysadmi ··· ewscgh6/

Not sure if it applies but wanted to pass that along.

Edit: forgot to include peternm22's original entry.
InternetJeff
I'm your huckleberry.
join:2001-09-25
.

2 recommendations

InternetJeff to Dustyn

Member

to Dustyn
said by Dustyn:

Hey Microsoft... can we have a patch Tuesday where patches are applied dynamically without requiring a reboot? Goals.

LOL.

I remember back in the 90's / early 2000's (?) when Gates came out and announced that a major goal was fewer updates requiring a reboot. Too lazy right now to find the link.

You would think that by nearly 2020 this could be figured out. But the failure is not surprising seeing as how they cannot even put out patches that don't break stuff and brick machines. Sigh.
InternetJeff

1 recommendation

InternetJeff to encircle

Member

to encircle
said by encircle:

I can't install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004.

Multiple restarts and retries result in same error.

Anyone else seeing this?

Common accepted practice is to defer all updates for at least a couple weeks to let any bugs be found and the patches patched. Except for maybe critical security stuff.

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

1 recommendation

antdude

Premium Member

said by InternetJeff:

said by encircle:

I can't install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004.

Multiple restarts and retries result in same error.

Anyone else seeing this?

Common accepted practice is to defer all updates for at least a couple weeks to let any bugs be found and the patches patched. Except for maybe critical security stuff.

And make back ups before getting these updates. I do that every month just in case!
Gingka
join:2019-08-14

Gingka to encircle

Member

to encircle
Hi. I got the same error on Windows 7 32 bits. I solved the error installing KB4490628 update. You can download here: »www.catalog.update.micro ··· B4490628
dave
Premium Member
join:2000-05-04
not in ohio

dave to encircle

Premium Member

to encircle
Windows 7 ok here, but windows home server 2011 (= windows server 2008 R2) is getting 80092004. I have not yet looked into it further.
encircle
join:2006-08-20

encircle to Gingka

Member

to Gingka
Yep, that was the fix. I found the fix on AskWoody yesterday. None of these systems had KB4490628 installed which I thought was strange. I think I know why they didn't have it installed though.

Back in March, Microsoft release two updates to enable SHA-2 signing support for Windows Update. These two updates were KB4474419 and KB4490628.

These updates can't be installed at the same time, so Microsoft just offers KB4474419 at first. After that, if you check Windows Update again it would then offer KB4490628.

None of these systems have automatic updating on, I manually go and click "Check for Updates" each month. I didn't realize at the time that I need to check for updates a second time after rebooting, so KB4490628 was never offered.

It was never offered during subsequent months either for the same reason. KB4490628 can only be installed by itself, so if other updates are pending, it won't show as available to install.

OldNavyGuy
join:2018-07-24
Newberg, OR

OldNavyGuy to Frodo

Member

to Frodo
said by Frodo:

On Win 8.1, Win 10 1703, 1803, and 1809, Net 4.8 came in. After the systems rebooted, I manually checked for updates, and there was further Net updates on all of these systems. The 2nd net update didn't require a reboot.

One was likely the language pack.

»www.ghacks.net/2019/08/1 ··· verview/

Non-security related updates section.

EGeezer
Premium Member
join:2002-08-04
Midwest

EGeezer to NICK ADSL UK

Premium Member

to NICK ADSL UK
The TL;DR link is here;
»www.cisecurity.org/advis ··· 019-084/
EGeezer

1 recommendation

EGeezer to NICK ADSL UK

Premium Member

to NICK ADSL UK

Update to Microsoft August 2019 Security notice

Edited for brevity;

Microsoft Security Update Releases Issued August 14, 2019
The following CVE has undergone a major revision increment: CVE-2019-1258

Revision Information:
=====================

- CVE-2019-1258 | Azure Active Directory Authentication Library Elevation of
Privilege Vulnerability
- »portal.msrc.microsoft.co ··· 019-1258
- Version: 1.0
- Reason for Revision: Information published.
- Originally posted: August 14, 2019
- Updated: N/A
- Aggregate CVE Severity Rating: Important

This security update addresses the vulnerability by removing fallback cache look-up for On-Behalf-Of scenarios.

Frodo
join:2006-05-05

1 edit

Frodo to NICK ADSL UK

Member

to NICK ADSL UK

Re: Microsoft August 2019 Security Updates

Taking one for the team, and with the Aug updates installed, I applied the Bluetooth registry settings as indicated by Microsoft. The Win 8 rebooted, and Bluetooth still is working, at least with the one device I've tested it with so far.

:edit
The setting apparently works. With EnableMinimumEncryptionKeySize set to 1, my Beats headphones don't work. With it set to 0, they do work.
erpster797
join:2008-10-26
Los Angeles, CA

1 recommendation

erpster797 to encircle

Member

to encircle
said by encircle:

Yep, that was the fix. I found the fix on AskWoody yesterday. None of these systems had KB4490628 installed which I thought was strange. I think I know why they didn't have it installed though.

Back in March, Microsoft release two updates to enable SHA-2 signing support for Windows Update. These two updates were KB4474419 and KB4490628.

These updates can't be installed at the same time, so Microsoft just offers KB4474419 at first. After that, if you check Windows Update again it would then offer KB4490628.

None of these systems have automatic updating on, I manually go and click "Check for Updates" each month. I didn't realize at the time that I need to check for updates a second time after rebooting, so KB4490628 was never offered.

It was never offered during subsequent months either for the same reason. KB4490628 can only be installed by itself, so if other updates are pending, it won't show as available to install.

both the KB4474419 and KB4490628 were offered as "Optional" updates thru Windows Update when they were first released back in March 2019. they would later become Important updates in later months.

I did not bother checking for updates thru WU for those updates so I manually downloaded and installed those 2 updates from the MS Update Catalog instead. First I installed the 4490628 update by itself and I did not have to reboot after that one was completed. then I installed the 4474419 update and needed to reboot for that one to take effect.