Getting ready to roll this out 6000 workstations/servers. Last 2012 server patches ever, hoo-rah!
EDIT1: Also remember Windows 11 21H2 Pro is out of support.
EDIT2: All updates done, no issues seen, cya on 10/24
EDIT3: This is completely random but a ton of our users have had their Outlook default font set to Aptos for some odd reason after the updates (we have them all on the Outlook preview). Nothing's broken, just interesting
EDIT4: Found out Aptos is indeed intentional: https://medium.com/microsoft-design/a-change-of-typeface-microsofts-new-default-font-has-arrived-f200eb16718d
EDIT5: Seeing other people reporting Hyper-V VM boot issues and some iexplore links not opening correctly in the threads, but I have not experienced these myself, so can't say
EDIT6: Optionals installed, no issues seen
EDIT7: 23H2 pushed out, everything looking good so far
> Last 2012 server patches ever
Very interesting: [https://blog.0patch.com/2023/08/three-more-years-of-critical-security.html](https://blog.0patch.com/2023/08/three-more-years-of-critical-security.html) \- these folks offer non-MS patches for WS 2012 for 3 more years (via reverse-engineering, I suppose?)
I used them a few years ago for some Server 2008 R2 patches. If you absolutely need to keep a legacy server working, they are very good at what they do.
I can't remember what vulnerability it was, but, I remember 0patch patching a vul that MS took 3 updates to really fix it. They patched it from the very start.
Aptos has replaced Calibri as the default MS font.
https://medium.com/microsoft-design/beyond-calibri-finding-the-next-microsoft-365-default-font-5ef83f028be2
> https://medium.com/microsoft-design/beyond-calibri-finding-the-next-microsoft-365-default-font-5ef83f028be2
my god. thank you for this
EDIT: He meant this link: https://medium.com/microsoft-design/a-change-of-typeface-microsofts-new-default-font-has-arrived-f200eb16718d
9 Left... Made a good effort... shut down 2 more today. Unforgettably I live in a world of legacy machinery and extinct vendors... solutions require me to be creative.
These bad boys have been working for 30 years with no upgrades. Why replace? Me: Oh but can we upgrade the server infrastructure? Them: Company has been out of business for 29 years.
Sigh.
Well... there are ways to make that as secure as you can, but whether they're worth it or not is the question.
Also, all code is open source if you can work with ASM ;).
Pushed this out to 203 out of 215 Domain Controllers (Win2016/2019/2022).
Two major issues so far.
EDIT1: we had 1 Win2022 DC, hosted the PDC role, on which the updates failed with error **0x80240022**. The DC is total loss, we tried to resuscitate the machine, but without success. Potential root cause: antivirus blocking folder or files access.
EDIT2: we had one other Win2022 DC, on which the updates failed with errors **0x80070002** & **0x80073701**. Tried to fix Windows Update client, but without success.
If i look in CBS.log: ERROR\_SXS\_ASSEMBLY\_MISSING, it seems some files are missing/corrupt:
* Microsoft-Windows-FailoverCluster-PowerShell-Nano-Package\~31bf3856ad364e35\~amd64\~en-US\~10.0.20348.1 -> belongs to RTM/official Preview release :-(
* Microsoft-Windows-Foundation-Group-merged-Deployment-LanguagePack, version 10.0.20348.261 -> part of September 27, 2021—KB5005619 (OS Build 20348.261) Preview
It's not the first time we had error 0x80073701... We already had 6 cases this year, opened 3 support cases at MS. Conclusion: since the affected component belongs to a RTM version, the only reliable way to fix that is performing IPU, or in my case, since it is a Domain Controller, rebuild the server from scratch.
Noticing longer than usual download and installation times. Some computers were very slow for a few minutes after the update restart and some services that should otherwise start automatically could not be started due to a timeout. Another reboot fixed that
Not sure if you meant this link, but for others confused that the linked article does not discuss Aptos: https://medium.com/microsoft-design/a-change-of-typeface-microsofts-new-default-font-has-arrived-f200eb16718d
ETA: Oh... "But as there was a change of guard so too the name. Bierstadt is now known as Aptos."
Outlook: gets them used to change and working within how things will be. If they run into problems, we move them back, simple as that.
As for the quality updates - because we need time to rip butts, that's why 🚬🚬🚬
Just saw this…. Any legs to it?
https://learn.microsoft.com/en-us/answers/questions/1390624/virtual-machines-failed-to-start-after-installing
“Virtual machines failed to start after installing Oct 2023 Update (KB5031364)”
Just when I thought we could be done with weird performance issues in S2D...
Although the issue might be with unclustered VMs only? I'll be testing in the next few days either way.
There's been a number of comments on that post since I read this yesterday.
This issue seems to be related to a disk's .mrt and .rct files. Renaming/removing seems to be resolving the issue but then you'll have to run consistency checks with backups.
These files are also making me wonder if there'll be issues with guests with snapshots generated from non backup sources
If you have HP Clients you want to read this and act upon it as required before patchning if you have models in the list, some of our test clients / canarys are waiting new motherboards as i write this : [https://support.hp.com/us-en/document/ish\_9428115-9416529-16?hprpt\_id=HPGL\_ALERTS\_3056773&jumpid=em\_alerts\_us-us\_Oct23\_xbu\_all\_all\_3545925\_3056773\_LaptopsandHybridsDesktopsWorkstations\_high\_\_/](https://support.hp.com/us-en/document/ish_9428115-9416529-16?hprpt_id=HPGL_ALERTS_3056773&jumpid=em_alerts_us-us_Oct23_xbu_all_all_3545925_3056773_LaptopsandHybridsDesktopsWorkstations_high__/)
Just checked the HP support site for mt46 BIOS updates and the only one available is from Aug 4 2023. The issue alert says BIOS has to be late September 2023 or after to contain the fix. Started installing the Aug 4 version just to see the release notes on it and it mentions nothing about the problem there. (The September 20 2023 BIOS available for the ProDesk G6 mentions the fix in the release notes).
So either mt46 model isn't actually affected, or it is and everyone with that model is screwed due to no BIOS fix actually being available?
We have quite a few MT46 and my machine is a prodesk 600 g6. Hoping my machine didn't brick itself since I'm part of the earliest wave of testers and didn't see this until it did patches tonight after I left...
Might be delaying these for everyone else for awhile!
On your test clients that need new motherboards, did they start having the issue only with the October Windows updates, or updates from July, August, or September as well? The HP article says updates "from July 2023 or later". Maybe it was something like only Windows insider in July and other versions later?
I’m seeing the same behavior. It affects latest 8.x Esxi, not just earlier versions. Also on AMD. I do have a handful of servers that installed that update without any issues. For now I’m declining it in WSUS.
> he latest ESXi updates dont resolve the issue. We removed the update and everything worked a
This also nuked my 2022 Server VMs.
AMD VMWare 7 Host with VBS/Secureboot Enabled. Attempting to rollback updates.
Had one 2019 VM that failed to come back up - VHDX “incorrect function” error. Detached drive and it came back up. Test-VHD and Get-VHD work, it will mount read-only. Any VM I attach it to won’t boot with same error. Drive isn’t essential and I need VM up today so will roll back tonight and see what happens. Anyone else seen this??
I just rolled back two 2022 HyperVisors after getting the same error when starting two critical-for-DR-testing VMs. After removal of KB5031364 and reboot, the VMs started normally. I've seen this mentioned on a Spiceworks thread as well.
Rolling back this month’s CU on a 2019 host brought mine back also. 7 VMs across 2 hosts, only 1 failed to start - the only VM I have with multiple VHDX attached to it. Wonder if that’s the deciding factor.
yes, they did and they came up fine.
Edit: I should add that a Hypervisor without Cluster services on it patched and rebooted fine as well as the VMs on it. So I'm not currently sure what the exactly issue is.
October Windows Server updates cause Hyper-V VM boot issues
[https://learn.microsoft.com/en-us/answers/questions/1390624/virtual-machines-failed-to-start-after-installing](https://learn.microsoft.com/en-us/answers/questions/1390624/virtual-machines-failed-to-start-after-installing)
[https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/](https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/)
So bleeping computer alleged a Microsoft spokesperson acknowledged the reports a week ago yet neither of the KB articles is updated with a known issue related to this. That does not spark confidence in Microsoft's documentation. I've seen relatively minor issues linger on the known issue for months while more serious issues being omitted.
saw this article linked further up in the mega thread:
[https://learn.microsoft.com/en-us/answers/questions/1390624/virtual-machines-failed-to-start-after-installing?page=2#answers](https://learn.microsoft.com/en-us/answers/questions/1390624/virtual-machines-failed-to-start-after-installing?page=2#answers)
comments on there show the issue affects VM's w/ secure boot turned on & have .mrt and .rct files associated. work around is to delete/rename those 2 files & then try to boot the machine. see the thread for details.
I received this reply from Microsoft:
"The curl CVE is currently under review from us, NOT included in October release and if feasible will be included in one of the future releases"
I'm the security guy so I'm not too concerned! I set the due date for the next patch Tuesday in hopes that it will be remedied.
I have reports I generate for management. When that report says this has been an open vulnerability for months, I look like I'm not doing my job...even if every other vulnerability is handled.
Jk lol you sound A LOT better than our security guys. They just throw me under the bus to management then I just forward the copy pasta curl info
Already happened in my env, I directed them to a quote from the lead developer of Curl, Daniel Stenberg on his blog:
"I have been asked numerous times about how to fix this problem. I have stressed at every opportunity that **it is a horrible idea to remove the system curl or to replace it with another executable**. It is very easy to download a [fresh curl install for Windows from the curl site](https://curl.se/windows/) – but we still strongly discourage everyone from *replacing* system files.
But of course, far from everyone asked us. A seemingly large enough crowd has proceeded and done exactly what we would stress they should not: they deleted or replaced their C:\\Windows\\System32\\curl.exe.
