Error: “The remote session was disconnected because there was no terminal server license server available to provide a license”

Windows 2003 Terminal Servers do not recognize the Windows 2000 Licensing server and the following error occurs:

“The remote session was disconnected because there was no terminal server license server available to provide a license.

User-added image

The following event ids are logged:

Event ID 1004: No Terminal Server licenses available.

Event ID 1011: There are no Terminal Server licenses available.

Users cannot log on to a session using either ICA or RDP.

Background

Microsoft stated that Windows 2003 Server serves the Windows 2003 Terminal Server licensing. In the old licensing scheme, the licensing was on an Active Directory controller but in Windows 2003 this is no longer a requirement.

Refer to Q279561 Microsoft technote to install a Windows 2003 Server and point all Terminal Server users to the installed license.

Note: Windows XP and pre-release client OS requires TS License of 2003. Vista, Windows 7 and later require license from 2008 Terminal Server.

Related:

  • No Related Posts

Microsoft Windows Security Updates December 2020

Today is the last Microsoft Patch Day of the year 2020. Microsoft released security updates and non-security updates for all supported client and server versions of the company’s Windows operating system, and updates for other company products such as Microsoft Office, Microsoft Edge, Internet Explorer, or the .NET Framework.

Our Patch Day overview provides you with detailed information on released patches, security issues, and related information. You can download an Excel spreadsheet of the released security updates, check out the operating system distribution, find links to all support pages, and the list of known issues here in this guide.

Check out the November 2020 Security Updates overview here in case you missed it.

Microsoft Windows Security Updates December 2020

Download the following Excel spreadsheet that contains the released security updates to your system. Note that Microsoft’s new platform is quite slow and that it may be possible that updates are missing. Let us know in the comments if you notice anything missing: Security Updates 2020 12 Microsoft Windows

Executive Summary

Operating System Distribution

  • Windows 7(extended support only): 9 vulnerabilities: 0 critical and 9 important
  • Windows 8.1: 5 vulnerabilities: 0 rated critical and 5 rated important
  • Windows 10 version 1809: 19 vulnerabilities: 1 critical and 18 important
  • Windows 10 version 1903 and 1909: 18 vulnerabilities: 1 critical and 17 important
  • Windows 10 version 2004 and 20H2: 19 vulnerabilities, 1 critical, 18 important

Windows Server products

  • Windows Server 2008 R2 (extended support only): 9 vulnerabilities: 0 critical and 9 important
  • Windows Server 2012 R2: 6 vulnerabilities: 0 critical and 6 important.
  • Windows Server 2016: 16 vulnerabilities: 1 critical and 15 important.
  • Windows Server 2019: 20 vulnerabilities: 1 critical and 19 are important

Other Microsoft Products

  • Internet Explorer 11: 0 vulnerabilities:
  • Microsoft Edge (classic): 1 vulnerabilities: 1 critical
    • CVE 2020 17131 — Chakra Scripting Engine Memory Corruption Vulnerability
  • Microsoft Edge (Chromium)
    • see here (latest security patches from the Chromium project)

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

Updates and improvements:

  • Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports.
  • Security updates

Windows 8.1 and Windows Server 2012 R2

Updates and improvements:

  • Fixed an issue that prevented PDF24 Creator version 9.1.1 from opening .txt files. (Monthly Rollup only)
  • Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports.
  • Security updates

Windows 10 version 1809

Updates and improvements:

  • Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports.
  • Security updates

Windows 10 version 1903 and 1909

Updates and improvements:

  • Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports.
  • Security updates

Windows 10 version 2004 and 20H2

Updates and improvements:

  • Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports.
  • Security updates

Other security updates

KB4592468 — 2020-12 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4592468)

KB4592497 — 2020-12 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4592497)

KB4592498 — 2020-12 Security Monthly Quality Rollup for Windows Server 2008 (KB4592498)

KB4592504 — 2020-12 Security Only Quality Update for Windows Server 2008 (KB4592504)

KB4592464 — 2020-12 Cumulative Update for Windows 10 Version 1507 (KB4592464)

KB4593226 — 2020-12 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB4593226)

KB4592473 — 2020-12 Cumulative Update for Windows 10 Version 1703 (KB4592473)

KB4592446 — 2020-12 Cumulative Update for Windows 10 Version 1803 (KB4592446)

Servicing Stack Updates:

2020-12 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4592510)

2020-12 Servicing Stack Update for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004 (KB4593175)

Known Issues

Windows 7 SP1 and Windows Server 2008 R2

  • Updates will fail to install with the error ““Failure to configure Windows updates. Reverting Changes. Do not turn off your computer” if ESU is not supported or activated.
  • Certain operations may fail on cluster shared volumes. Workarounds available.

