Microsoft releases fix for MS15-098 issues on Windows 8 and Server 2012, but it is no piece of cake


Yesterday Microsoft released KB3096053, but as a separate patch.  On Patch Tuesday MS15-098 released to resolve security vulnerabilities in Windows Journal.  The initial patch release failed to install correctly on Windows 8 and Server 2012.  As a response to these issues Microsoft has released a non-security update that must be run before MS15-098 can be installed on the affected operating systems.  The fix seems to come with it’s own pains:

  • KB3096053 must be installed before MS15-098 can be installed.
  • KB3096053 requires a reboot before MS15-098 can be installed.
  • The reboot codes from KB3096053 do not seem to give correct output in all cases.  Our internal testing confirmed a return code of 0 from the install meaning the install did not require a reboot (that would have been a return code of 3010).  However, MS15-098 still could not be installed until a reboot occurred.

KB3096053 will require a reboot, then you can install MS15-098.  The good news, most people are running on Windows 8.1 and Server 2012 R2 which is unaffected by the install issues!  For those who are still running on Windows 8 and Server 2012 the fix is still painful, but will get you to be able to install MS15-098.


September Patch Tuesday Round-Up or The Month Microsoft Finally Killed Disc-Based PC Gaming!!!




Other than the Microsoft conspiracy to kill off disc based gaming ONCE AND FOR ALL!!!!! it was a pretty uneventful Patch Tuesday for issues.

For those who want to read up on, and fume over, the terrible conspiracy to kill off your disc based games, here is a little media fodder.

Now, what more than likely is happening is we have a really old driver that is deprecated and no longer being maintained. It has a security flaw and rather than fix it, so these old school gamers can continue to play their beloved games, Microsoft has decided to take the mitigation route and disable the service on older platforms and not include it in Windows 10.

FYI, I am a gamer and sympathize to a point, BUT we are in the digital age now. Check out and If your game is not already saved, start a movement to do so. They salvage old gems all the time. Security first kids, security first. Speaking of which, did you see this one:

FBI: Deal with your own Internet of Things security

According the the Bureau, it is on you, as the consumer, to ensure the security of your device. Scary thought. So now we are left to the vendor being responsible, because we all know that the consumer is a sheep and will buy without thinking about Security. Don’t scowl at me for saying it. It is true. If my wife would let me act on more of my buying impulses I would probably be more guilty of it than I tend to be.

Let’s take a look between the Patch Tuesdays for some more interesting things:

For those of you still running Server 2003, GUESS WHAT!?!?! There are more patches from September, but you only get them if you paid for extended support…  For those of you who did, and are on the Custom Content Support Agreement with us, we added support for MS15-082, MS15-083, MS15-084, MS15-087, MS15-096, MS15-097 and MS15-101. That brings the count thus far to 9 2003 updates since the EOL this July. Another KB under MS15-080 was also added for Server 2003.  ***Note you would only see these updates if you are on a Custom Content agreement and receiving a private feed***

Here is the September Summary:


For full playback of the August Patch Tuesday Webinar or to sign up for future Patch Tuesday Webinars check out our Webinars page.

September Patch Tuesday, a lot of Microsoft with a touch of Adobe


This feels like a light month compared to the last few Patch Tuesdays, especially for third parties. Coming off of Black Hat, all the vendors we would normally expect to see on patch day have had their hands forced last month to respond quickly to any vulnerability they may have had, likely causing a slow month this time around. Next month we should expect a Java quarterly release, along with more third-party patches.

As for Microsoft, it has released 12 bulletins. Five of these bulletins are rated as Critical. There are a lot of media content vulnerabilities being resolved this month for graphics drivers, Windows Journal and Media Center, and Microsoft Office and Sharepoint.

It appears that the Windows 10 and Edge browser update are combined again this month. Although you will see Windows 10 as affected by bulletins MS15-094, MS15-095 (Edge), MS15-097, MS15-098, MS15-102 and MS15-105, there will be a single cumulative update for the six bulletins.

Five of the bulletins have vulnerabilities that have been publicly disclosed and one has been detected in exploits in the wild. Any vulnerability that has been publicly disclosed is something that you will want to pay close attention to, as public disclosure is an indicator of risk. Statistically these vulnerabilities are going to have a much higher chance of being exploited.

  • MS15-094 and MS15-095 both contain a fix for CVE-2015-2542.
  • MS15-097 contains two public disclosures (CVE-2015-2546, CVE-2015-2529) one of which has also been detected in attacks in the wild (CVE-2015-2546).
  • MS15-100 contains a fix for CVE-2015-2509 and MS15-101 contains a fix for CVE-2015-2504, both of which have been publicly disclosed.