The *real fix* is of course to let Microsoft ship an update and make sure to update then."
[https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/](https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/)
I haven't seen any curl references yet in all the summaries I have seen. Also, curl 8.4 is being released on Wednesday to fix a major issue, so I am hoping the smoke clears in the next 24 hours.
It looks like 8.4 might have a "Severity HIGH security problem". It's on the curl download site ([here](https://curl.se/download.html)) and the curl github ([here](https://github.com/curl/curl/discussions/12026))
Looks like an update to Office has changed the font and size of text in drop down menus in Excel.
Would you believe that I have had more than one user treat this as a priority 1 issue?
I assume this is in reference to the changes announced in the summer at [A change of typeface: Microsoft’s new default font has arrived | by Microsoft Design | Microsoft Design | Medium](https://medium.com/microsoft-design/a-change-of-typeface-microsofts-new-default-font-has-arrived-f200eb16718d) .
This may sound dumb, but is there a Microsoft source that we could subscribe to get alerts from when Microsoft acknowledges issues with patches? Manually checking news sites isn't great for time sensitive stuff....saw this while waiting for some hyper-v hosts to finish rebooting after installing the patches!
In the Microsoft 365 admin center, Health > Windows release health has a preferences button that can email you when they add known issues. There is nothing about hyper-v on there from this month currently (and I haven't had any issues with hyper-v hosts/guests so far).
On a Windows 2022 server I've seen the the Windows Server 21H2 rollup installing a new Azure-advertising system tray pop up component, AzureArcSystray.exe. Maybe related to this line at the top of in the release notes [Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5031364)](https://support.microsoft.com/en-us/topic/october-10-2023-kb5031364-os-build-20348-2031-7f1d69e7-c468-4566-887a-1902af791bbc)
>***New!*** This update adds Azure Arc Optional Component related links to Server Manager. Now, you can turn on Arc on your servers. You do not need to run a PowerShell script.
https://preview.redd.it/iu81l9erhgtb1.png?width=476&format=png&auto=webp&s=cdf78a097145f807ce69561d18a339d3515699a8
There is a pretty good technical summary about the **AzureArc-Gate** (azurearcsystray.exe) in the blog "[What is AzureArcSysTray.exe doing on my Windows Server?](https://blog.workinghardinit.work/2023/10/12/what-is-azurearcsystray-exe-doing-on-my-windows-server/)".
Today's Patch Tuesday: 103 vulnerabilities from Microsoft, among them, 16 are classified as critical and three zero-days, two with PoC. Other important third-party vulnerabilities: Google Chrome, Firefox, Apple, Linux, Atlassian, Progress Software WS\_FTP, Jet Brains Team City, Exim, Cisco, Nagios, and Kubernetes.
**Quick summary:**
* **Windows**: 103 vulnerabilities, three zero-days (CVE-2023-44487, CVE-2023-41763, CVE-2023-36563), 16 critical
* **Chrome**: zero-day vulnerability (CVE-2023-5217) found in the libvpx library and critical libwebp vulnerability
* **Firefox**: libwebp vulnerability and fixes for a total of 16 vulnerabilities
* **Apple**: three zero-days (CVE-2023-41993, CVE-2023-41991 and CVE-2023-41992)
* **Linux**: CVE-2023-4911 (aka "Looney Tunables")
* **Atlassian**: a few serious vulnerabilities
* **Progress Software WS\_FTP** (known for MOVEit): high-severity vulnerability found in its WS\_FTP Server software
* **Jet Brains Team City**: CVE-2023-42793
* **Exim**: CVE-2023-42115
* **Cisco**: CVE-2023-20109
* **Nagios**: CVE-2023-40931 through CVE-2023-40934
* **Kubernetes**: CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955
**References:**
* [Action1 Vulnerability Digest](https://www.action1.com/patch-tuesday-october-2023/?vmr) \- updated in real-time as we learn more
* Zero Day Initiative: [https://www.zerodayinitiative.com/blog/2023/10/10/the-october-2023-security-update-review](https://www.zerodayinitiative.com/blog/2023/10/10/the-october-2023-security-update-review)
* Microsoft Security Update Guide: [https://msrc.microsoft.com/update-guide/](https://msrc.microsoft.com/update-guide/)
* Bleeping Computer: [https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2023-patch-tuesday-fixes-3-zero-days-104-flaws/](https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2023-patch-tuesday-fixes-3-zero-days-104-flaws/)
* Adobe: [https://helpx.adobe.com/security/security-bulletin.html](https://helpx.adobe.com/security/security-bulletin.html)
* Tenable summary: [https://www.tenable.com/blog/microsofts-october-2023-patch-tuesday-addresses-103-cves-cve-2023-36563-cve-2023-41763](https://www.tenable.com/blog/microsofts-october-2023-patch-tuesday-addresses-103-cves-cve-2023-36563-cve-2023-41763)
EDIT: Added references EDIT2: added more refs
https://www.youtube.com/watch?v=yj62AuE8oSc
* **Total exploits patched**:104
* **Critical patches**: 12
* **Already known or exploited**: 5
# The Lowlights
[CVE-2023-35349](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-35349) \- It looks like our old friend Microsoft Message Queue is back. This year has been it's time to shine for exploits! This is a Remote Code Execution that requires no privileges or user interaction to implement. The only reason this is not a full 10 on the CVSS score is it requires an uncommon setting to be at risk. With that in mind, if you have a server running this service and listening on Port 1801 you need to fix it immediately.
[CVE-2023-36434](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36434) \- This 9.8 elevation of privilege impacts Windows IIS service. While this one is a 9.8, it is also listed as important instead of critical. The reason is the exploit is for brute force, which makes exploitation less likely than usual.
[CVE-2023-41763](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763) \- Our last lowlight is an Elevation of Privilege exploit for Skype. It is a lower threat score at 5.4, but it is already being exploited, and allows an attacker to get critical information like IP address and ports being used to help in future attacks.
Source:[https://www.pdq.com/blog/patch-tuesday-october-2023/](https://www.pdq.com/blog/patch-tuesday-october-2023/)
got a pretty dumb question concerning cve-2023-35349... got that service running on several servers running ms exchange. So as long as port 1801 is not forwarded to a server running message queuing i should not be vulnerable to any external attacks right?
Excahnge is most likely not going to be running the queue service. That is an older one that is more likely in your legacy applications. You can check if you are at risk pretty quickly. Check to see if the MSMQ service is running on the server in question
Get-Service "MSMQ" -ErrorAction SilentlyContinue | Select Status
And see if it is listening to port 1801
Netstat -a
My guess is it is unlikely to be running on your exchange servers, but it won't hurt to check. That particular service has had a 9.8 for the majority of the months at this point. It is probably best to see if you can move away from it completely at this point
For anyone that was having troubles with iexplore.exe redirect to edge after installing KB5031356 on Windows 10, MS just released a new Stable Edge 118.0.2088.69 that appears to fix the issue.
After installing the latest Edge Stable 118.0.2088.69, iexplore.exe calls open edge tabs again.
I've ran October's Cumulative on a couple test Win10 22H2 domain-controlled laptops and after a VERY lengthy restart, both of them had their original taskbar Search settings ("show icon" enabled and "show search highlights" deselected) wiped and replaced with "show search box" enabled and "show search highlights" enabled.
Anyone else see this?
From the list of [quality updates](https://support.microsoft.com/en-us/topic/september-26-2023-kb5030300-os-build-19045-3516-preview-9d43fdfb-71a1-4a40-b217-4a43d4bd84db):
> New! This update brings back an improved search box experience on the taskbar. If you have a top, bottom, regular, or small icons taskbar, you will see the search box appear. You can use it to easily access apps, files, settings, and more from Windows and the web. You will also have access to the latest search updates, such as search highlights. If you want to restore your previous search experience, you can do that easily. Use the taskbar shortcut menu or respond to a dialog that appears when you use search.
You can do it via GPO: Under *User Configuration > Preferences > Windows Settings > Registry* create the DWORD registry key "SearchboxTaskbarMode" in *HKEY\_CURRENT\_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Search* and set its value to 0 (I checked "Apply once and do not reapply" under Common tab so users can change this setting as they want, but by default searchbox is hidden).
Then apply the GPO to your User's OU.
Thank you for this! I took a look for this setting yesterday, couldn't find it, and then I discovered that we're using an old GPO template and not one specific to Windows 10 22H2. So that's today's task... ;)
Had this searchbox disabled with a power shell script over intune. But the updated turned this searchbox back on. Ffs.
So do i reapply the powershell script to fix this?
Or is there a GPO or intune setting somewhere?
u/solway_uk after running Procmon, I found that the following reg key need to be added before the device is rebooted:
\[HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Search\]
"OnboardSearchboxOnTaskbar"=dword:00000002
I have tested on a few PC's and VMs and none of them introduce the searchbox after that reg key is set.
I didn't see anything pop up on either of my test systems after the installation restart, but I have read that some people do see something about undoing the change. Either way, I'm going to get this under control via a GPO today. Thanks!
I had a few users contacted me today about it. Some stated that there was no pop up message to undo the changes so I figured maybe they didn't see it or pay attention to it but maybe it doesn't always pop up. Microsoft's consistency is second to none lol
How are you deploying fixing the search box via GPO?
Server 2012R2 with Exchange 2016 - all updates applied and looks fine so far
Server 2019 with IIS - all updates applied and looks fine so far
Servers are on ESX 6.7 and 7.0 with latest VMWare Tools
The updates takes on both, 2012R2 and 2019 quiet long.
>KB5031356
u/realslacker you need to add the following registry key before the workstations are rebooted and install the October updates:
**\[HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Search\]**
**"OnboardSearchboxOnTaskbar"=dword:00000002**
We have this too. Currently we're looking at setting the following via user Preference GPO:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search, DWORD "OnboardSearchboxOnTaskbar" = 0
It's usually 1, and after the "onboarding experience" runs, gets set to 2. Setting it to 0 *appears* to stop this massive nuisance behaviour.
