Patch Watch: July’s Releases Fix June’s Issues

Susan Bradley

Included in the July 2017 cumulative update are several fixes precipitated by last month’s June updates. The 1703 release of KB4025342 includes the following fixes:

  • It addresses an issue introduced by KB4022716 where Internet Explorer 11 may close unexpectedly when you visit some websites – this issue introduced by June’s security updates.
  • It addresses an issue to improve MediaCreationTool.exe support for Setup Tourniquet scenarios.
  • It addresses an issue with CoreMessaging.dll that may cause 32-bit apps to crash on the 64-bit version of the Windows OS.
  • It addressesan an issue where Visual Studio or a WPF application may terminate unexpectedly (stops responding, followed by a crash) when running on a pen and/or touch enabled machine with Windows 10 Creators Update.
  • It addresses an issue that causes the system to crash when certain USB devices are unplugged while the system is asleep.
  • It addresses an issues with screen orientation that stops working after lid close and lid open transitions.
  • It addresses an issue that causes .jpx and .jbig2 images to stop rendering in PDF files.
  • It addresses an issue where users could not elevate to Administrator through the User Account Control (UAC) dialog when using a smart card.
  • It addresses an issue where input using the Korean handwriting feature dropped the last character of a word or moved it to the next line incorrectly.
  • It addresses an issue with a race condition between the App-V Catalog Manager and the Profile Roaming Service. A new registry key is available to control the waiting period for App-V Catalog Manager, which allows any third-party Profile Roaming Service to complete.

This update includes security fixes for the following products:

  • Internet Explorer 11
  • Microsoft Edge
  • Windows Search
  • Windows kernel
  • Windows shell
  • Microsoft Scripting Engine
  • Windows Virtualization
  • Datacenter Networking
  • Windows Server
  • Windows Storage and File Systems
  • Microsoft Graphics Component
  • Windows kernel-mode drivers
  • ASP.NET
  • Microsoft PowerShell
  • Tthe .NET Framework

1607 KB4025339, and 1511 KB4025344 fix similar issues.

If you are running Comodo’s security suite, be aware that you need to be on their latest release to support the 1703 release. As noted in their forums. it fixes incompatibility with KB4022716.

- What to do: Check that your antivirus tools are up to date and then install the Windows 10 updates.

Flash and Browser Review

Adobe has released the July flash update so expect updates to Chrome to support the Flash update. For Windows look for KB4025376 to update the Flash in Windows 10 and 8.1.

- What to do: Update Flash and then review your browsers to ensure they are up to date.

Tracking the Outlook Problems

I’m following up on several known issues that were introduced with the June security updates. The Office known issues page is tracking the resolution to these issues.

Tracking the fixes for the fixes has been turning into a Herculean task as, once again, Microsoft pulled all of the fixes they released for the issues introduced by June’s updates. If you are running the Office 365 click-to-run editions, you will have these fixes so long as you are on the current channel. If you are a customer who gets individual security updates, you are once again waiting for fixes.

Some of you may have issues opening attachments: When you open an attachment in an email, contact, or task formatted as Rich Text you get the following error: “The program used to create this object is Outlook. That program is either not installed on your computer or it is not responding. To edit this object, install Outlook or ensure that any dialog boxes in Outlook are closed.”

The fix for Outlook 2010 was originally in KB4011042. However this update has been pulled. There is no ETA for when this update will be rereleased. Outlook 2007 still has no workaround or patch at this time.

The underlying issues were caused by the following updates:

Issues opening files that include extra characters and long lengths is also still in limbo. The underlying issue was caused by the following updates:

While the issue appears to have been fixed for Click to Run customers, the fixes for the patches listed below have been pulled off of Microsoft’s servers:

  • Outlook 2010 in KB4011042 was pulled.
  • Outlook 2013 in KB3191849 was pulled
  • Outlook 2016 in 3213654 was pulled.The only workaround at this time is to ignore the advice given to you that the file isn’t trustworthy and open it anyway. Not the greatest advice in this era of Ransomware.If your admin has set ShowLevel1Attach to allow Outlook to display Level 1 attachments, you may see the error: “One or more objects in this file have been disabled due to your policy settings.” These were caused by the following updates:
  • Caused by KB3191938 Outlook 2013
  • KB3191932 Outlook 2016.

This has now been fixed in the July click to run release. The following fixes have been pulled and it’s unsure of when we will see revisions:

When you use a custom form that you have created for Outlook, you see the following two symptoms: VBScript does not run or you get a malicious code warning. No workaround at this time. The issue has been caused by the following updates:

There is still no workaround at this time.

Outlook search doesn’t work on all versions of Windows and all versions of Outlook. The fix for that is now rolled up into this month’s security updates.

