6 recommendations |
Microsoft August 2019 Security UpdatesAugust 2019 Security Updates Release Date: August 13, 2019 The August security release consists of security updates for the following software: Microsoft Windows Internet Explorer Microsoft Edge ChakraCore Microsoft Office and Microsoft Office Services and Web Apps Visual Studio Online Services Active Directory Microsoft Dynamics Please note the following information regarding the security updates: A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update. Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet. In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features. Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is present only in the IE Cumulative package. The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release. ADV190014* CVE-2019-1030 CVE-2019-1078 CVE-2019-1143 CVE-2019-1146 CVE-2019-1147* CVE-2019-1148 CVE-2019-1149 CVE-2019-1151 CVE-2019-1153 CVE-2019-1154 CVE-2019-1155 * CVE-2019-1156 * CVE-2019-1157 * CVE-2019-1158 CVE-2019-1161 * CVE-2019-1171 CVE-2019-1172 CVE-2019-1181 * CVE-2019-1182 * CVE-2019-1199 CVE-2019-1200 CVE-2019-1201 CVE-2019-1202 CVE-2019-1203 CVE-2019-1204 CVE-2019-1205 CVE-2019-1218 * CVE-2019-1224 CVE-2019-1225 CVE-2019-1227 CVE-2019-1228 CVE-2019-9511 * CVE-2019-9512 * CVE-2019-9513 * CVE-2019-9514 * CVE-2019-9518 * Known Issues KB Article Applies To 4511553 Windows 10, version 1809, Windows Server 2019 4511872 Internet Explorer 4512476 Windows Server 2008 SP2 (Monthly Rollup) 4512482 Windows Server 2012 (Security-only update) 4512486 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update) 4512488 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup) 4512489 Windows 8.1, Windows Server 2012 R2 (Security-only update) 4512491 Windows Server 2008 SP2 (Security-only Update) 4512497 Windows 10 4512501 Windows 10, version 1803, Windows Server version 1803 4512506 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup) 4512507 Windows 10, version 1703 4512508 Windows 10, version 1903, Windows Server version 1903 4512516 Windows 10, version 1709 4512517 Windows 10, version 1607, Windows Server 2016 4512518 Windows Server 2012 (Monthly Rollup) » portal.msrc.microsoft.co ··· 3a33a34d |
|
1 edit
1 recommendation |
Frodo
Member
2019-Aug-13 3:26 pm
Write-up on what is patched is here. » www.zerodayinitiative.co ··· e-reviewAn interesting aspect pointed out is, to shore up bluetooth, a registry edit is necessary along with the patch. » portal.msrc.microsoft.co ··· 019-9506quote: To address the vulnerability Microsoft has released a software update that enforces a default 7-octet minimum key length to ensure that the key negotiation does not trivialize the encryption. This functionality is disabled by default when the update is installed. Customers must enable this functionality by setting a specific flag in the registry.
This might not work with some bluetooth devices, such as my $4 usb one. We'll see. :edit I'm not doing anything with this one today. It says: HKLM\System\CurrentControlSet\Policies\Hardware\Bluetooth I'm not seeing it. |
|
|
to NICK ADSL UK
I can't install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004.
Multiple restarts and retries result in same error.
Anyone else seeing this? |
|
2 recommendations |
to NICK ADSL UK
On Win 8.1, Win 10 1703, 1803, and 1809, Net 4.8 came in. After the systems rebooted, I manually checked for updates, and there was further Net updates on all of these systems. The 2nd net update didn't require a reboot. |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US |
to encircle
said by encircle:I can't install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004.
Multiple restarts and retries result in same error.
Anyone else seeing this? No problems in my 3 64-bit W7 HPE SP1 machines. Maybe check its logs? |
|
|
to Frodo
said by Frodo: I manually checked for updates, and there was further Net updates i noticed the same thing. i think that what happened was that there was an august update for .NETFramework but then the OLD july update was installed on top of it. in other words, i think MS screwed up. |
|
tlbepson Premium Member join:2002-02-09 dc metro
1 recommendation |
tlbepson
Premium Member
2019-Aug-13 10:23 pm
redwolfe_98: >> i think MS screwed up.
Ohhhhh...quelle surprise...
|
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN
4 recommendations |
to NICK ADSL UK
Hey Microsoft... can we have a patch Tuesday where patches are applied dynamically without requiring a reboot? Goals. |
|
1 recommendation |
to encircle
peternm22 - I can't install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004. By chance are you running Symantec Endpoint Protection? I spotted this in the Reddit Sysadmin thread about patch Tuesday for August: » www.reddit.com/r/sysadmi ··· ewscgh6/Not sure if it applies but wanted to pass that along. Edit: forgot to include peternm22's original entry. |
|
|
2 recommendations |
to Dustyn
said by Dustyn:Hey Microsoft... can we have a patch Tuesday where patches are applied dynamically without requiring a reboot? Goals. LOL. I remember back in the 90's / early 2000's (?) when Gates came out and announced that a major goal was fewer updates requiring a reboot. Too lazy right now to find the link. You would think that by nearly 2020 this could be figured out. But the failure is not surprising seeing as how they cannot even put out patches that don't break stuff and brick machines. Sigh. |
|
InternetJeff
1 recommendation |
to encircle
said by encircle:I can't install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004.
