Tag: Microsoft
Error: “A Device Attached to the System is Not Functioning” While Reconnecting To Previous Session
Solution 1
KB2661332
Csrss.exe has a deadlock with Microsoft Excel or Microsoft Visio
https://support.microsoft.com/zh-cn/help/2661332/you-cannot-reestablish-a-remote-desktop-services-session-to-a-windows-server-2008-r2-based-server
Solution 2
KB2383928
The issue occurs because of a problem in the Win32k.sys driver.
If a remote desktop session exits before the session is completely initialized, the state change notification of the session is not sent to the third-party driver. In this situation, the driver can leak resources, such as a system thread, in the context of Csrss.exe because the third-party driver cannot unload. The leaked thread causes the remote desktop session not to exit completely. After the computer is running in this status for some time, the Local Session Manager (Lsm.exe) blocks new incoming connections. Additionally, these orphaned sessions also cause the shutdown process to stop responding. Therefore, you experience the issue that is described in the “Symptoms” section.
Solution 3
Solution 4
Configure session idle and disconnect policy in studio or MS policy for the VDI. That is logoff the session after disconnect for sometime
Related:
Profile Management: File Type Association (FTA) Fails to Roam on Windows 10 and Windows Server 2016
On Windows 10 and Windows Server 2016, Microsoft introduced a new security mechanism to check settings of default applications in the registry. Occasionally, the Windows Profile Service changes the security settings of the user registry entry. As a result, the settings of default applications are reset to Microsoft recommended defaults.
When testing Windows 10 and Windows Server 2016 without a VDA installed, this issue does not happen. Citrix is working with Microsoft to provide a long term solution. In the meantime, use the following workaround to avoid this issue.
Related:
Recommended Hotfixes for XenApp 7.x
The following Citrix and Microsoft hotfixes are found to resolve the most common issues with XenApp/XenDesktop 7.6, and XenApp/XenDesktop 7.5 running on a Windows Server 2008 R2 or a Windows Server 2012 R2 platform. These hotfixes focus on basic functionality and stability.
Note :
1. Fixes for Current Releases will likely be released in the next Current Release; therefore, it is less likely that an individual fix would be released for a Current Release version. You may be asked to upgrade to the next version of a Current Release that includes the requested fix and new functionality.
2. This article aims to describe the recommended hotfixes before Citrix LTSR(7.6.300) and Citrix CR(7.7~7.14). Please go to docs.citrix.com for more hotfixes regarding LTSR and CR.
Issue: Attempts to restart the Citrix Device Redirector Service from within a VDA or RDP session can cause the service to remain in an unresponsive state rather than actually restarting.
Available Software Updates:
ICAWS760WX64047 – For VDA Core Services 7.6 for Windows Desktop OS (64-bit) – English |
ICAWS760WX86047 – For VDA Core Services 7.6 for Windows Desktop OS (32-bit) – English |
ICATS760WX64053 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English |
Issue:
- The operating system experiences an error on picadm.sys and a blue screen appears with stop code 0x20.
- A deadlock on picadm.sys can cause published applications to become unresponsive.
- The operating system experiences an error on picadm.sys and a blue screen appears with stop code 0x50.
- The VDA might become unresponsive at the “Welcome” screen due to a deadlock on picadm.sys.
- Remote Desktop (RDP) connections to the server fail.
Available Software Update:
ICATS760WX64048 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English |
_______________________________________________________
Issue: Certain third-party published applications might fail to start on XenApp servers. As a result, the wfshell.exe process might close unexpectedly. When this error occurs, no indication that the session is starting or error messages appear on the user device.
Available Software Updates:
ICAWS760WX64042 – For VDA Core Services 7.6 for Windows Desktop OS (64-bit)-English |
ICAWS760WX86042 – For VDA Core Services 7.6 for Windows Desktop OS (32-bit) – English |
ICATS760WX64040 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English |
_______________________________________________________
Issue: Citrix XenApp 7.6 and XenDesktop 7.6 VDA Core Services running on Windows Server 2008 R2 (Server OS) might become unresponsive at the “Welcome” screen. If this occurs, new Receiver and Remote Desktop (RDP) connections to the server fail.