Windows 8.1 and Server 2012 R2

  • Certain operations may fail on cluster shared volumes. Workarounds available.

Windows 10 version 1809

  • Devices with “some” Asian language packs may throw the error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”. Microsoft suggests to either try and uninstall the language packs and make sure that a recent version of Windows 10 is installed, or to reset the PC.

Windows 10 version 1903 and 1909

  • System and user certificates may be lost when updating a device from Windows 10 version 1809 or later, to a later version of Windows 10. Does not affect Windows Update devices or Windows Update for business devices. Workaround available.

Windows 10 version 2004 and 20H2

  • System and user certificates may be lost when updating a device from Windows 10 version 1809 or later, to a later version of Windows 10. Does not affect Windows Update devices or Windows Update for business devices. Workaround available.
  • The correct Furigana characters may not be displayed when using the Microsoft Japanese Input Method Editor. Microsoft is working on a resolution.

Security advisories and updates

ADV 200013 — Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver

ADV 990001 — Latest Servicing Stack Updates

Non-security related updates

Microsoft Office Updates

You find Office update information here.

How to download and install the December 2020 security updates

windows updates december 2020

Updates are already available via Windows Updates and other update management systems. Default Windows installations are configured to find and install updates automatically, but it is also possible to download updates manually to install them.

Tip: it is essential that you create a backup of the system before you install Windows updates as things may go wrong and backups help you restore the previous status quo.

You can check manually for updates in the following way:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

  • KB4592471 — 2020-12 Security Monthly Quality Rollup for Windows 7
  • KB4592503 — 2020-12 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4592484 — 2020-12 Security Monthly Quality Rollup for Windows 8.1
  • KB4592495 — 2020-12 Security Only Quality Update for Windows 8.1

Windows 10 (version 1809)

  • KB4592440 — 2020-12 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4592449 — 2020-12 Cumulative Update for Windows 10 Version 1903

Windows 10 (version 1909)

  • KB4592449 — 2020-12 Cumulative Update for Windows 10 Version 1909

Windows 10 (version 2004)

  • KB4592438 — 2020-12 Cumulative Update for Windows 10 Version 2004

Windows 10 (version 20H2)

  • KB4592438 — 2020-12 Cumulative Update for Windows 10 Version 20H2

Additional resources

Summary
Microsoft Windows Security Updates December 2020 overview
Article Name
Microsoft Windows Security Updates December 2020 overview
Description
Microsoft released security updates and non-security updates for all supported versions of the company’s Windows operating system, client and server, as well as other company products such as Microsoft Office on the December 2020 Patch Day.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
Ghacks Technology News
Advertisement

Related:

  • No Related Posts

Microsoft Windows Security Updates November 2020

Microsoft has released security updates for all support client and server versions of Windows as well as other company products such as Microsoft Office, Microsoft Edge, and Internet Explorer.

Our November 2020 Patch Day overview provides you with details on the released patches. It begins with an executive summary listing the most important bits of information; this is followed by the operating system distribution, details about cumulative updates for Windows, other released security updates, download links, and lots of links to Microsoft support pages.

Check out the October 2020 Security Updates overview here in case you missed it.

Microsoft Windows Security Updates November 2020

You can download the following Excel spreadsheet that includes information about the released security updates in November 2020. It is provided as an archive that you need to extract on the local system. A viewer such as Microsoft Excel or LibreOffice Cacl is needed to open the spreadsheet.

Click on the following link to download the spreadsheet to your system: Security Updates 2020-11-10-070727pm

Executive Summary

  • Microsoft released security updates for all supported client and server versions of Windows.
  • All server and client versions of Windows are affected by the same two critical vulnerabilities.
  • Security updates are also released for Microsoft Office, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Dynamics, Microsoft Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, Azure SDK, Azure DevOps and Visual Studio.
  • Products with known issues: SharePoint Server 2016 and 2019, Windows 10 versions 2004, 1903, 1809, Windows 7, Windows 8.1, Windows Server products and Microsoft Exchange Server

