IBM BigFix Patch: Content Release: Patches for Windows published 2018-01-05

Release Announcements Patch (Release Announcements)
1

Content in the Patches for Windows Site has been released.

New Fixlets:

Fixlets for Microsoft Security Bulletins:
MS18-JAN: Security update for SQL Server 2017 GDR - SQL Server 2017 - KB4057122 (x64) (ID: 405712201)
MS18-JAN: Cumulative Update 7 for SQL Server 2016 SP1 - SQL Server 2016 SP1 - KB4057119 (x64) (ID: 405711901)
MS18-JAN: Security update for SQL Server 2016 GDR SP1 - SQL Server 2016 SP1 - KB4057118 (x64) (ID: 405711801)
MS18-JAN: Security update for the Windows GDI information disclosure vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4056944 (ID: 405694403)
MS18-JAN: Security update for the Windows GDI information disclosure vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4056944 (x64) (ID: 405694401)
MS18-JAN: Security update for the Microsoft Color Management information disclosure vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4056942 (ID: 405694203)
MS18-JAN: Security update for the Microsoft Color Management information disclosure vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4056942 (x64) (ID: 405694201)
MS18-JAN: Security update for the ATMFD.Dll information disclosure vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4056941 (ID: 405694103)
MS18-JAN: Security update for the ATMFD.Dll information disclosure vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4056941 (x64) (ID: 405694101)
MS18-JAN: Security Only Quality Update - Security Only - Windows Server 2012 - KB4056899 (x64) (ID: 405689901)
MS18-JAN: Security Only Quality Update - Security Only - Windows 8.1 - KB4056898 (ID: 405689805)
MS18-JAN: Security Only Quality Update - Security Only - Windows 8.1 - KB4056898 (x64) (ID: 405689803)
MS18-JAN: Security Only Quality Update - Security Only - Windows Server 2012 R2 - KB4056898 (x64) (ID: 405689801)
MS18-JAN: Security Only Quality Update - Security Only - Windows 7 SP1 - KB4056897 (ID: 405689705)
MS18-JAN: Security Only Quality Update - Security Only - Windows Server 2008 R2 SP1 - KB4056897 (x64) (ID: 405689703)
MS18-JAN: Security Only Quality Update - Security Only - Windows 7 SP1 - KB4056897 (x64) (ID: 405689701)
MS18-JAN: Cumulative Update for Windows 10 Version 1507 - Windows 10 Version 1507 LTSB - KB4056893 (ID: 405689303)
MS18-JAN: Cumulative Update for Windows 10 Version 1507 - Windows 10 Version 1507 LTSB - KB4056893 (x64) (ID: 405689301)
MS18-JAN: Delta Update for Windows 10 Version 1709 - Windows 10 Version 1709 - Delta Update - KB4056892 (ID: 405689207)
MS18-JAN: Delta Update for Windows 10 Version 1709 - Windows 10 Version 1709 - Delta Update - KB4056892 (x64) (ID: 405689205)
MS18-JAN: Cumulative Update for Windows 10 Version 1709 - Windows 10 Version 1709 - KB4056892 (ID: 405689203)
MS18-JAN: Cumulative Update for Windows 10 Version 1709 - Windows 10 Version 1709 - KB4056892 (x64) (ID: 405689201)
MS18-JAN: Delta Update for Windows 10 Version 1703 - Windows 10 Version 1703 - Delta Update - KB4056891 (x64) (ID: 405689107)
MS18-JAN: Cumulative Update for Windows 10 Version 1703 - Windows 10 Version 1703 - KB4056891 (x64) (ID: 405689105)
MS18-JAN: Delta Update for Windows 10 Version 1703 - Windows 10 Version 1703 - Delta Update - KB4056891 (ID: 405689103)
MS18-JAN: Cumulative Update for Windows 10 Version 1703 - Windows 10 Version 1703 - KB4056891 (ID: 405689101)
MS18-JAN: Delta Update for Windows 10 Version 1607 - Windows 10 Version 1607 - Delta Update - KB4056890 (ID: 405689011)
MS18-JAN: Cumulative update for Windows 10 Version 1607 - Windows 10 Version 1607 - KB4056890 (ID: 405689009)
MS18-JAN: Delta Update for Windows 10 Version 1607 - Windows 10 Version 1607 - Delta Update - KB4056890 (x64) (ID: 405689007)
MS18-JAN: Cumulative Update for Windows 10 Version 1607 - Windows 10 Version 1607 - KB4056890 (x64) (ID: 405689005)
MS18-JAN: Cumulative Update for Windows Server 2016 - Windows Server 2016 - KB4056890 (x64) (ID: 405689003)
MS18-JAN: Delta Update for Windows Server 2016 - Windows Server 2016 - Delta Update - KB4056890 (x64) (ID: 405689001)
MS18-JAN: Cumulative Update for Windows 10 Version 1511 - Windows 10 Version 1511 - KB4056888 (ID: 405688803)
MS18-JAN: Cumulative Update for Windows 10 Version 1511 - Windows 10 Version 1511 - KB4056888 (x64) (ID: 405688801)
MS18-JAN: Security update for the SMB Server elevation of privilege vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4056759 (ID: 405675903)
MS18-JAN: Security update for the SMB Server elevation of privilege vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4056759 (x64) (ID: 405675901)
MS18-JAN: Security update for the elevation of privilege vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4056615 (ID: 405661503)
MS18-JAN: Security update for the elevation of privilege vulnerability in Windows Server 2008 - Windows Server 2008 SP2 - KB4056615 (x64) (ID: 405661501)
MS18-JAN: Cumulative security update for Internet Explorer - Windows Server 2012 - IE 10 - KB4056568 (x64) (ID: 405656817)
MS18-JAN: Cumulative security update for Internet Explorer - Windows Server 2008 SP2 - IE 9 - KB4056568 (ID: 405656815)
MS18-JAN: Cumulative security update for Internet Explorer - Windows Server 2008 SP2 - IE 9 - KB4056568 (x64) (ID: 405656813)
MS18-JAN: Cumulative security update for Internet Explorer - Windows 8.1 - IE 11 - KB4056568 (x64) (ID: 405656811)
MS18-JAN: Cumulative security update for Internet Explorer - Windows 7 SP1 - IE 11 - KB4056568 (ID: 405656809)
MS18-JAN: Cumulative security update for Internet Explorer - Windows 7 SP1 - IE 11 - KB4056568 (x64) (ID: 405656807)
MS18-JAN: Cumulative security update for Internet Explorer - Windows Server 2008 R2 SP1 - IE 11 - KB4056568 (x64) (ID: 405656805)
MS18-JAN: Cumulative security update for Internet Explorer - Windows Server 2012 R2 - IE 11 - KB4056568 (x64) (ID: 405656803)
MS18-JAN: Cumulative security update for Internet Explorer - Windows 8.1 - IE 11 - KB4056568 (ID: 405656801)
MS18-JAN: Cumulative Update 3 for SQL Server 2017 - SQL Server 2017 - KB4052987 (x64) (ID: 405298701)
[Major] 4072699: Set registry value to unblock installation of security updates - Windows 7 / Windows Server 2008 R2 / Windows Server 2012 / Windows 8.1 / Windows Server 2012 R2 / Windows 10 / Windows Server 2016 (ID: 407269901)