These bulletins should be on your priority list this month.

For those of you still running Server 2003 and on an Extended Support Agreement, expect an update for MS15-097 and MS15-098 this month.

Adobe is the only notable third party update this Patch Tuesday. Shockwave has a release resolving two vulnerabilities.

Join us tomorrow for our regular Patch Tuesday webinar as we discuss the bulletins and provide some details and guidance to help you prioritize your Patch Maintenance for September 2015.

August Patch Tuesday Round-Up

Patch Tuesday + 8 days. Another big month from Microsoft, but it has continued past Patch Tuesday including a Zero Day IE update (MS15-093). Recapping the risks we have seen this month, there are now three exploited vulnerabilities from Microsoft for August. Two vulnerabilities have been publicly disclosed which increases the risk of exploit. Altogether, this is a busy month once again.

Windows 10 is continuing to be a hot topic. Some details have slowly been creeping out around how Microsoft really plans to roll-out updates on Windows 10. All updates will be cumulative. All updates will be bundled (August had six bulletins rolled into the single cumulative for Windows 10). These cumulative updates can include non-security fixes without notice or choice. We had the Patch Tuesday update and two additional cumulative since Patch Tuesday (KB3081436, KB3081438 which was the fix for the reboot loop, and KB3081444).

Here is the August summary:



For full playback of the August Patch Tuesday Webinar or to sign up for future Patch Tuesday Webinars check out our Webinars page.

Bring out yer dead! I’m not dead yet says Patch Tuesday


You can keep shouting “bring out your dead,” but Patch Tuesday is not dead yet. There is a large lineup this month on both the Microsoft and third party front, and even some Windows 10 updates to boot!

Patch Tuesday is always fun after a major security conference. We are going to see some fallout from the BlackHat conference last week, as security researchers showed off their skills with live exploits of popular browsers and plug-ins. Mozilla already released a security update last week and, for Patch Tuesday, we have updates for IE, Edge, Flash, Chrome and Java.


Microsoft has released 14 bulletins, four of which are critical. The critical updates affect Internet Explorer, Edge, Windows, .Net Framework, Microsoft Office, Microsoft Lync and Microsoft Silverlight. Two of the critical updates affect Office.

Exploits detected in wild:

  • MS15-081 CVE-2015-1642
  • MS15-085 CVE-2015-1769

Public disclosures:

Remember this is a risk indicator. If a vulnerability has been publicly disclosed, the chances of exploit are significantly higher.

  • MS15-079, MS15-081, MS15-088 – CVE-2015-2423 – To fully resolve this vulnerability you need to ensure that all bulletins that are affected by this vulnerability are updated.
  • MS15-080 – CVE-2015-2433 — MS15-080 is a critical update resolving 16 vulnerabilities across TrueType, OpenType, Office Graphics Component, and some Kernel and Shell security feature bypass vulnerabilities. This update will affect Windows 10 users and also is the one update this month that would affect Server 2003 customers and would be available if you have an extended support contract.

Windows 10 users can expect to see the IE update for IE 11 (MS15-079), MS15-080, MS15-085, MS15-088, MS15-091 (Critical update for Edge browser) and MS15-092.

Microsoft has changed the game up with its Windows 10 patches. Instead of releasing patches individually, it is now releasing patches in bundles. This makes it easy to patch systems, but it also means that users can no longer test patches individually before integrating them, which could be problematic if one patch causes issues.


Adobe Flash has released an update today that resolves 35 vulnerabilities. The update is rated as a Priority 1.


Google Chrome has an update available today to support the Flash Plug-In. It’s currently unclear if this update contained other security fixes, but the plug-in from Flash puts it in the Priority 1 bucket.


There is an expected update from the Java team. Java 8u60 is a maybe for today. We have not seen it drop yet, but there is enough buzz going on to keep a wary eye open.


Mozilla FireFox had a security-related release last week to respond to some critical vulnerabilities. That update should be on your Priority 1 list this month. FireFox 40 is expected out at any time now, but it will be a feature update with new Windows 10 friendly features, not a security update.

Join us tomorrow for our monthly Patch Tuesday webinar, where we will discuss the updates, priorities, and related topics to keep you informed.

