Microsoft Extends Windows Server 2012 Support

Microsoft has announced they will be extending mainstream and extended support dated for Windows Server 2012. Microsoft Lifecycle support has two five-year phases of windows products.

The Lifecycle Policy for Windows Server 2012 states that Mainstream Support will be provided for five years, or for two years after the successor product (N+1, where N=product version) is released, whichever is longer. Microsoft will also provide Extended Support for the five years following Mainstream Support or for two years after the second successor product (N+2) is released, whichever is longer. So the new end of support date for windows server will be

So the new end of support date for windows server will be October- 10, 2023 according to new updates from Microsoft the original date had been Jan- 10, 2023. It has been an extension of nine more months to the existing support for windows server 2012.

Mainstream support ends: Oct 9, 2018

Extended support ends: Oct 10, 2023

Microsoft Patch Tuesday Mar-2017

Microsoft Patch Tuesday released and has 18 bulletins, nine has rated as critical as they allow remote code execution on affected machines. These updates affect IE, Edge, Hyper-V, SMB Server, Microsft Graphics Component.

Remote Code Execution Vulnerabilities allow an attacker to remotely execute commands on a machine and perform virtually any action on the vulnerable machine.

Lets see full list of important\critical updates below :

Microsoft Patch Tuesday  Updates:

RED CRITICAL                   BLUEIMPORTANT

1) MS17-006 Cumulative Security Update for Internet Explorer (4013073)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

2) MS17-007 Cumulative Security Update for Microsoft Edge (4013071)

This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3) MS17-008 Security Update for Windows Hyper-V (4013082)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

4) MS17-009 Security Update for Microsoft Windows PDF Library (4010319)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

5) MS17-010 Security Update for Microsoft Windows SMB Server (4013389)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

6) MS17-011 Security Update for Microsoft Uniscribe (4013076)

This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

7) MS17-012  Security Update for Microsoft Windows (4013078)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.

8) MS17-013 Security Update for Microsoft Graphics Component (4013075)

This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

9) MS17-014 Security Update for Microsoft Office (4013241)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

10) MS17-015 Security Update for Microsoft Exchange Server (4013242)

This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

11) MS17-016 Security Update for Windows IIS (4013074)

This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

12) MS17-017 Security Update for Windows Kernel (4013081)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.

13) MS17-018 Security Update for Windows Kernel-Mode Drivers (4013083)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

14) MS17-019 Security Update for Active Directory Federation Services (4010320)

This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.

15) MS17-020 Security Update for Windows DVD Maker (3208223)

This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.

16) MS17-021 Security Update for Windows DirectShow (4010318)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

17) MS17-022 Security Update for Microsoft XML Core Services (4010321)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

18) MS17-023 Security Update for Adobe Flash Player

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

Download Excel sheet: MS Patches – 2017(006-023)

Microsoft Patch Tuesday Delayed

Microsoft has delayed all the bulletins release which is scheduled for February month no updates are available at Microsoft Security Update Guide . Currently, we are not sure when Microsoft will release February patches.

Microsoft Updated: “UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017

https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/

SCCM site information not publishing in DNS for Multiple Domains

Problem Statement: My current Organization(ex. MAK.com) has a merger with new Organization (Ex: ABC.com Company). We have AD trust relationship established between the new domain. When I am trying to install the SCCM client on ABC.com machines I am getting error in my locationsevices.log as  “DNS Service Record using _msms_mp_<Site Code>.tcp_<Domain Name> lookup DNS return error 9003″

DNS_Error.png

Solution:  I would like to check whether DNS is working fine and try to check all ports and communication is enabled to my SCCM server from the target machine hosted in (ABC.com) domain.

1) Check for the mpcontrol.log to check the Management Point status the below message suggest MP is working fine and healthy.

MP_Status.png

2) Re-Check in SCCM Server if DNS publishing is enabled for all the intranet Management points.

MP.png

3) To fix the DNS issue we can configure DNS publishing, enable dynamic updates by enabling it on DNS Zone.

DNS dynamic.png

Wait for few mins (15-20 mins) and check mpcontrol.log  and you will see in the logs SRV registration will be successful.

