MS Feb 2019 Software Update Deployment To Park IT PCs

Please see below a list of the February 2019 MS Software Updates. The updates will be deployed to your PCs today. If you have any problems with the updates or do not receive the updates, then please let me know. It is imperative that the updates get installed on as many PCs as possible at this stage of the roll out so that we can test against any potential issues.

For those of you doing the Mee Too checks, please let me know if you get any issues.

If your PC name has changed because of a Windows 10 upgrade then please provide the name.

List of Updates…

2019-02 Security Update for Adobe Flash Player for Windows 10 Version 1809 for x64-based Systems (KB4487038)
2019-02 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based systems (KB4486474)
2019-02 Cumulative Security Update for Internet Explorer 11 for Windows 7 for x86-based systems (KB4486474)
2019-02 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for x64 (KB4483452)
2019-02 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4487026)
2019-02 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4487020)
2019-02 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4486996)
2019-02 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4486996)
2019-02 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4487017)
2019-02 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4487017)
2019-02 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4487044)
2019-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4487078)
2019-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 and Server 2008 R2 for x64 (KB4487078)
2019-02 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4486563)
2019-02 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4486563)
2019-02 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x64-based Systems (KB4487038)
2019-02 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4487038)
2019-02 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x64-based Systems (KB4487038)
2019-02 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x86-based Systems (KB4487038)
2019-02 Security Update for Adobe Flash Player for Windows 10 Version 1803 for x64-based Systems (KB4487038)
2019-02 Security Update for Adobe Flash Player for Windows 10 Version 1803 for x86-based Systems (KB4487038)
2019-02 Servicing Stack Update for Windows 10 Version 1607 for x64-based Systems (KB4485447)
2019-02 Servicing Stack Update for Windows 10 Version 1703 for x64-based Systems (KB4487327)
2019-02 Servicing Stack Update for Windows 10 Version 1709 for x64-based Systems (KB4485448)
2019-02 Servicing Stack Update for Windows 10 Version 1709 for x86-based Systems (KB4485448)
2019-02 Servicing Stack Update for Windows 10 Version 1803 for x64-based Systems (KB4485449)
2019-02 Servicing Stack Update for Windows 10 Version 1803 for x86-based Systems (KB4485449)
Adobe Acrobat DC Update 19.010.20091
Adobe Acrobat Reader DC Update 19.010.20091
Adobe Flash Player 32-bit/64-bit ActiveX 32.0.0.142
Adobe Flash Player 32-bit/64-bit Plugin 32.0.0.142
Adobe Flash Player 32-bit/64-bit PPAPI 32.0.0.142
Office 365 Client Update – Monthly Channel Version 1901 for x64 based Edition (Build 11231.20174)
Office 365 Client Update – Monthly Channel Version 1901 for x86 based Edition (Build 11231.20174)
Security Update for Microsoft Excel 2010 (KB4462186) 32-Bit Edition
Security Update for Microsoft Excel 2013 (KB4461597) 32-Bit Edition
Security Update for Microsoft Excel 2013 (KB4461597) 64-Bit Edition
Security Update for Microsoft Excel 2016 (KB4462115) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB4018313) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB4018313) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB4462174) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB4462174) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB4462177) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB4018300) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB4018300) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB4462138) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB4462138) 64-Bit Edition
Security Update for Microsoft Office 2016 (KB4018294) 32-Bit Edition
Security Update for Microsoft Office 2016 (KB4462146) 32-Bit Edition
Update for Microsoft Access 2013 (KB4032252) 32-Bit Edition
Update for Microsoft Access 2013 (KB4032252) 64-Bit Edition
Update for Microsoft Access 2016 (KB4032257) 32-Bit Edition
Update for Microsoft Office 2010 (KB4462172) 32-Bit Edition
Update for Microsoft Office 2010 (KB4462187) 32-Bit Edition
Update for Microsoft Office 2013 (KB3172473) 32-Bit Edition
Update for Microsoft Office 2013 (KB3172473) 64-Bit Edition
Update for Microsoft Office 2013 (KB4461444) 32-Bit Edition
Update for Microsoft Office 2013 (KB4461444) 64-Bit Edition
Update for Microsoft Office 2013 (KB4461550) 32-Bit Edition
Update for Microsoft Office 2016 (KB4022161) 32-Bit Edition
Update for Microsoft Office 2016 (KB4461536) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB4462182) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB4462141) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB4462141) 64-Bit Edition
Update for Microsoft Outlook 2016 (KB4462147) 32-Bit Edition
Update for Microsoft PowerPoint 2016 (KB4461599) 32-Bit Edition
Update for Microsoft Project 2016 (KB4462134) 32-Bit Edition
Update for Microsoft Visio 2010 (KB3115314) 32-Bit Edition
Update for Microsoft Word 2016 (KB4462145) 32-Bit Edition
Update for Skype for Business 2015 (KB4462135) 32-Bit Edition
Update for Skype for Business 2015 (KB4462135) 64-Bit Edition
Update for Skype for Business 2016 (KB4462114) 32-Bit Edition

Update to the Windows 10 Staff Task Sequence on 25/01/19

The Windows 10 Staff Task Sequences will be updated on Friday 25th January. The Task Sequence will be at risk during this period. It is therefore recommended that you do not attempt to image any Windows 10 staff computers at this time.

