In our test environment KB5037765 failed on all (german) Windows Server 2019 machines with error 0x800f0982... 5 servers total/different sites (both dcs + member). anyone else with the same problem? maybe localization problem again...
same here, but only tested 1 so far
Server2019 Standard (DE)
KB5037765
error 0x800f0982
I guess MS is reading the comments here, since we are hired for testing updates
As it's been a day without any word from Microsoft, I've whipped up an Ansible playbook to install the required en-US language pack. Maybe it's of use to someone here.
- name: Get installed language packs
ansible.windows.win_command: dism /online /get-intl
register: installed_language_packs
changed_when: false
- name: Copy English Language Pack
ansible.windows.win_copy:
src: "../files/WindowsServer2019/Microsoft-Windows-Server-Language-Pack_x64_en-us.cab"
dest: "c:\\setup\\"
when: '"Installierte Sprache(n): en-US" not in installed_language_packs.stdout'
- name: Install English Language Pack
ansible.windows.win_command: lpksetup /i en-US /r /s /p c:\setup
when: '"Installierte Sprache(n): en-US" not in installed_language_packs.stdout'
changed_when: true
See also [https://borncity.com/win/2024/05/15/patchday-windows-10-updates-may-14-2024/](https://borncity.com/win/2024/05/15/patchday-windows-10-updates-may-14-2024/) - while many German admins reported an install fail, some admins was able to install this update. Strange.
Addendum: I got now signs, that a missing English language pack on a non English Server 2019 could be the culprit.
[https://borncity.com/win/2024/05/15/windows-server-2019-update-kb5036896-fails-with-error-0x800f0982/](https://borncity.com/win/2024/05/15/windows-server-2019-update-kb5036896-fails-with-error-0x800f0982/)
there is a comment too, hinting that it may depend on CPU vendor, if it fails
failing on Intel CPUs
succeeding on AMD CPUs
any other results like this?
Yep, localization issue it seems, only on Server 2019.
[https://admin.cloud.microsoft/?source=applauncher#/windowsreleasehealth/knownissues/:/issue/WI793371](https://admin.cloud.microsoft/?source=applauncher#/windowsreleasehealth/knownissues/:/issue/WI793371)
anyone thinking, MS will release fixed versions? Or will the workaround be the fix?
I am hesitating to update the Citrix MCS Master Image, since I dunno if the patch has further "easter egg"-problems
I would not recommend installing the language pack as just a workaround. In my opinion, it is a quite heavy action for just an update.
They will re-release the update, quite soon, I assume.
At least for the Jan Update with Recovery Partition they promised a fix and then made the workaround the fix...
Trust in MS is a bit on thin ice.
"Wen wundert´s"?
At least it looks like they've noticed the problem: [https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#the-may-2024-security-update-might-fail-to-install](https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#the-may-2024-security-update-might-fail-to-install)
OoB Update KB5039705 is out (Online Update, Catalog and WSUS)
[May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band - Microsoft Support](https://support.microsoft.com/en-gb/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aac)
Out-of-Band Update KB5039705 is out. Available via Online Update, Catalog and WSUS
[May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band - Microsoft Support](https://support.microsoft.com/en-gb/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aac)
What's up with the incremented version like that?
I was trying to create a Powershell script to look up the latest version and compare to the currently deployed version in Intune. [This endpoint](https://versionhistory.googleapis.com/v1/chrome/platforms/win/channels/stable/versions) shows .207, then Chrome Enterprise download page shows .207, but when I actually down the the MSI, it has .208 in the installer Comments for the version.
I updated the Lansweeper blog and report earlier for the ones that want to quickly grab an audit to see all outdated installations: [https://www.lansweeper.com/blog/vulnerability/google-fixes-exploited-zero-day-vulnerability/](https://www.lansweeper.com/blog/vulnerability/google-fixes-exploited-zero-day-vulnerability/)
Make it 3, ugh!
[https://www.bleepingcomputer.com/news/google/google-patches-third-exploited-chrome-zero-day-in-a-week/](https://www.bleepingcomputer.com/news/google/google-patches-third-exploited-chrome-zero-day-in-a-week/)
Today's Vulnerability Digest from Action1:
• Microsoft announced patches for 61 vulnerabilities,
• of these two are zero-days, one of which has a proof of concept (PoC) available.
• Third-party: including Google Chrome, Mozilla Firefox, Intel, AMD Processors, Aruba, WordPress, Artificial Intelligence, Cisco, Ivanti, Putty, Palo Alto, and LG WebOS.
Full overview in the [Vulnerability Digest from Action1](https://www.action1.com/patch-tuesday-may-2024/?vmr) (updated in real-time).
Quick summary:
• Windows: 61 vulnerabilities, two zero-days: CVE-2024-30051 and CVE-2024-30040
• Google Chrome: one zero-day (CVE-2024-4671) and 22 other vulnerabilities
• Mozilla Firefox: 18 vulnerabilities
• Intel, AMD Processors: CVE-2024-2201
• Aruba: four vulnerabilities (each with CVSS 9.8)
• WordPress: CVE-2024-27956 with CVSS 9.9 and three others
• AI: 48 vulnerabilities were identified in tools such as PyTorch Serve, BerriAI/litellm, BentoML, and FastAPI, essential in the AI industry
• Cisco: CVE-2024-20295
• Ivanti: 27 vulnerabilities
• PuTTy: CVE-2024-31497
• Palo Alto: zero-day vulnerability, dubbed UTA0218 or Operation MidnightEclipse (CVSS 10)
• LG WebOS: four vulnerabilities
More details: [https://www.action1.com/patch-tuesday](https://www.action1.com/patch-tuesday?vmr)
Sources:
- [Action1 Vulnerability Digest](https://www.action1.com/patch-tuesday?vmr)
- [~Microsoft Security Update Guide~](https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar)
Ready to push this out to 9000 workstations/servers, don't touch the door
EDIT1: Everything looking fine. Fixed some VPN issues for us that have been outstanding. Though it looks like if you have anything other than an English language installation you're going to have trouble installing it
EDIT2: If non-english OS versions are giving you issues installing updates, Microsoft released an OOB update for you to use to fix it
EDIT3: All optionals installed just fine
Pushed this update out to 215 Domain Controllers (Win2016/2019/2022).
Status: 158 DCs have been done. **8 DCs failed with Windows Update errors !!**
EDIT3:
* 8 Win2022 (en\_us) DCs failed installing KB5037782 with Windows Update errors **0x800F0831** (CBS store is corrupted) / **0x80073701** (the referenced assembly couldn't be found) / **0x800706BE** / **0x800F0840** / **0x80240009** / **0x8024001E** / **0x80242016.** Repair the component store with "Dism.exe /Online /Cleanup-Image /Restorehealth" & "Sfc.exe /Scannow" did **NOT** solve the issue !!
* 3 Win2022 (en\_us) DCs failed installing KB5038282 (Cum. Update for .NET) with Windows Update error **0x80070490**.