Operating System Distribution

  • Windows 7(extended support only): 20 vulnerabilities: 2 critical and 18 important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 8.1: 33 vulnerabilities: 2 rated critical and 31 rated important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 10 version 1809: 48 vulnerabilities: 2 critical and 45 important, 1 low
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 10 version 1903 and 1909: 53 vulnerabilities: 2 critical and 54 important, 1 low
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 10 version 2004 and 20H2: 52 vulnerabilities, 2 critical, 49 important, 1 low
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability

Windows Server products

  • Windows Server 2008 R2 (extended support only): 20 vulnerabilities: 2 critical and 18 important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 34 vulnerabilities: 2 critical and 22 important.
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows Server 2016: 40 vulnerabilities: 2 critical and 38 important.
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows Server 2019: 46 vulnerabilities: 2 critical and 44 are important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability

Other Microsoft Products

  • Internet Explorer 11: 3 vulnerabilities: 3 critical
  • Microsoft Edge (classic): 4 vulnerabilities: 3 critical, 1 important
    • CVE 2020 17048 — Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE 2020 17052 — Scripting Engine Memory Corruption Vulnerability
    • CVE 2020 17058 — Microsoft Browser Memory Corruption Vulnerability
  • Microsoft Edge (Chromium)
    • see here (latest security patches from the Chromium project)

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates

Windows 8.1 and Windows Server 2012 R2

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates
  • Administrators may enable “Save Target As” in Group Policy for Microsoft Edge IE Mode (Monthly Rollup only).
  • Fixes an issue with LDAP session authentication (Monthly Rollup only).

Windows 10 version 1809

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates

Windows 10 version 1903 and 1909

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Fixed an issue with the package frame launcher.
  • Security updates

Windows 10 version 2004 and 20H2

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates

Other security updates

KB4586768 — 2020-11 Cumulative Security Update for Internet Explorer

KB4586807 — 2020-11 Security Monthly Quality Rollup for Windows Server 2008

KB4586817 — 2020-11 Security Only Quality Update for Windows Server 200

KB4586808 — 2020-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4586834 — 2020-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4586787 — 2020-11 Cumulative Update for Windows 10 Version 1507

KB4586782 — 2020-11 Cumulative Update for Windows 10 Version 1703

KB4586785 — 2020-11 Cumulative Update for Windows 10 Version 1803

KB4586830 — 2020-11 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607

Known Issues

Windows 7 SP1 and Server 2008 R2

  • Updates will uninstall if the system is not subscribed to ESU (Extended Security Updates).
  • Certain rename operations may fail on Cluster Shared Volumes. Workarounds available.

Windows 8.1 and Server 2012 R2

  • Certain rename operations may fail on Cluster Shared Volumes. Workarounds available.

Windows 10 version 1809

  • Some Asian language packs may throw the error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND”. Microsoft suggest to remove the language packs and reinstall them, update Windows to the latest version, or Reset the PC.

Windows 10 version 1903, 1909, 2004, 20H2

  • System and user certificates may be lost when updating from Windows 10 version 1809 or later to a newer version of Windows 10. This happens mainly when managed devices are updated using outdated bundles or media according to Microsoft. Devices that use Windows Update or Windows Update for Business are not impacted. Microsoft suggests to go back to the previous version of Windows to fix the issue.

Security advisories and updates

ADV 990001 — Latest Servicing Stack Updates

Non-security related updates

KB4497165 — 2020-09 Update for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4558130 — 2020-09 Update for Windows Server, version 2004 and Windows 10 Version 2004

KB4580419 — 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004

KB4580980 — 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4585207 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607

KB4585208 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

KB4585210 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 and Windows Server 2016

KB4586082 — 2020-11 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809

KB4589198 — 2020-11 Update for Windows 10 Version 1507

KB4589206 — 2020-11 Update for Windows 10 Version 1803

KB4589208 — 2020-11 Update for Windows Server 2019 and Windows 10 Version 1809

KB4589210 — 2020-11 Update for Windows Server 2016 and Windows 10 Version 1607

KB4589211 — 2020-11 Update for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4589212 — 2020-11 Update for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004

KB890830 — Windows Malicious Software Removal Tool

KB4585204 — 2020-11 Security and Quality Rollup for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4585205 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4585211 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4585212 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4585213 — 2020-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4585214 — 2020-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4586083 — 2020-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4586084 — 2020-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4586085 — 2020-11 Security and Quality Rollup for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4586086 — 2020-11 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

Microsoft Office Updates

You find Office update information here.

How to download and install the November 2020 security updates

microsoft windows november 2020 security updates

The November 2020 security patches are already available for all supported versions of Windows and other Microsoft products. Home users get these via Windows Updates or direct downloads, business customers and Enterprises get these via update management systems such as WSUS predominantly.