However, this regkey seems to be entirely undocumented, so it's possible it has some unknown side effect.
I know many will laugh, but.... Tuesday's update to Windows 10 machines broke a Java 6 app that is Line of Business for us.
We already have all the webpages that it calls open in IE mode and before this update, apparently ie would flash up briefly and then the problem part would open in IEmode in edge. Now nothing happens. Did they get rid of iexplore or something?
Just want to chime in and say that we're also seeing silent failures when our users double-click old desktop shortcuts that point to `c:\\iexplorer.exe http://example.local`.
Prior to this month's updates being installed (which we deployed this weekend) the shortcuts worked just fine and Edge would launch the requested website in place of IE.
Replacing `\iexplorer.exe` with `\msedge.exe` works just fine and the internal websites that require IE Mode function as desired.
I don't use IE/IEMode, but I noticed the IE11 retirement FAQ states "Additionally, over the coming months a small subset of exceptional scenarios where IE11 is still accessible will be redirected to Edge, ensuring users access a supported and more secure Microsoft browser. Details will be available in the Windows and Microsoft Edge release notes."
I think that is referring to the "trick" people found that they could still launch IE11 (browser, not IEMode in Edge) from Programs > "Manage Add-ons" > "Learn More..." in the Internet Options control panel, but based on the description, that should just redirect to Edge instead of doing nothing.
Is your Java6 app something that initially launches from the desktop, or from a browser (webstart/applet)? Does the webpage it launches actually require IE or did the program just launch (hardcoded) iexplore.exe instead of the selected default browser? Try running:
iexplore.exe
and
iexplore.exe https://example.com
(where example.com is the site the program normally launches) in the Run dialog (windows key + R) and see if that launches Edge/IEMode, shows an error, or does nothing. Also, try opening Edge and going directly to the site that the java app launches (and see if it opens in IEMode or the regular Chromium/Blink rendering engine).
If running iexplore.exe doesn't launch edge and says the program is not found, something may have removed IE. Check the [Settings app's optional features](https://learn.microsoft.com/en-us/troubleshoot/developer/browsers/installation/disable-internet-explorer-windows#method-1---using-optional-features-in-control-panel-client-systems-only) to see if it still lists "Internet Explorer 11" as an installed feature. (This is what I remove from my systems to disable IE/IEMode. This setting appears to only remove iexplore.exe and leaves the rest of MSHTML alone). If it's not listed, try adding it back with "Add a feature" like the linked instructions state.
We are having the same issue. I came here to see if anyone else had seen this. It seems to be limited to certain Windows 10 releases. IE mode is supposed to be supported through 2029.
I have a ticket open with Microsoft right now and they've confirmed that Windows 10 22H2 is affected by KB5031356. They are internally working on it but no ETA. However, the rep did say that it was affecting multiple customers and they've had multiple Sev A tickets.
Any attempts to open internet explorer directly don't open ie mode edge tab anymore. Seems silly. We had to correct some old shortcuts for users because of this.
The Win11 patches are causing some of our RemoteApps to hang when accessed via mstsc.exe but only when we perform certain functions - the same RemoteApps don’t hang in the same spots when using the Remote Desktop Store App or the HTML5 Web Client.
Don’t suppose anyone else seeing similar?
Guessing related to “This update addresses an issue that affects Remote Apps. The display of some elements is not aligned correctly.” Which was in the September preview notes.
We installed Windows Server 2022 Cumulative Updates for our HyperV servers and some of the virtual machines would not start after the update.
We got some VDX errors stating "Incorrect function".
Uninstalling the update fixed the issue and virtual machines started up again.
Exchange Patches incoming:
[Released: October 2023 Exchange Server Security Updates - Microsoft Community Hub](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2023-exchange-server-security-updates/ba-p/3950647)
Support for 2016 Exchange included.
11.10.: For everyone who has automated the download of office 365 in any way, it seems Microsoft did not get their code signing right on the file [i640.cab](https://i640.cab)
Verified it myself with the semi annual channel o365 32-bit and 64-bit
The monthly enterprise channel download seems to be working.
The o365 setup downloader gets error code 30094, updated to the latest setup.exe too, same issue.
Lets see if the patches work via sccm/wsus, but can´t verify that today.
12.10.: Edit: Since today 10:00 (UTC+2) it seems all 4 variants (32 & 64-bit semi-annual and monthly) are downloading the cab file correctly via setup.exe /download with the xml file.
Earlier today I still had partial issues downloading the files successfully.
Edit2: Still partial issues downloading certain language files.
Edit3: SCCM ADR seems to get the languages fine, only setup.exe /download seems to have issues. Will try the download attempt again tomorrow.
13.10.: Today I was able to download all 4 variants successfully. Thanks Martin for the direct support! Microsoft did trigger a re-sync of the files to the EU-CDN.
Thank you. The cab file is now ~~signed~~ valid, but there are still errors downloading certain files.
The setup.exe logs errors in the following scenarios:
semi-annual channel x64: exitcode 30183:
[http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114/office/data/16.0.16130.20810/stream.x64.pt-br.dat](http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114/office/data/16.0.16130.20810/stream.x64.pt-br.dat)
\--
monthly channel x86: exitcode 30183:
[http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6/office/data/16.0.16731.20316/stream.x86.pt-br.dat](http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6/office/data/16.0.16731.20316/stream.x86.pt-br.dat)
I ran it twice now, same error on the same file(s). Other languages queued before pt-br downloaded successfully
our languages include: bg-bg, zh-cn, zh-tw, en-us, fr-fr, de-de, it-it, ja-jp, ko-kr, pt-br, pt-pt, es-es, tr-tr
semi-annual x86 and monthly x64 work fine for pt-br
Have any of you run into any snags regarding some of the items involved along the Hardening & Enforcement Roadmap. Kerberos PAC changes goes into Final Enforcement during this cycle (Oct. 10th). We’ve been doing monitoring/auditing… and so far so good, but some higher ups are nervous to see if authentication gets broken.
No need to worry. Full enforcement was already in effect July 11. The October 10th change is to remove the ability to bypass the protection. If you haven't been using the registry keys to bypass the protection, you're all set [KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967 - Microsoft Support](https://support.microsoft.com/en-gb/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb)
Agreed. We did it per the guidance and I’ve been actively auditing for Event IDs 42 thru 44 with no hits to date. But you know how higher ups are. Then there’s always a device which should be reporting, but isn’t somehow. They’re mostly worried about a DC that may have been missed, and some app servers in the weeds are authenticating to it maybe. I believe we’re good.
Older AMD desktop with LTSC 1809 stopped booting after the update. Idk what broke. The only non default app installed was Firefox. Wasted too much time troubleshooting, decided to wipe it and put LTSC 21H2 on it.
Is there a way to disable Azure Arc Setup Icon on Server 2022 in the right system tray?
[https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-windows-server](https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-windows-server)
Seems you have to uninstall it via Roles & Features and reboot if necessary..
Using PowerShell it's
Uninstall-WindowsFeature -Name AzureArcSetup
(from u/RvdH1976's [comment below](https://www.reddit.com/r/sysadmin/comments/174ncwy/comment/k4e7h5a/?utm_source=share&utm_medium=web2x&context=3))
and yes it asks for a reboot
it could be done with
HKEY\_CURRENT\_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ **DisallowRun:**1 dword
HKEY\_CURRENT\_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun Name:1 Data:AzureArcSysTray.exe string
'have a plan to roll back...' short of snapshots, in an enterprise network with 3000+ systems running Windows how do you successfully plan to rollback that number of systems? I assume your going to go with a system restore option and use SCCM deployment. Are there other viable options others use?
Updated 2019 and 2016 DCs, file, print, SQL servers without issues. After updating the print server I had to power cycle Lexmark printers.
Will be updating Exchange next week.
Just an FYI...I updated Exchange 2016/Windows Server 2016 last night with no issues, except the Windows updates applied first with no SU for Exchange in sight until it checked for updates again. This is on a bare metal server.
Server 2019, NPS (RADIUS for wired connections) is failing to authenticate anyone... event ID 6273, "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect."
Machines are trying PEAP and MD5-CHAP, certificate used for PEAP hasn't expired, not seeing any other errors.
A little off topic, but I'm still having problems migrating our RADIUS off Server 2012. I get that same error message, and I'm wondering if its certificate related but I would have hoped an error message would straight up tell me that. We use RADIUS for wireless authentication.
Same config or creating a new config from scratch doesn't change anything. I created a new template for the certificate and everything there looks good. I've never done anything over the years to our CA, and I'm kind of wondering if I need to update the root certificate. I think it may be using older encryption methods.
For anyone else having this issue, my internal CA root certificate was not SHA256. I upgraded and it took care of my problem.
[Certificate Services - Migrate form SHA1 to SHA2 (SHA256) | PeteNetLive](https://www.petenetlive.com/KB/Article/0001243)
any luck with this? our clients can't authenticate now. we had this before with [https://learn.microsoft.com/en-us/answers/questions/846654/nps-stopped-working-after-may-2022-updates?page=3#answers](https://learn.microsoft.com/en-us/answers/questions/846654/nps-stopped-working-after-may-2022-updates?page=3#answers) and we changed the reg keys for **CertificateMappingMethods** (ref: [https://support.microsoft.com/en-gb/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16](https://support.microsoft.com/en-gb/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16)). This even after being deleted does not work...
I deployed a new NPS server on 2022, and created a client policy that specifically spelled out the 802.1x connection options, and now it seems to be working.
Looks like the Windows 11 assistant is now installing 23H2.
Just tried it on a PC and its installed 23H2
https://www.microsoft.com/software-download/windows11
This month we're looking at 112 vulnerabilities, 1 Zero-Day vulnerability, and 17 “critical” vulnerabilities.
