How to implement Microsoft Security Response Center Advisories/Security Updates?

Question

I'm working on a cybersecurity project and I have a bunch of vulnerabilities that i need to mitigate but I dont understand microsofts page for patches. And example of one im working on is CVE-2019-0541 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2019-0541. How do i know which KB to download? And does downloading it on the server automatically start that update?

Answer 1

Hi mscyberuser,

Microsoft Security Response Bulletin/Security Update is a series of documents published by Microsoft that address security vulnerabilities found in Microsoft software and provide fixes and links to updates. To implement these bulletins/updates, you can refer to the following steps:

1. You'll need to know your OS version and Microsoft software version in order to choose the right bulletin/update for you. You can search or browse for different bulletins/updates on the Security Bulletins website. For more information about the website, please refer to Security Bulletins | Microsoft Learn. You can also filter bulletins/updates by product, version, and vulnerability severity on the Security Updates Guide website.

2.You will need to read the details of the bulletin/update of your choice, including affected software, vulnerability description, solution, patch download link, etc. You can also check out the Knowledge Base article that accompanies each bulletin/update for more technical details and FAQs.

3.You need to choose the appropriate method to download and install the bulletins/updates according to your situation. There are several ways to choose:

·If you've turned on automatic updates, Windows Update will download and install updates automatically for Windows Security and other important or optional updates. You don't need to do anything, just stay internet healthy.

·If you want to update manually, you can use Windows Update or the Microsoft Update service to get bulletins/updates. The website of KB download is Microsoft Update Catalog.

·If you want to get a standalone package or install it offline, then you can visit the website like October 10, 2023 Security update (KB5031364) - Microsoft Support, where you can search or browse for different announcements/updates and download the corresponding files.

·If you're an enterprise administrator or IT professional, there are tools and guides you can use to help you deploy bulletins/updates. For example, Microsoft Baseline Security Analyzer (MBSA) can help you scan local and remote systems for missing security updates and common security misconfigurations. Windows Server Update Services (WSUS), Systems Management Server (SMS), and System Center Configuration Manager can help you distribute security updates. For more information, please see Security Bulletins | Microsoft Learn.

Hope it helps.

Kind regards,

Lei

Answer 2

Hi Lei,

Thank you for that information. Im finding that many of the CVEs i need to patch have an expired KB update. What is recommended to do in that case?

And example would be one of my systems on Windows 10 1809 LTSC with CVE-2019-0541 and CVE-2017-11882. Both of these have expired security updates.

Answer 3

Hi mscyberuser

For these expired KB updates, whether installation is required depends on several factors:

1.Severity of CVE: If CVE is about a critical security vulnerability, then it may be necessary to install the corresponding KB update, even if it is out of date.

2.Current state of your system: If your system has the latest updates installed, the expired KB may have been replaced by a new KB. For example, to protect against CVE-2023-44487, you should install the latest Windows Update.

3.Compatibility issues: In some cases, expired KB may conflict with certain applications or settings on your current system.

Overall, I recommend that you always keep your system updated to the latest version and regularly check for new security updates available. If you have an issue with a specific CVE KB, you need to consult the documentation or contact Technical Support for more specific advice.

Hope it helps.

Regards,

Lei

Answer 4

Hi Lei,

1. How would I install the out of date KB update if it is not found it in the MS update catalogue anymore?

Im working mostly with medical devices so updating to the latest windows update is typically not possible. My job is to patch the existing CVE's but I'm finding many of these have expired patches. The Documentation doesn't say much other than how an attacker could exploit the vulnerability and then provides updates for each platform. My issue is when those updates are expired and I am at a dead end on how to move forward. How do i contact tech support? I was unable to do that and thats why im on this forum.

Answer 5

Hi

If the KB has expired, you can try installing the latest Windows update, which may already contain fixes or improvements in the expired KB update. Or you can try to do an in-place upgrade directly. It can help you fix various issues, including Windows update errors. For more information about in-place upgrade, can see Perform an in-place upgrade of Windows Server | Microsoft Learn.

However, an in-place upgrade may result in the loss of some customized Windows settings2. Therefore, before performing an in-place upgrade, we recommend backing up your server operating systems, apps, and VMs.

Regards,

Lei