Patching in Review – Week 24 of 2019
If you did not have the opportunity to join us for the June Patch Tuesday webinar, make sure to watch our recording before proceeding with this month’s patches.
As always, here are the quick links to stay up to date on any developing known issues:
- Windows 10 / Server 2019 / Server 2016
- Windows 8.1 / Server 2012 R2
- Server 2012
- Windows 7 / Server 2008 R2
- Server 2008
Patch Tuesday Follow-up
Although we go over as many known issues as possible during our Patch Tuesday Webinar, new issues tend to arise over the week that are very important to your next patching cycle.
The highest-profile issue within patching forums is related to Bluetooth devices no longer working on any patched endpoint. Microsoft has detailed this issue within a KB article where devices would now reject connections with the error “BTHPORT_DEBUG_LINK_KEY_NOT_ALLOWED”. This error is due to Windows now blocking well-known encryption keys, preventing exploitation of CVE-2019-2102. To resolve this issue, all relevant Bluetooth devices will need to be updated to gain successful connection to patched Windows endpoints.
An additional high-impact issue within Microsoft documentation surrounds Hyper-V. During this Patch Tuesday, Microsoft remediated three CVEs (CVE-2019-0620, CVE-2019-0709, CVE-2019-0722), detailing virtual machine escape vulnerabilities where arbitrary code can be executed on the host. The most alarming side effects to these fixes are detailed in Microsoft’s KB article, where the host will enter “Bitlocker Recovery mode” with an error if Bitlocker is enabled on the host. While a helpful workaround is supplied through the article, please roll this out to a test group if you have a chance to be affected.
As always, make sure to stay up to date on the issues as they develop via the links at the beginning of this post.
Third-Party Updates
While Patch Tuesday has been in the spotlight, other vendors have also released potentially valuable non-security updates this week. See the list below and be sure to add these to your patching cycle.
Software Title |
Ivanti ID |
Ivanti KB |
Adobe Acrobat DC 15.006.30498 |
ARDC19-006 |
QADC1500630498 |
Adobe Acrobat DC 17.011.30143 |
ARDC19-005 |
QADC1701130143 |
Adobe Acrobat DC Continuous 19.012.20035 |
ARDC19-004 |
QADC1901220035 |
Apache Tomcat 8.5.42 |
TOMCAT-136 |
QTOMCAT8542 |
Apache Tomcat 9.0.21 |
TOMCAT-137 |
QTOMCAT9021 |
Firefox 67.0.2 |
FF19-013 |
QFF6702 |
GoToMeeting 8.45.2 |
GOTOM-065 |
QGTM8452 |
Microsoft Power BI Desktop 2.70.5494.562 |
PBID-058 |
QBI2705494562 |
Microsoft Power BI Desktop 2.70.5494.661 |
PBID-059 |
QBI2705494661 |
PeaZip 6.8.1 |
PZIP-016 |
QPZIP681 |
Plex Media Player 2.35.1 |
PLXP-038 |
QPLXP2351986 |
Plex Media Server 1.15.8.1198 |
PLXS-037 |
QPLXS11581198 |
Skype 8.47.0.59 |
SKYPE-160 |
QSKY847059 |
Thunderbird 60.7.1 |
TB19-6071 |
QTB6071 |
Visual Studio 2017 version 15.9.13 |
MS19-06-VS2017 |
QVS201715913 |
Visual Studio Code 1.35.1 |
MSNS19-0613-CODE |
QVSCODE1351 |
VLC Media Player 3.0.7 |
VLC-307 |
QVLC307 |
VLC Media Player 3.0.7.1 |
VLC-3071 |
QVLC3071 |