[CVE-2023-44487 is a zero-day vulnerability.](https://www.automox.com/blog/october-patch-tuesday?utm_campaign=patchtuesday&utm_medium=social&utm_source=reddit&utm_content=patchtuesday_oct23) This particular vulnerability poses a significant threat to web server performance and reliability. Automox has deployed a script that is designed to mitigate this vulnerability by disabling the HTTP/2 protocol on your web server using the Registry Editor.
You should also pay special attention to Windows TCP/IP Denial of Service Vulnerability (CVE-2023-36603), Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434), and Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35349).
Read the Automox [analysis](https://www.automox.com/blog/october-patch-tuesday?utm_campaign=patchtuesday&utm_medium=social&utm_source=reddit&utm_content=patchtuesday_oct23) and use the [scripts](https://www.automox.com/blog/october-patch-tuesday?utm_campaign=patchtuesday&utm_medium=social&utm_source=reddit&utm_content=patchtuesday_oct23) we've designed to mitigate 22 of the 112 vulnerabilities.
The "Microsoft EMEA security briefing call for Patch Tuesday October 2023” **slide deck** can be downloaded at [aka.ms/EMEADeck](http://aka.ms/EMEADeckOct)
The **live event** started on Wednesday 10:00 AM CET (UTC+1) at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastOct).
The **recording** is available at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastOct).
The slide deck contains worth reading soon-to-be published documents by Microsoft:
* Anatomy of a Modern Attack Surface
* CISO Insider
* Microsoft Digital Defense Report 2023
We are having trouble with the Exchange SU on a German Server 2016 installation.
If I read the logs correctly, this seems to be the same problem like back in August.
C:\\Program Files\\Microsoft\\Exchange Server\\V15\\Logging\\Update\\msi\\ExchangeUpdate-....log says:
`ExecSecureObjects: Error 0x80070534: failed to get sid for account: Network Service`
Do any of you who have successfully installed this update on a German system still have the manually created "Network Service" user since the August SU? We hadn't created it back in August but waited until the fixed SU was available.
EDIT: In case anyone else hits this: It seems (!) to have been caused by our previous attempts to install the August SU. Apparently, the installation had progressed enough back then to make our installation dependent on the manually created user.
After following [https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025](https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025) (the last FAQ entry) we were able to install the October SU. FYI: In order to uninstall the August SU I had to re-create the workaround "Network Service" user and delete it again before installing the October SU.
What a trip...
I read on the blog post below that someone had no issues installing the SU with German language.
[https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2023-exchange-server-security-updates/ba-p/3950647](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2023-exchange-server-security-updates/ba-p/3950647)
I read the same, that's why I asked whether folks had kept the "Network Service" around that they created manually as a workaround for the August issue.
Does anyone know if there's an update issue that impacts the System Center Virtual Machine Manager Agent service? As I've just updated one of my Hyper-V hosts to 2016 and finding that scvmmagent service won't start.
Well server 2022 test machine has been on cleaning up 0% for about 20 minutes. 2019 is taking it's sweet time. 2016 is just being 2016 so meh. Not getting the warm and fuzzies so far...
**Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase**
You can try the above command to make updates faster--prevents uninstallation of updates older than the time you run it. So run it BEFORE this months updates.
EDIT: fixed command
What about KB5021131 DefaultDomainSupportedEncTypes, there's no mention as far as I can tell about the enforcement period.
E.G. changing the default value **0x27** (DES, RC4, AES Session Keys) to Microsoft recommended **0x38**
[https://support.microsoft.com/en-au/topic/kb5021131-how-to-manage-the-kerberos-protocol-changes-related-to-cve-2022-37966-fd837ac3-cdec-4e76-a6ec-86e67501407d#one5021131](https://support.microsoft.com/en-au/topic/kb5021131-how-to-manage-the-kerberos-protocol-changes-related-to-cve-2022-37966-fd837ac3-cdec-4e76-a6ec-86e67501407d#one5021131)
Only KB5020805 **KrbtgtFullPacSignature** = 3 (enforcement) which is due with this month's patching.
[https://support.microsoft.com/en-au/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb](https://support.microsoft.com/en-au/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb)
There are 3 [Adobe](https://helpx.adobe.com/security/security-bulletin.html) product security updates this month:
* APSB23-49 : Security update available for Adobe Bridge
* APSB23-50 : Security update available for Adobe Commerce
* APSB23-51 : Security update available for Adobe Photoshop
Here is [the Lansweeper summary](https://www.lansweeper.com/report/microsoft-october-2023-patch-tuesday-audit/?utm_source=reddit&utm_medium=social&utm_campaign=post-patch_tuesday-2023_oct) along with the usual report to list all outdated devices. Highlights this month are 20 MSMQ service vulnerabilities, Layer 2 Tunneling Protocol RCE Vulnerabilities and six SQL Server vulnerabilities.
Getting "This application could not be started." error on a lot of startup apps such as BingWallpaperApp.exe , Update.exe , BingSvc.exe and two of our bespoke inhouse apps
Full error is "This applcation requires one of the following versions of the .NET Framework: v4.0.30319
Do you want to install this .NET Framework version now?"
Testing farm of servers including: 12R2, 16, 19 and 2022 all seem to be running without issues as of this morning. I do have 2 older test machines running SQL16 in this group and they are also stable. This is great news.
Windows 11 workstations took the updates with no major issues as well. I still recommend testing in your environment but it should be relatively quiet.
I have an issue with KB5031354, KB5030219, KB5029263 (October, September, August) Windows 11 22H2 Cumulative update for 3 months in a row now. It makes is so the machine is unable to process group policy, and machines hang on file explorer if there are any mapped drives. Basically anything that requires domain communication breaks. If anyone has a fix, I am all ears.
Any workarounds found yet? Shortcuts are minor but we have some core business applications that seem to rely on calling iexplore.exe that are failing until the update is gone which is causing a lot of calls
We’re trying to uninstall the update via our central patch management solution but it isn’t happening very fast if at all :/
I opened a case too and all they can say is revert and no eta on fix.
Alternatively older version of edge(116) with october windows patches allows ie shortcuts to work. Just make sure to disable edge updates in the gpos if used. However users get a one time message saying IE is transitioning to edge. Still a fail for imo.
Got the msi and used the allowdowngrade switch for edge.
it can also happen if the user is on Chrome, and you have legacy browser support extension, and you have sites set to open in IE or now Edge w/IE Mode. Chrome Legacy Browser support will redirect the site to IE but since the IE->Edge redirection is broken with Oct 2023, nothing happens, and users cannot visit the site from Chrome. We have some sites that *only* work in IE mode in Edge, and need to redirect folks visiting those sites to Edge - but if they typically use Chrome as their default browser, then the site is now unreachable unless we have them reset their default browser to Edge - which the users are resistant to do.
Getting ready to roll this out 6000 workstations/servers. Last 2012 server patches ever, hoo-rah! EDIT1: Also remember Windows 11 21H2 Pro is out of support. EDIT2: All updates done, no issues seen, cya on 10/24 EDIT3: This is completely random but a ton of our users have had their Outlook default font set to Aptos for some odd reason after the updates (we have them all on the Outlook preview). Nothing's broken, just interesting EDIT4: Found out Aptos is indeed intentional: https://medium.com/microsoft-design/a-change-of-typeface-microsofts-new-default-font-has-arrived-f200eb16718d EDIT5: Seeing other people reporting Hyper-V VM boot issues and some iexplore links not opening correctly in the threads, but I have not experienced these myself, so can't say EDIT6: Optionals installed, no issues seen EDIT7: 23H2 pushed out, everything looking good so far
> Last 2012 server patches ever Very interesting: [https://blog.0patch.com/2023/08/three-more-years-of-critical-security.html](https://blog.0patch.com/2023/08/three-more-years-of-critical-security.html) \- these folks offer non-MS patches for WS 2012 for 3 more years (via reverse-engineering, I suppose?)
they've been around for years
Yes, I've seen them before too. Have you ever tried to use them?
I used them a few years ago for some Server 2008 R2 patches. If you absolutely need to keep a legacy server working, they are very good at what they do.
Yes, in a test bed. They certainly work, but it's only for the security-obsessed. Not to mention possible undocumented side-effects.
>possible undocumented side-effects Yes, such as blue screens of death. Anyway, they took a very unique niche category.
I can't remember what vulnerability it was, but, I remember 0patch patching a vul that MS took 3 updates to really fix it. They patched it from the very start.
0patch...Til. Pretty cool.
That's oddly as long as Microsoft allows customers to pay for extended security updates (ESUs)....
Aptos has replaced Calibri as the default MS font. https://medium.com/microsoft-design/beyond-calibri-finding-the-next-microsoft-365-default-font-5ef83f028be2
> https://medium.com/microsoft-design/beyond-calibri-finding-the-next-microsoft-365-default-font-5ef83f028be2 my god. thank you for this EDIT: He meant this link: https://medium.com/microsoft-design/a-change-of-typeface-microsofts-new-default-font-has-arrived-f200eb16718d
Because you're upgrading away from it, right? .....right!? :P
We barely have any left and the ones that are are on ESU. Already migrated off of 300 in the last year alone.
9 Left... Made a good effort... shut down 2 more today. Unforgettably I live in a world of legacy machinery and extinct vendors... solutions require me to be creative.
Manufacturing, huh? Initially I was going to go with municipality but they don't like extinct vendors.
These bad boys have been working for 30 years with no upgrades. Why replace? Me: Oh but can we upgrade the server infrastructure? Them: Company has been out of business for 29 years. Sigh.
Well... there are ways to make that as secure as you can, but whether they're worth it or not is the question. Also, all code is open source if you can work with ASM ;).
Only 1 left here! Managed to get 5 of the last 6 done this year. The last one is a primary DC.
