Windows 10 Automatically Uninstalls Problematic Software Updates

Patch Management is an important role of a Sysadmin in the Enterprise, because securing endpoints with security updates to keep systems secure and functional, receive fixes that resolve issues, and patch security holes is highly important. However, with the frequency of security updates which are released these days, patch management tasks feels like a full-time job!

For the most part, monthly patches are straight forward, however in recent months, they have been problematic where they have caused system crashes, blue screens, application functionality issues, and introduced other bugs. Some faulty patches are quickly reversed or rectified by Microsoft, while others go unfixed for a longer duration causing further duress and downtime in many organizations. This has been a major pain point for Sysadmins in the field.

Well, we may have some reprieve from these buggy patches. Microsoft has announced that it will start uninstalling problematic patches automatically from Windows 10 systems when it detects a startup issue due to incompatibility or issues stemming from a recently installed patch. The following notification will be presented:
“We removed some recently installed updates to recover your device from a startup failure.”

According to this KB4492307 posted by Microsoft, the problematic patch will not be reinstalled for 30 days to allow Microsoft and it’s partners to investigate and fix the issues. This process seems like a good proactive approach by Microsoft to get a handle of buggy patches, however more information is needed in terms of how this will work with detection, deployments, and compliance of these patches using ConfigMgr and WSUS as mechanisms for patch management in the enterprise. Time will tell, we hope!

Malware Isn’t Just For Windows Anymore – Fruitfly Is Hitting Macs Hard

This year’s cyber threat epidemic started with Windows, then spread over to Linux and third-party apps, and now is here for Macs. While the latest malware Fruitfly is targeting Mac computers, its malware library is also capable of running on Linux systems. 

Though it was recently found conducting surveillance attacks, it’s possible Fruitfly has been infecting Mac systems for over two years. It appears that the base code of Fruitfly is over a decade old, which begs the question: how can decade-old malware start breaching systems now? Haven’t our systems been updated over the last ten years?

It seems the Fruitfly developers have reused old code and modified it to give this malware extra power and capabilities. This cross-platform malware uses old APIs, but if there are any changes in the API, it will break the legitimate program to maintain reverse compatibility as long as possible. Fruitfly may have escaped detection for a long time because it appears that its creators have intentionally limited how many computers it targets. And since Mac systems don’t usually face as many threats as Windows, many administrators have been more lenient with patching their Macs, leaving them vulnerable to attacks such as Fruitfly.

You can identify Fruitfly infections by detecting suspicious network traffic. A file integrity monitor or log analyzer can help you identify an attack on your network, but a breach could be avoided altogether by keeping your systems up-to-date. Since most enterprises comprise different operating systems, it isn’t advisable to employ a separate patching tool for Windows, Mac, and Linux. The smarter alternative would be for an enterprise to employ a multi-platform patch management solution that helps update every computer from a single console. However, there are only a few solutions on the market that even support third-party patching, and even less that provide complete control over all enterprise devices, including mobile devices

These last few months have already given security professionals a lot to cover, and since cyber attacks are evolving at rapid rate, its high time enterprises maintain endpoint security by keeping their systems up-to-date. The best way to do this is to employ a patch management solution to stay safe from future ransomware and malware. One such solution is ManageEngine’s Desktop Central.

Desktop Central is integrated desktop and mobile device management software. This multi-platform solution helps automate your overall patch management process, and also has some other enhanced features to help secure your networkDownload ManageEngine Desktop Central Now and keep your Windows, Mac, Linux and all your third party applications completely safe and up-to-date. 

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

MDOP Group Policy Templates v2.7 Now Available

New Group Policy Templates, version 2.7 (.admx and .adml) for Microsoft Desktop Optimization Pack (MDOP) are now available from Microsoft to manage policies across the enterprise for the following MDOP technologies:

App-V 5.0
App-V 5.0 SP1
App-V 5.0 SP2
App-V 5.0 SP3
App-V 5.1
MBAM 1.0
MBAM 1.0 R1
MBAM 2.0
MBAM 2.0 SP1
MBAM 2.5
MBAM 2.5 SP1
UE-V 1.0
UE-V 1.0 SP1
UE-V 2.0
UE-V 2.1
UE-V 2.1 SP1

The download is available from the Official Microsoft Download Center.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Microsoft Security Updates Guide (Portal)

For the last 20 years, Microsoft has provided security bulletins as individual web pages which were available from the Microsoft Security Bulletin website, and January 10, 2017 was the last time this was made available. Going forward starting in February 2017, the new Security Update Guide portal will provide the security information via a dashboard. Knowledge Base (KB) number, CVE number, vulnerability, Windows version, or date of release can be searched on the online Security Update Guide (SUG) database.

According the the blogpost by the MSRC Team, using the new portal, you can:

  • Sort and filter security vulnerability and update content, for example, by CVE, KB number, product, or release date.
  • Filter out products that don’t apply to you, and drill down to more detailed security update information for products that do.
  • Leverage a new RESTful API to obtain Microsoft security update information. This eliminates the need for you to employ outdated methods like screen-scraping of security bulletin web pages to assemble working databases of necessary and actionable information.

If you have any feedback, you can send them to: portalfback@microsoft.com.

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.