어제 윈도우 제품에 대해서 보안 업데이트가 진행이 되었습니다. 이번 보안 업데이트및 버그 수정 목록들은 다음과 같습니다.
Addressed issue where the policies provisioned using Mobile Device Management (MDM) should take precedence over policies set by provisioning packages.
Addressed issue where the Site to Zone Assignment List group policy (GPO) was not set on machines when it was enabled.
Addressed issue where the AppLocker rules wizard crashes when selecting accounts.
Addressed issue where the primary computer relationship is not determined when you have a disjoint NetBIOS domain name for your DNS Name. This prevents folder redirection and roaming profiles from successfully blocking your profile or redirects folders to a non-primary computer.
Addressed issue where an access violation in the Mobile Device Manager Enterprise feature causes stop errors.
Security updates to Microsoft Edge, Microsoft Windows Search Component, Microsoft Scripting Engine, Microsoft Windows PDF Library, Windows Hyper-V, Windows Server, Windows kernel-mode drivers, Windows Subsystem for Linux, Windows shell, Common Log File System Driver, Internet Explorer, and the Microsoft JET Database Engine
Security updates to Windows Server, Microsoft JET Database Engine, Windows kernel-mode drivers, Common Log File System Driver, Microsoft Windows Search Component, and Volume Manager Driver
Addressed issue where a LUN connection that was received after the buffer allocation during iSCSI statistic collection overflowed the buffer and caused error 0x19. A UI issue that hides the iSCSI targets will be addressed in an upcoming release.
Security updates to Windows Server, Microsoft Windows Search Component, Volume Manager Driver, Common Log File System Driver, Microsoft Windows PDF Library, Microsoft JET Database Engine, Windows kernel-mode drivers, and Windows Hyper-V
Addressed issue where LSASS.EXE encounters a deadlock and the server must be rebooted.
Addressed issue where the Remote Desktop idle timeout warning did not appear after setting the idle time.
Addressed issue with MSiSCSI where the system process has a very high number of threads or the server runs out of ephemeral ports. This causes the system to stop responding or throw an error.
Addressed issue where when a failover cluster fails over from one server to another, a clustered IP address resource does not come online and causes the failover to stop functioning.
Addressed issue where a DNS server may crash after the import of the DSSet file when configuring secure, delegated child zones.
Addressed issue where a LUN connection that was received after the buffer allocation during iSCSI statistic collection overflowed the buffer and caused error 0x19. A UI issue that hides the iSCSI targets will be addressed in an upcoming release..
Addressed issue where if there was an error on a storage controller, some paths could not fail over to other paths. Instead, access to the disk was completely lost.
Addressed issue to prevent user logon delays when processes that have registered top-level windows fail to respond to BroadcastSystemMessages sent by the Group Policy Preference client-side extensions.
Addressed issue where Windows Server 2012R2 throws error “STOP 0XCA (Duplicate PDO)” when redirecting certain USB devices using RemoteFX. To fix this, do the following:Go to the registry location SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations.
Addressed issue where enabling the policy “Display information about previous logons during user logon” prevents Remote Desktop Protocol providers from allowing logins with no user interaction.
Addressed issue where the TsPubRPC service running in Svchost.exe experiences a memory leak when RemoteApp applications are configured with file type associations.
Addressed issue where files and folders accumulate in the UvhdCleanupBin folder in Remote Desktop session hosts. These files are not deleted when a user logs off if the path limit is exceeded. In extreme cases, this issue can cause logon failures.
Addressed issue where a Microsoft Enterprise CA cannot request that a Microsoft subordinate CA template be used for key encipherment. A single certificate can provide multiple usages like key encipherment and CRL signing.
Addressed issue to allow NPS servers to accept certificates with multiple usages.
Addressed issue where both transient and listener process TCP ports for the loopback sockets leak because of a leaked reference count. Such ports do not appear in NETSTAT.
Addressed issue to enable logging to detect weak cryptography.
Addressed issue with wireless network clients that disconnect from wireless access points after the EAPOL key retransmission timeout (5 minutes). This occurs because the M2 bit is incorrectly set during the four-way handshake.
Addressed issue where a request to a website results in a 503 response when IIS runs in “Dynamic Site Activation (DSA) Mode”. This occurs when the default app pool identity is a specific user/password and a specific app pool’s identity is configured to use “ApplicationPoolIdentity”.
Addressed issue where NetInfo_list may not contain all the network interfaces information. Additionally, the DNS client cannot use all the connected network interfaces while sending the query. This occurs when the host is running in low memory when the NetInfo_Build gets started.
Addressed issue where if an interface is unavailable during the NetInfo_Build, the DNS client will not use that interface to send queries for the next 15 mins even if the interface comes back before 15 minutes.
Addressed issue to implement a callback function to receive a notification when an interface comes back after an unavailable state. This callback prevents a host from going into the sleep state.
Addressed issue that causes a Microsoft Installer (MSI) application to fail for standard (non-admin) users when installed on a per user basis.
Addressed issue to enable support in the DevDetail Configuration Service Provider (CSP) to return the UBR number in the D part of the SwV node.