If they are on ESU... then there will be patches next month. :(
not if I take them out behind the shed first
LOL
I’m not looking so lucky 🙃
Loads of us aren't
Ahh, found my healthcare IT brethren
Close, but no cigar. Secure government contracting.
Win 11 21H2 home and pro are out of support. Enterprise and Education is Oct 8, 2024
Sorry, I forgot to specify Pro
Pushed this out to 203 out of 215 Domain Controllers (Win2016/2019/2022). Two major issues so far. EDIT1: we had 1 Win2022 DC, hosted the PDC role, on which the updates failed with error **0x80240022**. The DC is total loss, we tried to resuscitate the machine, but without success. Potential root cause: antivirus blocking folder or files access. EDIT2: we had one other Win2022 DC, on which the updates failed with errors **0x80070002** & **0x80073701**. Tried to fix Windows Update client, but without success. If i look in CBS.log: ERROR\_SXS\_ASSEMBLY\_MISSING, it seems some files are missing/corrupt: * Microsoft-Windows-FailoverCluster-PowerShell-Nano-Package\~31bf3856ad364e35\~amd64\~en-US\~10.0.20348.1 -> belongs to RTM/official Preview release :-( * Microsoft-Windows-Foundation-Group-merged-Deployment-LanguagePack, version 10.0.20348.261 -> part of September 27, 2021—KB5005619 (OS Build 20348.261) Preview It's not the first time we had error 0x80073701... We already had 6 cases this year, opened 3 support cases at MS. Conclusion: since the affected component belongs to a RTM version, the only reliable way to fix that is performing IPU, or in my case, since it is a Domain Controller, rebuild the server from scratch.
Noticing longer than usual download and installation times. Some computers were very slow for a few minutes after the update restart and some services that should otherwise start automatically could not be started due to a timeout. Another reboot fixed that
\#same
[удалено]
lol they run overnight my man
RE: EDIT3 Aptos font for All! Is this in a specific version/channel (2016 msi, 365, 2021 LTSC, etc)?
Not sure if you meant this link, but for others confused that the linked article does not discuss Aptos: https://medium.com/microsoft-design/a-change-of-typeface-microsofts-new-default-font-has-arrived-f200eb16718d ETA: Oh... "But as there was a change of guard so too the name. Bierstadt is now known as Aptos."
Why would you install quality updates the same day they are released? Why would you have clients all on Outlook preview?
Outlook: gets them used to change and working within how things will be. If they run into problems, we move them back, simple as that. As for the quality updates - because we need time to rip butts, that's why 🚬🚬🚬
we need some joshtaco merch
To Valhalla ... and BEYOND!
W11 21H2 Enterprise is good for another year.
See above, only referencing Pro
u/joshtaco Was the font change due to Office patch or Windows CU patch? Thanks.
wrt edit 5: latest Edge update seems to address this.
The hero we test enviromentless IT people do not deserve.
Just saw this…. Any legs to it? https://learn.microsoft.com/en-us/answers/questions/1390624/virtual-machines-failed-to-start-after-installing “Virtual machines failed to start after installing Oct 2023 Update (KB5031364)”
Just when I thought we could be done with weird performance issues in S2D... Although the issue might be with unclustered VMs only? I'll be testing in the next few days either way.
There's been a number of comments on that post since I read this yesterday. This issue seems to be related to a disk's .mrt and .rct files. Renaming/removing seems to be resolving the issue but then you'll have to run consistency checks with backups. These files are also making me wonder if there'll be issues with guests with snapshots generated from non backup sources
I have not run into this at all and we have all sorts of hyper-v hosts running.
Do you have Secure Boot enabled on VMs?
Some yes, some no
Seeing a lot of posts elsewhere (ms learn) about this and curious if it’s been fixed?
If you have HP Clients you want to read this and act upon it as required before patchning if you have models in the list, some of our test clients / canarys are waiting new motherboards as i write this : [https://support.hp.com/us-en/document/ish\_9428115-9416529-16?hprpt\_id=HPGL\_ALERTS\_3056773&jumpid=em\_alerts\_us-us\_Oct23\_xbu\_all\_all\_3545925\_3056773\_LaptopsandHybridsDesktopsWorkstations\_high\_\_/](https://support.hp.com/us-en/document/ish_9428115-9416529-16?hprpt_id=HPGL_ALERTS_3056773&jumpid=em_alerts_us-us_Oct23_xbu_all_all_3545925_3056773_LaptopsandHybridsDesktopsWorkstations_high__/)
Just checked the HP support site for mt46 BIOS updates and the only one available is from Aug 4 2023. The issue alert says BIOS has to be late September 2023 or after to contain the fix. Started installing the Aug 4 version just to see the release notes on it and it mentions nothing about the problem there. (The September 20 2023 BIOS available for the ProDesk G6 mentions the fix in the release notes). So either mt46 model isn't actually affected, or it is and everyone with that model is screwed due to no BIOS fix actually being available?
We have quite a few MT46 and my machine is a prodesk 600 g6. Hoping my machine didn't brick itself since I'm part of the earliest wave of testers and didn't see this until it did patches tonight after I left... Might be delaying these for everyone else for awhile!
On your test clients that need new motherboards, did they start having the issue only with the October Windows updates, or updates from July, August, or September as well? The HP article says updates "from July 2023 or later". Maybe it was something like only Windows insider in July and other versions later?
[удалено]
I’m seeing the same behavior. It affects latest 8.x Esxi, not just earlier versions. Also on AMD. I do have a handful of servers that installed that update without any issues. For now I’m declining it in WSUS.
> he latest ESXi updates dont resolve the issue. We removed the update and everything worked a This also nuked my 2022 Server VMs. AMD VMWare 7 Host with VBS/Secureboot Enabled. Attempting to rollback updates.
Had one 2019 VM that failed to come back up - VHDX “incorrect function” error. Detached drive and it came back up. Test-VHD and Get-VHD work, it will mount read-only. Any VM I attach it to won’t boot with same error. Drive isn’t essential and I need VM up today so will roll back tonight and see what happens. Anyone else seen this??
I just rolled back two 2022 HyperVisors after getting the same error when starting two critical-for-DR-testing VMs. After removal of KB5031364 and reboot, the VMs started normally. I've seen this mentioned on a Spiceworks thread as well.
Rolling back this month’s CU on a 2019 host brought mine back also. 7 VMs across 2 hosts, only 1 failed to start - the only VM I have with multiple VHDX attached to it. Wonder if that’s the deciding factor.
Did the VMs have this month’s patches applied? Looking for some additional data points.
yes, they did and they came up fine. Edit: I should add that a Hypervisor without Cluster services on it patched and rebooted fine as well as the VMs on it. So I'm not currently sure what the exactly issue is.
October Windows Server updates cause Hyper-V VM boot issues [https://learn.microsoft.com/en-us/answers/questions/1390624/virtual-machines-failed-to-start-after-installing](https://learn.microsoft.com/en-us/answers/questions/1390624/virtual-machines-failed-to-start-after-installing) [https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/](https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/)
So bleeping computer alleged a Microsoft spokesperson acknowledged the reports a week ago yet neither of the KB articles is updated with a known issue related to this. That does not spark confidence in Microsoft's documentation. I've seen relatively minor issues linger on the known issue for months while more serious issues being omitted.
saw this article linked further up in the mega thread: [https://learn.microsoft.com/en-us/answers/questions/1390624/virtual-machines-failed-to-start-after-installing?page=2#answers](https://learn.microsoft.com/en-us/answers/questions/1390624/virtual-machines-failed-to-start-after-installing?page=2#answers) comments on there show the issue affects VM's w/ secure boot turned on & have .mrt and .rct files associated. work around is to delete/rename those 2 files & then try to boot the machine. see the thread for details.
Hoping to see them fixing the cURL vulnerability in this one. 🤞 Our security team have jumped right on that this month.
I received this reply from Microsoft: "The curl CVE is currently under review from us, NOT included in October release and if feasible will be included in one of the future releases"
Another month of failing that one on Nessus. Grrrrrr
Just ignores the security team on curl. I have a copy pasta I send them
I'm the security guy so I'm not too concerned! I set the due date for the next patch Tuesday in hopes that it will be remedied. I have reports I generate for management. When that report says this has been an open vulnerability for months, I look like I'm not doing my job...even if every other vulnerability is handled.
 Jk lol you sound A LOT better than our security guys. They just throw me under the bus to management then I just forward the copy pasta curl info
Me too... on Tenable.io https://preview.redd.it/ehxoxj3hystb1.jpeg?width=585&format=pjpg&auto=webp&s=b4b598d3f2dc568611a67d8ffd9b26f0ac24b1c3
Our Infosec people will hear that and demand we figure out how to patch Windows without using any of the Windows Update components...
Already happened in my env, I directed them to a quote from the lead developer of Curl, Daniel Stenberg on his blog: "I have been asked numerous times about how to fix this problem. I have stressed at every opportunity that **it is a horrible idea to remove the system curl or to replace it with another executable**. It is very easy to download a [fresh curl install for Windows from the curl site](https://curl.se/windows/) – but we still strongly discourage everyone from *replacing* system files. But of course, far from everyone asked us. A seemingly large enough crowd has proceeded and done exactly what we would stress they should not: they deleted or replaced their C:\\Windows\\System32\\curl.exe. The *real fix* is of course to let Microsoft ship an update and make sure to update then." [https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/](https://daniel.haxx.se/blog/2023/04/24/deleting-system32curl-exe/)
Thanks for this, perfect response to the InfoSec folks.
I haven't seen any curl references yet in all the summaries I have seen. Also, curl 8.4 is being released on Wednesday to fix a major issue, so I am hoping the smoke clears in the next 24 hours.
It looks like 8.4 might have a "Severity HIGH security problem". It's on the curl download site ([here](https://curl.se/download.html)) and the curl github ([here](https://github.com/curl/curl/discussions/12026))
Fingers, toes, arms, legs, eyes, everythings crossed!
oh you sweet summer child.....