Protect 9.2 Sneak Peek: Patch Tuesday + X

Every month, you start your maintenance, not on Patch Tuesday, but on Patch Tuesday + x days. I have seen dozens of spreadsheets that all look alike and heard the same from even more customers. They pretty much all start on the second Tuesday of the month with all of the subsequent execution happening with that as the anchor. +1 day test group 1, +3 days test group 2, +5 days dev group 1, +9 days dev group 2, + 11 days Prod 1, etc. The problem with this is in the Outlook style scheduling.

A couple times a year, scheduling a job to run on the second Thursday of the month will be thrown off as the second Thursday will occur before the second Tuesday. Very problematic. So what you need is an anchor date to start your schedule from. Second Tuesday is the start of all your monthly maintenance and Protect 9.2 has your solution.  Observe:



So now you can setup all your reoccurring jobs exactly as they read from your patching maintenance spreadsheet. Ready to play? starting soon.


WUB WUB WUB and Windows 10


Did you know that WUB is the new UNTS in Electronica Dubstep?  I’m more of a Rock n Roll kinda guy myself, so news to me! Today I want to talk about WUB, but a different kind of WUB.  Windows Update for Business.

There are a lot of vague announcements, and a myriad of conclusions from security experts and the media, regarding recent Microsoft news about the upcoming release of Windows 10 and the introduction of Windows Update for Business.

Microsoft has been making some much needed changes to their development teams over the past year. They have announced a new, quarterly-release schedule that they are moving the product development teams to. They are also working to simplify the complexity of supporting updates for their products. The proposed changes will allow development teams to work toward quarterly releases and launch when prepared. The cost of holding onto code, once tested and ready to ship, is very costly.

What do these changes mean for me as a user? Many of the applications you rely on will start to deliver usability and new-feature changes more quickly. Office 365 is a good example of the future of the application deliver from Microsoft. New features can be delivered more frequently and users will be able to consume those changes much quicker, brining this experience in line with what we have come to expect from our mobile devices. The operating system and server solutions, like SQL Server, Team Server, SharePoint Server, etc., will likely be slower to move to these quarterly release schedules and remain for longer periods of time on the Patch Tuesday cadence.

With Windows 10, Microsoft is introducing some changes to the way updates will be delivered to systems. They are also introducing new features into what will now be known as Windows Update for Business. The new features will allow businesses to control the speed at which updates are rolled out to their systems. One of the most significant changes will be the update rings. There are different tracks that you can opt into that will give you more control over how fast updates are delivered to your systems. Between announcements earlier this year, and additional announcements at the Ignite 2015 show, there will be three or more rings that you can configure in WUB. A Current Branch and Long Term Service Branch have been confirmed, but, at Ignite, a Ludicrous Branch was also announced, which would push updates at a cadence similar to its namesake. Windows 10 Home editions will be limited on options to control what updates are applied to their system. The home-user editions of Windows 10 will update fairly quickly. This is the Current Branch. Current Branch receives new features, fixes and security updates as they release to Windows Update. For the majority of Home users, this will be an ideal experience.

Windows 10 Professional editions will have options for Current Branch or Current Branch for Business. The additional CBB allows businesses more flexibility about when the new features, fixes, and security updates are applied to their systems. Companies that use Microsoft’s free Windows Update for Business (WUB) or Windows Server Update Services (WSUS) will have the ability to defer new feature updates for Windows 10 for a period of time. Microsoft will maintain the current, and a previous branch, that these customers can reside on for a period of time without taking the feature changes. After the next branch is started, the previous branch stops receiving security updates, forcing these companies to move to the new-current or previous branch. Details on how long before companies would be forced to update have not been officially announced.

For those companies on Windows 10 Enterprise, there will be additional options available. These customers will have the ability to mix and match CB and CBB, but will also have access to a Long Term Servicing Branch. This branch allows companies to take only security fixes and defer new features and fixes of a non-security nature. Enterprise customers will be able to utilize all branches to suit the needs of systems in their environment. The Current Branch is for groups of users that have low risk of being impacted by new features and changes. The Current Branch for Business group may contain users with more specific application needs that may be sensitive to new features, changes and behavior. The CBB gives IT more time to accommodate those changes and educate users or respond to issues. The Long Term Servicing Branch is ideal for servers and other critical assets which need the security updates, but also need more control over what changes occur on the system.