Available Software Updates:
ICAWS760WX64026 – For VDA Core Services 7.6 for Windows Desktop OS (64-bit) – English |
ICAWS760WX86026 – For VDA Core Services 7.6 for Windows Desktop OS (32-bit) – English |
ICATS760WX64032 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English |
_______________________________________________________
Issue: The Citrix Stack Control service quits unexpectedly if there is an invalid session key.
Available Software Update:
ICATS760WX64006 – For VDA Core Services 7.6 for Windows Server OS (64-bit) – English |
XenApp 7.5/ 7.1
Issue:
- The memory consumption of the Monitoring Service can grow steadily until the service stops responding to requests from Director, eventually rendering Director unresponsive as well.
- If the resource name (display name) changes on the Delivery Controller, users who previously subscribed to the applications cannot start the applications.
- If you create virtual machines (VM) with Desktop Studio that uses Machine Creation Services and the VMs are hosted on a VMware hypervisor, attempts to update VMs that are part of the machine catalog fail.
Available Software Updates:
Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x64 – English |
Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x86 – English |
_______________________________________________________
Issue:
- VDAs can becomes stuck in the “initializing” state of registration process. The issue occurs after the Citrix Desktop Service is running for several days without being restarted.
- When the function “CName” is enabled, VDA registration can take excessively long.
Available Software Updates:
BrokerAgent750WX64003 – For Broker Agent 7.1/7.5 for Windows OS (64-bit) – English |
BrokerAgent750WX86003 – For Broker Agent 7.1/7.5 for Windows OS (32-bit) – English |
_______________________________________________________
Issue: Installing hotfixes for XenApp 7.5, and XenDesktop 7.1 and 7.5 VDA Core Services for Windows Desktop and Server OS released before September 2014 causes the ICA Session performance monitor counter to be removed. This can have an adverse effect on the operation of tools and processes that rely on these counters.
Available Software Updates:
ICAWS750WX64011 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (64-bit) – English |
ICAWS750WX86011 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (32-bit) – English |
ICATS750WX64011 – For VDA Core Services 7.1/7.5 for Windows Server OS (64-bit) – English |
_______________________________________________________
Issue:The Citrix Print Manager Service (CpSvc.exe) process might exit unexpectedly.
Available Software Updates:
ICAWS750WX64019 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (64-bit) – English |
ICAWS750WX86019 – For VDA Core Services 7.1/7.5 for Windows Desktop OS (32-bit) – English |
ICATS750WX64019 – For VDA Core Services 7.1/7.5 for Windows Server OS (64-bit) – English |
_______________________________________________________
Issue:
- This fix addresses an intermittent high memory utilization issue of the Broker Service on the Controller.
- This fix addresses a memory consumption issue of the Monitoring Service.
Available Software Updates:
Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x64 – English |
Update 3 – For Citrix XenDesktop 7.1 Delivery Controller x86 – English |
Note:
Refer to the complete list of all the available HotFixes for
XenApp 7.6 64-bit32-bit
XenApp 7.5 64-bit32-bit
Microsoft HotFixes (including links to Microsoft HotFix list)
Windows Server 2012 R2 contains most of the following hotfixes (exceptions noted inline). Microsoft has published the following KB article specific to Remote Desktop Services: Available Updates for Remote Desktop Services (Terminal Services) in Windows Server 2012 R2. For Microsoft Hotfixes applicable to the Windows Server 2008 R2 and the Windows 7 platforms, see the “Microsoft Hotfixes” section in the following article: CTX129229 – Recommended Hotfixes for XenApp 6.x on Windows Server 2008 R2.
