Microsoft’s February 2020 Patch Tuesday fixes 99 security bugs

Windows Update Patch Tuesday

Image: ZDNet

Microsoft has released today the February 2020 Patch Tuesday security updates. This month’s updates include fixes for a whopping 99 vulnerabilities, making this Microsoft’s biggest Patch Tuesday known to date.

The highlight of this month’s security train represents the fix for CVE-2020-0674, a zero-day vulnerability in Internet Explorer.

On January 17, Microsoft disclosed ongoing attacks where hackers were using this IE zero-day, however, at the time, the OS maker could not provide a patch. This patch is now included with this month’s cumulative security updates.

On top of this patch, there are 98 others, of which, 11 bugs have received a grading of “critical,” the highest available.

Most of the critical bugs are remote code execution and memory corruption bugs in services such as the IE scripting engine, the Remote Desktop Protocol service, LNK files, and the Media Foundation component.

Other than that, there’s nothing really out of the ordinary to highlight. This month, Microsoft’s patches are just bulkier than ever, but there’s no earth-shattering bug that needs to be addressed wtih haste, like in previous months.

Patch Tuesday updates are delivered in bulk, so accepting this month’s fixes will automatically install patches for all the 99 security flaws at once.

Additional useful Patch Tuesday information is below, including links to security fixes published by other companies:

  • Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet also put together this page listing all security updates on one single page.
  • Additional analysis of today’s Patch Tuesday is also available from Trend Micro.
  • This month’s Adobe security updates are detailed here.
  • SAP security updates are detailed here.
  • Google Chrome security updates were released last week.
  • Firefox security updates were released today.
  • The Android Security Bulletin for February 2020 is detailed here. Patches started rolling out to users’ phones last week.
Tag CVE ID CVE Title
Adobe Flash Player ADV200003 February 2020 Adobe Flash Security Update
Internet Explorer CVE-2020-0674 Scripting Engine Memory Corruption Vulnerability
Internet Explorer CVE-2020-0673 Scripting Engine Memory Corruption Vulnerability
Microsoft Edge CVE-2020-0663 Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge CVE-2020-0706 Microsoft Browser Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2020-0692 Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server CVE-2020-0688 Microsoft Exchange Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2020-0696 Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Graphics Component CVE-2020-0744 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0745 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0714 DirectX Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0715 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0746 Microsoft Graphics Components Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0709 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0792 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Malware Protection Engine CVE-2020-0733 Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
Microsoft Office CVE-2020-0697 Microsoft Office Tampering Vulnerability
Microsoft Office CVE-2020-0759 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0695 Microsoft Office Online Server Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-0694 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0693 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2020-0713 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0711 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0710 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0712 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0767 Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0741 Connected Devices Platform Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0742 Connected Devices Platform Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0740 Connected Devices Platform Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0658 Windows Common Log File System Driver Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0737 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0659 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0739 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0757 Windows SSH Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0732 DirectX Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0753 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0755 Windows Key Isolation Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0754 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0657 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0667 Windows Search Indexer Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0743 Connected Devices Platform Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0666 Windows Search Indexer Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0748 Windows Key Isolation Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0747 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0668 Windows Kernel Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0704 Windows Wireless Network Manager Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0685 Windows COM Server Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0676 Windows Key Isolation Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0678 Windows Error Reporting Manager Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0703 Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0680 Windows Function Discovery Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0679 Windows Function Discovery Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0681 Remote Desktop Client Remote Code Execution Vulnerability
Microsoft Windows CVE-2020-0677 Windows Key Isolation Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0682 Windows Function Discovery Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0756 Windows Key Isolation Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0670 Windows Kernel Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0675 Windows Key Isolation Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0669 Windows Kernel Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0727 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0671 Windows Kernel Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0672 Windows Kernel Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0698 Windows Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0701 Windows Client License Service Elevation of Privilege Vulnerability
Microsoft Windows Search Component CVE-2020-0735 Windows Search Indexer Elevation of Privilege Vulnerability
Remote Desktop Client CVE-2020-0734 Remote Desktop Client Remote Code Execution Vulnerability
Secure Boot CVE-2020-0689 Microsoft Secure Boot Security Feature Bypass Vulnerability
SQL Server CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
Windows Authentication Methods CVE-2020-0665 Active Directory Elevation of Privilege Vulnerability
Windows COM CVE-2020-0752 Windows Search Indexer Elevation of Privilege Vulnerability
Windows COM CVE-2020-0749 Connected Devices Platform Service Elevation of Privilege Vulnerability
Windows COM CVE-2020-0750 Connected Devices Platform Service Elevation of Privilege Vulnerability
Windows Hyper-V CVE-2020-0751 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2020-0662 Windows Remote Code Execution Vulnerability
Windows Hyper-V CVE-2020-0661 Windows Hyper-V Denial of Service Vulnerability
Windows Installer CVE-2020-0686 Windows Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0683 Windows Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0728 Windows Modules Installer Service Information Disclosure Vulnerability
Windows Kernel CVE-2020-0722 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0721 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0719 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0720 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0723 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0731 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0726 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0724 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0725 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0717 Win32k Information Disclosure Vulnerability
Windows Kernel CVE-2020-0736 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2020-0716 Win32k Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2020-0691 Win32k Elevation of Privilege Vulnerability
Windows Media CVE-2020-0738 Media Foundation Memory Corruption Vulnerability
Windows NDIS CVE-2020-0705 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
Windows RDP CVE-2020-0660 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Windows Shell CVE-2020-0702 Surface Hub Security Feature Bypass Vulnerability
Windows Shell CVE-2020-0655 Remote Desktop Services Remote Code Execution Vulnerability
Windows Shell CVE-2020-0730 Windows User Profile Service Elevation of Privilege Vulnerability
Windows Shell CVE-2020-0729 LNK Remote Code Execution Vulnerability
Windows Shell CVE-2020-0707 Windows IME Elevation of Privilege Vulnerability
Windows Update Stack CVE-2020-0708 Windows Imaging Library Remote Code Execution Vulnerability

