If admins were planning on a light month of security updates from Microsoft, they’ll have to plan on spending more time to implement them.
In its advance security notification, Microsoft said it would release eight security updates in the latest Patch Tuesday cycle. Two of the bulletins are marked as critical and six are marked as important.
Both critical bulletins will address remote code vulnerabilities. Multiple versions of Internet Explorer and Windows will be affected, as will multiple versions of SharePoint and Office Web Apps servers and other productivity software.
The important bulletins will address remote code execution, elevation of privilege, denial of service and security feature bypass vulnerabilities. Multiple versions of Office and Windows will be affected.
Microsoft has already released an out-of-band security update this month for a critical remote code execution vulnerability affecting Internet Explorer. Many were surprised by the company’s decision to include Windows XP in the update because the company said it would stop supporting it in April this year.
Microsoft has also gone against last year’s trend of releasing a large number of security updates each Patch Tuesday. At this point in 2013, Microsoft had already released 46 security bulletins. This month’s bulletins bring the 2014 total up to 28.
What do you think of this month’s Patch Tuesday security updates? Let us know in the comments below or on Twitter @SearchWinServer.
In our monthly feature, we round up the most popular content on our site and share it with you.
For April, our readers were most interested in the latest Patch Tuesday updates, changes to Azure cloud pricing and the Work Folders feature.
Limbo game continues with Microsoft Azure, AWS and Google
Will the latest price cuts in Microsoft Azure attract new customers? That’s the question many analysts are asking after the company slashed its Azure compute and cloud storage prices to continue competing with AWS and Google.
Patch Tuesday security updates mark end-of-life for multiple products
March was a light month for Patch Tuesday updates with only two critical and two important updates. It was also the last month Microsoft officially supported Windows XP, Exchange Server 2003 and Office 2003.
Simplify your Work Folders setup in Windows Server 2012 R2
It’s possible to have an easy setup for Work Folders if your organization decides to use them. The setup process will generally include installing the Work Folders feature, setting up the sync share and using PowerShell for Work Folders.
Don’t forget these important Work Folders considerations
As you continue setting up Work Folders in your organization, you’ll also need to configure SSL connections and DNS records before enrolling clients. The setup seems simple enough, but you’ll have a few caveats to setting up and using Work Folders.
Four capabilities and features in WSUS admins should know
There are a number of additions to Windows Server Update Services in Windows Server 2012 R2, but there are four noteworthy features admins should take notice of. New PowerShell cmdlets and separate WSUS versions are a sample.
What content was most helpful for you last month? Was it something we didn’t include on the list? Let us know in the comments below or on Twitter @SearchWinServer.
IT pros can now install the Windows 8.1 Update but are not forced to do so before next month’s Patch Tuesday.
In a blog post issued by Microsoft, the company said it extended the time frame for IT administrators to deploy the update from 30 to 120 days.
The extension comes a week after Microsoft said there was a bug in Windows 8.1 Update and recommended businesses wait to deploy the update until the company issued a fix.
While Microsoft has resolved the connectivity bug with Windows Server Update Services 3.2, IT pros would have had to deploy the Windows 8.1 Update relatively quickly throughout their organization. If the Windows 8.1 endpoints did not have the latest Update release, those devices would not be able to install future security and non-security updates starting with the May 2013 Patch Tuesday release. This new update support strategy also applies to Windows Server 2012 R2 and Windows 8.1 Industry customers.
“In order to receive future updates, all customers managing updates using WSUS, Windows Intune, or System Center Configuration Manager have until August 12th to apply the new updates. For those that decide to defer installation, separate security updates will be published during the 120-day window,” according to the post.
Microsoft’s push to have organizations quickly deploy Windows 8.1 Update falls in line with its strategy to offer a faster cadence for upgrading products. However, IT pros need time to test the updates before deploying it throughout their organization. The small time frame Microsoft offered was not realistic for many IT pros, especially in light of the end of support for Windows XP and the recent security issues surrounding the Heartbleed bug, which called for IT pros to quickly ensure the integrity of their data.
