Patch Tuesday has come and gone, not with a bang but a whimper. As of this moment, early Wednesday morning, I do not see any glaring troubles with the 124 patches covering 64 individually identified safety holes. But the day is but young.
There are a couple of patches of note.
Two zero days
Microsoft says that two of this month’s safety holes — CVE-2019-0797 and CVE-2019-0808 — are becoming actively exploited. The latter of these zero days is the 1 that was becoming employed in conjunction with the Chrome exploit that brought on such a kerfuffle final week, with Google urging Chrome browser customers to update ideal away, or danger the slings of nation-state hackers. If you have currently updated Chrome (which occurs automatically for virtually everyone), the quick threat has been thwarted currently.
These two safety holes are Elevation of Privilege bugs, which indicates that a miscreant who’s currently gotten into your program can use the bugs to move up to admin status. So if you are in charge of systems that are susceptible to sophisticated attacks, these patches warrant concern. For everyone else, they’re not the stuff of Stephen King class nightmares.
As usual, Martin Brinkmann on ghacks.net has a thorough listing, the SANS ISC forum has a succinct chart, and Dustin Childs on the Zero Day Initiative weblog delivers several tech facts.
Win10 version 1809 oddities
The Win10 version 1809 cumulative update, KB 4489899, fixes the “crazy” functionality drop in some games, which includes Destiny two, that we encountered two weeks ago. Even so, it does not repair the other bug introduced by the “second February” 1809 cumulative update, KB 4482887, which clobbers audio settings in certain situations:
Just after installing this update on machines that have various audio devices, applications that give sophisticated selections for internal or external audio output devices may perhaps quit operating unexpectedly. This concern happens for customers that choose an audio output device unique from the “Default Audio Device”.
As erpster4 notes on Tenforums:
KB 4489899 causes that difficulty only if there are various audio outputs or playback devices for Realtek HD audio (speakers, realtek digital output [SPDIF], and so forth.) and the output chosen is not the “default audio device.” If only the “Speakers” output is listed on the Sound properties playback tab for Realtek audio (normally on ALC2xx codecs), then KB 449899 is protected to set up.
In addition, this month’s KB 4489899 does not repair the MSXML six bug introduced by the initial cumulative update in January:
Just after installing this update, MSXML6 causes applications to quit responding if an exception was thrown through node operations, such as appendChild(), insertBefore(), and moveNode().
Tends to make you wonder if 1809 will get the “prepared for small business deployment” imprimatur ahead of 1903 hits the skids. Er, goes out the chute. That is how it is supposed to operate, yes?
Servicing Stack Update for Win7
Here’s exactly where the going gets a bit thick.
As explained in November, Microsoft is altering the way it is signing patches for Win7. Beginning in July, your Win7 machine has to fully grasp SHA-two encryption in order to obtain new patches. (Yes, this is the identical Win7 that’ll no longer obtain new safety patches subsequent January.)
Microsoft released two SHA-two connected patches. KB 4490628 is a Servicing Stack Update — it fixes the component of Windows 7 that installs patches. KB 4474419 fixes Windows itself so it can deal with SHA-two encryption.
As @DrBonzo explains, and @PKCano reiterates, if you are manually installing Win7 patches, you have to have the Servicing Stack Update KB 4490628 ahead of you set up this month’s patches. (If you let Windows Update set up the patches, it’ll get installed initial.) Then the Windows-only repair KB 4474419 can adhere to along any time ahead of July.
If you are installing the Win7 updates manually, there’s a certain installation sequence detailed by @PKCano that guarantees the updates go in the right order.
Dearth of Workplace patches
With all the adore becoming showered on Windows 7 this week (which includes DirectX 12 for some games, and much more annoying “Get Windows 10” nag screens), you could anticipate much more sweetness and light for Workplace apps. Not so.
We only have six new Workplace safety patches, to add to the 28 non-safety patches from earlier this month: 1 for Workplace 2010 and 5 for many Server versions. Remarkably, there are no new safety patches for Workplace 2013 or 2016, while we do have two new versions of Workplace Click-toRun: 15..5119.1000 for Workplace 2013 14..7230.5000 for Workplace 2010.
Thanks to @PKCano, @DrBonz, @abbodi86 and several other individuals who volunteer their enable maintaining the patching gremlins at bay.
Queries? Challenges? Hit us on the AskWoody Lounge.