Yesterday brought an enormous round of patches from Microsoft: 14 security bulletins, 43 separately identified security holes, and hundreds of individual program updates. It's still much too early to declare this month's round of updates safe, of course, but I've only heard of a couple problems so far.
SMB/SMB2/SMB3 clients may experience logon failures to an EMC Isilon cluster when they authenticate by using the NTLMSSP (NT LAN Manager Security Support Provider) provider. Data that resides on EMC Isilon clusters is unavailable to SMB/SMB2/SMB3 clients. This results in data unavailable (DU) failures. Authentication failures may also affect clients that try to access data through HTTP-based protocols such as RAN… To work around this issue, use the Kerberos protocol to authenticate Active Directory domain users.
In the next few hours, Isilon is expected to issue a warning, ETA 199379, which says, "MS15-027 may cause data to be unavailable to SMB clients that authenticate to Isilon clusters and Active Directory through the NTLM AUTHENTICATION PROTOCOL." (t/h WD)
The RDP Security Bulletin MS15-030 has a patch, KB 3036493, which can cause multiple reboots. The KB article warns, "If you uninstall this security update, you may have to restart the computer two times." I'm hearing -- but have not yet confirmed -- that you may have to reboot twice on installation, too.
On the more-good-news-than-bad front: Microsoft has finally fixed the Excel 2007 VBA macro bug introduced in December's Black Tuesday crop. The bad patch, KB 2596927, is fixed in the new MS15-022/KB 2984939 patch for Office 2007. It isn't clear to me if the analogous problem has been solved with Office 2010 or 2013. Neither the description for the Office 2010 patch nor the information for the Office 2013 patch mentions the VBA screwup. To give you an idea of the complexity of the situation: The single security bulletin MS15-022 contains 35 security patches and 39 nonsecurity patches.
The February Black Tuesday patch MS15-010/KB 3013455 caused font problems for Vista and Windows Server 2003 and 2008 machines. Microsoft released a separate patch for that font problem, KB 3037639, but it's never been rolled out through Automatic Update. Somehow, one of the patches in this month's Patch Tuesday crop fixes the problem: KB 3037639 wasn't released through Automatic Update, but one of the other patches (perhaps KB 3034344, the kernel patch?) does the trick.
Microsoft's new user-friendly approach to publishing "known issues" as a column in the monthly Security Bulletin Summary works great. This month's known issues -- which include KB 3038999 for the Office patch leads to a list of more than 30 additional articles that may or may not themselves contain more known issues; KB 3038680 for a manual installation gaffe; and KB 3046049 for the FREAK patch MS15-031 -- are now much easier to find.
Notably, neither KB 3002657 nor KB 3036493, which have known issues published in the KB articles, is flagged in the Security Bulletin Summary. Ah well, publishing known issues in an easily accessible place is a good idea nonetheless.
The FREAK patch has a warning that's very important for those of you who tried to manually fix the FREAKing thing. If you followed Microsoft's earlier, manual instructions in Microsoft Security Advisory 3046015 to change the SSL Cipher Suite order, you have to manually undo those changes before you can successfully apply KB 3046049. Details are provided in the KB article.
Brian Krebs has an excellent rundown on MS15-020, which once again fixes Stuxnet, which he describes as "a weapon of unprecedented sophistication that is now widely considered to have been a joint U.S. and Israeli project aimed at delaying Iran's nuclear ambitions."
For those of you testing Windows 10, Windows evangelist extraordinaire Gabe Aul tweeted on Tuesday afternoon that there are four security patches for Windows 10 Build 9926: MS15-020/KB 3039066 also applies to Windows 10; the Adobe Flash Player update KB 3044132 pertains (amazing that we're still plugging Flash in Windows 10, eh?); the MS15-018/KB 3032359 Internet Explorer patch has to be installed; and you should run through the Malicious Software Removal Tools (MSRT), KB 890830. Where's Project Spartan when you need it?
I'm not sure why, but the MSRT patch has been available since Saturday. It was sent out via Automatic Update earlier this week.
All in all, it's been a pleasantly calm Patch Tuesday. Let's see what happens on reboot Wednesday.
(Pro tip: If a link to a KB article results in an "Ooops" page, replace support.microsoft.com with support2.microsoft.com, and you may well get to the article.)