Updates are installed automatically by default on Home systems, but you can run a manual check for updates to download and install these earlier.

Note: we recommend that you create a backup of important data, better the entire system, before you install updates.

Do this to manually check for updates:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

  • KB4586827 — 2020-11 Security Monthly Quality Rollup for Windows 7
  • KB4586805 — 2020-11 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4586845 — 2020-11 Security Monthly Quality Rollup for Windows 8.1
  • KB4586823 — 2020-11 Security Only Quality Update for Windows 8.1

Windows 10 (version 1809)

  • KB4586793 — 2020-11 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4586786 — 2020-11 Cumulative Update for Windows 10 Version 1903

Windows 10 (version 1909)

  • KB4586786 — 2020-11 Cumulative Update for Windows 10 Version 1909

Windows 10 (version 2004)

  • KB4586781 — 2020-11 Cumulative Update for Windows 10 Version 2004

Windows 10 (version 20H2)

  • KB4586781 — 2020-11 Cumulative Update for Windows 10 Version 20H2

Additional resources

Summary
Microsoft Windows Security Updates November 2020 overview
Article Name
Microsoft Windows Security Updates November 2020 overview
Description
Microsoft released security updates and non-security updates for all supported versions of the company’s Windows operating system, client and server, as well as other company products such as Microsoft Office on the November 2020 Patch Day.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
Ghacks Technology News
Advertisement

Related:

  • No Related Posts

Microsoft fixes 87 bugs in October 2020 Patch Tuesday

Microsoft has broken its long-running streak of bumper Patch Tuesday updates with a more slimline – in comparison with recent months – October 2020 release, containing fixes for 87 vulnerabilities, 11 of them rated as critical.

As ever, the October update spans a multitude of software products, including Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft JET Database Engine, Azure Functions, Open Source Software, Microsoft Exchange Server, Visual Studio, PowerShellGet, Microsoft .NET Framework, Microsoft Dynamics, Adobe Flash Player and Microsoft Windows Codecs Library.

Six of the common vulnerabilities and exposures (CVEs) listed in the October update have already been publicly disclosed, which means malicious actors, unfortunately, have a head start on weaponising them.

“Public disclosure could mean a couple of things,” said Todd Schell, senior product manager at Ivanti. “It could be that a demonstration of exploit was performed at an event or by a researcher. It could also mean proof-of-concept code has been made available. In any case, a public disclosure does mean that threat actors have advanced warning of a vulnerability and this gives them an advantage.

“The mean time to exploit a vulnerability is 22 days, according to a research study from the RAND Institute. If a threat actor gets advanced notice of a vulnerability, they could have a head start of days or even weeks, meaning an exploit may not be very far off. This is one risk indicator that can help companies prioritise what to act on first from a threat perspective.”

Five of the publicly disclosed updates affect Windows 10 and its corresponding server editions – these are CVEs 2020-16898, -16909, -16901, -16885 and -16938. The sixth, CVE-2020-16937, affects .NET Framework.

Of the six publicly disclosed vulnerabilities, threat researchers are assessing CVE-2020-16898 as the most dangerous. Dubbed “Bad Neighbour” by McAfee, it is a wormable remote code execution (RCE) vulnerability in Windows 10 and Windows Server 2019 that exists when the Windows TCP/IP stack improperly handles ICMPv6 router advertisement packets. It can be successfully exploited by sending a specially crafted packet to a remote Windows computer.

Steve Povolny, McAfee’s head of advanced threat research, said the most obvious impact would be to consumers running Windows 10 machines, but that with automated updates, this would be minimised quickly. He added that Shodan.io queries had suggested that the number of publicly exposed Windows Server 2019 machines was probably somewhere in the hundreds, probably because most are either behind firewalls or hosted by cloud service providers, and so do not show up in scans.

“Patching is always the first and most effective course of action,” wrote Povolny. “If this is not possible, the best mitigation is disabling IPv6, either on the NIC or at the perimeter of the network by dropping IPv6 traffic if it is non-essential. Additionally, ICMPv6 router advertisements can be blocked or dropped at the network perimeter. Windows Defender and Windows Firewall fail to block the proof-of-concept when enabled.”

Read more about Patch Tuesday

Ivanti’s Schell also noted CVEs 2020-16947 and -16891 as ones to watch. The first is an RCE vulnerability in Microsoft Outlook, easily exploited by viewing a specially crafted email, and the second an RCE vulnerability in Windows Hyper-V.