DNS_service record.png

5) If still, you face issue then the last step we can do is that we can publish SRV record manually. Let’s see below step by step how we can achieve it.

We need to create an SRV record in DNS server manually.  GoTo-> DNS Manager -> _sites ->_tcp -> Other New Records.

dns

record

srv

We will fill following fields in the SRV record as below:

_Service: _mssms_mp_<sitecode> (ex: _mssms_mp_P01)
_Proto: _tcp
Name: Specify the domain name (ex: ABC.com)
Priority: 0 (not used)
Weight: 0 (not used)
Port: 80 or 443
Target: The SCCM site server (ex: BLRSCCMPRI.COM)

srv-1

Wait for 10-15 mins and check the client machines(target machines) in ABC.com where we want to install the SCCM Client.

Now agent will be installed successfully.

This slideshow requires JavaScript.

SCCM Technical Preview 1701 now available!

Microsoft System Center Technical Preview update 1701 is available now let’s see in brief all new features available with new SCCM 1701 version. Microsoft has come out with few exciting few in TP 1701 we will be discussing below. All the information about SCCM TP 1701 is available at official siteWhen we install version 1701 your console version will update to 5.00.8482.1000. Let’s discuss SCCM TP 1701 new features:

1) UEFI inventory data:  A new hardware inventory class SMS_Firmware and property UEFI is available to help collect hardware information before we set the UEFI property should be set to value as “True”.

1701-1.png

1701-2  

2) Improvement to OSD: The maximum number of the application that can be installed in Install Application Task step increased from 9 to 99.

3) Device health attestation via Management Point:  A new advanced feature in Management point component properties. To configure on-device health attestation service URL, click on ADD button and provide URL.

1701-3

4)Updated Content Library CleanUp Tool: Command line tool (ContentLibraryCleanUp executable file ) used to remove content which is orphaned from the distribution point.

5) Improvement in Boundary Group for SUP: Configure boundary group to associate one or more host that host a SUP.

6) Host software updates on cloud-based distribution points: This version support cloud-based distribution point to host software updates but with hosting DP on the cloud will introduce additional cost.

 

Microsoft Security Update Guide (Portal)

Microsoft brings up with Security Update Guide Portal which is something cool and super exciting as this portal will make Patch Admin life much easier. When Microsoft release Patch Tuesday Patch Admin will follow Microsoft Security Bulletins to find out what all updates are released from the security bulletins site, Microsft didn’t have a common dashboard or portal to filter and sort them down based on Operating System and product.

Microsoft Security Bulletins.png

Monthly Patch List admins will compile to filter down patches based on Operating System and product.But using Security Update Guide portal things has become simpler and easier. From new portal we can:

  • Sort and filter security vulnerability and update content, for example, by CVE, KB number, product, or release date.
  • Filter out products that don’t apply to you, and drill down to more detailed security update information for products that do.
  • Leverage a new RESTful API to obtain Microsoft security update information. This eliminates the need for you to employ outdated methods like screen-scraping of security bulletin web pages to assemble working databases of necessary and actionable information.

portal

portal-1

Security Bulletins will be published till January 2017, from next month onwards we can find all the security updates information on the  Security Updates Portal.

 

Microsoft Patch Tuesday Jan-2017

Microsoft has released security & non-security updates for client and server version of Windows Operating System. Microsoft has released 4 security updates for January 2017, two bulletins are rated critical. It’s a good start for Patch Admins as MS has released only 4 updates and so far we haven’t heard any noise and issue with below all these updates.

Microsoft also released Windows 10 CU KB3213986, KB3210720, and KB3210721.

Microsoft Patch Tuesday Security Updates:

RED CRITICAL                   BLUEIMPORTANT

1) MS17-001 Security Update for Microsoft Edge (3214288) 

This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges.

2) MS17-002 Security Update for Microsoft Office (3214291)

This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

3)MS17-003 Security Update for Adobe Flash Player (3214628)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

4) MS17-004 Security Update for Local Security Authority Subsystem Service (3216771)

A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system’s LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Download Excel sheet : ms-patches-2017-001-004