Windows 10: Microsoft: fix security issue with non-security update. Instructions point to non-existent...

Discus and support Microsoft: fix security issue with non-security update. Instructions point to non-existent... in Windows 10 News to solve the problem; Can things get any worse than this? Microsoft published a security advisory yesterday -- ADV190005 | Guidance to adjust HTTP/2 SETTINGS frames -- which... Discussion in 'Windows 10 News' started by GHacks, Feb 21, 2019.

  1. GHacks
    GHacks New Member

    Microsoft: fix security issue with non-security update. Instructions point to non-existent...


    Can things get any worse than this? Microsoft published a security advisory yesterday -- ADV190005 | Guidance to adjust HTTP/2 SETTINGS frames -- which affects Windows Server running Internet Information Services (IIS).

    The security issue could be abused to cause CPU usage to increase to 100% until the malicious HTTP/2 "connections are killed by IIS".

    The advisory recommends to administrators that they install the February non-security updates for the version of Windows 10 that is installed on an affected device. Microsoft released cumulative updates for all supported versions of Windows 10 on the February Patch Tuesday that included security updates.

    The updates that Microsoft refers to in the advisory were released this week for Windows 10 version 1607 to 1803 (the update for Windows 10 version 1809 is being tested in the Release Preview ring currently) and the related Windows Server versions.

    No instructions available


    Microsoft: fix security issue with non-security update. Instructions point to non-existent... microsoft-windows-security-update-not-found.png

    It is not the first time that non-security updates update security related content. The main issue with the approach is that it weakens the already-very-weak distinction between the monthly security and non-security releases.

    The approach is far from ideal especially for administrators and users who install security-only patches exclusively on devices.

    What makes this particular security advisory even more problematic is that Microsoft asks customers to review a Knowledge Base article that does not exist.

    The security advisory was published yesterday, but the essential support article is not published yet (a day after the release). It is possible that Microsoft made an error when it added the link to the page, but someone would certainly have verified the link before hitting the publish button.

    It is unclear whether the installation of the updates fixes the issues or if other steps are required to resolve it completely.

    Closing Words


    This is not the first time that Microsoft released updates or advisories without publishing their support pages. I published Microsoft, please publish support pages before updates in 2016 to raise awareness for the issue.

    Users and administrators may encounter Windows updates and patches without option to find out what they actually do, may introduce issues, or have additional steps or requirements.

    Administrators could install the patches and hope for the best in this particular case, or wait until Microsoft publishes the support page. Both options are not very pleasant; the first could mean that important steps to protect the server are not implemented because of missing instructions, the second that attacks could hit the server while the administrator waits for Microsoft to release the support page.

    Now You: What would you do and what is your take on this? (via Ask Woody)

    Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Microsoft: fix security issue with non-security update. Instructions point to non-existent KB page appeared first on gHacks Technology News.

    read more...
     
    GHacks, Feb 21, 2019
    #1
  2. Brink Win User

    December 2018 Non-Security Office Update Release


    Source: December 2018 Non-Security Office Update Release Office Updates


    Microsoft: fix security issue with non-security update. Instructions point to non-existent... [​IMG]
    Tip Latest Office Updates for Windows
     
    Brink, Feb 21, 2019
    #2
  3. Microsoft to Roll Out Four Security Updates Next Week

    Oh that's right, I forgot. Not a single other OS in existence receives regular security patches and updates...

    Why don't you go back under your bridge?
     
    Solidstate89, Feb 21, 2019
    #3
  4. Brink Win User

    Microsoft: fix security issue with non-security update. Instructions point to non-existent...

    November 2018 Non-Security Office Update Release


    Source: November 2018 Non-Security Office Update Release Office Updates



    Microsoft: fix security issue with non-security update. Instructions point to non-existent... [​IMG]
    Tip Latest Office Updates for Windows
     
    Brink, Feb 21, 2019
    #4
Thema:

Microsoft: fix security issue with non-security update. Instructions point to non-existent...

Loading...
  1. Microsoft: fix security issue with non-security update. Instructions point to non-existent... - Similar Threads - Microsoft fix security

  2. Non existent drive

    in Windows 10 Software and Apps
    Non existent drive: I had an external drive that failed and was removed from the system. It still shows in my explorer tree. I went to windows security and said to scan the non- existent drive expecting to get an "error" of some type. Instead, I got results that said it scanned 18103 files in 17...
  3. Non existent drive

    in Windows 10 Drivers and Hardware
    Non existent drive: I had an external drive that failed and was removed from the system. It still shows in my explorer tree. I went to windows security and said to scan the non- existent drive expecting to get an "error" of some type. Instead, I got results that said it scanned 18103 files in 17...
  4. Non existent drive

    in Windows 10 Gaming
    Non existent drive: I had an external drive that failed and was removed from the system. It still shows in my explorer tree. I went to windows security and said to scan the non- existent drive expecting to get an "error" of some type. Instead, I got results that said it scanned 18103 files in 17...
  5. microphone is non existant

    in Windows 10 BSOD Crashes and Debugging
    microphone is non existant: I cannot get the microphone to work. https://answers.microsoft.com/en-us/windows/forum/all/microphone-is-non-existant/40debec0-8ed5-4693-8fca-3a5a8508e323
  6. microphone is non existant

    in Windows 10 Gaming
    microphone is non existant: I cannot get the microphone to work. https://answers.microsoft.com/en-us/windows/forum/all/microphone-is-non-existant/40debec0-8ed5-4693-8fca-3a5a8508e323
  7. microphone is non existant

    in Windows 10 Software and Apps
    microphone is non existant: I cannot get the microphone to work. https://answers.microsoft.com/en-us/windows/forum/all/microphone-is-non-existant/40debec0-8ed5-4693-8fca-3a5a8508e323
  8. Non existent account

    in Windows 10 Gaming
    Non existent account: Hello, today I tried to login to my minecraft via my microsoft account, I had the same one for years. But now it says it doesnt exist, i cant do anything because everytime i write the email adress, its non existent. So I tried couple of things and I found out someone complete...
  9. A non-existent problem

    in Windows Hello & Lockscreen
    A non-existent problem: Every time I switch my laptop on I get the following message : " Microsoft account problem we need to fix the problem go to settings to fix the problem " Every time for the last two months I go to settings and fix the supposed problem and get a message back saying that your...
  10. Microsoft confirms it will still ship Windows 10 non-security fixes

    in Windows 10 News
    Microsoft confirms it will still ship Windows 10 non-security fixes: Because of the health issues around the world, a lot of people are working from home and people including the government officials are relying on their PCs even more than they always do. As a result, Microsoft announced that it would no longer release optional updates for...