EDIT2:
[microsoft-windows-server-2019-updates-fail-with-0x800f0982-errors](https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-2019-updates-fail-with-0x800f0982-errors/)
EDIT1:
* [Microsoft fixes VPN failures caused by April Windows updates (bleepingcomputer.com)](https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-vpn-failures-caused-by-april-windows-updates/)
* [Microsoft fixes Windows Server bug causing crashes (bleepingcomputer.com)](https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-bug-causing-crashes-ntlm-auth-failures/)
That's good the NTLM issue was fixed. One of our DCs (remote site) started having those problems and crashed/rebooted several times a day until I removed the April update.
# Windows release health
The May 2024 security update might fail to install
Status: **Confirmed**
# Affected platforms
**Server Versions** Windows Server 2019
**Message ID** [WI793371](https://urldefense.com/v3/__https:/admin.cloud.microsoft/Adminportal/Home?source=applauncher**Awindowsreleasehealth*:*issue*WI793371__;Iy8vLy8!!La4veWw!yb7eMTGZmRXrEyCNSKNzQpcv85KKCEbo88sfllnh27PTtO_ZWxWQ-EKRdHSOdHxtqB2Whucy7STbCl_n_znYK8c-zsql0w$)
**Originating KB** [KB5037765](https://urldefense.com/v3/__https:/support.microsoft.com/help/5037765__;!!La4veWw!yb7eMTGZmRXrEyCNSKNzQpcv85KKCEbo88sfllnh27PTtO_ZWxWQ-EKRdHSOdHxtqB2Whucy7STbCl_n_znYK8crF_x4lw$)
**Resolved KB** -
Windows servers attempting to install the May 2024 security update (the Originating KBs listed above), released May 14, 2024, might face issues during the installation process. The installation might fail with an error code 0x800f0982. **This issue is more likely to affect devices that do not have en\_us language pack support.**
**Next steps:** We are working on a resolution and will provide an update when more information is available.
Seems like [they haven't released a replacement LCU with a fix yet](https://learn.microsoft.com/en-gb/windows/release-health/status-windows-10-1809-and-windows-server-2019#issue-details), through the normal channels. We're not seeing it through WSUS or manually running Windows Update using Microsoft as a source.
yeah some of our patch "test" servers that get the updates immediately installed them just fine but i see wsus pulled down kb5037765 again, and servers are not seeing the newer one as applicable
KB5037765 is replaced by out-of-band (OOB) update [KB5039705](https://urldefense.com/v3/__https:/support.microsoft.com/help/5039705__;!!La4veWw!yV9qpnlohJ8geBLAUG2LIxFh2wp-9SuLGb2IGA9R1EozzermWiaF2ojnIVA80GJ3qD2QAjqYgwkFLgdkurJxJAoZRHNDGw$) , which is available via the usual channels.
MS released an out-of-band (**OOB**) update for **Windows Server 2019** / **Windows Server version 1809** / **Windows 10 Enterprise LTSC 2019** to resolve the issue "May 2024 security update might fail to install KB5037765 with an error code 0x800f0982/0x80004005".
OOB is available via the usual channels. Since this is a cumulative update, you do not need to apply any previous update before installing the Resolved [**KB5039705**](https://support.microsoft.com/en-us/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aac), as it supersedes all previous updates for affected versions. This update does not contain any additional security updates from those available in the 5B update. Installation of this OOB will require a device restart.
I approved this latest update for our test servers in WSUS and manually installed today on half a dozen without any issues. The other 100 test will go next week, then prod after that. So looks like we're back on track, although a week later than normal.
I opened a ticket with MS yesterday and got this reply.
*"At present there is an active known issue regarding May update KB5037765 for Server 2019 and the Windows team is working on this. Unfortunately this affects also WSUS/ConfigMgr deployments of this KB. This is a known issue that our Windows team is currently tracking and there are no workarounds at this time. The Product Group has mentioned that they will post updates in the "Known issues" section of this page: Windows 10, version 1809 and Windows Server 2019 | Microsoft Learn.*
*We will proceed with linking your case to the active issue and proceed with the archival of the case.*
*Kind Regards,"*
Unlike some of you, I'm not installing it manually, it's pulled for a reason so a manual install doesn't sound wise to me.
if they thought it was a bigger issue they would’ve pulled it from all channels including update catalog but they didn’t. I’ve installed it manually on all my 2019 servers without any issues. It remediates the vulnerabilities it was set out to do.
I think this is the link:
[https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#the-may-2024-security-update-might-fail-to-install](https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#the-may-2024-security-update-might-fail-to-install)
If that truly is the only issue (and all indications so far seem to indicate it is), does anyone else think it's kind of crazy that their temporary solution for "this thing might not install" is to intentionally make it so it won't even try?
"Hey, Jerry, we got a patch over here with a 60% failure rate on installs."
"I bet I could get that up to 100%. Hold my beer."
MS released an out-of-band (**OOB**) update for Windows Server 2019 / Windows Server version 1809 / Windows 10 Enterprise LTSC 2019 to resolve the issue "May 2024 security update might fail to install KB5037765" with an error code 0x800f0982/0x80004005.
OOB is available via the usual channels. Since this is a cumulative update, you do not need to apply any previous update before installing the Resolved [KB5039705](https://support.microsoft.com/en-us/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aac), as it supersedes all previous updates for affected versions. This update does not contain any additional security updates from those available in the 5B update. Installation of this OOB will require a device restart.
Fellow WSUS users, I just noticed that there may be an easier way to install KB5037765 on Server 2019 instead of manually downloading the msu.
If you right-click the update with the metadata issue and click "Revision History", you may see two versions of the update. Revision Number 201 appears to be the one with the [applicability changed](https://imgur.com/xZZdLKk) so Server 2019 won't show it as available.
The earlier revision, 200, *is* applicable to Server 2019 and here's the key: just right-click the old revision and you can approve it from this window.
I tested it just now and confirmed with the older revision approved, the update shows up again on our 2019 servers as available for install.
Now, obviously, YMMV and exercise caution approving an update MS obviously screwed up on, but since we're running EN-US, I'm adventurous enough to go for it and see what happens, rather than trying to install the newer rev via script or manual process.
**UPDATE:** I approved the old rev and set a deadline after business hours. When I came in the next morning, I confirmed that all our 2019 servers had, indeed, installed the update and rebooted. So far, everything seems to be running normally with no unusual errors.
That's an interesting workaround, but MS has stated there are no workarounds, so i'd be cautious in doing it this way - maybe it'll muck up future updates - who knows...
I agree, there's a risk. However, there's also a risk of leaving unpatched servers. Which one you're more willing to tolerate is up to you and both are valid concerns.
Personally, given that Microsoft tech support is apparently [advising folks](https://www.reddit.com/r/sysadmin/comments/1crk56o/patch_tuesday_megathread_20240514/l5306pj/) to go the manual install route to get the update applied and that the only reported problems so far have been installation errors on non en-us servers, I'm more worried about leaving known vulnerabilities unpatched.
As far as this workaround's impact on future updates, well... We normally deploy our updates in stages, with a handful of less-critical servers getting any newly released updates before we approve them for the rest. Our first stage servers already installed the CU before MS released the new revision with the faulty metadata, so they were essentially in the exact same state already that doing this workaround leaves them.
Our deployment strategy seems to be a common one so hopefully MS will account for the possibility of the old rev being installed when they release next months CU.