Related:

  • No Related Posts

How To Fix Outlook Error 0x8004010F With RecoveryToolBox

There are many possibilities. For example, if your mailbox does not use a remote server, then it is stored locally using the POP3 protocol. All copies are removed from the server immediately after the data reception. We now need a new plan. Fortunately, we do have one. we will not abandon you.

To begin, let’s check. It is too early to panic. The issue relates to some incorrect Windows parameters. For example, it could be the access rights to Outlook files? We need to do the following:

  1. Choose the file in the Windows Explorer. If you do not know where it is stored, search in the Explorer, look for a file of .PST format
  2. Right-click on the detected file.
  3. Choose Properties.
  4. Do you see the Read Only checkbox? If yes, remove it.
  5. Go to the Security tab
  6. Select a user, logged in to the system, and check their permissions: need to allow all operations with the file.
  7. Click ОК, to confirm the changes.

The permissions seem to be correct, but the issue is not resolved? The pickings are slim here, regardless of a significant number of Google links that are related to the problem: 0x8004010F: Outlook data file cannot be accessed.

It is either an email backup or third-party services of data recovery, nothing more. Do you have a backup? Great! No need to read the rest of this text, restore, no other issues. If you do not have a backup, there is no need to panic. Not all is lost.

Outlook Data Recovery

Outlook has its own data recovery solution. It is named Inbox Repair Tool. The software is not complicated. Nothing matters more than it is free. It is already installed on your PC and can be found in the folders of Microsoft Office:

  • Outlook 2019: C:Program Files (x86)Microsoft OfficerootOffice16
  • Outlook 2016: C:Program Files (x86)Microsoft OfficerootOffice16
  • Outlook 2013: C:Program Files (x86)Microsoft OfficeOffice15
  • Outlook 2010: C:Program Files (x86)Microsoft OfficeOffice14
  • Outlook 2007: C:Program Files (x86)Microsoft OfficeOffice12

Try to resolve the issue using Inbox Repair Tool. In most cases, it is enough to fix the issue, saving you time and money. Unfortunately, it does not always help. If this is the case, read more. There is no way out; we cannot survive without email and therefore need to solve the issue at all costs.

For real, there are several data recovery services; for example, this one: https://outlook.recoverytoolbox.com/online/#/. On the webpage, you need to provide the correct path to a damaged file of PST or OST format on the local HDD. After this, do the following:

  1. Provide your email address
  2. Enter CAPTCHA
  3. Finally, pay for a session of data recovery

If you did it correctly (you probably did, it is not that complicated), download a recovered file during the last stage.

Now there is the matter of price and confidentiality. You can upload a damaged file on the remote server and ask for it to be fixed. It is inexpensive — it costs $10 for a file not larger than 1 Gb.

However, it could be dangerous. It is not usually likely that your personal correspondence would interest someone. But who knows? Think, do you have bank emails, credentials for your own space, photos of credit cards in your mailbox?

If you are not sure — do not do it. It is not necessary to upload your email to a remote server. There are other options.

For Example, the Following Tool:Recovery Toolbox for Outlook (https://outlook.recoverytoolbox.com)

First of all, noted the safety of the application. We could not find anyone claiming the theft of personal information by this service. Recovery Toolbox for Outlook is a small program installed on the computer.

It does not establish connections to any external sites. Typically, it is more accessible than you may think. Developers understand that users read instructions after the damage is done. So, there is nothing to harm here, open it, and launch.

Before you launch the Recovery Toolbox, it makes sense to copy a PST file from Microsoft Outlook to another disk as a backup. Yes, when analyzing data, Recovery Toolbox for Outlook does not change the input file.