Note: The descriptions of the Microsoft fixes listed in this article (CTX142357) might not match the descriptions in the Microsoft articles for the following Microsoft fixes. This is not an error. The issue description listed by Citrix in the following matrix was resolved by an earlier version of that file however it has been superseded by the article/fix currently listed.
KB Number | Issue description |
KB3033929 |
|
KB3078676 – NEW |
|
KB3127673 – NEW |
|
KB3055615 – NEW |
|
KB3013769 |
|
KB2978367 |
|
KB2967077 |
|
KB2895698 |
|
KB2896328 |
|
KB2852483 |
|
KB2995388 |
|
Related:
sql-injection · GitHub Topics · GitHub
Related:
GitHub – angpao1/sql-injection-go
Related:
GitHub – angpao1/sql-injection-go
Related:
Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities

Microsoft has published today 58 security fixes across 10+ products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday.
Windows 10 security: ‘So good, it can block zero-days without being patched’
Systems running the Windows 10 Anniversary Update were shielded from two exploits even before Microsoft had issued patches for them, its researchers have found.
There’s a smaller number of fixes this December compared with the regular 100+ fixes that Microsoft ships each month, but this doesn’t mean the bugs are less severe.
More than a third of this month’s patches (22) are classified as remote code execution (RCE) vulnerabilities. These are security bugs that need to be addressed right away as they are more easily exploitable, with no user interaction, either via the internet or from across a local network.
This month, we have RCEs in Microsoft products like Windows NTFS, Exchange Server, Microsoft Dynamics, Excel, PowerPoint, SharePoint, Visual Studio, and Hyper-V.
The highest-rated of these bugs, and the ones most likely to come under exploitation, are the RCE bugs impacting Exchange Server (CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17117, CVE-2020-17132, and CVE-2020-17142) and SharePoint (CVE-2020-17118 and CVE-2020-17121).
Patching these first is advised, as, through their nature, Exchange and SharePoint systems are regularly connected to the internet and, as a result, are more easily attacked.
Another major bug fixed this month is also a bug in Hyper-V, Microsoft’s virtualization technology, used to host virtual machines. Exploitable via a malicious SMB packet, this bug could allow remote attackers to compromise virtualized sandboxed environments, something that Hyper-V was designed to protect.
Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:
- Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
- ZDNet has published this file listing all this month’s security advisories on one single page.
- Adobe’s security updates are detailed here.
- SAP security updates are available here.
- Intel security updates are available here.
- VMWare security updates are available here.
- Chrome 87 security updates are detailed here.
- Android security updates are available here.
Tag | CVE ID | CVE Title |
---|---|---|
Microsoft Windows DNS | ADV200013 | Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver |
Azure DevOps | CVE-2020-17145 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability |
Azure DevOps | CVE-2020-17135 | Azure DevOps Server Spoofing Vulnerability |
Azure SDK | CVE-2020-17002 | Azure SDK for C Security Feature Bypass Vulnerability |
Azure SDK | CVE-2020-16971 | Azure SDK for Java Security Feature Bypass Vulnerability |
Azure Sphere | CVE-2020-17160 | Azure Sphere Security Feature Bypass Vulnerability |
Microsoft Dynamics | CVE-2020-17147 | Dynamics CRM Webclient Cross-site Scripting Vulnerability |
Microsoft Dynamics | CVE-2020-17133 | Microsoft Dynamics Business Central/NAV Information Disclosure |
Microsoft Dynamics | CVE-2020-17158 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
Microsoft Dynamics | CVE-2020-17152 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
Microsoft Edge | CVE-2020-17153 | Microsoft Edge for Android Spoofing Vulnerability |
Microsoft Edge | CVE-2020-17131 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Exchange Server | CVE-2020-17143 | Microsoft Exchange Information Disclosure Vulnerability |
Microsoft Exchange Server | CVE-2020-17144 | Microsoft Exchange Remote Code Execution Vulnerability |
Microsoft Exchange Server | CVE-2020-17141 | Microsoft Exchange Remote Code Execution Vulnerability |
