13
Aug 19

Patch Tuesday, August 2019 Edition

Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out. Fortunately, this month’s patch batch from Redmond is mercifully light, at least compared to last month.

Okay, maybe a trip to the dentist’s office is still preferable. In any case, today is the second Tuesday of the month, which means it’s once again Patch Tuesday (or — depending on your setup and when you’re reading this post — Reboot Wednesday). Microsoft today released patches to fix some 93 vulnerabilities in Windows and related software, 35 of which affect various Server versions of Windows, and another 70 that apply to the Windows 10 operating system.

Although there don’t appear to be any zero-day vulnerabilities fixed this month — i.e. those that get exploited by cybercriminals before an official patch is available — there are several issues that merit attention.

Chief among those are patches to address four moderately terrifying flaws in Microsoft’s Remote Desktop Service, a feature which allows users to remotely access and administer a Windows computer as if they were actually seated in front of the remote computer. Security vendor Qualys says two of these weaknesses can be exploited remotely without any authentication or user interaction.

“According to Microsoft, at least two of these vulnerabilities (CVE-2019-1181 and CVE-2019-1182) can be considered ‘wormable’ and [can be equated] to BlueKeep,” referring to a dangerous bug patched earlier this year that Microsoft warned could be used to spread another WannaCry-like ransomware outbreak. “It is highly likely that at least one of these vulnerabilities will be quickly weaponized, and patching should be prioritized for all Windows systems.”

Fortunately, Remote Desktop is disabled by default in Windows 10, and as such these flaws are more likely to be a threat for enterprises that have enabled the application for various purposes. For those keeping score, this is the fourth time in 2019 Microsoft has had to fix critical security issues with its Remote Desktop service.

For all you Microsoft Edge and Internet Exploiter Explorer users, Microsoft has issued the usual panoply of updates for flaws that could be exploited to install malware after a user merely visits a hacked or booby-trapped Web site. Other equally serious flaws patched in Windows this month could be used to compromise the operating system just by convincing the user to open a malicious file (regardless of which browser the user is running).

As crazy as it may seem, this is the second month in a row that Adobe hasn’t issued a security update for its Flash Player browser plugin, which is bundled in IE/Edge and Chrome (although now hobbled by default in Chrome). However, Adobe did release important updates for its Acrobat and free PDF reader products.

If the tone of this post sounds a wee bit cantankerous, it might be because at least one of the updates I installed last month totally hosed my Windows 10 machine. I consider myself an equal OS abuser, and maintain multiple computers powered by a variety of operating systems, including Windows, Linux and MacOS.

Nevertheless, it is frustrating when being diligent about applying patches introduces so many unfixable problems that you’re forced to completely reinstall the OS and all of the programs that ride on top of it. On the bright side, my newly-refreshed Windows computer is a bit more responsive than it was before crash hell.

So, three words of advice. First off, don’t let Microsoft decide when to apply patches and reboot your computer. On the one hand, it’s nice Microsoft gives us a predictable schedule when it’s going to release patches. On the other, Windows 10 will by default download and install patches whenever it pleases, and then reboot the computer.

Unless you change that setting. Here’s a tutorial on how to do that. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update.

Secondly, it doesn’t hurt to wait a few days to apply updates.  Very often fixes released on Patch Tuesday have glitches that cause problems for an indeterminate number of Windows systems. When this happens, Microsoft then patches their patches to minimize the same problems for users who haven’t yet applied the updates, but it sometimes takes a few days for Redmond to iron out the kinks.

Finally, please have some kind of system for backing up your files before applying any updates. You can use third-party software for this, or just the options built into Windows 10. At some level, it doesn’t matter. Just make sure you’re backing up your files, preferably following the 3-2-1 backup rule. Thankfully, I’m vigilant about backing up my files.

And, as ever, if you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips.

Tags: ,

134 comments

  1. Same problem for me I install KB3133977 as mention in :
    https://support.microsoft.com/en-us/help/4512506/windows-7-update-kb4512506

    at the point 3 and it solved the problem of repair booting at every reboot.

  2. KB4512506 has borked my personal desktop too. I have 2 cloned drives (yesterday’s and last Saturdays) courtesy of Casper but they all fail to boot the same way. Trying a repair from a Win7 install disk gets the “not the right version” error. Well done M$. Most impressive mess yet.

    If I could somehow get access to the drive with a cmd window I could try a few suggestions – any suggestions about how to do that?

    This will be the last Windows update for me, presuming that I can manage to fix this mess. (Typed from my laptop.)

  3. update reverted my resolution to like non hd,, any tips? im noob

  4. The August updates causing both Windows 7 and Windows 10 to reboot in a forced state. I have tested this on a VM running Windows 10 with the same results. This is deployed from a WSUS server and the Registry is set to Dowload and Schedule with Auto restart disabled.

  5. I just bought a new computer, my first with W10. I installed the latest update on Aug 29 and now my new computer won’t work. No search function, no internet, no nothing. It’s completely broken in terms of normal usage of a computer.

    I hope Bill Gates dies a horrible death. This W10 is a plague upon the computing world and if he had an ounce of mercy he’d bring back W7 and continue from there, on that road. This W10 crap is just that: crap.

  6. I am getting fed up with windows updates and all its vulnerability. It seems there is another industry abusing the loopholes and they keep all owners (users) aback. It is a shame.

  7. MS provided this command if you can use USB Win 10 boot and choose repair option/Command prompt then this dism /Image:C:\ /Cleanup-Image /RevertPendingActions

  8. I have windows XP SP3 and just today got an update from MS, and yeah, it surprised me. My xp works fine AND it is immune to that wannacry. But I tried to search to find out what this strange update was about and I can’t find anything.