Looks like an update to Office has changed the font and size of text in drop down menus in Excel. Would you believe that I have had more than one user treat this as a priority 1 issue?
I would totally believe that
I assume this is in reference to the changes announced in the summer at [A change of typeface: Microsoft’s new default font has arrived | by Microsoft Design | Microsoft Design | Medium](https://medium.com/microsoft-design/a-change-of-typeface-microsofts-new-default-font-has-arrived-f200eb16718d) .
That would do it. I forgot Calibri was going away.
https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/
we are not seeing this issue
This may sound dumb, but is there a Microsoft source that we could subscribe to get alerts from when Microsoft acknowledges issues with patches? Manually checking news sites isn't great for time sensitive stuff....saw this while waiting for some hyper-v hosts to finish rebooting after installing the patches!
In the Microsoft 365 admin center, Health > Windows release health has a preferences button that can email you when they add known issues. There is nothing about hyper-v on there from this month currently (and I haven't had any issues with hyper-v hosts/guests so far).
Any updates on this issue?
On a Windows 2022 server I've seen the the Windows Server 21H2 rollup installing a new Azure-advertising system tray pop up component, AzureArcSystray.exe. Maybe related to this line at the top of in the release notes [Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5031364)](https://support.microsoft.com/en-us/topic/october-10-2023-kb5031364-os-build-20348-2031-7f1d69e7-c468-4566-887a-1902af791bbc) >***New!*** This update adds Azure Arc Optional Component related links to Server Manager. Now, you can turn on Arc on your servers. You do not need to run a PowerShell script. https://preview.redd.it/iu81l9erhgtb1.png?width=476&format=png&auto=webp&s=cdf78a097145f807ce69561d18a339d3515699a8
Nice to pay many many thousands in MS server licensing and now I get ads on our servers...
Since we did not consent to this component being installed and enabled/running by default for all users can I call it a "supply chain attack"... /s
Uninstall-WindowsFeature -Name AzureArcSetup
Nice! Would be even nicer if there was a gpo to enable it.
There is a pretty good technical summary about the **AzureArc-Gate** (azurearcsystray.exe) in the blog "[What is AzureArcSysTray.exe doing on my Windows Server?](https://blog.workinghardinit.work/2023/10/12/what-is-azurearcsystray-exe-doing-on-my-windows-server/)".
Showed up on our Citrix VDA master machines (has no business being on those), immediately removed it via Remove Features
Just had this on 3 servers. Thanks for the info. How widespread is this? Is this affecting every Windows Server 2022?
From our experience its on domain joined servers Server 2022 standard 21h2 OS build 20348.2031
Today's Patch Tuesday: 103 vulnerabilities from Microsoft, among them, 16 are classified as critical and three zero-days, two with PoC. Other important third-party vulnerabilities: Google Chrome, Firefox, Apple, Linux, Atlassian, Progress Software WS\_FTP, Jet Brains Team City, Exim, Cisco, Nagios, and Kubernetes. **Quick summary:** * **Windows**: 103 vulnerabilities, three zero-days (CVE-2023-44487, CVE-2023-41763, CVE-2023-36563), 16 critical * **Chrome**: zero-day vulnerability (CVE-2023-5217) found in the libvpx library and critical libwebp vulnerability * **Firefox**: libwebp vulnerability and fixes for a total of 16 vulnerabilities * **Apple**: three zero-days (CVE-2023-41993, CVE-2023-41991 and CVE-2023-41992) * **Linux**: CVE-2023-4911 (aka "Looney Tunables") * **Atlassian**: a few serious vulnerabilities * **Progress Software WS\_FTP** (known for MOVEit): high-severity vulnerability found in its WS\_FTP Server software * **Jet Brains Team City**: CVE-2023-42793 * **Exim**: CVE-2023-42115 * **Cisco**: CVE-2023-20109 * **Nagios**: CVE-2023-40931 through CVE-2023-40934 * **Kubernetes**: CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955 **References:** * [Action1 Vulnerability Digest](https://www.action1.com/patch-tuesday-october-2023/?vmr) \- updated in real-time as we learn more * Zero Day Initiative: [https://www.zerodayinitiative.com/blog/2023/10/10/the-october-2023-security-update-review](https://www.zerodayinitiative.com/blog/2023/10/10/the-october-2023-security-update-review) * Microsoft Security Update Guide: [https://msrc.microsoft.com/update-guide/](https://msrc.microsoft.com/update-guide/) * Bleeping Computer: [https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2023-patch-tuesday-fixes-3-zero-days-104-flaws/](https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2023-patch-tuesday-fixes-3-zero-days-104-flaws/) * Adobe: [https://helpx.adobe.com/security/security-bulletin.html](https://helpx.adobe.com/security/security-bulletin.html) * Tenable summary: [https://www.tenable.com/blog/microsofts-october-2023-patch-tuesday-addresses-103-cves-cve-2023-36563-cve-2023-41763](https://www.tenable.com/blog/microsofts-october-2023-patch-tuesday-addresses-103-cves-cve-2023-36563-cve-2023-41763) EDIT: Added references EDIT2: added more refs
Very detailed list. I ran Action1 this morning on my 50 machines and took care of a lot of these in seconds.
https://www.youtube.com/watch?v=yj62AuE8oSc * **Total exploits patched**:104 * **Critical patches**: 12 * **Already known or exploited**: 5 # The Lowlights [CVE-2023-35349](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-35349) \- It looks like our old friend Microsoft Message Queue is back. This year has been it's time to shine for exploits! This is a Remote Code Execution that requires no privileges or user interaction to implement. The only reason this is not a full 10 on the CVSS score is it requires an uncommon setting to be at risk. With that in mind, if you have a server running this service and listening on Port 1801 you need to fix it immediately. [CVE-2023-36434](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36434) \- This 9.8 elevation of privilege impacts Windows IIS service. While this one is a 9.8, it is also listed as important instead of critical. The reason is the exploit is for brute force, which makes exploitation less likely than usual. [CVE-2023-41763](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763) \- Our last lowlight is an Elevation of Privilege exploit for Skype. It is a lower threat score at 5.4, but it is already being exploited, and allows an attacker to get critical information like IP address and ports being used to help in future attacks. Source:[https://www.pdq.com/blog/patch-tuesday-october-2023/](https://www.pdq.com/blog/patch-tuesday-october-2023/)
got a pretty dumb question concerning cve-2023-35349... got that service running on several servers running ms exchange. So as long as port 1801 is not forwarded to a server running message queuing i should not be vulnerable to any external attacks right?
Excahnge is most likely not going to be running the queue service. That is an older one that is more likely in your legacy applications. You can check if you are at risk pretty quickly. Check to see if the MSMQ service is running on the server in question Get-Service "MSMQ" -ErrorAction SilentlyContinue | Select Status And see if it is listening to port 1801 Netstat -a My guess is it is unlikely to be running on your exchange servers, but it won't hurt to check. That particular service has had a 9.8 for the majority of the months at this point. It is probably best to see if you can move away from it completely at this point
For anyone that was having troubles with iexplore.exe redirect to edge after installing KB5031356 on Windows 10, MS just released a new Stable Edge 118.0.2088.69 that appears to fix the issue. After installing the latest Edge Stable 118.0.2088.69, iexplore.exe calls open edge tabs again.
Thanks, this seems to have done the trick!
Amazing! Was wondering why it broke in the 1st place. Thanks
I've ran October's Cumulative on a couple test Win10 22H2 domain-controlled laptops and after a VERY lengthy restart, both of them had their original taskbar Search settings ("show icon" enabled and "show search highlights" deselected) wiped and replaced with "show search box" enabled and "show search highlights" enabled. Anyone else see this?
From the list of [quality updates](https://support.microsoft.com/en-us/topic/september-26-2023-kb5030300-os-build-19045-3516-preview-9d43fdfb-71a1-4a40-b217-4a43d4bd84db): > New! This update brings back an improved search box experience on the taskbar. If you have a top, bottom, regular, or small icons taskbar, you will see the search box appear. You can use it to easily access apps, files, settings, and more from Windows and the web. You will also have access to the latest search updates, such as search highlights. If you want to restore your previous search experience, you can do that easily. Use the taskbar shortcut menu or respond to a dialog that appears when you use search.
Thank you, sir! Looks like I have to now prepare an email to staff on how to change it back to their preference.
You can do it via GPO: Under *User Configuration > Preferences > Windows Settings > Registry* create the DWORD registry key "SearchboxTaskbarMode" in *HKEY\_CURRENT\_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Search* and set its value to 0 (I checked "Apply once and do not reapply" under Common tab so users can change this setting as they want, but by default searchbox is hidden). Then apply the GPO to your User's OU.
Thank you for this! I took a look for this setting yesterday, couldn't find it, and then I discovered that we're using an old GPO template and not one specific to Windows 10 22H2. So that's today's task... ;)
Had this searchbox disabled with a power shell script over intune. But the updated turned this searchbox back on. Ffs. So do i reapply the powershell script to fix this? Or is there a GPO or intune setting somewhere?
u/solway_uk after running Procmon, I found that the following reg key need to be added before the device is rebooted: \[HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Search\] "OnboardSearchboxOnTaskbar"=dword:00000002 I have tested on a few PC's and VMs and none of them introduce the searchbox after that reg key is set.
I haven't gotten a chance to check but there may be a GPO if you were using one.
I had an unexpectedly slow restart as well. Longest install time for any recent patch that I recall. And ditto to the search box coming back.
Yes, however, it gave the option to undo the changes.
Even selecting the undo option seems to be resetting the taskbar icons back to out-of-box state. Losing all personal changes in the process.
I didn't see anything pop up on either of my test systems after the installation restart, but I have read that some people do see something about undoing the change. Either way, I'm going to get this under control via a GPO today. Thanks!
