The AchieVer Posted January 9, 2019 Share Posted January 9, 2019 Microsoft Says You Should Install Windows 10 Cumulative Update KB4480966 ASAP RCE flaw in Windows DHCP client fixed in this update This update is shipped to Windows 10 version 1803 The January 2019 Patch Tuesday cycle includes a fix for a Remote Code Execution flaw in the Windows DHCP client on Windows 10 version 1803, and Microsoft says you should patch as soon as possible. The patch is bundled into Windows 10 cumulative update KB4480966, which is only available for version 1803 (April 2018 Update), as this is the only Windows release that’s affected by the flaw. The vulnerability is detailed by Microsoft in CVE-2019-0547 where the company explains that there is no known exploit right now. “A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine,” it says. “To exploit the vulnerability, an attacker could send a specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.” Known issues Nate Warfield of the MSRC team says the bug was discovered internally and no proof of concept would be released, though you are strongly recommended to install the update as soon as possible. What’s important to know is that this cumulative update comes with four known issues, and you should have them all in mind when installing it (scroll down to the end of the article to read them in full). One of the newest affects third-party applications, which according to Microsoft may not be able to authenticate hotspots after installing the update. A fix is already being developed and a resolution is expected in mid-January. We aren’t aware of any known issues right now, but there’s a chance KB4480966 installs correctly, and given the security vulnerability described here, you should install it as soon as possible. Symptom Workaround After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates. Microsoft is working on a resolution and will provide an update in an upcoming release. After installing this update, some users cannot pin a web link on the Startmenu or the taskbar. Microsoft is working on a resolution and will provide an update in an upcoming release. After installing KB4467682, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters. Set the domain default "Minimum Password Length" policy to less than or equal to 14 characters. Microsoft is working on a resolution and will provide an update in an upcoming release. After installing this update, third-party applications may have difficulty authenticating hotspots. Microsoft is working on a resolution and estimates a solution will be available mid-January. source Link to comment Share on other sites More sharing options...
luisam Posted January 9, 2019 Share Posted January 9, 2019 23 hours ago, The AchieVer said: The patch is bundled into Windows 10 cumulative update KB4480966, which is only available for version 1803 (April 2018 Update), as this is the only Windows release that’s affected by the flaw. OK, so title should specify: Microsoft Says if you are running 1803 you should Install Windows 10 cumulative update KB4480966 ASAP. EDITED: 23 hours ago, The AchieVer said: I AGREE WITH YOU, BUT PERHAPS , THE TITLE IS BEING GIVEN BY THE AUTHOR OF THE ARTICLE . The source is given at the bottom of the page, you can post your suggestions there. Obviously, my comment is not pretending in any way to "blame" the poster. Actually, did make the comment on that page. I even should comment additionally, that if a user has been going along with Microsoft's update politics up to 1803, by now I see no issue to update to 1809 and forget about "cumulative updates" for 1803. Just remember that updating from 1803 to 1809 might take some time: one hour to download and 5 hours of installation for me! Link to comment Share on other sites More sharing options...
The AchieVer Posted January 9, 2019 Author Share Posted January 9, 2019 3 minutes ago, luisam said: OK, so title should specify: Microsoft Says if you are running 1803 you should Install Windows 10 cumulative update KB4480966 ASAP. I AGREE WITH YOU, BUT PERHAPS , THE TITLE IS BEING GIVEN BY THE AUTHOR OF THE ARTICLE . The source is given at the bottom of the page, you can post your suggestions there. Regards Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.