Just a quick post to make sure you all know there’s an important security update for Hyper-V in the April 2016 batch of updates.
Please review Microsoft Knowledge Base Article 3143118 and Microsoft Security Bulletin MS16-045 – Important for details. Realize thatthis ios one you’d better test en deploy asap. In my deployments I have not seen or heard o any issues with the update so far.
Why this little shout out? Well it’s a remote code execution vulnerability that can leverage the guest to run code on the host.
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.
It affect Windows 8.1 (x64), Windows Server 2012, Windows Server 2012 R2, and Windows 10 (x64). Test and patch a.s.a.p. When you’re a hosting provider, I hope you’re already on top of this one.
UPDATE: KB – the June 2016 update rollup KB 3161606 June 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 contains the fix for this. See KB3162871 RD Gateway Manager console crashes with the latest .NET Framework 4.6.1 update on Windows Server 2012 R2
Apparently the Exchange console and Skype for Business Server 2015 is not the only victim of Microsoft pushing out the .NET framework 4.6.1 update (KB3102467) to servers via Windows updates and WSUS. A colleague of mine described Windows updates as a game of Russian roulette, indicating there’s al least a QA concern …
The most recent victim I found was the RD Gateway management console on Windows Server 2012 R2. You might have the same issue on older Windows Versions but I’m only running W2K12R2 (it’s 2016 after all).
The result is that when you’re editing a Connection Authorization Policies or Resource Authorization Policies their membership settings (adding/removing groups) the MMC just crashes. Creating new ones is equally problematic!
You see the following errors logged in the event viewer:
Faulting application name: mmc.exe, version: 6.3.9600.17415, time stamp: 0x54504e26
Faulting module name: clr.dll, version: 4.6.1055.0, time stamp: 0x563c12de
Exception code: 0xc0000409
Fault offset: 0x00000000002fdbd8
Faulting process id: 0x12ec
Faulting application start time: 0x01d166820b2de977
Faulting application path: C:\Windows\system32\mmc.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: 57bbb59c-d275-11e5-9440-00155dd2ca06
Faulting package full name:
Faulting package-relative application ID:
The culprit once again is the .NET Framework 4.6.1 update (KB3102467) for Microsoft Windows.
Get rid of that update to restore functionality. Come on Microsoft, Quality assurance! You need people to update ever faster for both security reasons and in order to keep up with technologies and the cloud cadence. You need to make sure they can do so without worrying all the time!