Enterprises excited to get their hands on the latest Windows 8.1 improvements – including features focused on easing keyboard-and-mouse usage — might have to wait a bit longer. Microsoft pulled the Windows 8.1 update released yesterday because of an issue with Windows Server Update Services.
According to a blog post from Microsoft detailing the issue, it needed a complex set of parameters for the update to cause problems. The scenario involves installing the latest update on the client machine and it checks against WSUS 3.2 running on Windows Server 2003 SP2, Windows Server 2003 R2 SP2, Windows Server 2008 SP2 or Windows Server 2008 R2 SP1. It will fail if those machines have HTTPS and Secure Sockets Layer are enabled, and if TLS 1.2 is not enabled.
Scans will fail if this happens, which prompted Microsoft to pull the update from WSUS. The easy workaround is to enable TLS or disable HTTPS.
The update is still available through other Windows Update channels, including MSDN and Windows Update Catalog, but Microsoft recommends delaying deployment until it releases a fix.
Are your client machines affected by this bug? Let us know in the comments or on Twitter @SearchWinServer.
This is a busy week for Microsoft releases. In addition to delivering the latest Patch Tuesday updates, the company delivered Microsoft Virtual Machine Converter (MVMC) 2.0, a stand-alone tool that converts VMware-based virtual disks and VMs to Hyper-V-based virtual hard disks and VMs.
In a post on the Server and Cloud blog, Microsoft said the freely available download includes a number of new and updated features. One new feature, on-premises VM to Azure VM conversion, can migrate VMware VMs to Azure. The company also included a PowerShell interface to help admins automate migrations with workflow tools such as System Center Orchestrator.
Features added to MVMC 2.0 include support for VMware virtual hardware, additional support for ESX(i) 5.5 and vCenter as well as Linux Guest OS migration. The Linux Guest OS migration includes support for Ubuntu, Oracle, Red Hat Enterprise, SuSE enterprise, Debian and CentOS.
The release of MVMC 2.0 offers enterprises a simple and low-cost conversion option, something that’s become more important in recent years, Microsoft said. The tool can be downloaded here.
Microsoft also said customers can expect to see MVMC 3.0 this fall. That version will include P2V machine conversion for supported Windows versions.
What do you think of the MVMC 2.0 release? Let us know in the comments below or on Twitter @SearchWinServer.
It’s another light month of security updates, but admins should be aware that this is the last month to receive some of those updates.
In its advance security notification, Microsoft said it would release four bulletins in its latest Patch Tuesday cycle. Two of the bulletins are marked as critical and two are marked as important.
The critical bulletins address remote code execution vulnerabilities. Multiple versions of Internet Explorer, Windows, Office, Office Services and Office Web Apps will be affected.
The important bulletins also address remote code execution vulnerabilities. Multiple versions of Windows and Office will be affected.
This is the last month Microsoft will provide support for two products that have been popular with customers. This cycle of Patch Tuesday security updates includes some of the final support the company will give for Windows XP and Office 2003.
What do you think of the latest Patch Tuesday security updates? Let us know in the comments below or on Twitter @SearchWinServer.
In our monthly feature, we bring you the most-read content from the previous month and share it with you. For March, our readers were interested in the latest Patch Tuesday updates, how Hyper-V fits into Windows Server 2012 R2 and changes in System Center.
What content helped you or your organization most last month? Was it something we didn’t include on our list? Let us know in the comments below or on Twitter @SearchWinServer.
Why to consider running Hyper-V in Windows Server 2012 R2
Hyper-V and the latest version of Windows Server work really well together. One expert points out five reasons why your enterprise should consider running the two together, including VHDX and VHDX resize.
Latest Patch Tuesday cycle delivers critical DirectShow, IE fixes
The latest batch of Patch Tuesday updates included a total of five fixes, including critical fixes for Internet Explorer and DirectShow. It also included some of the last updates for Windows XP before it hits its end-of-life this month.