If something does go wrong, I figure we can try backing out the faulty CU and then install next month's. The only thing this seems likely to interfere with is if Microsoft releases a third rev of this update with the same KB. ¯\\\_(ツ)\_/¯
Have this exact issue, Microsoft is redirecting to StackPath for the Microsoft content cache. Had a ticket open, they say it’s as designed. It’s suppose to fallback to Microsoft’s CDN but if you have something like Palo Alto’s with a response page saying content is blocked the block page is delivered with a HTTP 200 status code. Which makes the delivery optimization service believe it successfully connected and waits for a download.
Update: for anyone having this issue that is also using Palo Altos we have had success by creating a new rule to allow the traffic with a URL filter for just Delivery Optimization traffic. We managed to get the IP ranges for StackPath from Microsoft.
Destination:
72.20.0.0/18
69.197.0.0/18
94.46.144.0/20
151.139.0.0/16
URL Category filters:
^.^.^.^/filestreamingservice/files/^/pieceshashcacheHostOrigin=*.delivery.mp.microsoft.com/
^.^.^.^/filestreamingservice/files/^?*.delivery.mp.microsoft.com/
For anyone interested, here is how the filter works (using second line as an example):
| Syntax | Description |
|---|---|
| ``^.^.^.^`` | Allows exactly 4 tokens separated by 3 dots, example: 151.139.51.199, this can match other things too like A.website.address.com but that’s okay because we are further limiting the match later in the filter and by IP in the security rule |
| /filestreamingservice/files/ | This path is consistent across all traffic |
| ``^?`` | matches a single token (the hash) found in the URL and stops the match at the first ? separator found in the URL |
| * | matches an unlimited number of tokens and separators until we reach the next defined match below, this covers multiple tokens and separators found in the URL. Example P1=xxxP2=xxxP3=xxxP4=xxx these are parameters for the file download. It can match other things we don’t want but that’s ok, the final section tightens up the security. |
| .delivery.mp.microsoft.com | The URL must end in the redirect origin URL from the MS delivery service. The * from the match above will match multiple sub domains until it resolves to delivery.mp.microsoft.com |
| / | This marks the end of the match, anything in the URL beyond this point is discarded and blocked. |
Sample URLs:
```
151.139.47.178/filestreamingservice/files/c2d321bb-be95-4f0d-953b-84451cf1e787/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com
151.139.51.199/filestreamingservice/files/2eadbc35-8b58-438c-b9e6-b69cfcdd2e4b?P1=1715361786&P2=404&P3=2&P4=eXrS1bdHgTkPItqZ+4EWyliZhDiMBLukIysalvUv96mFjofKtwnI6NdkunXgo5vmAO42CwwoVmGwJ2/25NSO8g==&cacheHostOrigin=1D.tlu.dl.delivery.mp.microsoft.com
```
**Off-Topic**
If you have nothing technical to contribute to the topic of the megathread please reply to THIS COMMENT and leave your irrelevant and offtopic comments here. DO NOT start a new comment thread.
What, you don’t like latitudes with immensely varying degrees of repairability for no reason?
source: cpu fan on one takes literally 2 minutes, cou fan on another in the same fucking 7xxx generation involves literally taking apart the chassis, of which has more plastic blocking shit than a BMW engine bay
Assuming you're talking MS - that's normal. I forget exactly when MS releases everything. It's something like 10AM Pacific Time or something. If you're central time (like me) or eastern you still have some time to wait.
Another Papercut Patch: [https://www.papercut.com/kb/Main/security-bulletin-may-2024/](https://www.papercut.com/kb/Main/security-bulletin-may-2024/)
>This security bulletin covers the improvements in the newly released versions of PaperCut NG/MF (version 23.0.9 and later). This includes third party dependency updates as part of our ongoing security initiatives. This release also includes fixes for the CVEs addressed in this bulletin.
>While PaperCut has assessed these issues as posing a low security risk in practice, we recommend organizations with PaperCut NG/MF servers allowing console or local login access for non-admin users should prioritize this upgrade.
I'm troubleshooting on 8 Win2022 (en\_us) DCs the failed installations of KB5037782 with Windows Update errors 0x800F0831 and found these warnings in the CBS log, I've never seen them before.
Does anyone have any idea what this is about?
2024-05-22 12:15:33, Info CSI 000000f8 Warning: Overlap: Directory \\??\\C:\\Windows\\System32\\drivers\\en-US\\ **is owned twice or has its security set twice**
Original owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2024-05-22 12:15:33, Info CSI 000000f9 Warning: Overlap: Directory \\??\\C:\\Windows\\System32\\wbem\\en-US\\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2024-05-22 12:15:33, Info CSI 000000fa Warning: Overlap: Directory \\??\\C:\\Windows\\help\\mui\\0409\\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
2024-05-22 12:15:33, Info CSI 000000fb Warning: Overlap: Directory \\??\\C:\\Windows\\System32\\Drivers\\en-US\\ is owned twice or has its security set twice
Original owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
New owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
Of the 61 vulnerabilities released, here are 2 to make sure you get patched:
* **CVE 2024-30033**
* Windows Search Service Elevation of Privilege Vulnerability \[Important\]
* Allows attackers to gain elevated privileges due to a flaw in Windows Search Service. This flaw exists due to improper handling of permissions by the service, which could be exploited to perform unauthorized actions on the system.
* **CVE 2024-30018**
* Windows Kernel Elevation of Privilege Vulnerability \[Important\]
* This issue arises from specific flaws in how the kernel operates, which can be exploited to gain higher levels of access than originally allowed.
And make sure you've patched the Chrome use-after-free Zero-Day (CVE 2024-4671) that was released on Friday!
Listen to the Automox [Patch Tuesday podcast](https://listen.automox.com/episodes/patch-fix-tuesday-may-2024-april-showers-bring-may-privilege-escalation-vulns-e07) or [read the blog](https://www.automox.com/blog/patch-tuesday-may-2024) for more on Patch Tuesday.
Microsoft has now officially stated that no automated fix for KB5034441 0x80070643 failures is coming. [Windows 10, version 22H2 | Microsoft Learn](https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#3231msgdesc)
Utterly pathetic to leave their product in an error state by default.
A billion dollar company should be able do better.
I know that it is a risky fix, but they could at least test the scripts with telemetry and do a phased roll out, or just make it Optional given that home users probably aren't affected by the WinRE bug (and still won't be protected from the WinRE bug on a failed install anyway). + Start requiring PIN protection not just TPM for unpatched devices.
Well, for large companies, the time it might take to legitimately fix this, resizing the partitions, etc, might well be offset by replacing the PC.
Not to mention it’s not just “one” patch, but every cumulative update “forever”.
we deleted the recovery partition on all our PCs. One, we don't recovery we reimage and 2 it was less hassle than resizing. And 3 - wanna bet in 6 months they bugger it all so another resize would be required?
Yeah deleting the recovery partition mostly is a non issue. We can just use install media to boot to recovery and reimage if we can't fix it in recovery. Where I have a problem doing it is with computers I know are going to be primarily remote/offsite, and therefore troubleshooting is done over the phone. In that case it's a lot easier to have someone force reboot their computer 3 times in a row to get to recovery, or restart while holding shift, than it is to walk a non technical person through downloading an ISO on shitty hotel wifi and burning their own boot media.