Allan Liska of Recorded Future additionally highlighted CVEs 2020-16911, an RCE vulnerability that exists in how Windows Graphics Device Interface handles objects in memory, exploitable through luring the target to a compromised website with a specially crafted document, and -16909, a privilege escalation vulnerability in Windows Error Reporting that affects Windows 10 and Windows Servers 2016 and 2019.

Although lighter than it has been for many months, October’s Patch Tuesday still warrants close attention, according to Gill Langston, head security nerd at SolarWinds MSP, who said: “I recommend addressing the Windows TCP/IP vulnerabilities first, with highest priority on any internet-facing systems. Then get those RDP servers patched, since Remote Desktop seems to be one of the most popular attack vectors these days.

“Next, turn your focus towards patching your Hyper-V systems, and then patching workstations, especially those running Outlook, and finally your SharePoint servers, which by now should be a regular part of your routine, considering the volume of SharePoint vulnerabilities fixed this year.”

Justin Knapp, product marketing manager at Automox, added: “This may not be a record-breaking month in terms of overall quantity, but October poses a familiar challenge that continues to persist in the form of delayed patch deployment, unfortunately increasing risk at a time when attack frequency is going up.

“With remote work complicating matters further, we are witnessing a major shift within the IT landscape to lean on cloud-based solutions for distribution just to keep pace with the endless flow of updates across an increasingly distributed workforce.”

Related:

  • No Related Posts

Alt+Tab Does Not Pass Through the VDI in ICA Session

Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.

To resolve this issue change the following registry key on the client machine:

32-bit OS:

Key: HKEY_LOCAL_MACHINESOFTWARECitrixICA ClientEngineLockdown ProfilesAll RegionsLockdownVirtual ChannelsKeyboard

Type: REG_SZ

Name: TransparentKeyPassthrough

Value: Remote

64-bit OS:

HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeCitrixICA ClientEngineLockdown ProfilesAll RegionsLockdownVirtual ChannelsKeyboard

Type: REG_SZ

Name: TransparentKeyPassthrough

Value: Remote

Related:

How to suppress Citrix Receiver credentials prompt

Configure the following registry on the client machine where the issue is seen –

64-bit Windows Location: HKLMSoftwareWow6432NodeCitrixDazzle

Name: RefreshMs

Type: REG_SZ

Value: 3600000

Name: InitialRefreshMinMs

Type: REG_SZ

Value: 1

Name: InitialRefreshMaxMs

Type: REG_SZ

Value: 1

32-bit Windows Location: HKLMSoftwareCitrixDazzle

Name: RefreshMs

Type: REG_SZ

Value: 3600000

Name: InitialRefreshMinMs

Type: REG_SZ

Value: 1

Name: InitialRefreshMaxMs

Type: REG_SZ

Value: 1

Related:

  • No Related Posts

Microsoft releases Windows 10 builds 18363.815, 18362.815 with a ton of fixes

Patch Tuesday was only a week ago, but it’s now time for this month’s round of optional updates. Typically, Microsoft does this in several installments, offering updates to different versions at different times. But today, Windows 10 version 1909, 1903, 1809, 1803, and 1607 are all getting updates.

The reason that they’re all getting patched today is likely because this is going to be one of the last times to do it. Starting in May, Microsoft won’t be releasing optional cumulative updates anymore, only Patch Tuesday updates. This is to focus on stability for those working from home during the COVID-19 pandemic.

For those on Windows 10 versions 1909 and 1903, you’ll get KB4550945, bringing the build number to 18363.815 and 18362.815, respectively. You can manually download it here, and these are the highlights:

  • Updates an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image error message appears.
  • Updates in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
  • Updates an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
  • Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
  • Updates an issue that generates unexpected notifications when you change the default application settings.
  • Updates an issue that causes Windows Update to stop responding when you check for updates.
  • Updates an issue that fails to print content that is outside of the margins of a document.