The following change will be made….

Add Step to reset USB Hubs just before reboot out of WinPE. This is necessary if the Dell DA300 USB-C Mobile Adapter is being used for imaging. The step is only applied to when imaging the following Dell devices:

 Latitude 3390
 Latitude 5290
 XPS 13 9365
 XPS 13 9370

Please note we do not advise imaging computers via a docking station. For the listed machines we recommend using the Dell DA200 or DA300 Adapters.

The McAfee Agent will also be updated to version 5.5.0.447 at the same time.

TIMESCALE

25/01/19 – 08:00am-10:00 am

CAN I GET MORE INFORMATION AND HELP?
Please contact our Service Desk at it.services@lboro.ac.uk for more information

Configuration Manager Unavailable – 19/12/2018 AM

The RAID Controller battery in sccm-lu1-store has failed and needs replacing. This server contains all the source files for software, images, software updates etc. At present this is causing slower write speeds from the software source location to the Distribution Points.
We advise not imaging or downloading applications from the Software Centre during this time.

If the time scales change or we encounter any problems after testing then a further correspondence will be sent out.

Timescale: – 19/12/2018 11:00am 13:00pm approx.

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information.

Nessus Scan Security Changes

A security scan was run against the W10 staff service and some vulnerabilities were dentified.

Timescale:

The changes are being applied via Group Policy in the following order…

1. 03/12/18 – IT-Depstaff
2. 05/12/18 – FM-Deptstaff
3. 10/12/18 – ProServ Staff
4. 12/12/18 – WS-SchoolStaff
5. Live to Windows 10 Service

Changes

The Nessus scan has identified several registry entries that need to be created or changed on the Staff Service.

1. Need to Disable Week Cyphers – https://littlehyenas.wordpress.com/2014/04/12/disable-rc4-cipher-suites-on-remote-desktop/
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client – Enable 0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server – Enable 0
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128 – Enable 0

2. Fix CVE-2017-8529 – An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user’s computer. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplorer – 1
HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplorer – 1

3. MS KB2960358: Update for Disabling RC4 in .NET TLS
HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\SchUseStrongCrypto – 1
HKLM\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727 – 1

4. MSIs can not run from the Downloads folder and need moving to another location to install if trusted.

November 2018 Task Sequence Media

The new November 2018 Task Sequence media has been created and can be found in the following location: –
\\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\ TS_Media_Nov18.zip

Documentation – “\\ws2.lboro.ac.uk\DesktopResource\Windows\TaskSequenceMedia\Create an SCCM WinPE disk or USB Flash Drive.docx”

Existing USB media will have to be updated. PXE imaging will work as normal.

CAN I GET MORE INFORMATION AND HELP?

Please contact our Service Desk at it.services@lboro.ac.uk for more information.

The Configuration Manager HP Server Firmware needs to be security patched

The Configuration Manager HP Server Firmware needs to be security patched in order to resolve a Critical vulnerability.

The Configuration Manager service will be unavailable during this time whilst the servers are updated. During this time you will be unable to reimage, carry out an in-place upgrade or provision. Software updates will not be deployed and you will not be able to install any software from the Software Centre.

You will be notified when service is resumed.

Time: – 20/07/2018

Updating Windows 10 Images

Windows 10 In-Place Upgrades and Re-imaging Task Sequences will be updated during the Task Sequence at risk period. It is therefore recommended that you do not image or in-place upgrade any machines at this time.

The Microsoft May 2018 Operating Software Updates will be added to the W10 images. This is to ensure that images are secure at the time of installing Windows 10 either via the IPU or reimaging process.

We will inform you when the work has been completed.

TIMESCALE – 17/05/18 – 08:00am-12:30pm

Configuration Manager Software Centre Fix

An error was identified when opening up the Configuration Manager Software Centre…

‘Software Centre can not be loaded. There is a problem loading the required components for Software Centre’

This error resulted in the user being unable to install any software or run the Windows 10 In-Place upgrade Task Sequence. The original workaround was to add the PC to a Legacy software centre collection.

We have now identified what the issue is and the fix is deployed via a group policy so there is no user impact.

The Advanced Configuration Manager Software Centre will then become available, once the fix is applied.

Timescale:

19/03/18. – The GPO containing the fix will be deployed to the Desktops and Laptops that have already exhibited the issue.

22/03/18 – The GPO will be applied to the Staff Windows 7 and Win Service in order to prevent further issues.