09
Apr 19

Patch Tuesday Lowdown, April 2019 Edition

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player.

According to security firm Rapid 7, two of the vulnerabilities — CVE-2019-0803 and CVE-2019-0859 — are already being exploited in the wild. They can result in unauthorized elevation of privilege, and affect all supported versions of Windows.

“An attacker must already have local access to an affected system to use these to gain kernel-level code execution capabilities,” Rapid7 researcher Greg Wiseman observed. “However, one of the 32 Remote Code Execution (RCE) vulnerabilities patched today could potentially be used with them in an exploit chain to obtain full control of a system.”

Aside from these zero-day privilege escalation flaws, Wiseman said, it’s a fairly standard Patch Tuesday.

“Which of course still means that there are bugs that should be patched as soon as possible, such as the eight vulnerabilities classified as critical in the scripting engine used by Microsoft browsers, and CVE-2019-0822 (an RCE in Microsoft Office that can be exploited by convincing a user to open a malicious file).”

Adobe’s Patch Tuesday includes security updates for its Flash Player and AIR software,  as well as Adobe Reader and Acrobat.

Flash updates are installed along with other monthly Windows patch rollups for consumers, and auto-installed by Google Chrome, but users may need to reboot the operating system (in the case of IE/Edge) or the browser (in Chrome) for the new updates to take effect.

Adobe’s actions also sound the death knell for Adobe Shockwave Player, which has at long last reached end-of-life.

That means no more security updates for Shockwave, which has always been something of an ugly stepchild to Flash. That is to say, Shockwave never really got the security attention Flash has received but nevertheless has been just as vulnerable and often lagging months or years behind Flash in terms of updates.

Chris Goettl, director of product management and security for security firm Ivanti, said Windows users need to get any existing Shockwave installations out of their environments now.

“There are 7 vulnerabilities that are going to be vulnerable for the majority of Shockwave installs still in existence,” Goettl said. “You can bet an exploit is imminent there.”

Standard advice: Staying up-to-date on Windows patches is good. Updating only after you’ve backed up your important data and files is even better. A good backup means you’re not pulling your hair out if the odd buggy patch causes problems booting the system.

Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update.

As always, if you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips.

Further reading:

Qualys on Patch Tuesday

SANS Internet Storm Center’s Patch Tuesday Priorities.

Martin Brinkmann of Ghacks.net

Tags: , , , , , , , , , ,

51 comments

  1. The Sunshine State

    Real easy security updates on both Windows 8.1 and Windows 7 machines today , no problems

  2. Robert Scroggins

    I’m not completely sure, but my wife’s Win 10 computer can no longer run Word/Excel, and they were working fine a couple of days ago. Her copy of Office is an old student edition. Anyone else have this problem on Win 10?

    • Office student versions expire after 4 years, then you have to get another. You said your copy is old, so that might be why it stopped working.

      Your school IT or library department should be able to assist with getting an updated, fresh student version.

      • Robert Scroggins

        As I said, it worked fine the day or two prior to Tue. Win updates. I restored to a point prior to yesterday, and student Office works fine again. I do upgrade to a new version of student Office every year or so. It doesn’t appear that any of the KB updates should affect Office, but I know about MS screwing with apps that you wouldn’t think would be affected, so I use Open Office myself.

  3. April 10 1:12 AM windows 7 automatically installed updates, now my screens went black when done. Only a mouse cursor for 15 minutes. System auto booted 2x, then the blacks screens with cursor. So I booted into EFI and did Asrock’s Internet flash. Hating this 4 sure.

  4. Win 10 – System #1, no problem
    System #2: KB4493464 installed, rebooted, now same KB wanting to reboot again to finish install

  5. Daniel McDermott

    I have Windows 7 64Bit. After installing the updates yesteday (monthly roll up and malicious software removal tool), the re-boot would not pull up my desktop. So I did a manual restart and Windows did some kind of repair and maybe a restore (I think it did a restore but not sure how to find out)

    Today it says I need to download and install these two updates again, even thought my history log of updates says they were successfully installed yesteday. What the heck is up with that?

    • Did you do the updates together or separately? If separately, do you know which caused the kerfuffle? Thanks for any answer.

  6. This update includes for many a two step. One for the main update and then another for the Net Framework. That is why the stopping and shutdowns. I restarted this morning and it works ok, but very clunky.

  7. No issues on either Win10H or Win7U machines yesterday, thankfully. Guess next month will be the PITA, then.

  8. Robert Scroggins

    Update to problem running Word/Excel after Win 10 updates:

    I did a system restore to a point prior to the updates and Word/Excel work fine. Now I need to set another restore point for when MS automatically gives me the updates again!

    Regards,

  9. All of our users that did the update had to be rolled back due to lock ups and not booting up. Hopefully there will be a fix soon. I have 20 users on Win 7 and 3 users on Win 10. My machine is Win 10 and was stuck for a very long time and had to hard shut down and roll back.

  10. What antivirus are you using Rosa? We are experiencing the same thing with several of our computers running Sophos after the updates have installed.

  11. A friend received this alert from Sophos:

    Following Microsoft Windows 09th April update computers fail/hang on boot

    Overview
    After installing the following Microsoft Windows updates computers are failing to boot:

    April 9, 2019—KB4493467 (Security-only update)
    April 9, 2019—KB4493472 (Monthly Rollup)

    The issue has been raised to development and investigations are under way.

    Applies to the following Sophos product(s) and version(s)
    Sophos Endpoint Security and Control
    Sophos Central Endpoint Standard/Advanced

    • Peggy Armstrong

      I am using Sophos home on 7 pro and it is locked up.

      • Personally I like to do things the easy way; better to uninstall the AV if it is borking the update, and either switch to another brand, or at least install MBAM and run as a restricted user and run CCleaner every time you close your browser.

        I am not a shill for MBAM.

        Doesn’t SOPHOS have phone or at least chat support?

  12. At least 4 of our Win7 users are down after this update; Win10 seems ok. Win7 machines are stuck either with infinite configuring, or get stuck at the welcome screen when trying to log in.

  13. Only have a handful of Windows 7 computers left and all of them failed to boot after doing the update. Had to restore to previous to resolve the issue.

  14. Use Linux Mint, its the better win7

  15. Same thing happened to us this morning. Only W7 + Sophos machines following last night’s updates. Temporary solution was to safeboot and disable Sophos services, normal boot, and everything works properly. Just temporary until we can iron out an alternate AV solution.

    • this was the “solution” for us too. How did you solve it, is there an Update comming from Sophos or may the reason for this issue be a previous installed windows update ?

    • The current recommendation is to remove the recent Windows Updates, then restart & re-enable Sophos AV.
      You don’t need to look for an alternate AV solution, Sophos is one of the best out there, this problem is not their fault – besides, other AV users are reporting the same problems.

  16. I have one machine that has 3 external 4 bay SATA chassis connected by USB to PC and all USB connected drives required going in to Computer Management and Disk and go to advanced settings and enable access…..as I lost all ability to see the drives in File Explorer…PC has (5) SATA drives internal and then 12 external..

    Internal

    2 SATA drives physically mounted in chassis -no issues
    3 SATA drives in “hot swappable” trays – no issues

    External

    1 4Bay SATA Drive chassis – drives seen in explorer but no access
    1 4Bay SATA Drive Chassis – drives seen in explorer but no access
    1 4Bay SATA drive chassis – drivers seen in explorer but no access

    Drive icons displayed but no used/ free space icon just icon and nothing more

    Checking drives all showed in shared mode and access for “everyone” as well as Admin but it was not until I added my user name under advanced settings could I a) see the drive and used / free gas gauge and b) access them…..and my user name has admin level access….(Full control)

    No other PC had issues with the upgrade……one Dell Inspirion 5000 Series 17 did not like it….stalled at 94% of final install post first reboot then auto-reverted back to last version so that worked….tried again and failed at same 94% point. Weird…

  17. Many machines are reporting errors reading shared files from SMB shares after this update.

  18. Win 7 initially failed to boot, stuck on “configuring updates please wait” message. Finally went through to a working system after 6-8 hard resets.

