Microsoft December Patch Tuesday Fixes 34 Security Issues (several products affected)

Discussion in 'Security News' started by LASER_oneXM, Dec 12, 2017.

  1. LASER_oneXM

    LASER_oneXM Level 18
    Content Creator

    Feb 4, 2016
    857
    4,448
    university/IT
    Germany / Poland
    Windows 8.1
    Kaspersky
     
  2. BoraMurdar

    BoraMurdar Super Moderator
    Staff Member

    Aug 30, 2012
    5,783
    22,502
    Doctor of medicine
    Serbia
    Windows 10
    Emsisoft
    If you're on Windows 10 version 1709, or the Fall Creators Update, PCs will receive KB4054517, or build 16299.125. You can manually download it here. Here's what's been fixed:
    • Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge.
    • Addresses issue where Windows Defender Device Guard and Application Control block some applications from running, even in Audit-Only Enforcement Mode.
    • Addresses issue to reset PLC bit on U0/U3 transitions.
    • Addresses issue with personalized Bluetooth devices that don't support bonding.
    • Addresses issue where the touch keyboard doesn’t support the standard layout for 88 languages.
    • Addresses issue where the touch keyboard for a third-party Input Method Editor (IME) has no IME ON/OFF key.
    • Addresses additional issues with updated time zone information.
    • Addresses issue where, when using System Center Virtual Machine Manager (VMM), the user can't copy or clone virtual machines (VM). The error message is "0x80070057- Invalid parameter". This issue affects the VMM UI and PowerShell scripts used for VM cloning and copying.
    • Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.
    As you can see, it's not the biggest list of changes this month, but the good news is that there are no known issues.
    According to the Windows 10 Update History, Windows phones on version 1709 should get build 15254.124, although the changelog isn't available. Presumably, it just has minor fixes.

    PCs and phones on version 1703, or the Creators Update, will see KB4053580, or 15063.786. You can manually grab it here, and here's what changed:
    • Updates Internet Explorer’s default visibility for the button that launches Microsoft Edge.
    • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
    • Addresses issue that caused Windows Pro devices on the Current Branch for Business (CBB) to upgrade unexpectedly.
    • Addresses issue where applications may stop responding for customers who have internet or web proxies enabled using PAC script configurations. This is a result of a reentrancy deadlock in WinHTTP.dll. This can result in the following:
      • Microsoft Outlook can't connect to Microsoft Office365.
      • Internet Explorer and Microsoft Edge can't render any content (including local computer content, local network content, or web content).
      • Cisco Jabber stops responding, which blocks messaging and telephony features.
    • Any application or service that relies on WinHTTP is affected.
    • Addresses additional issues with updated time zone information.
    • Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.
    Again, there are no known issues in KB4053580, or any of the other updates, for that matter.

    KB4053579, or build 14393.1944, is also available for PCs and phones, and that's for those on version 1607, or the Anniversary Update. You can manually grab it here. Here's what got fixed:
    • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
    • Addresses additional issues with updated time zone information.
    • Addresses issue where, after you install KB4041688, KB4052231, or KB4048953, the error "CDPUserSvc_XXXX has stopped working" appears. Additionally, this resolves the logging of Event ID 1000 in the Application event log. It notes that svchost.exe_CDPUserSvc_XXXX stopped working and the faulting module name is "cdp.dll".
    • Security updates to the Microsoft Scripting Engine and Microsoft Edge.
    For those on version 1511, KB4053578, or build 10586.1295, is PC-only. You can manually download it here, and here's what changed:
    • Addresses additional issues with updated time zone information.
    • Addresses issue that affected some Epson SIDM (Dot Matrix) and TM (POS) printers, which were failing to print on x86-based and x64-based systems. This issue affects KB4048952.
    • Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.
    Finally, those on the original version of Windows 10 will get KB4053581, or build 10240.17709, and that can be manually downloaded here. Here's what's new:
    • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
    • Addresses additional issues with updated time zone information.
    • Addresses issue that affected some Epson SIDM (Dot Matrix) and TM (POS) printers, which were failing to print on x86-based and x64-based systems. This issue affects KB4048956.
    • Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.
    Unlike with previous months, none of these updates contain a huge laundry list of features. Of course, this is also the first month in a long time where there are no known issues.
    Of course, you don't need to use any of the manual download links to get today's update. Users can head over to Settings -> Update & security -> Windows Update -> Check for updates, and your device will download the version that corresponds to the version that you're using.

    For those on Windows 8.1 or Windows Server 2012 R2, you'll get KB4054519, which is the December Monthly Rollup. You can manually download it here, and it contains the following fixes:
    • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
    • Addresses additional issues with updated time zone information.
    • Security updates to the Microsoft Scripting Engine and Windows Server.
    There's also a security-only build, KB4054522, which only contains the latter two fixes. You can download that here.

    For those that are on the original release of Windows Server 2012, you'll get KB4054520. You can manually grab it here. Here's what's been fixed:
    • Addresses additional issues with updated time zone information.
    • Security updates to the Microsoft Scripting Engine and Windows Server
    The security-only update, KB4054523, contains the exact same changelog, but you can grab that here.

    Finally, if you're still holding out on Windows 7 or Windows Server 2008 R2 SP1, you'll get KB4054518, which can be manually downloaded here. Here's what's fixed:
    • Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.
    • Addresses additional issues with updated time zone information.
    • Security updates to the Microsoft Scripting Engine and Windows Server.
    You might be noticing a pattern here, in which case you can probably guess that the security-only update, KB4054521, only contains the latter two changes. You can grab that here.
    None of today's updates contain any known issues.
     
  3. SecretKeeper

    SecretKeeper Level 3

    Dec 25, 2015
    103
    1,525
    England
    Windows 10
    Avast
    #3 SecretKeeper, Dec 12, 2017
    Last edited: Dec 12, 2017
    Downloading! Will let you know how it goes. Cheers for the heads up! (y)

    EDIT: Downloaded and Installed without any issues. :D
     
  4. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    Some of the updates failed.
    Emsisoft + HitmanPro.Alert.
    I am assuming it was HMPA, because it is notorious for blocking windows updates. So bye bye HMPA...
     
  5. Solarquest

    Solarquest Moderator
    Staff Member AV Tester

    Jul 22, 2014
    1,835
    14,606
    On my system, win 10 1709 64, with latest Emsi AM, HMPA 3.7.1 723 luckily all went fine.
     
    BoraMurdar, shmu26 and Der.Reisende like this.
  6. TheJokerz

    TheJokerz Level 4

    Jan 7, 2016
    184
    556
    Information Technology
    Ohio
    Windows 10
    Webroot
    Thanks for the great breakdown! I updated yesterday, and so far so good!
     
    BoraMurdar, shmu26 and Der.Reisende like this.
Loading...
Similar Threads Forum Date
Windows 10 Microsoft to Close Free Windows 10 Upgrade “Loophole” on December 31 Operating Systems Oct 30, 2017
Microsoft Microsoft to Close Free Windows 10 Upgrade “Loophole” on December 31 Technology News Oct 30, 2017
Microsoft Microsoft Releases December 2016 Windows Virtual Machines Operating Systems Dec 23, 2016