However, by making a copy of the PST file, we kill two birds with one stone. Firstly, a spare copy of a business-critical Outlook file will not be necessary. Secondly, we check the integrity of the HDD.

Wasn’t that easy? If an attempt of PST file copying causes a Windows error, please accept my sincere condolences. The issue is worse than expected. We need to recover the whole system, which is an entirely different story.

By the way, for the future, remember it is much easier to prevent an issue than to fix its consequences. The most important thing is to do a regular backup of all data, which helps to save your money and mental health.

How to fix the issue: 0x8004010F: Outlook data file cannot be accessed

To correct the following issue 8004010F when using POP3/SMTP accounts in Microsoft Outlook, do the following:

  1. Download, install and start Recovery Toolbox for Outlook from the site: https://outlook.recoverytoolbox.com/
  2. Choose a damaged .PST file in the first window
  3. Choose RecoveryMode
  4. Choose a folder to save a recovered file
  5. Replace the damaged PST file by a recovered one

Yes, in the very end, you should replace the corrupted file to a recovered one or merely add the recovered file to the list of data files in Outlook. For the following versions of Outlook: 2019, 2016, 2013, it is done as follows:

  1. Choose the menu item “File | Info.”
  2. Click the button “Account settings.”
  3. Choose “Account settings” in the popup menu.
    • Choose the “Data Files”
    • Choose a data file from the list below.
    • Click the following button “Open File Location.”

In this case, do not forget to remove the old damaged file to avoid new issues in the future.

Lastly, you can finally open Microsoft Outlook and keep on working with the email. If there are no issues with email sending and receiving, then you have done everything correctly. There only remains for me to be happy with you. Alternatively, try to reread the article and understand what went wrong.

Google suggests a variety of solutions regarding this issue: 0x8004010F: Outlook data file cannot be accessed. But, if you have got confused, contact the support department tech.support@recoverytoolbox.com and describe, what’s up. Sure, it makes sense only if you have paid for the recovery or purchased Recovery Toolbox for Outlook.

Good luck to everyone. We hope you will never encounter viruses and bad HDD sectors.

Filed in Computers. Read more about Email, Outlook and Sponsored.

Related Articles on Ubergizmo
Why WinX DVD Ripper Platinum Is The Ideal Tool to Backup/Digitize DVDs
Batch Convert MKV to MP4 4K Big Files with VideoProc/FFmpeg
How to Quit Your Job and Keep Your Business Correspondence and Contacts
Microsoft Is Testing Gmail Integration With Outlook
Recover Outlook Password: Getting Access Without Hacking
Dark Mode For Microsoft Outlook Reportedly In Development
Hackers Were Able To Access Some Outlook.com Accounts For Months
Boston Dynamics’ Robot Dog Is Being Used By Law Enforcement
Doctors Place Humans In Suspended Animation For The First Time
Advertising
The Startup ‘Heliogen’ Backed By Bill Gates Announces A Breakthrough
These Fake AirPods Stickers Are A Mean But Hilarious Prank
FedEx Delivery Driver Caught Tossing A $1,500 Camera Lens Onto The Ground
iPhone 11 Pro VS $20,000 Leica, Can You Tell The Difference?
Facebook For iOS Secretly Uses The iPhone’s Camera While You’re Using The…
CastAway Phone Case Adds A Second Screen To Smartphones
×Close

Related:

  • No Related Posts

Microsoft Releases November 2019 Windows 10 Patch Which Fixes 74 Flaws

Windows Alternatives - Feature Image
  • The November Windows patch is out, and it comes with a large number of critical fixes.
  • All users are urged to update immediately, as the patch covers a wide range of software tools and products.
  • Some known minor issues accompany this update as always, but there are workarounds.

Microsoft has just released a pretty comprehensive patch for Windows 10, bringing 74 fixes, 13 of which address critical remote code execution (RCE) flaws. The software that is covered this time ranges from the OS core and the Edge browser to the Azure Stack, the Visual Studio, and the Exchange Server. All Windows 10 users will see the update on their settings menu, and everyone is advised to apply the patches as soon as possible, as they will help you stay safe and secure against a wide variety of threats.

More specifically, here are the most critical flaws that were fixed this time:

  • Hyper-V arbitrary code execution and failure to validate input from guest OSes (CVE-2019-0721, CVE-2019-1389, CVE-2019-1397, and CVE-2019-1398)
  • Microsoft Exchange RCE flaw (CVE-2019-1373)
  • SharePoint server information disclosure flaw (CVE-2019-1443)
  • Windows TCP/IP improper IPv6 packet handling (CVE-2019-1324)
  • Windows Graphics Device Interface information disclosure flaw (CVE-2019-1439)
  • Windows Graphics Component privilege elevation vulnerabilities (CVE-2019-1407 and CVE-2019-1433)
  • Microsoft Office for Mac inability to disable macros properly (CVE-2019-1457)
  • VBScript remote code execution vulnerability (CVE-2019-1390)
  • Microsoft Scripting Engine memory corruption flaws (CVE-2019-1426, CVE-2019-1427, CVE-2019-1428, and CVE-2019-1429)

The rest of the patches concern “important” level flaws, so they are also crucial in several use-case scenarios. For example, CVE-2019-1020 is a bypass vulnerability in the Windows secure boot process, allowing an attacker to load malicious software via a third-party bootloader. With the latest patch, this threat has been blocked.