Finally, iCloud will not load properly in Outlook 2007. To work around this issue, perform the following steps:

  • Click Start, click Run, type regedit in the Open box, and then click OK.
  • Locate and then click the following subkey in the registry:
  • HKCU\Software\Microsoft\Office\12.0\Outlook\Security\
  • On the Edit menu, point to New, and then click DWORD Value.
  • Type AllowUnregisteredMapiServices for the name of the DWORD, and then press Enter.
  • Right-click AllowUnregisteredMapiServices, and then click Modify.
  • In the Value data box, type 1 to enable the registry entry, and then click OK.
  • Exit Registry Editor, and then restart the computer

 

- What to do: Here’s hoping that July’s updates behave better than June’s updates. Until then stay tuned for the continuing saga of the June Outlook patch side effects.

Office Update Releases

For those of you on Office click to run versions, you should expect to be upgraded to the latest version in the background. If however, you have the old fashioned MSI – or patch based Office deployments expect to see the following updates:

Office 2016

  • KB3203477 Excel security fixes an non security fix for unexpected crashes
  • KB3213545 Fix for remote code execution in Office

Office 2013

  • KB3213537 Excel security fixes an non security fix for unexpected crashes
  • KB3213555 Fix for remote code execution in Office

Office 2007

  • 3191894 Excel security fixes an non security fix for unexpected crashes
  • KB3191833 Security update for Excel viewer 2007
  • KB3191897 Security update for Office compatability pack
  • KB3213640 Fix for remote code execution in Office
  • KB2880514 Fix for remote code execution in Office

I’ll be keeping an eye out for side effects but for now it appears that the June problems are behind us.

- What to do: Install these updates if prompted to do so.

Holding Off on the Rest of Office Updates

As usual I’ll urge those of you without click-to-run editions of Office to hold off on the non security updates. These include the following updates:

Office 2016

  • July 5, 2017, update for Access 2016 KB3191926
  • July 5, 2017, update for Office 2016 KB3213547
  • July 5, 2017, update for Office 2016 KB3191928
  • July 5, 2017, update for Office 2016 KB3203471
  • July 5, 2017, update for Office 2016 KB3213549
  • July 5, 2017, update for Office 2016 KB3115145
  • July 5, 2017, update for OneNote 2016 KB3178665
  • July 5, 2017, update for PowerPoint 2016 KB3203481
  • July 5, 2017, update for Project 2016 KB3203476
  • July 5, 2017, update for Skype for Business 2016 KB3213548
  • July 5, 2017, update for Visio 2016 KB3203473
  • July 5, 2017, update for Word 2016 KB3213550

Office 2013

  • July 11, 2017, update for Office 2013 KB3172545
  • July 11, 2017, update for Office 2013 KB3203489
  • July 11, 2017, update for OneNote 2013 KB3172477
  • July 11, 2017, update for PowerPoint 2013 KB3203487
  • July 11, 2017, update for Project 2013 KB3213538
  • July 5, 2017, update for Skype for Business 2015 (Lync 2013) KB3213574
  • July 5, 2017, update for Word 2013 KB3213567

Server Platforms

  • July 11, 2017, update for SharePoint Server 2016 KB3213543
  • July 11, 2017, update for Project Server 2013 KB3213577
  • July 11, 2017, cumulative update for Project Server 2013 KB3213566
  • July 11, 2017, update for SharePoint Foundation 2013 KB3213575
  • July 11, 2017, cumulative update for SharePoint Foundation 2013 KB3213563
  • Description of the security update for SharePoint Server 2013: July 11, 2017 KB3213559
  • July 11, 2017, update for SharePoint Server 2013 KB3213557
  • July 11, 2017, update for SharePoint Server 2013 KB3213578
  • July 11, 2017, update for SharePoint Server 2013 KB3213552
  • July 11, 2017, cumulative update for SharePoint Server 2013 KB3213569
  • Description of the security update for Excel Services on SharePoint Server 2010: July 11, 2017 KB3191902
  • July 11, 2017, cumulative update for Project Server 2010 KB3213629
  • Description of the security update for SharePoint Server 2010: July 11, 2017 KB3203459
  • July 11, 2017, cumulative update for SharePoint Server 2010 KB3213634
  • Description of the security update for SharePoint Server 2010 Office Web Apps: July 11, 2017 KB3203469

- What to do: I recommend not installing these updates at this time.

Regularly Updated Problem-Patch Chart

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft’s list of recently released patches, go to the MS Security TechCenter page.

Patch Released Description Status
KB4025341 7-11 Windows 7 rollup Install*
KB4025336 7-11 Windows 8 Install
KB4025342 [1703] 7-11 Windows 10 1703 Install
KB4025339 [1607] 7-11 Windows 10 1607 Install

*Hold: Please note if you’ve installed these updates and are not seeing any side effects you can leave the updates installed. I’m only recommended holding off if you are severely impacted by these side effects.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.



= Paid content

All Windows Secrets articles posted on 2017-07-13:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.