Addressed issue where NTFS sparse files were unexpectedly truncated (NTFS sparse files are used by Data Deduplication—deduplicated files may be unexpectedly corrupted as a result). Also updated chkdsk to detect which files are corrupted.
Addressed issue where the IME pad was not launching correctly in the Microsoft Edge browser for certain markets.
Addressed issue to allow Win32 applications to work with various Bluetooth LE devices including head tracking devices.
Addressed issue in the Mobile Device Manager Enterprise feature to allow headsets to work correctly.
Addressed issue where device drivers are not loading.
Addressed a reliability issue when playing specific types of spatial sound content.
Addressed issue with a dropped key on Microsoft Surface Keyboard and Microsoft Surface Ergo Keyboard, and addressed Wacom active pen connection failures.
Addressed issue to improve stability for USB type C during device arrival and removal during system power changes.
Addressed USB host controller issue where the host controller no longer responds to the attached peripherals.
Addressed MP4 compatibility issue while playing content from a social media site in Microsoft Edge.
Addressed issue with audio headsets connected to a PC through Xbox 360 controllers.
Addressed a reliability issue with launching a Settings app while another application is using the camera device concurrently.
Addressed issue with notifications (SMS, Calendar) for an activity tracker.
Addressed issue with video playback artifacts during transitions from portrait to landscape on mobile devices.
Addressed issue with Skype calls becoming unresponsive after about 20 minutes when using Bluetooth headsets with Hands-Free Profile (HFP) connections with negotiated mSBC codec (Wideband Speech).
Addressed issue where a service using a Managed Service Account (MSA) fails to connect to the domain after an automatic password update.
Addressed issue where, in some cases, a drive that utilizes on-drive hardware encryption would not automatically unlock at system startup.
Addressed issue where “cipher.exe /u” fails on client machines that are deployed with InTune, Windows Information Protection (WIP), and an updated Data Recovery Agent (DRA) certificate. Cipher.exe will fail with one of the following errors: “The request is not supported” or “The system cannot find the file specified”.
Addressed issue where a memory leak occurs in a nonpaged pool with the “NDnd” memory tag when you have a network bridge set up.
Addressed issue where you cannot add Work and School accounts in Windows Store, and you may get an error that reads, “We encountered an error; please try signing in again later.”
Addressed issue issue where if a Surface Hub enters Sleep mode and then resumes, it may require the user to sign in to Skype again.
Addressed issue where some Windows Forms (WinForms) applications that use DataGridView, Menu controls, or call a constructor for a Screen object experienced performance regressions in .NET 4.7. This was caused by additional Garbage Collections. In some cases, there was an empty UI because of a lack of GDI+ handles.
Addressed issue where Magnifier Lens users cannot click on buttons or select web content in Microsoft Edge or Cortana results.
Addressed issue introduced in the June updates where some applications may not launch when a device resumes from Connected Standby mode.
보안 업데이트 대상 제품
Adobe Flash Player
Microsoft SQL Server
수정된 취약점은 다음과 같습니다.
Windows 10 Version 1703 (64bit) : 14건 (긴급 5, 중요 9), KB4034674
Windows 10 Version 1703 (32bit) : 10건 (긴급 4, 중요 6)
Windows 10 Version 1607 (64bit) : 11건 (긴급 4, 중요 7), KB4034658
Windows 10 Version 1607 (32bit) : 9건 (긴급 4, 중요 5)
Windows 10 Version 1511 (64bit) : 10건 (긴급 4, 중요 6), KB4034660
Windows 10 Version 1511 (32bit) : 9건 (긴급 4, 중요 5)
Windows 10 (64bit) : 10건 (긴급 4, 중요 6), KB4034668
Windows 10 (32bit) : 9건 (긴급 4, 중요 5)
Windows 8.1 (64bit) : 11건 (긴급 4, 중요 7), KB4034681, KB4034672
Windows 8.1 (32bit) : 10건 (긴급 4, 중요 6)
Windows 7:9건 (긴급 2, 중요 7), KB4034664, KB4034679
Windows RT 8.1 : 10건 (긴급 4, 중요 6)
Windows Server 2016:11건 (긴급 4, 중요 7)
Windows Server 2012 R2 : 11건 (긴급 4, 중요 7)
Windows Server 2012:11건 (긴급 4, 중요 7)
Windows Server 2008 R2 : 10건 (긴급 3, 중요 7)
Windows Server 2008:9건 (긴급 2, 중요 7)
윈도에 기본적으로 탑재되는 브라우저에 대한 갱신 관련 부분은 다음과 같습니다.
Microsoft Edge : 28건 (긴급 20, 중요 7 경고 1)
Internet Explorer 11:6건 (긴급 5, 중요 1)
Internet Explorer 10:6건 (긴급 5 경고 1)
Internet Explorer 9:4건 (긴급 3, 경고 1)
그리고 윈도우 8,윈도우 10에 기본적으로 설치되는 인터넷 익스플러워, 마이크로소프트 엣지 관련한 Adobe Flash Player에 대한 2건의 취약성이 수정되었습니다.
CVE-2017-3085, CVE-2017-3106입니다. 일단 기본적으로 악성코드에 감염되는 것을 최소화하려면 기본적으로 시간이 걸리더라도 반드시 윈도우 보안 업데이트는 이루어져야겠습니다.