Essential guide covers how Microsoft System Center has evolved
This essential guide covers what’s new and what’s changed in the Microsoft System Center suite, including an understanding of its evolution, its cloud management tale and Virtual Machine Manager.
The basics of an offloaded data transfer
Learn about offloaded data transfers and how they fit in with Windows Server 2012, including how it’s different from regular file transfers and how your enterprise could benefit from taking advantage of them.
ODX file transfer requirements
Before completing offloaded file transfers in Windows Server 2012, it’s important for admins to understand some of the requirements, including storage array compatibility and locating virtual hard disks on ODX-capable LUNs.
Admins will have a light number of security updates to apply for this month’s Patch Tuesday.
In its advance security notification, Microsoft said it will release five security updates in this cycle. Two of the bulletins are marked as critical and three are marked as important.
The critical bulletins address remote code execution vulnerabilities. Multiple versions of Internet Explorer and Windows are affected.
The important bulletins address elevation of privilege and security feature bypass vulnerabilities. Multiple versions of Windows are affected as well as Microsoft Silverlight.
Microsoft said it would also release an updated version of the Malicious Software Removal Tool.
This is the second month in a row in which IE is receiving a critical security update. In last month’s Patch Tuesday security updates, Microsoft released a fix to address 24 vulnerabilities.
What do you think of the latest Patch Tuesday security updates? Let us know in the comments below or on Twitter @SearchWinServer.
In our monthly feature, we highlight the content that’s been most popular with our readers and share it with you.
For February, Windows Server admins were interested in new Microsoft CEO Satya Nadella, the latest Patch Tuesday updates and securing Windows Server.
IT pros react to Satya Nadella as new Microsoft CEO
Nadella brings another area of expertise to the Microsoft CEO position with his technical background, and IT pros look at the different ways that experience could affect Microsoft’s future.
Five things Nadella should do as the new CEO
Our associate site editor lists five different actions Nadella should take to keep Microsoft competitive, including potential acquisitions and rethinking the advisory role Bill Gates will take on.
Latest Patch Tuesday updates include super-sized IE patch, Windows fixes
Windows Server admins have seven security updates to be aware of the latest round of Patch Tuesday bulletins, including a critical IE update addressing 24 vulnerabilities and a critical Exchange Server 2010 update.
Using Windows Server 2012 R2 Hyper-V to build out private clouds
Windows Server 2012 R2 Hyper-V has four key advantages for organizations looking to build private clouds in the data center, which can do everything from taking pressure off of systems during migrations to managing applications and data centers.
Five ways to keep Windows Server deployments secure
Security breaches are regularly in the news these days, forcing admins to reevaluate their strategies for keeping their deployments secure. This feature looks at five different approaches to securing deployments.
What content was most helpful to you last month? Was it something we didn’t include on our list? Let us know in the comments below or on Twitter @SearchWinServer.
Update (Feb. 10): Microsoft released two additional bulletins to be included in February’s Patch Tuesday cycle. The two security updates are marked as critical and will address remote code execution vulnerabilities in multiple versions of Windows and Internet Explorer. These last-minute additions raise the numbers for this month’s Patch Tuesday to four critical updates and seven total updates.
Original post: Admins expecting to see Microsoft go back to releasing a large number of security updates for February’s Patch Tuesday will be disappointed.
In its advance security notification, the company said it would release five bulletins in the latest Patch Tuesday cycle. Two of the bulletins are marked as critical and three are marked as important.
The critical bulletins address remote code execution vulnerabilities. They affect multiple versions of Windows as well as Forefront Protection Manager 2010 for Exchange Server.
The three important bulletins address elevation of privilege, information disclosure and denial of service vulnerabilities. They affect multiple versions of Windows.
This is the second month in a row with a small number of security updates in the Patch Tuesday cycle. Last month’s Patch Tuesday only had four important bulletins, none of which were critical.
What do you think of the latest Patch Tuesday updates? Let us know in the comments below or on Twitter @SearchWinServer.