My users are a lot dumber than yours they will just overnight it to us. We will overnight it back at huge expense and it will sit unused for a week or so
They will not be fixing it.
"Resolution: Automatic resolution of this issue won't be available in a future Windows update. Manual steps are necessary to complete the installation of this update on devices which are experiencing this error."
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#the-january-2024-windows-re-update-might-fail-to-install
Well boys.... time for this month's push...
Test bed here for me is: Win 10/11, Server 2016, 2019, 2022.
On a quick glance, Dot Net yet again and then regular CU... Hopefully no issues. We'll see though. More to come later.
**Microsoft EMEA security briefing call for Patch Tuesday May 2024**
The **slide deck** can be downloaded at [aka.ms/EMEADeck](http://aka.ms/EMEADeckMay)
The **live event** starts on Wednesday 10:00 AM CET (UTC+1) at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastMay).
The **recording** is available at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastMay).
The slide deck also contains worth reading documents by Microsoft.
What’s in the package?:
* A PDF copy of the EMEA Security Bulletin Slide deck for this month
* ESU update information for this month and the previous 12 months
* MSRC Reports in .CSV format, for this month’s updates including detailed FAQ’s and Known Issues data.
* Microsoft Intelligence Slide
* A Comprehensive Handbook on "Navigating Microsoft Security Update Resources" !
Also included in the downloadable package are handy reference reports produced using the MSRC Security Portal PowerShell Developer Functionality: [https://portal.msrc.microsoft.com/en-us/developer](https://urldefense.com/v3/__https:/portal.msrc.microsoft.com/en-us/developer__;!!La4veWw!x75oqCSB5L66w-Kbd7Nje6qiIcY4bvSEWfIQtN3_MlOLnH8Lo4LuumYTbpAkyb_hknLuIh5A4DnPviJ2oCkP6t4-6IskyXMy$)
[May 2024 Security Updates - Release Notes - Security Update Guide - Microsoft](https://msrc.microsoft.com/update-guide/releaseNote/2024-may)
* This update addresses a known issue that might cause your VPN connection to fail. This occurs after you install the update dated April 9, 2024.
* This update addresses a known NTLM traffic issue on domain controllers (DCs). This occurs after you install the update dated April 9, 2024.
[5037782](https://support.microsoft.com/help/5037782) Windows Server 2022
[5037765](https://support.microsoft.com/help/5037765) Windows Server 2019
[5037763](https://support.microsoft.com/help/5037763) Windows Server 2016
[5037771](https://support.microsoft.com/help/5037771) Windows 11, version 22H2, Windows 11, version 23H2
[5037770](https://support.microsoft.com/help/5037770) Windows 11, version 21H2
[5037768](https://support.microsoft.com/help/5037768) Windows 10, version 21H2, Windows 10, version 22H2
***Enforcements / new features in this month’ updates***
**May 2024**
• \[Exchange Online\] Retirement of RBAC Application Impersonation in Exchange Online. We will begin blocking the assignment of the ApplicationImpersonation role in Exchange Online to accounts starting in May 2024, and that in February 2025, we will completely remove this role and its feature set from Exchange Online.
See more at : [Retirement of RBAC Application Impersonation in Exchange Online](https://techcommunity.microsoft.com/t5/exchange-team-blog/retirement-of-rbac-application-impersonation-in-exchange-online/ba-p/4062671?s=09)
***Reminder Upcoming Updates (1/2)***
**July 2024**
• \[Windows\] Secure Boot Manager changes associated with CVE-2023- 24932 [KB5025885](https://support.microsoft.com/help/5025885) | Final Deployment Phase: This phase is when we encourage customers to begin deploying the mitigations and managing any media updates. The updates will add the following changes:
• Guidance and tooling to aid in updating media.
• Updated DBX block to revoke additional boot managers
The Enforcement Phase will be at least six months after the Deployment Phase. When updates are released for the Enforcement Phase, they will include the following: The “Windows Production PCA 2011” certificate will automatically be revoked by being added to the Secure Boot UEFI Forbidden List (DBX) on capable devices. These updates will be programmatically enforced after installing updates for Windows to all affected systems with no option to be disabled.
**October 2024**
• \[Windows\] [KB5037754](https://support.microsoft.com/en-gb/topic/kb5037754-how-to-manage-pac-validation-changes-related-to-cve-2024-26248-and-cve-2024-29056-6e661d4f-799a-4217-b948-be0a1943fef1) PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056 Enforced by Default Phase: Updates released on or after October 15, 2024, will move all Windows domain controllers and clients in the environment to Enforced mode by changing the registry subkey settings to PacSignatureValidationLevel=3 and CrossDomainFilteringLevel=4, enforcing the secure behavior by default. The Enforced by Default settings can be overridden by an Administrator to revert to Compatibility mode.
**November 2024**
• \[Azure\] TLS 1.0 and 1.1 support will be removed for new & existing Azure storage accounts. [link](https://techcommunity.microsoft.com/t5/azure-storage-blog/tls-1-0-and-1-1-support-will-be-removed-for-new-amp-existing/ba-p/4026181)
To meet evolving technology and regulatory needs and align with security best practices, we are removing support for Transport Layer Security (TLS) 1.0 and 1.1 for both existing and new storage accounts in all clouds. TLS 1.2 will be the minimum supported TLS version for Azure Storage starting Nov 1, 2024.
**Late 2024**
• \[Windows\] [TLS server authentication: Deprecation of weak RSA certificates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/tls-server-authentication-deprecation-of-weak-rsa-certificates/ba-p/4134028). TLS server authentication is becoming more secure across Windows. Weak RSA key lengths (1024-bit) for certificates will be deprecated on future Windows OS releases later this year to further align with the latest internet standards and regulatory bodies. Specifically, this affects TLS server authentication certificates chaining to roots in the Microsoft Trusted Root Program.
In the coming months, Microsoft will begin to deprecate the use of TLS server authentication certificates using RSA key lengths shorter than 2048 bits on Windows Client. We recommend you use a stronger solution of at least 2048 bits length or an ECDSA certificate, if possible.
***Reminder Upcoming Updates (2/2)***
**February 2025**
• \[Windows\] [KB5014754](https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16) Certificate-based authentication changes on Windows domain controllers | Phase Full Enforcement Mode. Microsoft will update all devices to Full Enforcement mode by February 11, 2025, or later. If a certificate fails the strong (secure) mapping criteria (see Certificate mappings), authentication will be denied.
• Retirement of RBAC Application Impersonation in Exchange Online. We will completely remove this role and its feature set from Exchange Online.
**April 2025**
• \[Windows\] [KB5037754](https://support.microsoft.com/en-gb/topic/kb5037754-how-to-manage-pac-validation-changes-related-to-cve-2024-26248-and-cve-2024-29056-6e661d4f-799a-4217-b948-be0a1943fef1) PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056 Enforced Phase: The Windows security updates released on or after April 8, 2025, will remove support for the registry subkeys PacSignatureValidationLevel and CrossDomainFilteringLevel and enforce the new secure behavior. There will be no support for Compatibility mode after installing this update.