Remember, if you’re using a security solution, it will get updated with new rules to cover the disclosed vulnerabilities. However, applying the OS updates should be an absolute priority in order to defend from any form of known exploitation methods. Moreover, Microsoft delivers Windows updates in a cumulative form, so you will also get other optimizations and improvements bundled with the security fixes.

Applying this update may cause a number of side-effects which Microsoft describes in their “known issues” section. For example, the Exchange Server may greet you with a “File failed to upload” error when trying to save files on a network location, and the exchange services may remain in a disabled state. OOBE (Out of Box Experience) may also be associated with problems creating a local user through IME (Input Method Editor). Finally, renaming files and folders on a CSV (Cluster Shared Volume) may fail with the following error: “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. For most of these, there are workarounds provided by Microsoft.

Are you applying these monthly patches immediately, or do you instead do it whenever you have the time? Let us know in the comments down below, or on our socials, on Facebook and Twitter.

Related:

  • No Related Posts

Patch Tuesday, November 2019 Edition

Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today’s patches.

More than a dozen of the flaws tackled in this month’s release are rated “critical,” meaning they involve weaknesses that could be exploited to install malware without any action on the part of the user, except for perhaps browsing to a hacked or malicious Web site or opening a booby-trapped file attachment.

Perhaps the most concerning of those critical holes is a zero-day flaw in Internet Exploder Explorer (CVE-2019-1429) that has already seen active exploitation. Today’s updates also address two other critical vulnerabilities in the same Windows component that handles various scripting languages.

Microsoft also fixed a flaw in Microsoft Office for Mac (CVE-2019-1457) that could allow attackers to bypass security protections in some versions of the program that could let malicious macros through.

Macros are bits of computer code that can be embedded into Office files, and malicious macros are frequently used by malware purveyors to compromise Windows systems. Usually, this takes the form of a prompt urging the user to “enable macros” once they’ve opened a booby-trapped Office document delivered via email. Thus, Office has a feature called “disable all macros without notification.”

But Microsoft says all versions of Office still support an older type of macros that do not respect this setting, and can be used as a vector for pushing malware. Will Dornan of CERT/CC reports that while Office 2016 and 2019 for Mac will still prompt the user before executing these older macro types, Office for Mac 2011 fails to warn users before opening them.

Other Windows applications or components receiving patches for critical flaws today include Microsoft Exchange and Windows Media Player. In addition, Microsoft also patched nine vulnerabilities — five of them critical — in the Windows Hyper-V, an add-on to the Windows Server OS (and Windows 10 Pro) that allows users to create and run virtual machines (other “guest” operating systems) from within Windows.

Although Adobe typically issues patches for its Flash Player browser component on Patch Tuesday, this is the second month in a row that Adobe has not released any security updates for Flash. However, Adobe today did push security fixes for a variety of its creative software suites, including Animate, Illustrator, Media Encoder and Bridge. Also, I neglected to note last month that Adobe released a critical update for Acrobat/Reader that addressed at least 67 bugs, so if you’ve got either of these products installed, please be sure they’re patched and up to date.

Finally, Google recently fixed a zero-day flaw in its Chrome Web browser (CVE-2019-13720). If you use Chrome and see an upward-facing arrow to the right of the address bar, you have an update pending; fully closing and restarting the browser should install any available updates.

Now seems like a good time to remind all you Windows 7 end users that Microsoft will cease shipping security updates after January 2020 (this end-of-life also affects Windows Server 2008 and 2008 R2). While businesses and other volume-license purchasers will have the option to pay for further fixes after that point, all other Windows 7 users who want to stick with Windows will need to consider migrating to Windows 10 soon.

Standard heads-up: Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update. To get there, click the Windows key on your keyboard and type “windows update” into the box that pops up.

Keep in mind that while staying up-to-date on Windows patches is a good idea, it’s important to make sure you’re updating only after you’ve backed up your important data and files. A reliable backup means you’re probably not freaking out when the odd buggy patch causes problems booting the system. So do yourself a favor and backup your files before installing any patches.

As ever, if you experience glitches or problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a decent chance other readers have experienced the same and may even chime in here with some helpful tips.