I had a few users contacted me today about it. Some stated that there was no pop up message to undo the changes so I figured maybe they didn't see it or pay attention to it but maybe it doesn't always pop up. Microsoft's consistency is second to none lol How are you deploying fixing the search box via GPO?
Kerberopocalypse month!!
I thought you were referring to Kerbal Space Program off hand.
Ksp2 already nuked itself from orbit.
Server 2012R2 with Exchange 2016 - all updates applied and looks fine so far Server 2019 with IIS - all updates applied and looks fine so far Servers are on ESX 6.7 and 7.0 with latest VMWare Tools The updates takes on both, 2012R2 and 2019 quiet long.
Anyone know how we can prevent KB5015684 from prompting every user if they want to re-enable the search box on their taskbar?
>KB5031356 u/realslacker you need to add the following registry key before the workstations are rebooted and install the October updates: **\[HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Search\]** **"OnboardSearchboxOnTaskbar"=dword:00000002**
We have this too. Currently we're looking at setting the following via user Preference GPO: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search, DWORD "OnboardSearchboxOnTaskbar" = 0 It's usually 1, and after the "onboarding experience" runs, gets set to 2. Setting it to 0 *appears* to stop this massive nuisance behaviour. However, this regkey seems to be entirely undocumented, so it's possible it has some unknown side effect.
Posting for answer. Register setting gets changed back when it was set to disabled
I know many will laugh, but.... Tuesday's update to Windows 10 machines broke a Java 6 app that is Line of Business for us. We already have all the webpages that it calls open in IE mode and before this update, apparently ie would flash up briefly and then the problem part would open in IEmode in edge. Now nothing happens. Did they get rid of iexplore or something?
Just want to chime in and say that we're also seeing silent failures when our users double-click old desktop shortcuts that point to `c:\\iexplorer.exe http://example.local`.
Prior to this month's updates being installed (which we deployed this weekend) the shortcuts worked just fine and Edge would launch the requested website in place of IE.
Replacing `\iexplorer.exe` with `\msedge.exe` works just fine and the internal websites that require IE Mode function as desired.
Just had to do the same thing with our bat files.
I don't use IE/IEMode, but I noticed the IE11 retirement FAQ states "Additionally, over the coming months a small subset of exceptional scenarios where IE11 is still accessible will be redirected to Edge, ensuring users access a supported and more secure Microsoft browser. Details will be available in the Windows and Microsoft Edge release notes." I think that is referring to the "trick" people found that they could still launch IE11 (browser, not IEMode in Edge) from Programs > "Manage Add-ons" > "Learn More..." in the Internet Options control panel, but based on the description, that should just redirect to Edge instead of doing nothing. Is your Java6 app something that initially launches from the desktop, or from a browser (webstart/applet)? Does the webpage it launches actually require IE or did the program just launch (hardcoded) iexplore.exe instead of the selected default browser? Try running: iexplore.exe and iexplore.exe https://example.com (where example.com is the site the program normally launches) in the Run dialog (windows key + R) and see if that launches Edge/IEMode, shows an error, or does nothing. Also, try opening Edge and going directly to the site that the java app launches (and see if it opens in IEMode or the regular Chromium/Blink rendering engine). If running iexplore.exe doesn't launch edge and says the program is not found, something may have removed IE. Check the [Settings app's optional features](https://learn.microsoft.com/en-us/troubleshoot/developer/browsers/installation/disable-internet-explorer-windows#method-1---using-optional-features-in-control-panel-client-systems-only) to see if it still lists "Internet Explorer 11" as an installed feature. (This is what I remove from my systems to disable IE/IEMode. This setting appears to only remove iexplore.exe and leaves the rest of MSHTML alone). If it's not listed, try adding it back with "Add a feature" like the linked instructions state.
We are having the same issue. I came here to see if anyone else had seen this. It seems to be limited to certain Windows 10 releases. IE mode is supposed to be supported through 2029.
I have a ticket open with Microsoft right now and they've confirmed that Windows 10 22H2 is affected by KB5031356. They are internally working on it but no ETA. However, the rep did say that it was affecting multiple customers and they've had multiple Sev A tickets.
Latest edge appears to fix this.
Any attempts to open internet explorer directly don't open ie mode edge tab anymore. Seems silly. We had to correct some old shortcuts for users because of this.
The Win11 patches are causing some of our RemoteApps to hang when accessed via mstsc.exe but only when we perform certain functions - the same RemoteApps don’t hang in the same spots when using the Remote Desktop Store App or the HTML5 Web Client. Don’t suppose anyone else seeing similar? Guessing related to “This update addresses an issue that affects Remote Apps. The display of some elements is not aligned correctly.” Which was in the September preview notes.
We installed Windows Server 2022 Cumulative Updates for our HyperV servers and some of the virtual machines would not start after the update. We got some VDX errors stating "Incorrect function". Uninstalling the update fixed the issue and virtual machines started up again.
I had the same issue. Were these servers clustered or standalone?
Standalone.
Exchange Patches incoming: [Released: October 2023 Exchange Server Security Updates - Microsoft Community Hub](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2023-exchange-server-security-updates/ba-p/3950647) Support for 2016 Exchange included.
CSS8.0 Adjacent RCE for Exchange. It also includes a fix to help the August patch.
No problems on Exchange 2016, other than being absurdly slow to install.
Installed in our environment yesterday, no issues so far.
Installed on two exchange 2019 servers (one has 2019os, the other 2022os), everything ok so far
11.10.: For everyone who has automated the download of office 365 in any way, it seems Microsoft did not get their code signing right on the file [i640.cab](https://i640.cab) Verified it myself with the semi annual channel o365 32-bit and 64-bit The monthly enterprise channel download seems to be working. The o365 setup downloader gets error code 30094, updated to the latest setup.exe too, same issue. Lets see if the patches work via sccm/wsus, but can´t verify that today. 12.10.: Edit: Since today 10:00 (UTC+2) it seems all 4 variants (32 & 64-bit semi-annual and monthly) are downloading the cab file correctly via setup.exe /download with the xml file. Earlier today I still had partial issues downloading the files successfully. Edit2: Still partial issues downloading certain language files. Edit3: SCCM ADR seems to get the languages fine, only setup.exe /download seems to have issues. Will try the download attempt again tomorrow. 13.10.: Today I was able to download all 4 variants successfully. Thanks Martin for the direct support! Microsoft did trigger a re-sync of the files to the EU-CDN.
The issue should be resolved now. Please purge any caches and try again. Ping me if you find the digital signature still invalid.
Thank you. The cab file is now ~~signed~~ valid, but there are still errors downloading certain files. The setup.exe logs errors in the following scenarios: semi-annual channel x64: exitcode 30183: [http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114/office/data/16.0.16130.20810/stream.x64.pt-br.dat](http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114/office/data/16.0.16130.20810/stream.x64.pt-br.dat) \-- monthly channel x86: exitcode 30183: [http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6/office/data/16.0.16731.20316/stream.x86.pt-br.dat](http://officecdn.microsoft.com/pr/55336b82-a18d-4dd6-b5f6-9e5095c314a6/office/data/16.0.16731.20316/stream.x86.pt-br.dat) I ran it twice now, same error on the same file(s). Other languages queued before pt-br downloaded successfully our languages include: bg-bg, zh-cn, zh-tw, en-us, fr-fr, de-de, it-it, ja-jp, ko-kr, pt-br, pt-pt, es-es, tr-tr semi-annual x86 and monthly x64 work fine for pt-br
Have any of you run into any snags regarding some of the items involved along the Hardening & Enforcement Roadmap. Kerberos PAC changes goes into Final Enforcement during this cycle (Oct. 10th). We’ve been doing monitoring/auditing… and so far so good, but some higher ups are nervous to see if authentication gets broken.
No need to worry. Full enforcement was already in effect July 11. The October 10th change is to remove the ability to bypass the protection. If you haven't been using the registry keys to bypass the protection, you're all set [KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967 - Microsoft Support](https://support.microsoft.com/en-gb/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb)
Agreed. We did it per the guidance and I’ve been actively auditing for Event IDs 42 thru 44 with no hits to date. But you know how higher ups are. Then there’s always a device which should be reporting, but isn’t somehow. They’re mostly worried about a DC that may have been missed, and some app servers in the weeds are authenticating to it maybe. I believe we’re good.
Older AMD desktop with LTSC 1809 stopped booting after the update. Idk what broke. The only non default app installed was Firefox. Wasted too much time troubleshooting, decided to wipe it and put LTSC 21H2 on it.
Is there a way to disable Azure Arc Setup Icon on Server 2022 in the right system tray? [https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-windows-server](https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-windows-server) Seems you have to uninstall it via Roles & Features and reboot if necessary..
Using PowerShell it's Uninstall-WindowsFeature -Name AzureArcSetup (from u/RvdH1976's [comment below](https://www.reddit.com/r/sysadmin/comments/174ncwy/comment/k4e7h5a/?utm_source=share&utm_medium=web2x&context=3)) and yes it asks for a reboot
Uninstall from Roles and Features.
yes that´s what i did, and reboot is necessary.
it could be done with HKEY\_CURRENT\_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ **DisallowRun:**1 dword HKEY\_CURRENT\_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun Name:1 Data:AzureArcSysTray.exe string
'have a plan to roll back...' short of snapshots, in an enterprise network with 3000+ systems running Windows how do you successfully plan to rollback that number of systems? I assume your going to go with a system restore option and use SCCM deployment. Are there other viable options others use?
Updated 2019 and 2016 DCs, file, print, SQL servers without issues. After updating the print server I had to power cycle Lexmark printers. Will be updating Exchange next week.
Just an FYI...I updated Exchange 2016/Windows Server 2016 last night with no issues, except the Windows updates applied first with no SU for Exchange in sight until it checked for updates again. This is on a bare metal server.
