At SandStorm IT, we typically suggest doing all updates (especially Operating System) as they become available to avoid security vulnerabilities, In the latest batch of Microsoft updates, there were some “known issues”. In this security alert, we’ll cover “What’s the issue?”, “What versions of Windows does it affect?” and “What can I do?”.
What’s the issue?
The latest updates released by Microsoft were designed to fix the remote desktop service, which had critical Remote Code Execution (RCE) vulnerabilities. While this issue had to be fixed ASAP, the update that patches the security hole has a few “known issues” that may affect some users. On the first login after the update, you may receive a black screen that will require a reboot.
The larger issue is that it affects macros and apps built using Visual Basic, which is a programming language from Microsoft. While this seems like it would only affect programmers, it could potentially affect anyone using Microsoft Office with custom macros or power Office scripts. The official statement on Microsoft’s support site states: “After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error.” – Microsoft
Does it affect me?
If you have Windows on automatic updates or have manually updated Windows recently, your version is likely affected. Per Forbe’s, the issue has been found to affect users of the following Windows versions:
- Windows 7
- Windows 8.1
- Windows 10 version 1507
- Windows 10 version 1607
- Windows 10 version 1703
- Windows 10 version 1709
- Windows 10 version 1803
- Windows 10 version 1809
- Windows 10 version 1903
- Windows Server 2008 R2
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 1903
Based on Wikipedia (using data from W3), around 14% of users are still using Windows 7. This alone represents millions of computers, even though Windows 7 End-Of-Life is coming up in only a few months.
What can I do?
Microsoft is currently rolling out fixes for the issues, starting with the Visual Basic problems. It’s worth a quick check to make sure you are up-to-date with your Operating System patches. As long as you remain vigilant on doing updates, you should get all of the updates you need.
Here are the links to the Microsoft Update Catalog website from where the updates may be downloaded manually:
- KB4517297 for Windows 7 and Windows Server 2008 R2
- KB4517298 for Windows 8.1 and Windows Server 2012 R2
- KB4512494 for Windows 10 version 1709
It’s worth mentioning that Managed Services are a good way to ensure that your business’s PCs are getting the correct updates. As part of a Managed Services agreement, SandStorm IT will maintain the operating system, including updates. This proactive approach gives you one less thing to worry about. As always, if you have any issues or questions, the cyber security experts at SandStorm IT are available to help. You can reach us at 901-475-0275 for any operating system or other technical questions you may have.