There is a really good FAQ on the Microsoft Community which included much of the details described above and a more clear description of the

Service Branch Options Edition
Current Branch
  • Security Updates, Features and Fixes are automatically applied.
  • There is no option to delay or customize these updates.
  • Windows 10 Home
Current Branch for Business (CBB)
  • CBB includes the requirements of the Current Branch, but also provides the option of customizing when and which Security Updates, Features and Fixes are applied, similar to how Windows Update works today in current versions of Windows.
  • Updates cannot be deferred indefinitely.
  • Windows Updates can be managed using enterprise management tools such as Windows Update for Business and/ WSUS.
  • Windows 10 Pro
  • Windows 10 Enterprise
  • Windows 10 Education
Long Term Servicing Branch (LTSB)
  • Only available to volume license customers running Windows 10 Enterprise.
  • Flexible options for managing Windows Updates.
  • Windows Updates can be customized to only accept Security Fixes.
  • Windows Updates can be managed using enterprise management tools such as Windows Update for Business and/ WSUS.
  • Windows 10 Enterprise

So is Patch Tuesday dead? According to a Microsoft spokesperson, “Windows Update for Business can take responsibility for the timely distribution of security updates for customers for free. Customers that choose to distribute updates themselves (or through a Patch Management Vendor) will continue to receive the updates on the 2nd Tuesday of the month.” For consumers, Patch Tuesday is a non-issue as their system will apply updates as they arrive, similar to their mobile device experience. Some of those may come on Patch Tuesday, but others will come as they are released. For Pro and Enterprise customers utilizing WUB, WSUS, or SCCM, security and other updates will still arrive on the 2nd Tuesday of the month, giving them predictability and control over what gets rolled out to their environment.

May Patch Tuesday Round-Up


There were a lot of updates released this month.  A lot of the updates from Microsoft overlap each other.  There is even a case of one patch replacing another within the 13 patches released this month.  Here are some things to know as you continue through your patch process:

Several patches may apply multiple times to the same system.  MS15-044 applies to multiple products including the OS, .Net, Office, Lync, and Silverlight.  MS15-047 for Microsoft Silverlight is another update that overlaps what files are being updated.  MS15-048 for .Net is also overlaps many of the other updates and could show missing multiple times on the same system.

MS15-052 is replaced by MS15-055.  On Windows 8 and Server 2012 you need to install 052 before 055.  With Shavlik Protect you would just see MS15-055 in this case as it replaces MS15-052.

MS15-043 (Cumulative IE) includes additional defense-in-depth updates to help improve security-related features.  For systems with IE7 and earlier, the JScript and VBScript vulnerabilities are resolved through MS15-053.

MS15-045 resolves two vulnerabilities that have been publicly disclosed, which increases the risk that they will be exploited significantly.

MS15-050 is vulnerable on Windows 2003, but there is not updated offered for this OS as the changes required would require significant re-architecture.  As 2003 reaches its End-of-Life the number of unpatched vulnerabilities will increase.

MS15-055 resolves vulnerabilities in Schannel, but also includes additional security-related changes to TLS including increasing the minimum allowable DHE key length to 1024 bits.


May Patch Tuesday 2015


Well Patch Tuesday isn’t dead yet. At least according to four of your favorite vendors who just released updates for the May Patch Tuesday. Microsoft, Adobe, Mozilla and Google updates are upon us.

Microsoft released 13 bulletins, three of which are Critical. The Critical updates resolve 30 vulnerabilities and the following Microsoft products affect Internet Explorer, the OS, .Net, Office, Silverlight and Lync. The remaining 10 Important updates resolve 18 more vulnerabilities and affect the OS, .Net, SharePoint, Silverlight and Office.

MS15-043 is a Critical update for Internet Explorer, which resolves 22 vulnerabilities, mostly relating to memory corruption, but there are a few ASLR bypass, Elevation of Privilege and Information Disclosure vulnerabilities being resolved as well. This update should be on your priority list this month.

MS15-044 is a Critical update for the OS, .Net, Office, Lync, and Silverlight. Expect to see a few variations of this update needed for most of your machines. The update resolves two vulnerabilities in OpenType and TrueType Font. An attacker could craft documents or web content that contain embedded TrueType Fonts, which could allow remote code execution. This update should also be in your priority list, but it will likely require more testing due to the variety of products impacted.

MS15-045 is a Critical update for the OS. This update resolves six vulnerabilities, which, if exploited, could allow remote code execution. An attacker could craft a special Journal file, which could allow them to gain equal rights to the logged-on user. This update should also be in your priority list this month.

Of the important updates, there are a few things to note. SharePoint, .Net and Kernel Mode Drivers are all in the list of affected products this month. They should be tested adequately and rolled out in a timely manner. MS15-052 is replaced by MS15-055, so if you are deploying both updates, you really only need MS15-055, which is an update for SChannel. If you do not deploy MS15-055, then MS15-052 would still be required to resolve the Kernel security feature bypass vulnerabilities described in that bulletin.

