For the last 20 years, Microsoft has provided security bulletins as individual web pages which were available from the Microsoft Security Bulletin website, and January 10, 2017 was the last time this was made available. Going forward starting in February 2017, the new Security Update Guide portal will provide the security information via a dashboard. Knowledge Base (KB) number, CVE number, vulnerability, Windows version, or date of release can be searched on the online Security Update Guide (SUG) database.
According the the blogpost by the MSRC Team, using the new portal, you can:
Sort and filter security vulnerability and update content, for example, by CVE, KB number, product, or release date.
Filter out products that don’t apply to you, and drill down to more detailed security update information for products that do.
Leverage a new RESTful API to obtain Microsoft security update information. This eliminates the need for you to employ outdated methods like screen-scraping of security bulletin web pages to assemble working databases of necessary and actionable information.
Windows 10, version 1607 was declared the Current Branch for Business (CBB) on November 29, 2016. The updated media for Windows 10 v1607 (Windows 10 Anniversary Update) is now available on Windows Update for Business (WUB), Windows Server Update Services (WSUS), and MSDN. Volume Licensing Service Center (VLSC) customers will receive the updated Windows 10 v1607 media on January 26, 2017.
FYI – No further action is needed if you have already installed the December cumulative update (KB3201845), or the most current cumulative update (CU), as that system is already running the CBB release.
There are few reports of users having Bitlocker issues following the October 2016 patches.
The issue: On every reboot, the Bitlocker recovery key is required which is quite disruptive and cumbersome. As a workaround in order to solve this issue, the following steps can be taken:
On the next reboot and once in Windows, reset Bitlocker by disabling and re-enabling it.
In administraive command prompt, do the following: manage-bde -protectors c:-disable
then do this: manage-bde -protectors c:-enable
At this time, I’m not certain on which patch is causing the issue but I wanted to share this info to help. You can also discuss in this TechNet post.
The Microsoft Windows team mentioned on August 15, 2016 that they were working on releasing an updated version of the Microsoft Update Catalog which would eliminate the need for ActiveX requirements in order for the site to work in any browser.
The Microsoft Update Catalog website is being updated to remove the ActiveX requirement so it can work with any browser. Currently, Microsoft Update Catalog still requires that you use Internet Explorer. We are working to remove the ActiveX control requirement, and expect to launch the updated site soon.
Good news! As of yesterday, the site has been updated and you can now access the Microsoft Update Catalog site using any browser including Edge, Google Chrome, and others with the following URL: http://www.catalog.update.microsoft.com. Here’s the blog post by Michael Niehaus with the announcement.
There is a widespread report of System Center Operations Manager (SCOM) 2012 R2 / 2016 console crashes due to some bugs in October 2016 Cummulative Updates, in particular with the following patches: KB3194798 / KB3192392 / KB3185330 / KB3185331.
The product team has acknowledged the issue on their blog post and is said to be working on releasing a fix soon. The current recommendation is to uninstall the problematic patches as a temporary workaround. According to the blog post, an announcement will be made on the SCOM Team blog when a fix has been made available. So, keep a close eye on it.
Here’s a fix it tool to keep Windows up-to-date, fix errors, and other issues that crop up with Windows Update. You can fix the problem yourself or get help from the community. You can access the tool HERE!
Sometimes, for various reasons, one must perform a WSUS reset function to make the WSUS server happy again. The reset process forces a resync of each update in the WSUS server with Microsoft services. This task can take a long time to complete as each update will be re-evaluated and re-downloaded, so be patient.
Here’s the command to run from an administrator command prompt:: %SystemDrive%\Program Files\Update Services\Tools\WsusUtil.exe reset
Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook to stay current on technology related matters.