Tags: adobe, CVE-2019-1429, CVE-2019-1457, Internet Explorer zero-day, macros, microsoft, Office for Mac, Windows 7 end-of-life

This entry was posted on Tuesday, November 12th, 2019 at 5:04 pm and is filed under Time to Patch. You can follow any comments to this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.

Related:

  • No Related Posts

Microsoft Windows Security Updates November 2019 overview

It is the second Tuesday of November 2019 and that means that it is Microsoft Patch Day. Microsoft released security and non-security updates for its Windows operating system and other company products.

Our overview provides you with information on these updates: it starts with an executive summary and information about the number of released updates for all supported client and server versions of Windows as well as the Microsoft Edge (classic) and Internet Explorer web browsers.

What follows is information about the updates, all with links to support articles on Microsoft’s website, the list of known issues, direct download links to cumulative updates for Windows, and additional update related information.

Click here to open the October 2019 Patch Day overview.

Microsoft Windows Security Updates October 2019

Download the following Excel spreadsheet to your local system; it lists security updates that Microsoft released in November 2019: November 2019 Security Updates

Executive Summary

feature update windows 10 1909

  • Microsoft released security updates for all supported client and server versions of the Microsoft Windows operating system.
  • The following Microsoft products have received security updates as well: Internet Explorer, Microsoft Edge, Microsoft Office, Secure Boot, Microsoft Exchange Server, Visual Studio, Azure Stack.
  • The Windows 10 version 1909 features are included in the Windows 10 version 1903 update but not activated until “they are turned on using an enablement package, which is a small, quick-to-install “master switch” that simply activates the Windows 10, version 1909 features.” Microsoft released a blog post that details how to get the update. (basically, install regular 1903 update, then check for updates again and the 1909 update should be offered)
  • Windows 10 Home, Pro, Pro for Workstations and IoT Core, version 1803 have reached end of servicing. These editions won’t receive security updates or other updates after November 12, 2019.

Operating System Distribution

  • Windows 7: 35 vulnerabilities: 4 rated critical and 31 rated important
    • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
    • CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability
  • Windows 8.1: 37 vulnerabilities: 3 rated critical and 34 rated important
    • Same as Windows 7 except for CVE-2019-1441 (not affected)
  • Windows 10 version 1803: 46 vulnerabilities: 5 critical and 41 important
    • CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1398 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
  • Windows 10 version 1809: 46 vulnerabilities: 4 critical and 42 important
    • Same as Windows 10 version 1803 except for CVE-2019-1389 (not affected)
  • Windows 10 version 1903: 46 vulnerabilities: 2 critical and 28 important
    • Same as Windows 10 version 1809 plus
    • CVE-2019-1430 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Windows Server products

  • Windows Server 2008 R2: 35 vulnerabilities: 4 critical and 31 important.
    • CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability
    • CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability
    • CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability
    • CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 37 vulnerabilities: 3 critical and 34 important.
    • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected)
  • Windows Server 2016: 38 vulnerabilities: 2 critical and 20 important.
    • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected)
  • Windows Server 2019: 46 vulnerabilities: 2 critical and 29 are important
    • same as Windows Server 2008 R2 except for CVE-2019-1441 (not affected) plus
    • CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability

Other Microsoft Products

  • Internet Explorer 11: 2 vulnerabilities: 2 critical
  • Microsoft Edge: 4 vulnerabilities: 4 critical
    • CVE-2019-1413 | Microsoft Edge Security Feature Bypass Vulnerability
    • CVE-2019-1426 | Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-1427 | Scripting Engine Memory Corruption Vulnerability
    • CVE-2019-1428 | Scripting Engine Memory Corruption Vulnerability

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

The security-only update resolves the following issues/makes the following changes:

  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates for various operating system components.

The monthly rollup update includes all of the updates of the security-only update plus:

  • Fixes an issue that prevented certain 16-bit Visual Basic 3 applications or other VB3 applications from running.
  • Fixes a temporary user profile issue when the policy “Delete cached copies of roaming profiles” is set.

Windows 8.1 and Server 2012 R2

The security-only update resolves the following issues/makes the following changes:

  • Same as Windows 7 SP1 and Windows Server 2008 R2.

The monthly rollup update includes all of the updates of the security-only update plus:

  • Same as Windows 7 SP1 and Windows Server 2008 R2 plus
  • Fixes an issue that prevented multiple Bluetooth Basic Rate devices from functioning properly after installing the August 2019 updates.
  • Fixes an issue that caused error 0x7E when connecting Bluetooth devices after installing the June 2019 updates.

Windows 10 version 1803

The cumulative update fixes the following issues / makes the following changes:

  • Fixes an issue that caused Windows Defender Application Control Code Integrity events to become unreadable.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates

Windows 10 version 1809

The cumulative update fixes the following issues / makes the following changes:

  • Fixes an issue that could cause the Microsoft Defender Advanced Threat Protection service to stop running or stop sending report data.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates

Windows 10 version 1903

The cumulative update lists changes for Windows 10 version 1903 and 1909. It appears that Microsoft included the changes of 1909 in the cumulative update but has not activated them at the time of writing.