Microsoft Exchange Server | CVE-2020-17117 | Microsoft Exchange Remote Code Execution Vulnerability |
Microsoft Exchange Server | CVE-2020-17132 | Microsoft Exchange Remote Code Execution Vulnerability |
Microsoft Exchange Server | CVE-2020-17142 | Microsoft Exchange Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2020-17137 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2020-17098 | Windows GDI+ Information Disclosure Vulnerability |
Microsoft Office | CVE-2020-17130 | Microsoft Excel Security Feature Bypass Vulnerability |
Microsoft Office | CVE-2020-17128 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-17129 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-17124 | Microsoft PowerPoint Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-17123 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-17119 | Microsoft Outlook Information Disclosure Vulnerability |
Microsoft Office | CVE-2020-17125 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-17127 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-17126 | Microsoft Excel Information Disclosure Vulnerability |
Microsoft Office | CVE-2020-17122 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2020-17115 | Microsoft SharePoint Spoofing Vulnerability |
Microsoft Office SharePoint | CVE-2020-17120 | Microsoft SharePoint Information Disclosure Vulnerability |
Microsoft Office SharePoint | CVE-2020-17121 | Microsoft SharePoint Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2020-17118 | Microsoft SharePoint Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2020-17089 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-17136 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-16996 | Kerberos Security Feature Bypass Vulnerability |
Microsoft Windows | CVE-2020-17138 | Windows Error Reporting Information Disclosure Vulnerability |
Microsoft Windows | CVE-2020-17092 | Windows Network Connections Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-17139 | Windows Overlay Filter Security Feature Bypass Vulnerability |
Microsoft Windows | CVE-2020-17103 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-17134 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Visual Studio | CVE-2020-17148 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability |
Visual Studio | CVE-2020-17159 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability |
Visual Studio | CVE-2020-17156 | Visual Studio Remote Code Execution Vulnerability |
Visual Studio | CVE-2020-17150 | Visual Studio Code Remote Code Execution Vulnerability |
Windows Backup Engine | CVE-2020-16960 | Windows Backup Engine Elevation of Privilege Vulnerability |
Windows Backup Engine | CVE-2020-16958 | Windows Backup Engine Elevation of Privilege Vulnerability |
Windows Backup Engine | CVE-2020-16959 | Windows Backup Engine Elevation of Privilege Vulnerability |
Windows Backup Engine | CVE-2020-16961 | Windows Backup Engine Elevation of Privilege Vulnerability |
Windows Backup Engine | CVE-2020-16964 | Windows Backup Engine Elevation of Privilege Vulnerability |
Windows Backup Engine | CVE-2020-16963 | Windows Backup Engine Elevation of Privilege Vulnerability |
Windows Backup Engine | CVE-2020-16962 | Windows Backup Engine Elevation of Privilege Vulnerability |
Windows Error Reporting | CVE-2020-17094 | Windows Error Reporting Information Disclosure Vulnerability |
Windows Hyper-V | CVE-2020-17095 | Hyper-V Remote Code Execution Vulnerability |
Windows Lock Screen | CVE-2020-17099 | Windows Lock Screen Security Feature Bypass Vulnerability |
Windows Media | CVE-2020-17097 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
Windows SMB | CVE-2020-17096 | Windows NTFS Remote Code Execution Vulnerability |
Windows SMB | CVE-2020-17140 | Windows SMB Information Disclosure Vulnerability |
Security
- The best gifts for hackers
- The best VPNs in 2020
- Best security keys: Hardware two-factor authentication for online protection
- Best security cameras for business: Google Nest, Ring, Scout, and more
- Cyber security 101: Protect your privacy from hackers, spies, and the government
- Lessons cybersecurity teams need to learn from hackers to beat them at their own game (ZDNet YouTube)
- Top 6 cheap home security devices in 2020 (CNET)
- Cybersecurity best practices: An open letter to end users (TechRepublic)