Modified Fixlets:

[Major] MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual Studio 2010 SP1 (ID: 1102535)

Reason for Update:

Microsoft has released security updates for January 2018.
Fixlet for MS11-025 was updated for false positive.

Actions to Take:

None

Published site version:

Patches for Windows, version 2900.

Important notes:

Microsoft requires a registry value to be set for the endpoints to receive security updates for Windows operating system. The registry value will not be set if you do not have an anti-virus software installed. You can use task 407269901 to set the value. However, if you have an anti-virus software installed, contact the vendor to confirm that the software is compatible and set the registry value, instead of applying this task.
KB4056613 was announced but not made available, at the time of writing.

Application Engineering Team
IBM BigFix

2

Just FYI, Fixlet ID 405656817 is missing a release date.

3

It also doesn’t evaluate correctly. Despite the key being there (we use Kaspersky and this is corrected in KES 10 SP2 MR1), Fixlet ID 407269901, evaluates to True, which is NOT correct.

Here is the export of that key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat]
"cadca5fe-87d3-4b96-b7fb-a231484277cc"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc]
@=dword:00000000

Now if you run the Action script, it will then evaluate to False. If you export the key again and compare to the original export, there is NO difference. If you try and revert, import the original key again, it STILL evaluates to False.

Can anyone else confirm?

4

Curious why these were released prior to Patch Tuesday (Jan 9th) ?

5

Out-of-Band updates for SPECTRE/Meltdown.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

6

I noticed that our x64 machines were not showing relevant for the updates despite having the registry keys on the machines.

I copied the tasks and changed the following to use native registry instead and machines then became relevant for the updates:

exists value “cadca5fe-87d3-4b96-b7fb-a231484277cc” whose (it as integer = 0) of keys “QualityCompat” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion” of registry

to:

exists value “cadca5fe-87d3-4b96-b7fb-a231484277cc” whose (it as integer = 0) of keys “QualityCompat” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion” of native registry

7

How are you setting the reg key (via task/gpo/3rd party av vendor) ?

8

Symantec is setting the key.

9

makes sense now, so IBM need to update the fixlets to look for the reg key in either wow6432node or native.
@BaiYunfei

10

There is also a task that was published along with the patches that will do this for you if it is not set already for some reason. The name is “4072699: Set registry value to unblock installation of security updates - Windows 7 / Windows Server 2008 R2 / Windows Server 2012 / Windows 8.1 / Windows Server 2012 R2 / Windows 10 / Windows Server 2016”

11

some vendors are setting this key too, so the fixlets need to accomodate that scenario

12

I just sent a note over to dev to have them look at this.

1 Like
13

Please ask to review the 4072699 that is just considering registry 32bits in the relevance…

14

We are reviewing the relevance for this section

1 Like
15

There will be a re-publish to address the QualityCompat relevance for the fixlets.

3 Likes
16

We’ll have a formal announce but version 2903 of the site is now available.

1 Like