Patching in Review – Week 37 of 2019
Another Patch Tuesday in the books for the year, but not without its surprises. Have a look at the surprisingly long list of quirks and issues that emerged throughout the rest of the week.
Of course, here are the quick links to stay up to date on any developing known issues:
- Windows 10 / Server 2019 / Server 2016
- Windows 8.1 / Server 2012 R2
- Server 2012
- Windows 7 / Server 2008 R2
- Server 2008
Patch Tuesday Follow-Up
While we try to cover all the currently known issues in the Patch Tuesday Webinar, more issues tend to come out over the remainder of the week. Here’s a list of the interesting quirks and known issues that have been discovered:
- It looks like the two “Zero-Day” CVEs that were reported by Microsoft have been updated to report that they’re not exploited. Both CVE-2019-1214 and CVE-2019-1215 have had their pages updated to reflect Microsoft’s change, but few details have been provided outside of this fact.
- The Windows 10 1903 update (KB4515384) resolved the 100% CPU issue mentioned in last week’s post, but it appears new issues have taken its place:
- WindowsLatest is reporting audio issues on select machines where audio is no longer functional or is heavily reduced in applications.
- The Reddit sysadmin Patch Tuesday thread is mentioning issues with the Start Menu where an error is thrown when opened. Only rolling back to an earlier update has resolved the issue.
- Users of Dell Encryption should be cautious as the Windows 10 1809 (KB4515384) and Windows 10 1903 (KB4515384) updates are running into blue screens displaying BAD SYSTEM CONFIG INFO.
- On Patch Tuesday, we noticed issues with the Windows 10 1809 x64 update (KB4512578) where the patch binary would fail to download. In our testing, we found that depending on the file server, the download size would only return around 233MB instead of 262MB and the file would be corrupt. Attempting the download multiple times seems to eventually return the proper file.
- KB4493730, the April servicing stack update for Server 2008 is required before the next servicing stack and September updates can be installed.
- KB4490628, the March servicing stack for Windows 7 and Server 2008 R2 is required before the next servicing stack and September updates can be installed.
Third-Party Updates
Of course, other vendors have been releasing updates for their respective software. While these updates might not have identified vulnerabilities, they still have helpful stability fixes as well as potential undisclosed security fixes:
Software Title |
Ivanti ID |
Ivanti KB |
Apple Mobile Device Support 13.0.0.38 |
AMDS-026 |
QAMDS130038 |
CoreFTP LE 2.2.1941 |
COREFTP-040 |
QCFTP221941 |
iTunes 12.10 |
AI19-005 |
QAI1210 |
Microsoft Power BI Desktop 2.73.5586.661 |
PBID-064 |
QBI2735586661 |
Opera 63.0.3368.88 |
OPERA-228 |
QOP630336888 |
PDF-Xchange PRO 8.0.333.0 |
PDFX-033 |
QPDFX803330 |
Plex Media Player 2.41.0 |
PLXP-045 |
QPLXP2410 |
Thunderbird 68.1.0 |
TB19-6810 |
QTB6810 |
Visual Studio 2019 version 16.2.4 |
MSNS19-09-VS2019 |
QVS20191624 |
Visual Studio Code 1.38.1 |
MSNS19-0912-CODE |
QVSCODE1381 |
Wireshark 2.6.11 |
WIRES-101 |
QWIRES2611 |
Wireshark 3.0.4 |
WIRES-102 |
QWIRES304 |
Zoom Client 4.5.3372 |
ZOOM-028 |
QZOOM453372 |