  19. @Brian: the “CVE” in “CVE-2019-0822” isn’t linked…

  20. I had 5 out of 5 of my Windows 7 computers all running Sophos left with unusable by this patch. Windows 7 Home, Professional, and Ultimate all represented. They either froze up during install or couldn’t get passed the log in screen. Had to use F8 key to run Windows in Safe mode and restore to a prior to the patch, the quickly disable automatic updates. The computer that I didn’t reach fast enough to prevent automatic updates from running, I had to run windows restore again to go back before April 9.

  21. Got a few Win 7 machines here. KB4493472 has caused a major performance issue on one, so far, as well as deleting items on her desktop. Had to system restore to April 8th to resolve.

    Got 3 Server 2008 R2’s awaiting the same update – gonna hold fire methinks!

  22. Where i work we had problems with these updates. One thing i worked out was to booted it into safe mode with networking login as an admin and do a system restore point which has a type “Critical Update” just before the updates were installed. Depending on how far the update process got. If you booted into safe mode with networking the PC would say its configuring updates not even take you to the login screen and reboot after about 10-15 seconds. Sometimes you could get away with holding the power button in to force it into the boot options for safe mode. Load into safe mode and it would try to do the updates and say it updates failed and it will revert them. Another way i found to resolve this was to use F8 and go into the advanced recovery options and do a system restore. The restore will still fail but after it restarts after failing it will get to the login screen quickly allowing you to log in. Don’t think though that this has solved the problem. We then had to log into to windows normally as an admin and perform a system restore. Only after doing this in some cases did it completely remove the updates and take the PC back to a state before they were installed. I’ve heard through the grape vine microsoft have pulled the updates.

    • In my experience you are better off using the recovery console menu item for restore outside of normal mode or the operating system at all. It is better to nuke from space than to let the OS do anything in this regard. In fact, if I get a “restore failed” message doing it this way, 9 times out of 10 the restore is actually a success. YMMV

  23. The update is taking more than 2 hours. is this normal?

  24. Yea we’re dealing with this here too this lovely morning. We boot into safe mode, delete both KBs (ignore the “reboot now” after #1), and it’s fine. Also, of course, decline the KBs in your WSUS server.

    We also have Sophos, did not have to uninstall or disable.

  25. I have a Microsoft 2010 application that has lost some of the functionality. For example, the ‘Left’ function (I’m sure that there are others), no long work?! I spend MORE time trying to work around Microsoft issues than I do actual programming. It is SO tiresome. Anyone else experiencing this issue?

  26. 4 Windows 7 computers all stuck on please wait since updating this week. All running Sophos, all boot fine in safemode or with sophos services disabled.

  27. updated.. switched on today and windows crashes and relaunches, freezes.. then explorer windows have no text at all in them.. completed messed up my pc.. anyway to roll back !!

  28. 2 Computers at home (one brand new massive gaming rig) and 5 computers at the office (all different) are all having identical issues since the 4-9-2019 update. When you first boot, it takes 5-10 minutes for the machines to respond to any mouse or keyboard input. All computers do share one common trait; all have SSD drives, so there’s no reason for boot times like that.
    After that, we get random freezing of the desktop and both Edge and Chrome browsers.
    Microsoft fails again. Seemingly with every update in the last year.

  29. Updating W7 installations (32- and 64-bit): nothing untoward to report. These installations are all relatively vanilla. Reading other comments reporting infelicities, it seems the installations include 3rd party products that don’t play well with Microsoft / Windows. No, that’s not okay, but neither is it anything new.

  30. I have windows 10. For the last 3 hours I have on my monitor “We couldn’t complete the updates. Undoing changes. D’ont turn off your computer.
    What do I do now?
    THIS IS AN INTOLERABLE SITUATION
    HOW CAN MICROSOFT GET AWAY WITH THIS?
    I CANNOT GET BACK INTO MY COMPUTER.
    ANY HELP WOULD BE GREATLY APPRECIATED

    • Contact MS support – it probably won’t work anyway, but at least you can get back at MS for borking your PC. They worked on my sister’s computer for 2 hours and still couldn’t fix the last “feature” update. But I got her restored back at least so she could use it offline.