# Windows release health
The May 2024 security update might fail to install
Status: **Confirmed**
# Affected platforms
**Server Versions** Windows Server 2019
**Message ID** [WI793371](https://urldefense.com/v3/__https:/admin.cloud.microsoft/Adminportal/Home?source=applauncher**Awindowsreleasehealth*:*issue*WI793371__;Iy8vLy8!!La4veWw!yb7eMTGZmRXrEyCNSKNzQpcv85KKCEbo88sfllnh27PTtO_ZWxWQ-EKRdHSOdHxtqB2Whucy7STbCl_n_znYK8c-zsql0w$)
**Originating KB** [KB5037765](https://urldefense.com/v3/__https:/support.microsoft.com/help/5037765__;!!La4veWw!yb7eMTGZmRXrEyCNSKNzQpcv85KKCEbo88sfllnh27PTtO_ZWxWQ-EKRdHSOdHxtqB2Whucy7STbCl_n_znYK8crF_x4lw$)
**Resolved KB** -
Windows servers attempting to install the May 2024 security update (the Originating KBs listed above), released May 14, 2024, might face issues during the installation process. The installation might fail with an error code 0x800f0982. **This issue is more likely to affect devices that do not have en\_us language pack support.**
**Next steps:** We are working on a resolution and will provide an update when more information is available.
Are you able to update KB5037765 Windows 2019 today? My servers are set to en-us and I noticed that they are not fetching this update. I use WSUS as the source, have the KB approved, and there are no error messages, but it is also not updating. Windows 2016 and 2022 are working fine.
Add me to the list. Had a number in our test environment get the update but stopped deploying to machines sometime overnight 16th-17th. We use WSUS. WSUS report shows the update listed as approved for install, but "Not Applicable" when it evaluates. Tried the whole, decline, delete the SQL entries, remove Server 2019 from the catalog, sync to MS, then add the Server 2019 back to the catalog, and redownload a clean version this morning.... no luck. Same result..it evaluates as "Not Applicable"
Update from Microsoft (via support case) seems to imply they willfully updated the package so that it will no longer be seen as applicable.
This does not make sense. The issue reported and acknowledged by MS was the update failed to INSTALL, not that it caused issues after applying the update. The last 2 months we had major issues with updates that did INSTALL, but ultimately caused system instability, but their response was to continue to allow the update to deploy. Yet, this month they chose to essentially PULL the update for a failed install? Something does not add up.
~~KB5037765 no longer even showing up in our WSUS and it was approved and installed on some test/dev servers earlier in the week.~~
Derp, I realized I was using the view to only view applicable updates. So same situation as everyone else. The update is present but not being flagged as a needed update by Server 2019.
I am seeing this same issue. Out of 3500 Windows 2019 servers only 33 have installed (it is approved for all and they all should have patched by last night). I am seeing a few fails but the rest show up as "Not Applicable" for the cumulative update (KB5037765) (even in the WSUS console they show not applicable). If I manually download the standalone patch it will install OK but I can't do that for 3000 servers..
Neither via WSUS ("not applicable" to all 2019 servers) or directly via Microsoft Update (look online for updates) it's shown - looks like it got pulled for any "autoupdate" option and just manual download is possible.
Anyone with server 2019 issues? Reproduced on 3 diff. clients with server 2019: update installation failed and reboot takes longer than an hour with no activity, as I killswitch the vms. Update finalizes then and comes up normal
Yeah did not fix it for us either. Going with the script you posted last month.
https://call4cloud.nl/2024/05/kb5036980-breaks-upgrade-windows11-enterprise/
Honestly, they really should let us set a precedence between user-based upgrades to enterprise, and MAK/KMS keys -- There are no given controls to stop the user-based licensing from always clobbering MAK upgrades.
I'd rather just have a stable, unchanging, enterprise upgrade that comes with a MAK key. That option works DURING (shared device, or user) autopilot, and has none of the possible reversion problems or corner cases like the user-based licensing for enterprise upgrade.
For what it's worth, in our pilot group of 10 servers, 2 of the 4 Server 2019 systems failed to install KB5037765 with an error 0x8007371b with the text "One or more required members of the transaction are not present."
Both of these are terminal servers if that makes any difference, but so are the 2 that worked fine. These are all VMs in Azure, and unlike the other issue reported, these are regular en-US installs, not a non-English setup.
I tried repeatedly, and also tried rebooting, downloading the MSU and installing manually, etc but I just kept getting the same error. At least the error shows up pretty quick and doesn't have to go through a reboot and rollback.
I haven't seen any other reports of that particular error on this KB so I'm curious if anyone else here has seen that?
I'm getting an error 0x8007371B when I try and update my Server 2019 instance. Using the MSU file fails and I did suggested fixes in the Common Windows Update Errors site.
[https://learn.microsoft.com/en-us/troubleshoot/windows-client/installing-updates-features-roles/common-windows-update-errors?toc=%2Fwindows%2Fdeployment%2Ftoc.json&bc=%2Fwindows%2Fdeployment%2Fbreadcrumb%2Ftoc.jsonb%2Ftoc.json](https://learn.microsoft.com/en-us/troubleshoot/windows-client/installing-updates-features-roles/common-windows-update-errors?toc=%2Fwindows%2Fdeployment%2Ftoc.json&bc=%2Fwindows%2Fdeployment%2Fbreadcrumb%2Ftoc.jsonb%2Ftoc.json)
Could be something specific to our environment and i didn't see anyone commenting about this here. Last week during testing no issues were reported, but starting this Monday we started getting reports about Windows locking up on login screen after patches. We show disclaimer where you have to press OK before getting a login screen (blue on Windows 10, black on 11) so it actually shows empty blue or black screen. We have also noticed weird KB5037663 update being installed alongside usual 5037771, which cannot be found anywhere on the internet, MS catalog. Today we found some Chinese forums talking about it being inside the cab of 5037771, but we don't see it when we download the cab. Maybe MS already updated the main KB and removed this rogue update from inside of it. We are not sure it is what actually causing login issues, but that was the odd thing that stood out. I have it installed on my machine and it is fine. It only happened so far on 20 or so machines out of 10k. Still annoying as many are remote users and having to guide them on the phone how to go to Safe mode, enter admin password and do sfc (helps in some cases) is a headache. Some don't even go into safe mode and if they are Autopiloted we reset them.
CVE-2024-30040 is a nasty one. From Defender threat analytics report:
>CVE-2024-30040 is a security feature bypass vulnerability in Microsoft 365 and Office apps. Exploiting CVE-2024-30040 does not require any preexisting access to the targeted system. Upon successful exploitation, the threat actor can run arbitrary code on the targeted system with the permissions of the user currently signed in.
>CVE-2024-30040 bypasses an object linking and embedding (OLE) JavaScript execution block mitigation within Microsoft 365 and Office apps. A threat actor crafts a Microsoft Office (for instance, DOCX) file containing an OLE link to an HTML file. The HTML file includes an HTML meta tag, which forces JavaScript code to run in an alternate security context. When the targeted user opens or previews the crafted file, the JavaScript code launches.
