Microsoft August 2019 Security Updates

[Corrine]

The August security updates have been released and consist of 93 CVEs and 2 advisories. Of these 93 CVEs, 29 are rated Critical, and 64 are rated Important in severity. None are listed as publicly known or as under active attack at the time of release but multiple bugs this month fall into the wormable category.

The updates address Information Disclosure, Elevation of Privilege, Remote Code Execution, Denial of Service, Security Feature Bypass, Tampering and Spoofing. They apply to the following: Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio, Online Services, Active Directory, Microsoft Dynamics.

Known Issues: See the Known Issues and accompanying work-around in the KB Articles for your version of Windows in the Update History:

• Windows 10
• Windows 8.1
• Windows 7

Recommended Reading: See Dustin Childs review and analysis in Zero Day Initiative — The August 2019 Security Update Review.

 

[Corrine]

via Twitter,

https://twitter.com/x/status/1161417436089978882

:

Microsoft are blocking this month’s security patching (inc RDP patches) on PCs and servers with Symantec and Norton AV as the AV vendors haven’t added SHA-2 support still

(link: https://support.microsoft.com/en-us/help/4512486/windows-7-update-kb4512486

This applies to Windows 7, from KB4512486:

Microsoft and Symantec have identified an issue that occurs when a device is running any Symantec or Norton antivirus program and installs updates for Windows that are signed with SHA-2 certificates only. The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start.

Microsoft has temporarily placed a safeguard hold on devices with an affected version of Symantec Antivirus or Norton Antivirus installed to prevent them from receiving this type of Windows update until a solution is available. We recommend that you do not manually install affected updates until a solution is available.
Guidance for Symantec customers can be found in the Symantec support article.

 

[Corrine]

The block on Windows 7 with Symantec Antivirus installed has been removed. This change applies to the following updates:

KB4512514 (August Preview of Monthly Rollup)
KB4512486 (August Security-only update)
KB4512506 (August Monthly Rollup)

Note, however, the information in Microsoft Lifts Update Block On Windows 7 With Symantec AV regarding Symantec's advice.