On Tuesday Microsoft released a bunch of patches, most of which will elicit little more than a snore from users. One of the patches still hasn't been documented -- Microsoft's posts not being in sync with its bits is common problem -- and a bunch of older security bulletins haven't been updated. But such are the vagaries of the patching business.
There are seven new patches for MS16-019, the Important security bulletin released last Tuesday that deals with .Net-based denial-of-service attacks. According to the Software Update master list, they all apply to versions of .Net in Windows Embedded. Oddly, the underlying KB articles haven't been updated to say they pertain to Windows Embedded.
The other 40 patches (there's a complete list on AskWoody.com) mostly apply to servers.
One patch, KB 3095113, updates Server 2012 and 2012 R2 so that they better "sync and distribute feature upgrades for Windows 10." Apparently if you try to sync upgrades in WSUS without applying this patch, you'll get an unholy mess that "is recoverable but the process is nontrivial and can be avoided altogether if you make sure to install the update before enabling sync of upgrades."
As poster ch100 on AskWoody notes:
[this] was finally promoted to Windows Update in March 2016 as promised last year at the time of release. Until now it was only a hotfix and discussed here only few days ago in relation to the new behaviour of Windows 10 Upgrade for Windows 7… It applies only to WSUS on Windows 2012 R2. We may see something equivalent now in Windows 7 in the sense of a new category appearing in Windows Update.
I can hardly wait.
Poster Michael says:
Just did a sync of my WSUS server, but not a single new patch shows up (we have W7 and W2012 in our environment). I just patched KB3095113 manually on WSUS, still nothing new showing. (Although now I can see all the Windows 10 update classifications in the options, urgh.)
Another patch, KB 3105115, fixes a problem when you try to RDP into a Win 8.1 or Server 2012 R2 device while using a low-resolution screen. "When this issue occurs, you can only see the Start screen, but you can't switch to the desktop." That makes it hard to run a server from your phone, I suppose.
There's an odd bug that crashes Windows Explorer if you try to play an MPEG-4 file that has a zero for the UTC time offset. If that's been a problem for you, see KB 3136019.
Then there's the mystery patch, KB 3115224, which is described as an optional update for Win 8.1, RT 8.1, Server 2012, Server 2012 R2, and Windows Embedded 8 standard. Other than that, I can't find any details about it anywhere. The KB article hasn't been posted.
These are slim pickings for the Windows 7 and 8.1 crowd, but admins need to take a look.