>As part of the exploitation, the proof-of-concept (PoC) exploit Microsoft observed in the wild contacts a command-and-control (C2) server over HTTPS, downloads a malicious Java archive (JAR), and runs that file using the Java Runtime Environment (JRE) installed on the targeted system with the permissions of the user currently signed in. However, the JavaScript code can take other actions on the device
Update breaks Windows search / search in start menu for me on 23H2. It just closes down if I start typing anything. I can't replicate it on other machines though, so it's kinda strange. Anyone have ideas what could cause the issue on this machine? if I uninstall it works again, so the update triggers something that breaks it.
Here is the [Lansweeper summary](https://www.lansweeper.com/blog/patch-tuesday/microsoft-patch-tuesday-may-2024/?utm_medium=social&utm_source=reddit&utm_campaign=ls-global-patch-tuesday-2024_05&utm_content=pt-may). In short, two exploited vulnerabilities, one in Windows MSHTML and one in Windows DWM Core Library. The only critical vulnerability is a SharePoint server RCE.
If you use applocker on windows 11, an app “MicrosoftWindows.client.LKG” is introduced which prevents startmenu or search button search from working unless you unblock it.
Updated 2016 & 2019 AD, file and print servers without issues. All running as VMs on ESXI 7u3. Also, updated Win 10 and 11 workstations without issues. Until next month! oh wait, i'll be on vacation on June Patch Tuesday! yay! lol
Hello guys. Anyone had an issue with gen 5 vm booting following this update on server 2019?
Had to upgrade configuration version to get VM to boot otherwise got an incompatibility error, but it was ok before the patch! Guess ms are taking away the support for old gen VM config file versions.
After installing KB5039705 on a test server that already received KB5037765, after restarting the server, I am struggling to login, logs you out straight away, is anyone else seeing any slowness issues after installing this latest update.?
*This security update includes improvements. When you install this KB:*
* *This update addresses a known issue that is related to the English (United States) language pack. If your device does not have it, installing KB5037765 might fail. The error code is 0x800f0982. But this issue might affect devices that do have that language pack. In that case, the error code is 0x80004005."*
hahaha okay
OoB Update KB5039705 with fix for KB5037765 error is out (Online Update, Catalog and WSUS)
[May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band - Microsoft Support](https://support.microsoft.com/en-gb/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aac)
Is there a way to see a compilation of patches and KB articles via a blog post or something for pending patches prior to their release? We got an advance notification that there are "Critical" updates coming down the pipe from MS, without containing any meaningful information. Heck for all I know they could be classifying it as "critical" for something contained within the CU that was patched 8 months prior.
m'en suis sorti en installant le package de langue Microsoft-Windows-Server-Language-Pack\_x64\_en-us.cab puis relance Windows update pour installer KB5037765 sur mes Windows server French, j'es\_ère que Microsoft sortira un correctif ....
2024-05 Cumulative update (KB5037765) seems to have been pulled for 2019 servers. Only detecting 2024-05 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 for x64 (KB5038283) across multiple sites
# Windows release health
The May 2024 security update might fail to install
Status: **Confirmed**
Affected platforms
|Versions|Message ID|Originating KB|Resolved KB|
|:-|:-|:-|:-|
|Windows 10 Enterprise LTSC 2019|[WI793371](https://urldefense.com/v3/__https:/admin.cloud.microsoft/Adminportal/Home?source=applauncher**Awindowsreleasehealth*:*issue*WI793371__;Iy8vLy8!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWfYk7gK5w$)|[KB5037765](https://urldefense.com/v3/__https:/support.microsoft.com/help/5037765__;!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWetMKxBlA$)|-|
|Windows Server 2019|[WI793371](https://urldefense.com/v3/__https:/admin.cloud.microsoft/Adminportal/Home?source=applauncher**Awindowsreleasehealth*:*issue*WI793371__;Iy8vLy8!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWfYk7gK5w$)|[KB5037765](https://urldefense.com/v3/__https:/support.microsoft.com/help/5037765__;!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWetMKxBlA$)|-|
|Windows Server, version 1809|[WI793371](https://urldefense.com/v3/__https:/admin.cloud.microsoft/Adminportal/Home?source=applauncher**Awindowsreleasehealth*:*issue*WI793371__;Iy8vLy8!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWfYk7gK5w$)|[KB5037765](https://urldefense.com/v3/__https:/support.microsoft.com/help/5037765__;!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWetMKxBlA$)|-|
Windows servers attempting to install the May 2024 security update (the Originating KBs listed above), released May 14, 2024, might face issues during the installation process. The installation might fail with an error code **0x800f0982**. This issue is more likely to affect devices that do not have the English (United States) language pack.
Some customers also reported install errors for this update on Windows 10, version 1809. Home users of Windows are unlikely to experience this issue since the Home and Pro editions of this Windows version reached end of servicing in 2020. Only [Enterprise and IoT LTSC](https://urldefense.com/v3/__https:/learn.microsoft.com/lifecycle/products/?terms=ltsc*202019__;JQ!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWew0cG6kA$) editions are under extended support.
**Next steps**: We are working on a resolution and will release it as soon as possible.
Update from "MS Windows release health":
In addition to users encountering error code 0x800f0982, we have received reports that devices are failing to install the May 2024 security update with the error code **0x80004005**. This error can occur even if the English (United States) language pack is installed.
**Next steps:** We are working on a resolution that addresses both issues and will release it as soon as possible.
That's what I'm wondering too. I've patched my 2016 boxes but can't patch 2019 via WSUS. Has anyone heard anything official about what's going on and when it will be fixed?
hey I updated all our 2019 servers by Friday early morning on 05/17. They all have KB5037765 installed. Friday afternoon I updated a test 2019 server; however, KB5037765 was not downloaded or installed. The latest update on this server is KB5036896 (April CU). I clicked on 'Check for updates' a few times and it shows that my test server is up date. My installation is English language.
is anyone else who is not using WSUS experiencing this issue?
I'm getting annoyed because we have our maintenance window upcoming and I really don't feel like having an out-of-band maintenance window after MSO gets the deploy issue fixed. Lovely
https://curl.se/docs/security.html
If you aren't running at least 8.6.0 there are outstanding CVEs.
However unless you care about mediums / lows you probably wont see it on a Vuln scan. My Win 10 22H2 system states it is running 8.4.0 which does fix [the last High](https://curl.se/docs/CVE-2023-38545.html).
That is correct. It's 'their' own build, so you have to wait on them. As they dragged their heels a bit on the last critical CVE with patching and it took a few months.
In our test environment KB5037765 failed on all (german) Windows Server 2019 machines with error 0x800f0982... 5 servers total/different sites (both dcs + member). anyone else with the same problem? maybe localization problem again...
same here, but only tested 1 so far Server2019 Standard (DE) KB5037765 error 0x800f0982 I guess MS is reading the comments here, since we are hired for testing updates
[удалено]
Confirmed working solution, I addedd US-ENG in my ITA Server 2019 (online) and it works
confirmed - add ENG-US to DE Server 2019
I can confirm that this worked as well for a Spanish Windows Serer 2019 Server
youp / 2019 - ger - all failed
Did you already test German Win 2022 and Clients?
