[German]Microsofts October 2019 updates for Windows 10 have caused a lot of trouble for border authorities in Australia. Companies could no longer access the Integrated Cargo System of the Australian Border Force.
The Australian Border Force (ABF) uses an Integrated Cargo System (ICS) for customs clearance. Companies can access this integrated cargo system via the Internet using a browser to handle import/export controls and customs formalities.
Windows 10 October 2019 update brorks ICS access
On October 8, 2019, Microsoft rolled out a series of security updates for Windows 10 (see Patchday Windows 10-Updates (October 8, 2019)). Subsequently, companies discovered that Windows 10 no longer allowed access to the ICS web pages in Internet Exploer. The Australian Border Force published this article on October 25, 2019, which highlights the problem.
MICROSOFT WINDOWS UPDATE – ICS ACCESS ISSUES
On 8 October 2019, Microsoft released a Windows 10 security update, which caused worldwide issues for some users, including interoperability problems between some versions of Windows 10 systems and the Integrated Cargo System (ICS). The issue affects clients when attempting to login to the ICS portal using Internet Explorer.
Our technical teams are working with Microsoft at the highest priority to understand and resolve the root cause of the issue and to develop an appropriate solution. A change in behaviour of the protocol establishing the security of the connection with ICS is causing authentication failures.
We are aware that some users have removed the update to successfully restore connectivity. We recommend any decision to remove the security update is informed by an appropriate risk assessment and analysis.
Additional security controls to limit any risk associated with the removal of the patch such as the use of standalone machines should be considered.
Your cooperation and understanding is appreciated as we work to identify an acceptable long term solution to this problem. An update will be provided as soon as relevant information is available.
In short: The security update of 8 October 2019 causes access issues to the Integrated Cargo System in Internet Explorer (IE) in Windows 10. However, IE is mandatory for these accesses. The IT staff of the Australian Border Force are currently working with Microsoft to identify the problem.
The authority writes that some users have uninstalled the security updates from October 8, 2019 back into Windows 10 to work with the Integrated Cargo System. The Australian Border Force writes in the above article that such a step should only be carried out after a risk analysis. On the other hand, what options do the companies have if they need to access the Integrated Cargo System to handle the import and export of goods?
Protocol changes cause issues
According to the authority, 'a change in the behavior of the protocol that secures the connection to the ICS causes authentication errors'. The Register has seen an E-Mail that says "the Australia Border Force is working with teams from Unisys, IBM, Home Affairs, and Microsoft to find a solution to these issues". They say the Australia Border Force is to blame by still using Internet Explorer as a browser for government applications. But I think many companies are still using Internet Explorer for intranet web applications. And so Windows as a service remains an adventure. Or how do you manage this in the company?
ICS has been a train wreck for years, and will continue to be a problem until they replace it with something modern that works properly. We get tickets about problems with ICS every month from our clients, and it's always the same; Don't update windows, don't update Java, only use Internet Explorer.
The irony here is they (customs) are trying to have a secure system but they are forcing everyone who uses it to use inherently insecure systems to access it!