  • Fixes an issue in the Keyboard Lockdown Subsystem that might not filter key input correctly.
  • Provides protections against the Intel® Processor Machine Check Error vulnerability (CVE-2018-12207). Note: the protection is not enabled by default. Consult this article for guidance.
  • Provides protections against the Intel® Transactional Synchronization Extensions (Intel® TSX) Transaction Asynchronous Abort vulnerability (CVE-2019-11135). Note: the protection is not enabled by default. Consult the Windows Client or Windows Server guides for guidance.
  • Security updates

Other security updates

  • Internet Explorer Cumulative Update: KB4525106
  • 2019-11 Security Monthly Quality Rollup for Windows Server 2008 (KB4525234)
  • 2019-11 Security Only Quality Update for Windows Server 2008 (KB4525239)
  • 2019-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4525246)
  • 2019-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4525253)
  • 2019-11 Cumulative Update for Windows Server, version 1909 and Windows 10 Version 1909 (KB4524570)
  • 2019-11 Cumulative Update for Windows 10 Version 1507 (KB4525232)
  • 2019-11 Cumulative Update for Windows Server 2016, and Windows 10 Version 1607 (KB4525236)
  • 2019-11 Cumulative Update for Windows 10 Version 1709 (KB4525241)
  • 2019-11 Cumulative Update for Windows 10 Version 1703 (KB4525245)
  • 2019-11 Servicing Stack Update for Windows Server 2016, and Windows 10 Version 1607 (KB4520724)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1507 (KB4523200)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1703 (KB4523201)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1709 (KB4523202)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1803, and Windows Server 2016 (KB4523203)
  • 2019-11 Servicing Stack Update for Windows 10 Version 1809, and Windows Server 2019 (KB4523204)
  • 2019-11 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4523206)
  • 2019-11 Servicing Stack Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4523208)
  • 2019-11 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB4524445)
  • 2019-11 Servicing Stack Update for Windows Server, version 1909 and Windows 10 Version 1909 (KB4524569)
  • 2019-11 Servicing Stack Update for Windows Server 2008 (KB4526478)

Known Issues

Windows 8.1 and Windows Server 2012 R2

  • Certain operations may fail on Cluster Shared Volumes with the error code “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”

Windows 10 version 1803

  • Certain operations may fail on Cluster Shared Volumes with the error code “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”
  • May be unable to create a new local user during the Out of Box Experience when using Input Method Editor (IME) — Microsoft recommends setting the keyboard language to English during user creation or to use a Microsoft Account to complete the setup.

Windows 10 version 1809

  • Same as Windows 10 version 1803 plus
  • May receive error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND” with some Asian language packs installed.

Windows 10 version 1903

  • May be unable to create a new local user during the Out of Box Experience when using Input Method Editor (IME) — Microsoft recommends setting the keyboard language to English during user creation or to use a Microsoft Account to complete the setup.

Security advisories and updates

ADV190024 | Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)

Non-security related updates

  • 2019-11 Dynamic Update for Windows 10 Version 1809 (KB4524761)
  • 2019-11 Dynamic Update for Windows 10 Version 1903 (KB4525043)
  • Windows Malicious Software Removal Tool – November 2019 (KB890830)

Microsoft Office Updates

You find Office update information here.

How to download and install the November 2019 security updates

windows updates security november 2019

Most home devices running Windows are configured to download and install security updates when they are released. Users who don’t want to wait for that to happen or have configured their systems to update manually only may run manual checks for updates or download the cumulative updates from Microsoft’s Update Catalog website.

The following needs to be done to check for updates manually:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4525235 — 2019-11 Security Monthly Quality Rollup for Windows 7
  • KB4525233 — 2019-11 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4525243 — 2019-11 Security Monthly Quality Rollup for Windows 8.1
  • KB4525250 — 2019-11 Security Only Quality Update for Windows 8.1

Windows 10 (version 1803)

  • KB4525237 — 2019-11 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

  • KB4523205 — 2019-11 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4524570 — 2019-11 Cumulative Update for Windows 10 Version 1903

Additional resources

Summary
Microsoft Windows Security Updates November 2019 overview
Article Name
Microsoft Windows Security Updates November 2019 overview
Description
Microsoft released security and non-security updates for the Microsoft Windows operating system and other company products on November 12, 2019.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
Ghacks Technology News
Advertisement

Related:

  • No Related Posts

Tech Q&A: Here’s how to upgrade a Mac to Windows 10

There’s only one catch. Beginning with the new version of Windows 10 that Microsoft released in May, Mac users discovered that older versions of VMware Fusion couldn’t handle the Windows upgrade. They had to upgrade to Fusion version 11.1 to get that capability. (VMware now offers an even newer upgrade to Fusion, version 11.5, for $50. See tinyurl.com/y6nzaaa8). The website also lists the Mac requirements for using Fusion 11.5, which include using macOS 10.13 (High Sierra), 10.14 (Mojave) or 10.15 (Catalina).

