Patching in Review – Week 15 of 2019
Another month, another patch week down! While we’ve covered the released patches within our monthly post, be sure to look at Microsoft’s known issues for the operating systems in your environment. Here are some quick links below:
- Windows 10 / Server 2019 / Server 2016
- Windows 8.1 / Server 2012 R2
- Server 2012
- Windows 7 / Server 2008 R2
- Server 2008
In the news, a new set of vulnerabilities was discovered in the WPA3 Wi-Fi security standard where password-theft attacks are once again effective. This set of 5 vulnerabilities dubbed “Dragonblood” by Mathy VanHoef attacks various aspects of the WPA3 handshake to recover the password of the network. This same security researcher is responsible for the “KRACK” vulnerability that still plagues unpatched WPA2 networks to this day. Current mitigation against the vulnerabilities can be provided through a unique and complex password that can’t be speculated upon through the vulnerabilities detailed. Ultimately, a firmware update will be required for the newer WPA3 supported networking hardware, so keep an eye out on your vendors for an update soon.
Patch Tuesday Follow-up
While we try to cover as many known issues as possible in our Patch Tuesday webinar, new feedback continues to roll in from the patching community.
Shortly after Microsoft’s patches dropped on Tuesday, feedback began to roll in around systems failing to boot after April’s patches were applied. After further investigation it appeared that endpoints running legacy Windows versions (Windows 7/2008R2, 2012, and 8.1/2012R2) in conjunction with Sophos antivirus were experiencing these problems. This issue has since been added to the “Known Issues” section of the associated security-only bundles and monthly rollup patches where Microsoft has updated their WSUS detection to exclude endpoints with Sophos altogether. Avast has also reported issues with the same patches on their website, but the issue has yet to escalate to the patch notes. Rolling these patches out to a test group is more important than ever this month depending on your antivirus solution. Please see the community articles below for further details.
UPDATE (4/12/2019): Feedback is still rolling in, and the number of issues around April’s patches appear to be growing. KB4493509 on Windows 10 1809 appears to be causing widespread slowdowns and stability concerns according to a Microsoft Answers post where removing the patch was the only solution. Avira also posted a support article around slowdowns on Windows 7 and Windows 10 1809 in conjunction with their software with patch uninstall being the recommended fix.
Third-Party Updates
While Patch Tuesday is the focus of this week, other vendors have been releasing non-security updates since the last blog post. These updates might not remediate any CVEs, but they might contain valuable stability fixes to include in the upcoming patching cycle:
Software Title |
Ivanti ID |
Ivanti KB |
CCleaner 5.56.7144 |
CCLEAN-078 |
QCCLEAN5567144 |
DropBox 70.4.93 |
DROPBOX-106 |
QDROPBOX70493 |
Firefox 66.0.3 |
FF19-008 |
QFF6603 |
Foxit PhantomPDF 9.5.0.20721 |
FIP-020 |
QFIP950 |
Foxit Reader 9.5.0.20721 |
FI19-950 |
QFI950 |
Foxit Reader Consumer 9.5.0.20721 |
FIC-005 |
QNFOXITC950 |
GIMP 2.10.10 |
GIMP-017 |
QGIMP21010 |
GoodSync 10.9.30 |
GOODSYNC-115 |
QGS10930 |
Google Chrome 73.0.3683.103 |
CHROME-249 |
QGC7303683103 |
GoToMeeting 8.41.0 |
GOTOM-061 |
QGTM8410 |
Microsoft Power BI Desktop 2.68.5432.661 |
PBID-054 |
QBI2685432661 |
Node.JS 6.17.1 (Maintain) |
NOJSM-004 |
QNODEJSM6171 |
Notepad++ 7.6.6 |
NPPP-091 |
QNPPP766 |
Opera 60.0.3255.27 |
OPERA-208 |
QOP600325527 |
PDF-Xchange PRO 8.0.330.0 |
PDFX-030 |
QPDFX803300 |
Plex Media Server 1.15.3.876 |
PLXS-033 |
QPLXS1153876 |
TreeSize Free 4.3.1.494 |
TSF-018 |
QTSF431494 |
Visual Studio Code 1.33.0 |
MSNS19-0404-CODE |
QVSCODE1330 |
WinMerge 2.16.2 |
WMER-003 |
QWMERG2162 |
WinSCP 5.15.1 |
WINSCP-027 |
QWINSCP5151 |