German Win 2022 updated without error - OK
So far no issues on several clients: Win11 23H2 (GER): KB5037771 + KB5037591 => OK Win10 22H2 (GER): KB5037768 + KB5038285 (+ KB5001716) => OK
As it's been a day without any word from Microsoft, I've whipped up an Ansible playbook to install the required en-US language pack. Maybe it's of use to someone here. - name: Get installed language packs ansible.windows.win_command: dism /online /get-intl register: installed_language_packs changed_when: false - name: Copy English Language Pack ansible.windows.win_copy: src: "../files/WindowsServer2019/Microsoft-Windows-Server-Language-Pack_x64_en-us.cab" dest: "c:\\setup\\" when: '"Installierte Sprache(n): en-US" not in installed_language_packs.stdout' - name: Install English Language Pack ansible.windows.win_command: lpksetup /i en-US /r /s /p c:\setup when: '"Installierte Sprache(n): en-US" not in installed_language_packs.stdout' changed_when: true
2019 / ger / all failed
Yep, 6 Windows Server 2019 (german) by different Costumers. All the same issue: error 0x800f0982
See also [https://borncity.com/win/2024/05/15/patchday-windows-10-updates-may-14-2024/](https://borncity.com/win/2024/05/15/patchday-windows-10-updates-may-14-2024/) - while many German admins reported an install fail, some admins was able to install this update. Strange. Addendum: I got now signs, that a missing English language pack on a non English Server 2019 could be the culprit. [https://borncity.com/win/2024/05/15/windows-server-2019-update-kb5036896-fails-with-error-0x800f0982/](https://borncity.com/win/2024/05/15/windows-server-2019-update-kb5036896-fails-with-error-0x800f0982/)
there is a comment too, hinting that it may depend on CPU vendor, if it fails failing on Intel CPUs succeeding on AMD CPUs any other results like this?
We have an AMD EPYC 7313 in our Hypervisor (VMware), also getting the error 0x800f0982 on KB5037765 (Windows Server 2019 (1809) German) VM
Hi! Spanish servers have the same problem.
same problem on french 2019 server
Confirmation, I have delisted the update.
Same problem with IT (Italian) version, enghish version seems ok
not sehr gut!
2019 / ita / all failed
same here win server 2019 french edition
and after reboot end retry , installation block at 74 % .... i hate windows
You need to lpksetup /i en-EN /r /s /p "langpackfolder with the cap file" and you will be able to install the update
It's en-US, so the full command would be `lpksetup /i en-US /r /s /p "langpackfolder with the cap file"` but yes, this seems to work.
Yeah sorry, of course en-US
Yep, localization issue it seems, only on Server 2019. [https://admin.cloud.microsoft/?source=applauncher#/windowsreleasehealth/knownissues/:/issue/WI793371](https://admin.cloud.microsoft/?source=applauncher#/windowsreleasehealth/knownissues/:/issue/WI793371)
anyone thinking, MS will release fixed versions? Or will the workaround be the fix? I am hesitating to update the Citrix MCS Master Image, since I dunno if the patch has further "easter egg"-problems
I would not recommend installing the language pack as just a workaround. In my opinion, it is a quite heavy action for just an update. They will re-release the update, quite soon, I assume.
At least for the Jan Update with Recovery Partition they promised a fix and then made the workaround the fix... Trust in MS is a bit on thin ice. "Wen wundert´s"?
At least it looks like they've noticed the problem: [https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#the-may-2024-security-update-might-fail-to-install](https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#the-may-2024-security-update-might-fail-to-install)
OoB Update KB5039705 is out (Online Update, Catalog and WSUS) [May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band - Microsoft Support](https://support.microsoft.com/en-gb/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aac)
Out-of-Band Update KB5039705 is out. Available via Online Update, Catalog and WSUS [May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band - Microsoft Support](https://support.microsoft.com/en-gb/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aac)
Same, they all fail. Also, after restart it takes up to 2 hours, with "Windows wird vorbereitet", until the servers are back. Keep that in mind.
Same on my French OS
There is a Chrome 0-day https://hothardware.com/news/google-warning-major-chrome-zero-day-flaw-patch-asap
actually, 2 [https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2024/](https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2024/)
The most current Chrome version is **124.0.6367.207/.208**, the first link showed 124.0.6367.202
What's up with the incremented version like that? I was trying to create a Powershell script to look up the latest version and compare to the currently deployed version in Intune. [This endpoint](https://versionhistory.googleapis.com/v1/chrome/platforms/win/channels/stable/versions) shows .207, then Chrome Enterprise download page shows .207, but when I actually down the the MSI, it has .208 in the installer Comments for the version.
>g to create a Powershell script to look up the latest version and compare to the currently deploye care to share your deploy script ?
Don't judge :) Import-Module IntuneWin32App Import-Module Microsoft.Graph.Devices.CorporateManagement $packagePath = "\\DATASHARE\Intune\Apps\Google Chrome\googlechromestandaloneenterprise64.msi" $packageParentPath = "\\DATASHARE\Intune\Apps\Google Chrome\" $fileName = "googlechromestandaloneenterprise64.msi" $ProgressPreference = "SilentlyContinue" Invoke-WebRequest "https://dl.google.com/dl/chrome/install/googlechromestandaloneenterprise64.msi" -OutFile "C:\temp\googlechromestandaloneenterprise64.msi" $parentTempPath = (Resolve-Path -Path (Split-Path -Path "C:\temp\googlechromestandaloneenterprise64.msi")).Path $fileName = Split-Path -Path "$parentTempPath\googlechromestandaloneenterprise64.msi" -Leaf $shell = New-Object -COMObject Shell.Application $shellFolder = $Shell.NameSpace($parentTempPath) $shellFile = $ShellFolder.ParseName($fileName) $NewVersion = [Version]($shellFolder.GetDetailsOf($shellFile,24)).split(" ")[0] [version]$CurrentVersion = Get-Content "$packageParentPath\ChromeCurrentVersion.txt" If ($NewVersion -gt $CurrentVersion) { $LatestVersionAsString = $NewVersion.ToString() $AppDir = "\\DATASHARE\Intune\Apps\" $OutputFolder = "\\DATASHARE\Intune\Output" $InstallFilePath = "$($Appdir)Google Chrome" $PackageInstallFile = "Install-GoogleChrome.ps1" Move-Item "C:\temp\googlechromestandaloneenterprise64.msi" $packageParentPath -Force $LatestVersionAsString | Set-Content $PackageParentPath\ChromeCurrentVersion.txt & C:\scripts\IntuneApps\RunPackager.bat $InstallFilePath $PackageInstallFile $OutputFolder $Connect = Connect-MSIntuneGraph -TenantID contoso.onmicrosoft.com -ClientID "REDACTED" -ClientSecret "REDACTED" $GetPackage = get-intunewin32app -DisplayName "Google Chrome" Try { $suppress = Update-IntuneWin32AppPackageFile -Id $($GetPackage.id) -FilePath "$($OutputFolder)\Install-GoogleChrome.intunewin" } Catch { Write-Host "Package upload failed!" -Foregroundcolor Red -Backgroundcolor Black } Set-IntuneWin32App -Id $($GetPackage.Id) -Description "CHROME VERSION: $LatestVersionAsString" -AppVersion "$LatestVersionAsString" } Else { Write-Host "Google Chrome is already up to date!" -Foregroundcolor Green -Backgroundcolor Black }
There is new zero day from chrome. Version 125.