Related:

  • No Related Posts

The connection to Microsoft Exchange is unavailable, Outlook must be online or connected

Microsoft Outlook, at times, is known to give an error saying — The action cannot be completed. The connection to Microsoft Exchange is unavailable, Outlook must be online or connected to complete this action. In this post, we will show how you can fix this problem and get back it to working as usual.

The connection to Microsoft Exchange is unavailable, Outlook must be online or connected to complete this action

The connection to Microsoft Exchange is unavailable, Outlook must be online or connected to complete this action

The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action

There are two ways to fix tjis issue. First, create a new default profile. Second, Delete the default profile. Not many have multiple Outlook profiles is not always an option. So use the second method as follows:

  1. Delete Default Profile
  2. Create a New Outlook Profile
  3. Update or create your Outlook profile with RPC encryption
  4. Disable the encryption requirement on all CAS servers
  5. Deploy a Group Policy setting to update existing Outlook profiles with RPC encryption

The first, three can be configured by the end-user, while the last two are only for Servers.

1] Delete Default Profile

Change Default Outlook Profile Windows 10

  • Launch Outlook, and then click on Info > Account settings dropdown > Manage Profile
  • It will open the Mail Setup window. Click on Show Profiles button.
  • Delete the default profile by clicking on the Remove button.
  • Restart Outlook.

When you remove the profile, all offline cached content for its account will be removed. However, you can backup the OST profile to reuse it.

When you relaunch Outlook, you will have to create a new profile, and then go through the setup process again.

2] Create a New Outlook Profile

Create New Outlook Profile Windows 10

If you do not want to delete, you can create a new default profile. At the Mail Setup > Profiles section, you can click on the Add button, and then give a name to the profile. Next, you need to add the email accounts you want to add. Make sure to properly configure the email account, so the error doesn’t reappear. Also, make sure to set that as the default profile.

3] Update or create your Outlook profile with RPC encryption

create your Outlook profile with RPC encryption

Most of the users have all email accounts under one single profile. One of the email accounts may be having trouble with that is running Microsoft Exchange Server 2010, Microsoft Exchange Server 2013, or Microsoft Exchange Server 2016. These are usually corporate accounts that haven’t been configured properly.

  1. Launch Outlook, and then click on Info > Account settings dropdown > Manage Profile
  2. Click on E-mail Accounts > select the email which is configured with Exchange Server, and then click on Change > More Settings
  3. In the Microsoft Exchange window, switch to Security tab
  4. Select Encrypt data between Microsoft Office Outlook and Microsoft Exchange.
  5. Click Ok and exit

It should fix the issue if it were because of RPC encryption error.

4] Disable the encryption requirement on all CAS servers

This part is specifically for IT admins who can disable encryption requirements. Microsoft warns that it should be only used where you cannot immediately deploy the necessary RPC encryption settings on your Outlook clients. Run the following command in the Exchange Management Shell:

Set-RpcClientAccess –Server <Exchange server name> –EncryptionRequired:$False

You must run this cmdlet for all Client Access servers that are running Exchange Server 2010 or later version. Rerun this command for each Exchange server that has the Client Access Server role. Also, make sure to disable RPC encryption, which we talked about in the above step.

However, make sure to enable it back again after deployment with changes to the RPC requirement on the Outlook.

5] Deploy a Group Policy setting to update existing Outlook profiles with RPC encryption

Enable RPC Encryption Policy Settings

You can also change RPC settings on the server-side by using Group Policy. Navigate to User Configuration > Administrative Templates > Microsoft Office “Version number” > Account Settings > Exchange. Locate policy Enable RPC encryption and disable it.

We hope these methods helped you to resolve Outlook connected issues with Microsoft Exchange.

Fix Mailbox does not exist error in Microsoft Teams

If you’re using Microsoft Teams, then maybe you have come across a particular error in recent times. It’s nothing out of the ordinary, but annoying nonetheless. The issue we are talking about here is when the mailbox in Microsoft Teams is empty. You may see an error message – Mailbox does not exist.

An empty mailbox, or one that doesn’t exist, would be a surprise to anyone that had content within it before this problem. The big question right now is what caused this to happen, and whether or not if there is a way to fix it once and for all. Now, we can’t say for certain what caused the mailbox to go empty, but we can say the problem can be solved.

