{"id":4051,"date":"2017-10-16T01:09:00","date_gmt":"2017-10-15T23:09:00","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=4051"},"modified":"2024-10-05T23:08:50","modified_gmt":"2024-10-05T21:08:50","slug":"october-2017-patchday-review-and-issues","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/10\/16\/october-2017-patchday-review-and-issues\/","title":{"rendered":"October 2017 Patchday Review and Issues"},"content":{"rendered":"

\"Windows[German<\/a>]On patchday (October 11, 2017) Microsoft has released several updates for Windows, Office and other products. In this blog post I would like to take another quick look at the updates. I also collected issues, that are caused by these updates.<\/p>\n

<\/p>\n

Quick patchday review<\/h2>\n

\"\"I introduced the individual updates for Windows, Office etc. in various blog posts (see link list at the end of this article).<\/p>\n

No Flash update<\/h3>\n

Adobe has fixed a bug in Flash Player 27.0.0.159 \u2013 on October 10, 2017 (see Adobe Flash Update 27.0.0.159 (October 2017)<\/a>). As far as I know, Microsoft hasn't released a Flash Player update for Windows on patchday.<\/p>\n

No Security Only Update for .NET Framework<\/h3>\n

It has been mentioned within this German comment<\/a> within my blog: Microsoft offers 2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 (KB4043766)<\/em>. But a Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 is missing.<\/p>\n

Will .NET Framework 4.6 be updated at 4.7?<\/h3>\n

Woody Leonhard pointed out within this article<\/a>, that users of .NET Framework 4.6 will be forced to upgrade to .NET Framework 4.7, if they are installing 2017-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 (KB4043766)<\/em>. User @abbodi86<\/a> has posted such a comment at AskWoody.com:<\/p>\n

Starting July 2017, all .NET 4.6\/4.6.1\/4.6.2\/4.7 updates have been reconciled into one rollup update that is based on 4.7 binaries version \u2014 meaning, your .NET 4.6.x version is transforming into 4.7 under the hood\u2026 so [if you want to stay patched,] the best decision would be to install 4.7 itself or install .NET 4.5.2, which is still [getting updates] separately.<\/p><\/blockquote>\n

But I should also note, that a German pointed out, that .NET Framework 4.7 isn't compatible with Exchange Server 2016. Microsoft has published this article<\/a> in June 2017 about that topic. So I don't think, that KB4043766 is transforming the system to .NET Framework 4.7 \u2013 but maybe I'm wrong.<\/p>\n

Fixed vulnerabilities<\/h3>\n

In total, Microsoft has released 62 security patches for Windows, Internet Explorer (IE), Edge, Office and Skype for businesses. Of these 62 CVEs, 27 are classified as critical and 35 as important (see this article<\/a> on zerodayinitiative.com from HP).<\/p>\n

CVE-2017-11826<\/a> – Microsoft Office Memory Corruption Vulnerability: There is a exploit available for this vulnerability.<\/p>\n

CVE-2017-11777<\/a> – Microsoft Office SharePoint XSS Vulnerability was publically known before the patch has been released.<\/p>\n

CVE-2017-11779<\/a> – Windows DNSAPI Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Windows Domain Name System (DNS)<\/a> DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account.<\/p>\n

Security Advisory ADV170012<\/a> addresses an issue in TPM on Infineon main boards. German blog reader Denis has addressed this within his comment<\/a>:<\/p>\n

It is interesting that after installing the Windows 10 update, a check of the TPM firmware for a vulnerability issue is carried out today. And the event 1794 (TPM-WMI) in the event log for those affected says:<\/p>\n

The TPM (Trusted Platform Module) firmware on this PC has a known security problem. Check with your PC manufacturer for an update. For more information, see https:\/\/go.microsoft.com\/fwlink\/?linkid=852572<\/a>.\"<\/p>\n

Windows 10 only, no logs on the same computer under Windows 7.
\nAlthough today (10.10.) I just received the message, Infineon has already created a web page pointing out, that they are working together with device manufacturers (see<\/a>).<\/p><\/blockquote>\n

Patchday issues<\/h2>\n

Unfortunately, it seems as if the new updates cause massive problems for users. Here's what I've seen so far.<\/p>\n

Windows 10 update install fails with 'Inaccessible Boot Device'<\/h3>\n

In environments where updates are distributed via WSUS and SCCM, a Blue Screen 'Inaccessible Boot Device' appeared on many machines. Apparently, the controller drivers were not loaded. The machine could only be brought to life via the recovery console. This problem in WSUS and SCCM environments is discussed within the following blog posts.<\/p>\n

Windows 10 V1703: Update KB4041676 install issues<\/a>
\nMicrosoft confirms BSOD issue with KB4041676\/KB4041691<\/a><\/p>\n

Outlook can't access CRM<\/h3>\n

After installing the October 2017 updates, users recognizing, that the Outlook Addin to access CRM (4.0 and 2011) wont work anymore. Within this Technet forum entry<\/a> a user reported, that update KB4011196 blocks calling CRM 4.0 from Outlook 2007 up to 2013. Another user writes within this comment<\/a> (German):<\/p>\n

FYI: all three updates listed under CVE-2017-11774<\/a> prevent us from accessing CRM via Outlook. Uninstalling the updates solves the problem. .<\/p><\/blockquote>\n

It affects the security updates KB4011196<\/a> (Outlook 2010), KB4011178<\/a> (Outlook 2013) and KB4011162<\/a> (Outlook 2016). Also this thread<\/a> within the dynamics forum deals with issues accessing CRM 4.0 from Outlook after installing update KB4011196. Emily Malbon (from Microsoft) left the following comment:<\/p>\n

Update from Microsoft on this issue. The development team are working on a fix which will come in the form of a Hotfix or KB Windows Update but in the interim it is possible to implement a workaround so that the KB can be installed.<\/p>\n

Symptom: When clicking on a link to an entity which should load the view for that entity, but actually ends up loading the Outlook \"email\" view<\/p>\n

Cause: Issue is related to a windows updates<\/p>\n