Multiple restarts and retries result in same error.
Anyone else seeing this? Common accepted practice is to defer all updates for at least a couple weeks to let any bugs be found and the patches patched. Except for maybe critical security stuff. |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US
1 recommendation |
antdude
Premium Member
2019-Aug-14 10:04 pm
said by InternetJeff:said by encircle:I can't install KB4512506 on two different Windows 7 64 bit systems. Each one fails with the error code: 80092004.
Multiple restarts and retries result in same error.
Anyone else seeing this? Common accepted practice is to defer all updates for at least a couple weeks to let any bugs be found and the patches patched. Except for maybe critical security stuff. And make back ups before getting these updates. I do that every month just in case! |
|
|
to encircle
Hi. I got the same error on Windows 7 32 bits. I solved the error installing KB4490628 update. You can download here: » www.catalog.update.micro ··· B4490628 |
|
dave Premium Member join:2000-05-04 not in ohio |
to encircle
Windows 7 ok here, but windows home server 2011 (= windows server 2008 R2) is getting 80092004. I have not yet looked into it further. |
|
|
to Gingka
Yep, that was the fix. I found the fix on AskWoody yesterday. None of these systems had KB4490628 installed which I thought was strange. I think I know why they didn't have it installed though.
Back in March, Microsoft release two updates to enable SHA-2 signing support for Windows Update. These two updates were KB4474419 and KB4490628.
These updates can't be installed at the same time, so Microsoft just offers KB4474419 at first. After that, if you check Windows Update again it would then offer KB4490628.
None of these systems have automatic updating on, I manually go and click "Check for Updates" each month. I didn't realize at the time that I need to check for updates a second time after rebooting, so KB4490628 was never offered.
It was never offered during subsequent months either for the same reason. KB4490628 can only be installed by itself, so if other updates are pending, it won't show as available to install. |
|
|
to Frodo
said by Frodo:On Win 8.1, Win 10 1703, 1803, and 1809, Net 4.8 came in. After the systems rebooted, I manually checked for updates, and there was further Net updates on all of these systems. The 2nd net update didn't require a reboot. One was likely the language pack. » www.ghacks.net/2019/08/1 ··· verview/Non-security related updates section. |
|
EGeezer Premium Member join:2002-08-04 Midwest |
to NICK ADSL UK
|
|
EGeezer
1 recommendation |
to NICK ADSL UK
Update to Microsoft August 2019 Security noticeEdited for brevity; Microsoft Security Update Releases Issued August 14, 2019 The following CVE has undergone a major revision increment: CVE-2019-1258
Revision Information: =====================
- CVE-2019-1258 | Azure Active Directory Authentication Library Elevation of Privilege Vulnerability - »portal.msrc.microsoft.co ··· 019-1258 - Version: 1.0 - Reason for Revision: Information published. - Originally posted: August 14, 2019 - Updated: N/A - Aggregate CVE Severity Rating: Important
This security update addresses the vulnerability by removing fallback cache look-up for On-Behalf-Of scenarios. |
|
1 edit |
to NICK ADSL UK
Re: Microsoft August 2019 Security UpdatesTaking one for the team, and with the Aug updates installed, I applied the Bluetooth registry settings as indicated by Microsoft. The Win 8 rebooted, and Bluetooth still is working, at least with the one device I've tested it with so far. :edit The setting apparently works. With EnableMinimumEncryptionKeySize set to 1, my Beats headphones don't work. With it set to 0, they do work. |
|
1 recommendation |
to encircle
said by encircle:Yep, that was the fix. I found the fix on AskWoody yesterday. None of these systems had KB4490628 installed which I thought was strange. I think I know why they didn't have it installed though.
Back in March, Microsoft release two updates to enable SHA-2 signing support for Windows Update. These two updates were KB4474419 and KB4490628.
These updates can't be installed at the same time, so Microsoft just offers KB4474419 at first. After that, if you check Windows Update again it would then offer KB4490628.
None of these systems have automatic updating on, I manually go and click "Check for Updates" each month. I didn't realize at the time that I need to check for updates a second time after rebooting, so KB4490628 was never offered.
It was never offered during subsequent months either for the same reason. KB4490628 can only be installed by itself, so if other updates are pending, it won't show as available to install. both the KB4474419 and KB4490628 were offered as "Optional" updates thru Windows Update when they were first released back in March 2019. they would later become Important updates in later months. I did not bother checking for updates thru WU for those updates so I manually downloaded and installed those 2 updates from the MS Update Catalog instead. First I installed the 4490628 update by itself and I did not have to reboot after that one was completed. then I installed the 4474419 update and needed to reboot for that one to take effect. |
|