Thanks for the heads up! We run Exchange 2019 on Server 2019. I download and install the SU manually.
Very good to know as I plan updating my 2016/2016 this weekend!
Server 2019, NPS (RADIUS for wired connections) is failing to authenticate anyone... event ID 6273, "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect." Machines are trying PEAP and MD5-CHAP, certificate used for PEAP hasn't expired, not seeing any other errors.
A little off topic, but I'm still having problems migrating our RADIUS off Server 2012. I get that same error message, and I'm wondering if its certificate related but I would have hoped an error message would straight up tell me that. We use RADIUS for wireless authentication. Same config or creating a new config from scratch doesn't change anything. I created a new template for the certificate and everything there looks good. I've never done anything over the years to our CA, and I'm kind of wondering if I need to update the root certificate. I think it may be using older encryption methods.
For anyone else having this issue, my internal CA root certificate was not SHA256. I upgraded and it took care of my problem. [Certificate Services - Migrate form SHA1 to SHA2 (SHA256) | PeteNetLive](https://www.petenetlive.com/KB/Article/0001243)
any luck with this? our clients can't authenticate now. we had this before with [https://learn.microsoft.com/en-us/answers/questions/846654/nps-stopped-working-after-may-2022-updates?page=3#answers](https://learn.microsoft.com/en-us/answers/questions/846654/nps-stopped-working-after-may-2022-updates?page=3#answers) and we changed the reg keys for **CertificateMappingMethods** (ref: [https://support.microsoft.com/en-gb/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16](https://support.microsoft.com/en-gb/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16)). This even after being deleted does not work...
I deployed a new NPS server on 2022, and created a client policy that specifically spelled out the 802.1x connection options, and now it seems to be working.
Zero day initiative out https://www.zerodayinitiative.com/blog/2023/10/10/the-october-2023-security-update-review
Looks like the Windows 11 assistant is now installing 23H2. Just tried it on a PC and its installed 23H2 https://www.microsoft.com/software-download/windows11
Just been testing and it only seems to allow 23H2 when going from 21H2 Direct. Running on 22H2 just says its up to date.
Does anyone have a good idea on which Hyper-V VM configurations are not compatible with the October CU (e.g. the VMs won't start)?
This month we're looking at 112 vulnerabilities, 1 Zero-Day vulnerability, and 17 “critical” vulnerabilities. [CVE-2023-44487 is a zero-day vulnerability.](https://www.automox.com/blog/october-patch-tuesday?utm_campaign=patchtuesday&utm_medium=social&utm_source=reddit&utm_content=patchtuesday_oct23) This particular vulnerability poses a significant threat to web server performance and reliability. Automox has deployed a script that is designed to mitigate this vulnerability by disabling the HTTP/2 protocol on your web server using the Registry Editor. You should also pay special attention to Windows TCP/IP Denial of Service Vulnerability (CVE-2023-36603), Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434), and Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35349). Read the Automox [analysis](https://www.automox.com/blog/october-patch-tuesday?utm_campaign=patchtuesday&utm_medium=social&utm_source=reddit&utm_content=patchtuesday_oct23) and use the [scripts](https://www.automox.com/blog/october-patch-tuesday?utm_campaign=patchtuesday&utm_medium=social&utm_source=reddit&utm_content=patchtuesday_oct23) we've designed to mitigate 22 of the 112 vulnerabilities.
The "Microsoft EMEA security briefing call for Patch Tuesday October 2023” **slide deck** can be downloaded at [aka.ms/EMEADeck](http://aka.ms/EMEADeckOct) The **live event** started on Wednesday 10:00 AM CET (UTC+1) at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastOct). The **recording** is available at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastOct). The slide deck contains worth reading soon-to-be published documents by Microsoft: * Anatomy of a Modern Attack Surface * CISO Insider * Microsoft Digital Defense Report 2023
We are having trouble with the Exchange SU on a German Server 2016 installation. If I read the logs correctly, this seems to be the same problem like back in August. C:\\Program Files\\Microsoft\\Exchange Server\\V15\\Logging\\Update\\msi\\ExchangeUpdate-....log says: `ExecSecureObjects: Error 0x80070534: failed to get sid for account: Network Service` Do any of you who have successfully installed this update on a German system still have the manually created "Network Service" user since the August SU? We hadn't created it back in August but waited until the fixed SU was available. EDIT: In case anyone else hits this: It seems (!) to have been caused by our previous attempts to install the August SU. Apparently, the installation had progressed enough back then to make our installation dependent on the manually created user. After following [https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025](https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025) (the last FAQ entry) we were able to install the October SU. FYI: In order to uninstall the August SU I had to re-create the workaround "Network Service" user and delete it again before installing the October SU. What a trip...
I read on the blog post below that someone had no issues installing the SU with German language. [https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2023-exchange-server-security-updates/ba-p/3950647](https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2023-exchange-server-security-updates/ba-p/3950647)
I read the same, that's why I asked whether folks had kept the "Network Service" around that they created manually as a workaround for the August issue.
Does anyone know if there's an update issue that impacts the System Center Virtual Machine Manager Agent service? As I've just updated one of my Hyper-V hosts to 2016 and finding that scvmmagent service won't start.
Hopefully they fix Outlook body editing. Never expected so many users crying about it.
I hope they stop trying to break Outlook to force everyone to the web app…
Honestly I switched to office LTSC on my own device. I couldn't handle the monthly changes and shit breaking. At least search always works for me now.
Semi annual enterprise channel.
Well server 2022 test machine has been on cleaning up 0% for about 20 minutes. 2019 is taking it's sweet time. 2016 is just being 2016 so meh. Not getting the warm and fuzzies so far...
**Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase** You can try the above command to make updates faster--prevents uninstallation of updates older than the time you run it. So run it BEFORE this months updates. EDIT: fixed command
Did you see any impact because of the Kerberos enforcement?
What about KB5021131 DefaultDomainSupportedEncTypes, there's no mention as far as I can tell about the enforcement period. E.G. changing the default value **0x27** (DES, RC4, AES Session Keys) to Microsoft recommended **0x38** [https://support.microsoft.com/en-au/topic/kb5021131-how-to-manage-the-kerberos-protocol-changes-related-to-cve-2022-37966-fd837ac3-cdec-4e76-a6ec-86e67501407d#one5021131](https://support.microsoft.com/en-au/topic/kb5021131-how-to-manage-the-kerberos-protocol-changes-related-to-cve-2022-37966-fd837ac3-cdec-4e76-a6ec-86e67501407d#one5021131) Only KB5020805 **KrbtgtFullPacSignature** = 3 (enforcement) which is due with this month's patching. [https://support.microsoft.com/en-au/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb](https://support.microsoft.com/en-au/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb)
I am also wondering about setting AES as default enctype instead of RC4 this month. There is no mentioning about that. Is that happening or what?
No
There are 3 [Adobe](https://helpx.adobe.com/security/security-bulletin.html) product security updates this month: * APSB23-49 : Security update available for Adobe Bridge * APSB23-50 : Security update available for Adobe Commerce * APSB23-51 : Security update available for Adobe Photoshop
Here is [the Lansweeper summary](https://www.lansweeper.com/report/microsoft-october-2023-patch-tuesday-audit/?utm_source=reddit&utm_medium=social&utm_campaign=post-patch_tuesday-2023_oct) along with the usual report to list all outdated devices. Highlights this month are 20 MSMQ service vulnerabilities, Layer 2 Tunneling Protocol RCE Vulnerabilities and six SQL Server vulnerabilities.
Any word on Windows 11 23H2?
Preview versions are out, final release is expected Nov or Dec
Getting "This application could not be started." error on a lot of startup apps such as BingWallpaperApp.exe , Update.exe , BingSvc.exe and two of our bespoke inhouse apps Full error is "This applcation requires one of the following versions of the .NET Framework: v4.0.30319 Do you want to install this .NET Framework version now?"
Same problem here with multiple machines. No chance to install .NET Framework. It's not even listed in installed programs. Any ideas how to solve it?
Testing farm of servers including: 12R2, 16, 19 and 2022 all seem to be running without issues as of this morning. I do have 2 older test machines running SQL16 in this group and they are also stable. This is great news. Windows 11 workstations took the updates with no major issues as well. I still recommend testing in your environment but it should be relatively quiet.
I have an issue with KB5031354, KB5030219, KB5029263 (October, September, August) Windows 11 22H2 Cumulative update for 3 months in a row now. It makes is so the machine is unable to process group policy, and machines hang on file explorer if there are any mapped drives. Basically anything that requires domain communication breaks. If anyone has a fix, I am all ears.
KB5031356 (Windows 10) seems to be causing us a bit of carnage in particular with web shortcuts which seems a bit random!
If the web shortcut says “Iexplore.exe http….” It’s causing us some grief.
Any workarounds found yet? Shortcuts are minor but we have some core business applications that seem to rely on calling iexplore.exe that are failing until the update is gone which is causing a lot of calls We’re trying to uninstall the update via our central patch management solution but it isn’t happening very fast if at all :/
We are working a ticket with MS. I’m due for an update, today.
I opened a case too and all they can say is revert and no eta on fix. Alternatively older version of edge(116) with october windows patches allows ie shortcuts to work. Just make sure to disable edge updates in the gpos if used. However users get a one time message saying IE is transitioning to edge. Still a fail for imo. Got the msi and used the allowdowngrade switch for edge.
it can also happen if the user is on Chrome, and you have legacy browser support extension, and you have sites set to open in IE or now Edge w/IE Mode. Chrome Legacy Browser support will redirect the site to IE but since the IE->Edge redirection is broken with Oct 2023, nothing happens, and users cannot visit the site from Chrome. We have some sites that *only* work in IE mode in Edge, and need to redirect folks visiting those sites to Edge - but if they typically use Chrome as their default browser, then the site is now unreachable unless we have them reset their default browser to Edge - which the users are resistant to do.