Author Topic: Microsoft August 2019 Security Updates  (Read 116 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19568
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Microsoft August 2019 Security Updates
« on: August 13, 2019, 04:39:53 PM »
The August security updates have been released and consist of 93 CVEs and 2 advisories. Of these 93 CVEs, 29 are rated Critical, and 64 are rated Important in severity. None are listed as publicly known or as under active attack at the time of release but multiple bugs this month fall into the wormable category.

The updates address Information Disclosure, Elevation of Privilege, Remote Code Execution, Denial of Service, Security Feature Bypass, Tampering and Spoofing. They apply to the following:  Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio, Online Services, Active Directory, Microsoft Dynamics.

Known Issues: See the Known Issues and accompanying work-around in the KB Articles for your version of Windows in the Update History:

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative — The August 2019 Security Update Review.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19568
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Microsoft August 2019 Security Updates
« Reply #1 on: August 14, 2019, 02:10:38 PM »
via Twitter, https://twitter.com/GossiTheDog/status/1161417436089978882:

Quote
Microsoft are blocking this month’s security patching (inc RDP patches) on PCs and servers with Symantec and Norton AV as the AV vendors haven’t added SHA-2 support still
😅
 (link: https://support.microsoft.com/en-us/help/4512486/windows-7-update-kb4512486

This applies to Windows 7, from KB4512486:
Quote
Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.    

Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.
Guidance for Symantec customers can be found in the Symantec support article.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.