Here’s the full list of fixes:

  • Addresses an issue that prevents certain apps from opening after you upgrade from a previous version of Windows, and a Bad Image exception dialog box appears.
  • Addresses in an issue that turns off notifications for devices that use a virtual private network (VPN) on a cellular network.
  • Addresses an issue that prevents you from resuming a Microsoft Xbox game on a Windows device after upgrading from a previous version of Windows.
  • Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
  • Addresses an issue that prevents the touch keyboard from appearing during sign in when the user is prompted for the password.
  • Addresses an issue that prevents the touch keyboard from opening in Universal Windows Platform (UWP) apps when USB devices are connected.
  • Addresses an issue that displays incorrect folder properties in File Explorer when the path is longer than MAX_PATH.
  • Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
    • The Group Policy Object (GPO) policy “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive Logon: Do not require Ctrl+Alt+Del Computer” is disabled.
    • The GPO policy “Computer ConfigurationAdministrative TemplatesSystemLogonTurn off app notifications on the lock screen” is enabled.
    • The registry key HKLMSOFTWAREPoliciesMicrosoftWindowsSystemDisableLogonBackgroundImage is set to 1.
  • Addresses an issue that generates unexpected notifications related to changing the default application settings.
  • Addresses an issue that causes the sign in screen to be blurry.
  • Addresses an issue that causes Windows Update to stop responding when you check for updates.
  • Addresses an issue that prevents the Sign in options page from opening using the ms-settings:signinoptions-launchfingerprintenrollment Uniform Resource Identifier (URI).
  • Addresses an issue with Bluetooth group policy settings on Microsoft Surface Pro X devices.
  • Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
  • Addresses a reliability issue in WDF01000.sys.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that causes the Trusted Platform Module (TPM) initialization to fail with system event error 14 and prevents Windows from accessing the TPM.
  • Addresses an issue that causes communication with the TPM to time out and fail.
  • Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
  • Addresses an issue that fails to print content that is outside of the margins of a document.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.
  • Addresses an issue that causes the Clipboard service to unexpectedly stop working.

Windows 10 version 1809 just had its support extended, and those users will get KB4550969, bringing the build number to 17763.1192. You can manually download it here, and these are the highlights:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Updates an issue that causes a text box that contains multiple lines of text to stop responding in certain scenarios.
  • Updates an issue that fails to print content that is outside of the margins of a document.

Here’s the full list of fixes:

  • Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue that causes a box that contains multiple lines of text to stop responding in certain scenarios.
  • Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
  • Addresses an issue that causes an application that uses msctf.dll to stop working, and the 0xc0000005 (Access violation) exception appears.
  • Addresses an issue that prevents the correct lock screen from appearing when all of the following are true:
    • The Group Policy Object (GPO) policy “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsInteractive Logon: Do not require Ctrl+Alt+Del Computer” is disabled.
    • The GPO policy “Computer ConfigurationAdministrative TemplatesSystemLogonTurn off app notifications on the lock screen” is enabled.
    • The registry key HKLMSOFTWAREPoliciesMicrosoftWindowsSystemDisableLogonBackgroundImage is set to 1.
  • Addresses a reliability issue in WDF01000.sys.
  • Addresses an issue that causes a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when Windows resumes from Sleep and turns on certain Bluetooth headsets.
  • Addresses an issue that causes the Event Viewer Microsoft Management Console (MMC) to stop working when the secondary monitor is above the primary monitor. An out of bounds exception appears.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that prevents hash signing using the Microsoft Platform Crypto Provider for TPMs from working correctly. This issue might also affect networking software, such as VPN applications.
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents a user’s PIN from being changed after connecting the device to Microsoft Workplace Join.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses an issue that fails to print content that is outside of the margins of a document.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes high CPU usage on Active Directory (AD) domain controllers when migrating to Windows Server 2019. This increases latency in Microsoft Exchange operations, causes Managed Store contention, and severely impacts index creation in Active Directory and the Global Catalog’s performance.
  • Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from “windowstransport/usernamemixed/certificatemixed” endpoints.
  • Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory “Registered Device” container.
  • Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service.
  • Addresses an issue that might cause the Remote Desktop Gateway service to stop working.
  • Addresses an issue that causes systems to stop working with a 0x3B stop code when running a binary that is signed by a revoked certificate.
  • Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.
  • Addresses an issue that causes stop error 0x18 (REFERENCE_BY_POINTER) when Remote Desktop sessions redirect devices that are not input devices.

This one does have one known issue to be aware of:

Symptom Workaround
After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_ COMPONENT_NOT_FOUND.”
  1. Uninstall and reinstall any recently added language packs. For instructions, see Manage the input and display language settings in Windows 10.
  2. Select Check for Updates and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.

Note If reinstalling the language pack does not mitigate the issue, reset your PC as follows:

  1. Go to the Settings app > Recovery.
  2. Select Get Started under the Reset this PC recovery option.
  3. Select Keep my Files.

Microsoft is working on a resolution and will provide an update in an upcoming release.


For those running Windows 10 version 1803, which is only supported for Enterprise and Education SKUs, you’ll get KB4550944, bringing the build number to 17134.1456. You can manually download it here, and there’s one highlight:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.

Here’s the full list of fixes:

  • Addresses an issue that occurs when a third-party application loads hidden tabs into Internet Options.
  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue that prevents the first key stroke from being recognized correctly in the DataGridView cell.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that prevents users from setting the REG_EXPAND_SZ keys in some automated scenarios.
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue with running klist.exe that causes lsass.exe to stop working and generates an access violation error (0xC0000005).
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that prevents applications running in an Azure Active Directory environment from receiving account change notifications. This occurs when using the Web Account Manager (WAM) and the WebAccountMonitor API.
  • Addresses a Task Manager CPU frequency display issue that locks to the base frequency on devices equipped with certain CPUs.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears.
  • Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group.
  • Addresses an issue that prevents certain apps from installing if they are published using a Group Policy Object.
  • Addresses an issue that causes Microsoft Edge to stop working if you attempt to use paste functionality on webpages when cut-and-paste functionality has been disabled using a policy and Windows Defender Application Guard is active.

Finally, Windows 10 version 1607 is still supported for LTSB and Windows Server 2016 customers, and they’ll get KB4550947, bringing the build number to 14393.3659. You can manually download it here, and it has the same one highlight:

  • Updates an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.

Here’s the full list of fixes:

  • Addresses an issue with pasting mixed content of images and text from Microsoft Word into Internet Explorer.
  • Addresses an issue with Dynamic Data Exchange (DDE) that causes a memory leak when multiple clients connect to the same server.
  • Addresses an issue that causes new child windows to flicker and appear as white squares on server devices that are configured for stark visual contrast.
  • Addresses an issue that causes an error in logman.exe. The error is, “A user account is required in order to commit the current Data collector Set properties.”
  • Addresses an issue that causes a memory leak in the LsaIso.exe process when the server is under a heavy authentication load and Credential Guard is enabled.
  • Addresses an issue that might cause a delay of up to two minutes when signing in or unlocking a session on Hybrid Azure Active Directory-joined machines.
  • Addresses an issue with running klist.exe that causes lsass.exe to stop working and generates an access violation error (0xC0000005).
  • Addresses an issue with merging Windows Defender Application Control policies that sometimes generates a duplicate rule ID error and causes the Merge-CIPolicy PowerShell command to fail.
  • Addresses an issue that might prevent Dynamic Host Configuration Protocol (DHCP) servers from providing the right options to clients when a reservation exists.
  • Addresses an issue that prevents Microsoft Internet Information Services (IIS) management tools, such as IIS Manager, from managing an ASP.NET application that has configured SameSite cookie settings in web.config.
  • Addresses an issue that causes devices that are provisioned for Windows Hello for Business (WHfB) to fail. Registration occasionally fails, which leads to a delay in WHfB enrollment and, in some instances, creates Conflicting Objects (CNF) in the Active Directory “Registered Device” container.
  • Addresses an issue that occurs when you try to sign in to Windows during recovery mode. The error, “No administrator accounts are available on this machine”, appears.
  • Addresses an issue that prevents you from removing some local users from local built-in groups. For example, you cannot remove “Guest” from the “Guests” local group.
  • Addresses an issue that logs incorrect Internet Protocol (IP) addresses in the audit logs because of missing or old data for active requests coming from “windowstransport/usernamemixed/certificatemixed” endpoints.
  • Addresses an issue that might cause a deadlock in the Remote Desktop Gateway service.
  • Addresses an issue in Srv2.sys that might cause 0x18, 0xC2, and 0x19 errors.
  • Addresses an issue that prevents the Notification State registries from being deleted for certain apps even after the user profile is deleted.

This one also has one known issue:

Symptom Workaround
After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters.

Microsoft is working on a resolution and will provide an update in an upcoming release.


As mentioned earlier, these updates are optional. That means that you can get it through Windows Update if you opt into it, or you can install it manually. If you choose to not take the update, these fixes will be bundled into next month’s Patch Tuesday updates.

Related:

Microsoft Exchange: 355000 Servers Lack Critical Patch

Governance & Risk Management , IT Risk Management , Patch Management

Fix Released in February Only Installed on 18 Percent of Servers, Rapid7 WarnsMathew J. Schwartz (euroinfosec) • April 8, 2020

Microsoft Exchange: 355,000 Servers Lack Critical Patch
Rapid7: Any attempts to exploit CVE-2020-0688 will leave artifacts in the Windows and IIS logs, including the name of the legitimate user account that was used.

Patch or perish alert: Less than than 20 percent of all Microsoft Exchange servers have received a fix for a serious flaw Microsoft first disclosed nearly two months ago, security firm Rapid7 warns.

See Also:Live Webinar | Can Medium-Sized Companies Automate Access to Critical Multi-Cloud IT Environments?

“As of March 24, there were over 350,000 Exchange servers exposing a version of the software that has this vulnerability,” writes Tom Sellers, a senior manager at Boston-based Rapid7 Labs, in a blog post.

The vulnerability could allow a remote attacker “to turn any stolen Exchange user account into a complete system compromise,” he says. “In many implementations, this could be used to completely compromise the entire Exchange environment – including all email – and potentially all of Active Directory” (see: Why Hackers Abuse Active Directory).

Microsoft addressed the remote-code-execution vulnerability – designated CVE-2020-0688 – via security updates it released on Feb. 11 for all supported versions of Microsoft Exchange. At least at that point, the flaw didn’t appear to have been targeted in the wild, the company said. The flaw was reported to Microsoft by an anonymous researcher via Trend Micro’s Zero Day Initiative.

“A remote-code-execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time,” Microsoft said in its security alert. “Knowledge of the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM. The security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install.”

Security Updates Include Patch

To fix the flaw, Microsoft pushed security updates for four base versions of Exchange:

  • Exchange Server 2010 service pack 3 update rollup 30;
  • Exchange Server 2013 cumulative update 23;
  • Exchange Server 2016 cumulative update 14;
  • Exchange Server 2016 cumulative update 15;
  • Exchange Server 2019 cumulative update 3;
  • Exchange Server 2019 cumulative update 4.

But the vast majority of these servers remain unpatched, according to a survey conducted by Project Sonar, Rapid7’s in-house internet scanning project (see: Is COVID-19 Driving a Surge in Unsafe Remote Connectivity?).

“On March 24, we used Project Sonar to survey the internet for publicly facing Exchange Outlook Web App – OWA – services,” Sellers says. “What we found was that at least 357,629 (82.5 percent) of the 433,464 Exchange servers we observed were known to be vulnerable.”

Subsequently, Sellers added a caveat that 35,000 fewer servers might be vulnerable, owing to Microsoft’s fix for Exchange 2010 not updating the visible build information, meaning that scans alone could not tell if an Exchange 2010 system had been updated. Instead, organizations will need to manually verify that every such system has the update. Sellers says they should do the same for all Exchange 2013 and newer systems, noting that the build number alone should indicate if the relevant update is in place.

Check for Compromise

Rapid7 also recommends all organizations that use Exchange search for any signs that they have been compromised via this flaw.

“The exploit code that we tested with left log artifacts in the Windows Event Log and the IIS [Internet Information Services] logs on both patched and unpatched servers,” Sellers says, noting that the log error message will also name the compromised user account.

“You will see the username of the compromised account name at the end of the log entry,” according to Rapid7’s Tom Sellers

Because the attack requires a valid Exchange user account to succeed, “any user accounts seen in these exploitation attempts should be considered compromised,” Sellers says.

But Wait, There’s More

Unfortunately, the Project Sonar scans revealed more widespread problems than a lack of CVE-2020-0688 patching. Notably, Rapid7 researchers found 31,000 Exchange 2010 servers online that had received no updates since 2012, as well as 800 Exchange 2010 servers that have never been updated. It also saw 10,371 Exchange 2007 servers.

“In addition to the high numbers of servers that are missing multiple updates, there is a concerning number of Exchange 2007 and 2010 servers,” Sellers says, although he notes that Exchange 2007 is not vulnerable to CVE-2020-0688. Even so, the unsupported operating system long ago stopped receiving security updates, and now has a raft of critical flaws that attackers could exploit. “Exchange 2007 transitioned to ‘end of support’ status nearly three years ago, on April 11, 2017,” he says. “No security updates, bug fixes, time zone updates, etc., are provided after that date.”

Exchange 2010 was scheduled to reach end of support on Jan. 14, although that’s now been postponed until Oct. 13, 2020. “There are over 166,000 of these servers connected to the internet,” Sellers says. “That’s a staggering number of enterprise-class mail systems that will be unsupported in a few months.”

Related: