• Admins, heads up! Another Patch Tuesday security hole has a public exploit

    Home » Forums » Newsletter and Homepage topics » Admins, heads up! Another Patch Tuesday security hole has a public exploit

    Tags:

    Author
    Topic
    woody
    Manager
    February 25, 2020 at 12:07 pm #2171120
    Options

    A week ago today, I warned those of you running SQL Server systems to install the latest Patch Tuesday patches. In particular, CVE-2020-0618 was crack
    [See the full post at: Admins, heads up! Another Patch Tuesday security hole has a public exploit]

    2 users thanked author for this post.
    JCCWsusser, Mr. Natural
    Reply | Quote
    Viewing 5 reply threads
    Author
    Replies
    • PerthMike
      AskWoody Plus
      February 26, 2020 at 12:59 am #2171382
      Options

      The Master Patch List for Exchange doesn’t list anything beyond November 2019 for Exchange…?

      No matter where you go, there you are.

      • This reply was modified 3 years, 7 months ago by PerthMike.
      Reply | Quote
    • Ghosties
      AskWoody Lounger
      February 26, 2020 at 5:57 am #2171436
      Options
      Reply | Quote
    • dportenlanger
      AskWoody Lounger
      February 26, 2020 at 11:07 am #2171560
      Options

      ****Caution Exchange 2016 Installs *****

      Exchange 2016 CU15 applied fine.  The patch KB4536987 broke OWA and killed search across the boards in the web client and desktop client.  Uninstalling the KB brought OWA back.  Stopping the search services and deleting the indexes brought the search back.

      Exchange 2016 users should test before installing on production servers.

      Please let me know how your update went.

      Reply | Quote
      • dportenlanger
        AskWoody Lounger
        February 27, 2020 at 2:04 pm #2172171
        Options

        To answer my own question …… I guess I thought I was admin……I had better double check on the next attempt.  According to the article:
        When you try to manually install this security update by double-clicking the update file (.msp) to run it in Normal mode (that is, not as an administrator), some files are not correctly updated.
        When this issue occurs, you don’t receive an error message or any indication that the security update was not correctly installed. However, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working.

        This issue occurs on servers that are using user account control (UAC). The issue occurs because the security update doesn’t correctly stop certain Exchange-related services.

        Reply | Quote
        • dportenlanger
          AskWoody Lounger
          February 27, 2020 at 6:34 pm #2172276
          Options

          Final notes:  Updating through Windows Update works better than downloading the patch manually.  If you have WSUS, just approve the patch and apply it.  It can be installed while the server is running.  Then, pick a reboot time and you will be golden.

          If you do decide to use the manual patch, follow the directions explicitly.

          Reply | Quote
    • PerthMike
      AskWoody Plus
      February 26, 2020 at 6:24 pm #2171806
      Options
      StoopidMonkey wrote:

      Hi PerthMike,

      The reason for this, and this is something I just realized YESTERDAY, is that as of Exchange 2013 you no longer receive cumulative updates from WSUS or Microsoft Update. You have to download them from Microsoft manually through this site:

      https://docs.microsoft.com/en-us/Exchange/new-features/updates?view=exchserver-2019

      Woody and/or Patch Lady, if you can spell that out in a fresh post I bet a LOT of admins will be surprised to hear that they haven’t received any CU updates since their initial Exchange 2013-2019 install!

      Well yeah, but I’m not looking for a CU, I’m looking for the bi-monthly/quarterly security updates that Microsoft was still posting via WSUS, etc. Those were being used by MS to patch emergency issues like this.

      Those suddenly seem to have stopped as of September.

      I can’t be applying a full CU every quarter, taking my server down for a couple of hours, and hoping that this “service pack” doesn’t break more than it fixes.

      No matter where you go, there you are.

      Reply | Quote
    • PerthMike
      AskWoody Plus
      February 26, 2020 at 6:36 pm #2171808
      Options
      dportenlanger wrote:

      ****Caution Exchange 2016 Installs *****

      Exchange 2016 CU15 applied fine.  The patch KB4536987 broke OWA and killed search across the boards in the web client and desktop client.  Uninstalling the KB brought OWA back.  Stopping the search services and deleting the indexes brought the search back.

      Exchange 2016 users should test before installing on production servers.

      Please let me know how your update went.

      Grrr… Dear Microsoft, medium business doesn’t have capacity for a “lab environment” to test such c****y updates.

      And if KB4536987 breaks OWA and search, that means that the issue is still unresolved by Microsoft, right? Greaaaaaaaat!

      No matter where you go, there you are.

      Reply | Quote
    • zat_so
      AskWoody Plus
      February 27, 2020 at 7:27 am #2171946
      Options

      We tried to install the update for Exchange Server 2013 (Security Update For Exchange Server 2013 CU23 (KB4536988), but it wouldn’t install. We are running it on Windows Server 2012 R2, and that OS is not listed as a supported OS under System Requirements.

      Supported Operating System

      Windows Server 2008 R2 SP1, Windows Server 2008 R2, Windows Server 2012, Windows 7 Professional 64-bit, Windows Server 2008 R2 Standard

      Reply | Quote
    Viewing 5 reply threads
    Reply To: Admins, heads up! Another Patch Tuesday security hole has a public exploit

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    October 2023
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.