Adobe pre-announced updates for Acrobat Reader and Acrobat and added an update for Flash Player today. Both bulletins are Priority 1 updates from Adobe and should both be added to your priority list this month.

For Acrobat and Acrobat Reader there are 34 vulnerabilities being resolved and these are rated as Priority 1 updates. The vulnerabilities range from buffer overflows, which could lead to code execution, to null-pointer dereference, which could lead to DoS. Fourteen of these vulnerabilities are able to bypass restrictions on Javascript API execution. These updates, especially Acrobat Reader, should be on your priority list this month.

Adobe Flash resolves 18 vulnerabilities and is also rated as a Priority 1 update. Thirteen of the 18 CVEs resolved have a CVSS base score of 9.3. There are multiple code execution vulnerabilities being resolved, one of which allows an attacker to bypass Protected Mode in Internet Explorer. With Flash updates you could have up to four updates to be deployed to resolve all of these vulnerabilities. Flash Player itself, Google Chrome (also released today), an update for Flash for FireFox, and a Security Advisory from Microsoft for Flash for IE. Flash Player should be on your priority list this month.

Google Chrome 42.0.2311.152 is released. The only change in this update is support for the aforementioned Adobe Flash update. To ensure you are up to date on Flash Player, you must update Google Chrome so you are supporting the latest plug-in.

Mozilla Firefox released an update today resolving 13 advisories and a total of 15 vulnerabilities, five of which are Critical. The vulnerabilities resolved include a buffer overflow, a use-after-free error and a buffer overflow during SVG graphics rendering, all of which could lead to an exploitable crash. An out-of-bounds read\write during JS validation, which could result in allow for information disclosure, as well as memory safety bugs that could be exploited to run arbitrary code. Between the Flash Player plug-in and the Critical vulnerabilities being resolve, it is a good idea to keep Firefox in your priority list this month.

Join us tomorrow for our Patch Tuesday webinar as we review the Microsoft and 3rd Party updates released this Patch Tuesday.  Find out the potential impacts of updating, the risks of not updating, and anything else that comes up as we walk through this months Patch Tuesday lineup.

April 2015 Patch Tuesday


Patch Tuesday excitement is building. There is at least one known Flash vulnerability being exploited in the wild and one Microsoft vulnerability that has been publicly disclosed this month.

Microsoft has released 11 security bulletins this month, four of which are Critical, bringing the total to 42 security bulletins so far in 2015. This is more than twice the number of security updates released than last year at the same time.

From a vulnerability standpoint in April 2014 the CVE count for vulnerabilities resolved was at 72. We passed that count in March, with 76 vulnerabilities resolved. When this month’s 26 CVEs are included, we have a much higher total of 102 CVEs resolved to date.

The product and service impact for Microsoft this month includes the Windows OS, IE, Office, SharePoint, ADFS, .Net and Hyper-V. Two OS, the IE update, and Office update are rated as Critical.

Flash Player is making its triumphant return to Patch Tuesday. Adobe is aware that exploits of CVE-2015-3043 exist in the wild. Between January and February’s Patch Tuesday there were three zero days resolved by two releases in the span of about two weeks. In March the release came on the same week; however, they came at the end of the week. APSB15-06 resolves 22 vulnerabilities and is rated as a Priority 1 update. This should make your list of priority updates to roll out this month.

With a Flash Player update you can always expect an Advisory for Internet Explorer and a Google Chrome update. Google Chrome has a large release covering 45 vulnerabilities including many High priority updates.  That with the Priority 1 Flash plug-in make this release a high priority update when it arrives.

Oracle’s quarterly CPU is also occurring this month and happens to fall on Patch Tuesday. Oracle Java is resolving 15 vulnerabilities — all of which are remotely exploitable without authentication. The highest CVSS Base Score of these 15 vulnerabilities is a 10.0, which is the highest possible score. It goes without saying that Java should be a priority update this month. Three other Oracle products are resolving CVE’s with a 10.0 CVSS Base Score. So if you have Oracle Fusion Middleware, Oracle Sun Systems Products Suite or MySQL, they are all including vulnerabilities that are remotely exploitable without authentication and should be a priority to investigate for update this patch cycle.

Join us tomorrow for the Shavlik April 2015 Patch Tuesday webinar as we discuss the releases for this month, priorities, known issues, etc.