TechNews

Just a few more updates for 2019 makes for a light December Patch Tuesday

December brings peace and joy – well, maybe – but at least Microsoft has provided us with a relatively easy Patch Tuesday update. There is an urgent update to Microsoft Internet Explorer 11 and three critical updates to the Windows platform that will require some attention this month. In addition, we have cumulative updates for the .NET and SQL server platforms that will require some testing before general deployment. That said, I think that 2020 will bring many interesting Patch Tuesdays with Microsoft’s new “staged” feature releases already included Windows 10 1909. You can find out more here on our Readiness blog infographic.

Known issues

Each month, we try to highlight some of the more serious issues with this month’s and past updates to Microsoft desktop, server and development platforms. I have included a few that are likely to affect this month’s update cycle including: 

  • Office 2013 and Office 2016: You may receive the following message, “This application is not trusted to consume rights managed content. The Authenticode signature for the application is not valid. Contact your administrator for further investigation.” To resolve this issue, install Office update 3172523.
  • Windows 10 1803 onwards: When setting up a new Windows device during the Out of Box Experience (OOBE), you might be unable to create a local user when using Input Method Editor (IME). This issue might affect you if you are using the IME for Chinese, Japanese, or Korean languages. Microsoft is working on this one. IME’s are very complex keyboard input “layers” that reside across multiple builds and configurations requiring massively disparate linguistic skills to debug. From my experience with installing/configuring/breaking IME’s in Asia (in the late 90’s) I suspect that we may see this issue again.
  • Across all Windows desktop and server builds, we have the following ongoing issue, “Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.”
  • Microsoft is aware of an issue in Windows Hello for Business (WHfB) with public keys that persist after a device is removed from Active Directory, if the AD exists. After a user sets up Windows Hello for Business (WHfB), the WHfB public key is written to the on-premises Active Directory. The WHfB keys are tied to a user and a device that has been added to Azure AD, and if the device is removed, the corresponding WHfB key is considered orphaned.

And thanks to Woody Leonard (Ask Woody), for picking up on the offering of Autopilot. Just like in October, it looks like the Autopilot patch is once again being offered to all Pro machines, whether they have Autopilot or not.

Major revisions

No major revisions have been published this month from Microsoft.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:

  • Browsers (Microsoft IE and Edge)
  • Microsoft Windows (both desktop and server)
  • Microsoft Office (Including Web Apps and Exchange)
  • Microsoft Development platforms (NET Core, .NET Core and Chakra Core)
  • Adobe Flash Player

Browsers

You now have something to talk about at the annual Christmas party. For this December update there is (only) a single reported vulnerability for all of Microsoft’s browsers. While this is an absolutely huge improvement over the sometimes “tens” of urgent “Patch Now” memory corruption vulnerabilities, this success is somewhat tempered by the fact that we are still fixing VBScript issues (CVE-2019-1485) in 2019. So, Microsoft has released a single critical update for Internet Explorer 11 that really does require urgent attention due to its link to ActiveX and its potential exploitability. Add this update to your “Patch Now” schedule, if you are still using IE11.

Copyright © 2019 IDG Communications, Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *