Skip to content
ProVal Technologies
407-588-0101
Facebook Twitter Instagram Linkedin Youtube
  • Home
  • Company
    • ProVal’s Journey
    • Approach
    • Culture & Values
    • Our Team
  • NOC SERVICES FOR MSPS
    • ConnectWise
      • ConnectWise Automate
      • ConnectWise RMM
      • ConnectWise Manage PSA
    • Kaseya
      • Kaseya VSA
      • Datto RMM
    • Managed Backups
    • 24×7 Monitoring
  • Careers
  • Resources
    • MSP Blogs
    • Your Tools. Our Experts.
    • MSP Webinars
    • Testimonials
  • Contact Us
  • Client Portal
Menu
  • Home
  • Company
    • ProVal’s Journey
    • Approach
    • Culture & Values
    • Our Team
  • NOC SERVICES FOR MSPS
    • ConnectWise
      • ConnectWise Automate
      • ConnectWise RMM
      • ConnectWise Manage PSA
    • Kaseya
      • Kaseya VSA
      • Datto RMM
    • Managed Backups
    • 24×7 Monitoring
  • Careers
  • Resources
    • MSP Blogs
    • Your Tools. Our Experts.
    • MSP Webinars
    • Testimonials
  • Contact Us
  • Client Portal

Microsoft Security Updates: November 2018

  • November 14, 2018
  • ProVal Technologies, Inc
  • Microsoft Security Updates
Microsoft Patch notes

11_18_Security Updates

This month’s Patch Tuesday addresses 62 vulnerabilities, with 12 of them labeled as Critical. Out of the Criticals, 8 are for the Chakra Scripting Engine used by Microsoft Edge. A Remote Code Execution vulnerability in Windows Deployment Services’ TFTP server is also addressed in this release. Adobe also patched three Important vulnerabilities this month, although there is a PoC exploit available for Adobe Acrobat and Reader.

 

Workstation Patches

Browser and Scripting Engine patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users. Out of the 12 Critical vulnerabilities, 10 can be exploited through browsers or opening malicious files.

 

Windows Deployment Services TFTP Server RCE

Microsoft’s Windows Deployment Services uses TFTP to support image deployment via PXE booting. A flaw was discovered in the TFTP server that allows Remote Code Execution on an affected device. The patch for CVE-2018-8476 should be prioritized if WDS is used in your environment.

 

Microsoft Dynamics 365 RCE

Web requests are not properly sanitized in version 8 of Microsoft Dynamics 365 on-prem. This vulnerability could lead to remote code execution in the context of the SQL user. Any on-prem deployments of Dynamics 365 should have CVE-2018-8609 prioritized.

 

Active Attacks on Win32k Privilege Escalation

Microsoft has reported that there are active attacks detected against CVE-2018-8589. The vulnerability impacts Windows 7 and Server 2008 and 2008 R2. Microsoft has ranked this patch as Important.

 

BitLocker

Last week, Microsoft released an advisory on using software encryption rather than hardware, which has recently been shown to be ineffective in certain implementations. In addition, an unrelated patch for BitLocker (CVE-2018-8566) was issued today. This vulnerability allows an attacker to access encrypted data if they have physical access to the system. Microsoft has ranked this patch as Important.

 

Adobe Patches, NTLM hash leaking, mitigations

Adobe released three patches for Flash, Acrobat/Reader, and Photoshop, all labeled Important. The vulnerability in Acrobat and Reader has publicly available PoC code and should be installed as soon as possible. This flaw can lead to the leaking of the user’s NTLM hash, which could be brute-forced to determine the user’s password. Adobe has also released a document discussing mitigations for this vulnerability, which includes enabling a feature in Windows 10 that would prevent this style of attack, by stopping NTLM SSO from being used by external resources.

 

Executive Summary

  • Microsoft released security updates for all supported versions of Windows.
  • Security updates are also available for Internet Explorer, Microsoft Edge, and other company products
  • Microsoft released Windows Server 2019 today.
  • The Windows 10 October 2018 Update is available again.
  • Microsoft promises to do better patch-wise.