Mailbox does not exist error in Microsoft Teams

From what we have gathered, the mailbox does not exist error tends to happen when Microsoft Exchange is in use. Yes, many users of Microsoft Teams take big advantage of Exchange, which should come as no surprise to anyone at this point.

OK, so let’s look into how we can solve the no mailbox error, and hopefully, it will never show its ugly head ever again

Microsoft Teams – Mailbox does not exist

Fixing this problem is super easy, at least from our point of view, so don’t be discouraged because we will make it easy to understand.

  1. Check the O-auth setting
  2. Verify that Exchange Online can successfully connect

1] Check the O-auth setting

The first thing you’ll need to do is run the Test-OAuthConnectivity tool to see if things are working as they should. The idea here is to make sure your organization can successfully connect to Exchange Online because this is a very important aspect.

To get this done, please launch Windows PowerShell by right-clicking on the Start menu button, then select Windows PowerShell from the menu. We suggest choosing the admin version for a better chance of this working.

After launching the tool, please copy and paste the following into PowerShell then hit the Enter key on your keyboard:

Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx -Mailbox <On-Premises Mailbox> -Verbose | Format-List

2] Verify that Exchange Online can successfully connect

The next step, then, is to test if the connection is working, and yes, the task is easy to accomplish. You see, simply follow the steps above to launch Windows PowerShell, then copy and paste the following, and as usual, hit the Enter key:

Test-OAuthConnectivity -Service EWS -TargetUri <external hostname authority of your Exchange On-Premises deployment>/metadata/json/1 -Mailbox <Exchange Online Mailbox> -Verbose | Format-List

That should get the job done, 100 percent. So, go ahead and check the mailbox to see if its back to its regular setting.

All the best.

EDB to PST Converter Open Source – Here You Go!

Are you looking for an open source EDB to PST Converter tool? Want to download it for free? Did not find perfect match till now? No need to worry. Here, we have come up with a proper solution for the same.

EDB to PST Converter EDB to PST Converter

Microsoft Exchange Server is really popular among the users and storecomplete mailbox data like emails, contacts, calendars, etc., in EDBfile format. But there are some situations in which it becomes littledifficult for the users to access Exchange database EDB file. It canbe due to any reason like corruption in database, Exchange Server isunder maintenance, moving to some other platform, etc.

In these scenarios, users are start searching for some solution tohave permanent and easy access to Exchange mailbox data. Therefore,one of the reliable way of overcoming this is convert EDB to PSTformat. Now, as it stores crucial information in it so, conversionprocess needs to carried without any loss of data. After this, thevery first question that strikes in user’s mind is how to do thesame. This is the reason user’s want open source EDB to PSTConverter. Considering this requirement, we have discussed a free EDBto PST Converter that you can easily download and use directly.

What Makes User’s Look for Free EDB to PST Converter Tool?

Before converting Exchange database file to some other file format,it is important to understand when it will be beneficial. To knowabout the same, continue reading the section below:

  • It might be possible that MS Exchange Server is under Maintenance and will take long to get completed. In this situation, even Exchange will be unable to perform any task.
  • Your organization is moving from Exchange Server to some other platform.
  • You simply want to backup / move / transfer Exchange data on local machine or to another place.

MOST READ:How to Create Effective PR Ideas for Any Budget

Apart from this, there is one more major reason behind it i.e.,corruption in Exchange database file. In order to recover EDB file,you need to convert it to PST format. Here, some of the possiblereasons behind damaged Exchange database file:

  • Whenever there is some technical fault in internet connectivity or there is a sudden power shutdown, Exchange shutdown abnormally resulting corruption in database.
  • Whenever there is Exchange Server downtime, there is possibility some unwanted errors. For example, virus attack or hardware failure, breakdown of Exchange information store, JET engine error, and many more.

An Open Source EDB to PST Converter Tool : Try It Before Buying It!

SysTools EDB to PST open sourceis one of the popular application that can let you all export Exchange mailbox data. A user can convert emails, contacts, calendars, notes, etc., from EDB to PST format in a few simple clicks. The software is designed in a manner that it supports EDB file of all version of Exchange Server. In addition, if a user wants, he or she can export selective data items from Exchange data to PST format via date-based and category filter.

Features of EDB to PST Converter Open Tool

  • Export offline EDB mailbox to Outlook PST format
  • Capable to convert public folders and private mailboxes to PST format
  • Provide preview of EDB file data like emails, contacts, calendars, etc.
  • Allows to export even corrupted or damaged EDB files to PST data format
  • Remove SMIME / OpenPGP encryption from emails in EDB file
  • Compatible with all Exchange Server, Outlook & Windows versions

MOST READ:How to Improve the Life-Span of Your Hearing Aid and Repair it

Try the demo of Free version of EDB to PST Converter. The software will export only first 25 items per folder. When you get satisfied with the working of the tool, you can activate the software with licensed version and have to complete access to it.

Related:

  • No Related Posts