 

Operating System Distribution

  • Windows 7: 13 vulnerabilities of which 2 are critical and 11 are important.
  • Windows 8.1: 16 vulnerabilities of which 2 are critical and 14 are important.
  • Windows 10 version 1607:  18 vulnerabilities of which 2 are critical and 16 are important
  • Windows 10 version 1703:  16 vulnerabilities of which 1 is critical and 15 are important
  • Windows 10 version 1709: 18 vulnerabilities of which 1 is critical and 17 are important
  • Windows 10 version 1803: 17 vulnerabilities of which 1 is critical and 16 are important
  • Windows 10 version 1809: 17 vulnerabilities of which 1 is critical and 16 are important

 

Windows Server products

  • Windows Server 2008 R2: 13 vulnerabilities of which 3 are critical and 10 are important.
  • Windows Server 2012 R2: 16 vulnerabilities of which 3 are critical and 13 are important.
  • Windows Server 2016: 19 vulnerabilities of which 3 are critical and 16 are important.
  • Windows Server 2019: 18 vulnerabilities of which 2 are critical and 16 are important.

 

Other Microsoft Products

  • Internet Explorer 11: 1 vulnerability, important
  • Microsoft Edge: 2 vulnerabilities, 2 critical

 

Known Issues

Windows 10 version 1809

  • Some Win32 programs cannot be set as the default file openers under Open With or Settings > Apps > Default Apps.

Windows 10 version 1803

  • Some Win32 programs cannot be set as the default file openers under Open With or Settings > Apps > Default Apps.
  • Instantiation of SqlConnection can throw exceptions.

Windows 10 version 1709

  • Instantiation of SqlConnection can throw exceptions.

Windows 10 version 1703

  • Instantiation of SqlConnection can throw exceptions.

Windows 10 version 1607 and Windows Server 2016

  • Installation and client activation of Windows Server 2019 and 1809 LTSC Key Management Service (KMS) (CSVLK) host keys do not work as expected.
  • Error “The replication operation encountered a database error” after installation of the update.
  • Instantiation of SqlConnection can throw exceptions.

Windows 7

Network Interface Controller may stop working. Microsoft’s solution is to update drivers.

 

Direct update downloads

All cumulative updates for supported versions of Windows are also provided as direct downloads from Microsoft’s Download Center site.

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4467107 — 2018-11 Security Monthly Quality Rollup for Windows 7
  • KB4467106 — 2018-11 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  •  KB4467697— 2018-11 Security Monthly Quality Rollup for Windows 8.1
  •  KB4467703 — 2018-11 Security Only Quality Update for Windows 8.1

Windows 10 and Windows Server 2016 (version 1607)

  •  KB4467691 — 2018-11 Cumulative Update for Windows 10 Version 1607

Windows 10 (version 1703)

  •  KB4467696 — 2018-11 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  •  KB4467686 — 2018-11 Cumulative Update for Windows 10 Version 1709

Windows 10 (version 1803)

  • KB4467702  — 2018-11 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

  •  KB4467708 — 2018-11 Cumulative Update for Windows 10 Version 1809
ProVal Technologies, Inc

ProVal Technologies, Inc

PrevPreviousMust Have Kaseya Integrations
NextTakeaways from IT Nation 2018Next

Categories

Labtech
  • Mac Agent Functionality Within ConnectWise Automate
  • ConnectWise RMM vs Automate: Should I be using CW RMM?
  • ConnectWise Automate on Linux – Best Practices
  • ConnectWise Automate Maintenance Mode Explained Best Practice
  • Uninstalling and Offboarding Automate Agents
  • How to Set Up Automate users to use ConnectWise SSO
  • Windows 10 Build Upgrades are Inevitable – Use Kaseya/ConnectWise Automate to Deploy
  • Best Practice Naming of Patching Groups
  • Automate 12 Patch 9 Now Available!
  • 5 Tips for using the Report Center
  • See All Labtech Posts
Business Continuity
  • See All Business Continuity Posts
Proactive Maintenance
  • See All Proactive Maintenance Posts
Kaseya
  • What Should I be Automating in Kaseya VSA 9.5?
  • Security Best Practices for Kaseya VSA
  • Kaseya VSA: Software Management vs. Patch Management
  • Software Management Enhancements
  • Two-Factor Authentication in Kaseya VSA
  • Windows 7 & Windows 10 Multiple Builds End of Life – Upgrade Using Kaseya or ConnectWise Automate
  • Kaseya Network Monitor: Benefits & Features
  • Kaseya Patch 9.5.0.22 and Future Updates
  • Kaseya’s New State-of-the-Art Contemporary User Interface
  • Kaseya Product Release – April ’19
  • See All Kaseya Posts
Datto
  • Creating & Implementing a Disaster Recovery Plan
  • Disaster Recovery – Minimizing Impact of Downtime
  • Updating a Datto Device
  • Datto Agent Communication Errors
  • Datto
  • See All Datto Posts
StorageCraft
  • See All StorageCraft Posts

Get in touch today for MSP NOC Services

Contact Us

ProVal Technologies, Inc

498 Palm Springs Drive, Ste. 130
Altamonte Springs, FL 32701
United States
Phone: 407-588-0101

Facebook Twitter Instagram Linkedin Youtube
SOC 2 Certified Logo
Form CTA

©2023 ProVal Technologies, Inc All Rights Reserved.

Privacy Policy – Disclaimer

Microsoft Security Updates: November 2018

Microsoft Patch notes

I truly view ProVal as a partner and extension of my team, not as one of my vendors

When our NOC Manager left last fall we wanted to replace the position with an outsourced NOC to reduce headcount, and bring in an expert to both Labtech and our backup solutions. Bringing in ProVal Technologies was one of the best decisions we made last year and has paid for itself.During our first few monthly recurring Labtech admin meetings the ProVal team discovered incorrect settings and policies that were not applying correctly in our Labtech server. Things that we thought were automated and working were not. For example, there were multiple scripts and policies running but set to do nothing such as disk cleanup scripts. Cisco Umbrella was not configured correctly. Server alerting was not set right and the list went on.The backup team sends daily and weekly reports and updates that reduce my technicians time that we used to spend on backup or antivirus tickets that took forever and were tedious.ProVal also brings in great insights to our business and really cares about our success. They will frequently mention to me in meetings what new scripts they can import to make us more efficient or will schedule upgrades to our backups, Labtech, etc so I don’t have to worry. I truly view ProVal as a partner and extension of my team not as one of my vendors.

Chris-Warnick-Headshot
Chris Warnick
Vision Computer Solutions
Northville, MI

They will quickly become an extension of your team and your ROI will reflect the results

We have been a long time user of Labtech and had tried for many years to manage the product internally with no real success at the level we needed to make our solutions more efficient for our customers. Once we hired Vikram and his team at ProVal, it solved all our pain points with the product and we really felt like we were leveraging the tool as it was designed. If this sounds like you and it’s keeping you up at night, then you need these guys. They will quickly become an extension of your team and your ROI will reflect the results.

Bryan-Wolff-Headshot
Bryan Wolff
CEO, Wolff Logics LT Managed & Admin Services
Cedar Park, Texas

They work well, fast and on budget

We met Vikram from ProVal Tech at Gary Pica’s Shnizzfest a year ago. Vikram explained the advantage of having trained, certified personnel take care of our recent Automate implementation. Even though we had taken an implementation package from ConnectWise to start up the program, we felt many custom configurations we needed for our business were lacking. We hired ProVal Tech after Automate was installed to help us with this task. From sales to technicians everyone was professional and knowledgeable. Onboarding was simple, and well documented. Tools on the web were supplied while we did the work, and they allowed us to track what was done, and see the improvements in the environment. It was easy to reach any of the team members, for any concern or question – all answered with courtesy and smile. Once the work was finished, we were given some training and explanations, add to that documentation, about the work and the scripts and features added to the program. We have been happily working with Automate since then. We can only recommend this efficient team of people for any work into Automate: they work well, fast and on budget.

Ben-Prevost-Headshot
Ben Prevost
FarWeb IT
Sherbrooke, Canada