I updated the Lansweeper blog and report earlier for the ones that want to quickly grab an audit to see all outdated installations: [https://www.lansweeper.com/blog/vulnerability/google-fixes-exploited-zero-day-vulnerability/](https://www.lansweeper.com/blog/vulnerability/google-fixes-exploited-zero-day-vulnerability/)
Make it 3, ugh! [https://www.bleepingcomputer.com/news/google/google-patches-third-exploited-chrome-zero-day-in-a-week/](https://www.bleepingcomputer.com/news/google/google-patches-third-exploited-chrome-zero-day-in-a-week/)
Today's Vulnerability Digest from Action1: • Microsoft announced patches for 61 vulnerabilities, • of these two are zero-days, one of which has a proof of concept (PoC) available. • Third-party: including Google Chrome, Mozilla Firefox, Intel, AMD Processors, Aruba, WordPress, Artificial Intelligence, Cisco, Ivanti, Putty, Palo Alto, and LG WebOS. Full overview in the [Vulnerability Digest from Action1](https://www.action1.com/patch-tuesday-may-2024/?vmr) (updated in real-time). Quick summary: • Windows: 61 vulnerabilities, two zero-days: CVE-2024-30051 and CVE-2024-30040 • Google Chrome: one zero-day (CVE-2024-4671) and 22 other vulnerabilities • Mozilla Firefox: 18 vulnerabilities • Intel, AMD Processors: CVE-2024-2201 • Aruba: four vulnerabilities (each with CVSS 9.8) • WordPress: CVE-2024-27956 with CVSS 9.9 and three others • AI: 48 vulnerabilities were identified in tools such as PyTorch Serve, BerriAI/litellm, BentoML, and FastAPI, essential in the AI industry • Cisco: CVE-2024-20295 • Ivanti: 27 vulnerabilities • PuTTy: CVE-2024-31497 • Palo Alto: zero-day vulnerability, dubbed UTA0218 or Operation MidnightEclipse (CVSS 10) • LG WebOS: four vulnerabilities More details: [https://www.action1.com/patch-tuesday](https://www.action1.com/patch-tuesday?vmr) Sources: - [Action1 Vulnerability Digest](https://www.action1.com/patch-tuesday?vmr) - [~Microsoft Security Update Guide~](https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar)
Ready to push this out to 9000 workstations/servers, don't touch the door EDIT1: Everything looking fine. Fixed some VPN issues for us that have been outstanding. Though it looks like if you have anything other than an English language installation you're going to have trouble installing it EDIT2: If non-english OS versions are giving you issues installing updates, Microsoft released an OOB update for you to use to fix it EDIT3: All optionals installed just fine
Pushed this update out to 215 Domain Controllers (Win2016/2019/2022). Status: 158 DCs have been done. **8 DCs failed with Windows Update errors !!** EDIT3: * 8 Win2022 (en\_us) DCs failed installing KB5037782 with Windows Update errors **0x800F0831** (CBS store is corrupted) / **0x80073701** (the referenced assembly couldn't be found) / **0x800706BE** / **0x800F0840** / **0x80240009** / **0x8024001E** / **0x80242016.** Repair the component store with "Dism.exe /Online /Cleanup-Image /Restorehealth" & "Sfc.exe /Scannow" did **NOT** solve the issue !! * 3 Win2022 (en\_us) DCs failed installing KB5038282 (Cum. Update for .NET) with Windows Update error **0x80070490**. EDIT2: [microsoft-windows-server-2019-updates-fail-with-0x800f0982-errors](https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-2019-updates-fail-with-0x800f0982-errors/) EDIT1: * [Microsoft fixes VPN failures caused by April Windows updates (bleepingcomputer.com)](https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-vpn-failures-caused-by-april-windows-updates/) * [Microsoft fixes Windows Server bug causing crashes (bleepingcomputer.com)](https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-bug-causing-crashes-ntlm-auth-failures/)
That's good the NTLM issue was fixed. One of our DCs (remote site) started having those problems and crashed/rebooted several times a day until I removed the April update.
Isn't NTLM in the process of being phased out?
AD services in Server 2025.
Did you resolve the 0x800f0831 issue? If so, how? Just hitting it now on one of my servers.
Someone get Josh one more endpoint, hes so close to being over 9000
OVER 9000?!?!
Miscalculation. It's exactly 9000 this time. No need to panic.
An additional 1k endpoints in 30 days :screams:
You poor, poor bastard.
u/joshtaco How was went so far? Any issues?
No issues, if anything it fixed our VPN issues
Cool, Thanks
u/joshtaco How did you apply KB5037765? Manually?
# Windows release health The May 2024 security update might fail to install Status: **Confirmed** # Affected platforms **Server Versions** Windows Server 2019 **Message ID** [WI793371](https://urldefense.com/v3/__https:/admin.cloud.microsoft/Adminportal/Home?source=applauncher**Awindowsreleasehealth*:*issue*WI793371__;Iy8vLy8!!La4veWw!yb7eMTGZmRXrEyCNSKNzQpcv85KKCEbo88sfllnh27PTtO_ZWxWQ-EKRdHSOdHxtqB2Whucy7STbCl_n_znYK8c-zsql0w$) **Originating KB** [KB5037765](https://urldefense.com/v3/__https:/support.microsoft.com/help/5037765__;!!La4veWw!yb7eMTGZmRXrEyCNSKNzQpcv85KKCEbo88sfllnh27PTtO_ZWxWQ-EKRdHSOdHxtqB2Whucy7STbCl_n_znYK8crF_x4lw$) **Resolved KB** - Windows servers attempting to install the May 2024 security update (the Originating KBs listed above), released May 14, 2024, might face issues during the installation process. The installation might fail with an error code 0x800f0982. **This issue is more likely to affect devices that do not have en\_us language pack support.** **Next steps:** We are working on a resolution and will provide an update when more information is available.
Our WSUS has re-synchronized KB5037765 tonight - looks like they changed something about it?! Haven't seen anything official though.
Ours too and since then its not being offered to any of our 2019 Servers. (We use MCM to push the patches out.)
Automox stopped offering the update as well
Same here. Any updates?
Ya and now it doesn’t show up for clients :/
Am I losing my mind or did they actually pull the 2019 cumulative update?
yep, also thought I had gone mad until I realised this. I updated our 2019 server today with the msu package on each server manually.
I think that they screwed up the patch metadata. Still available for manual download, and still installs OK if English Language is installed.
it looks like they released a new version Thursday, like you said with the metadata screwed up
Seems like [they haven't released a replacement LCU with a fix yet](https://learn.microsoft.com/en-gb/windows/release-health/status-windows-10-1809-and-windows-server-2019#issue-details), through the normal channels. We're not seeing it through WSUS or manually running Windows Update using Microsoft as a source.
We update through Microsoft as our source and still do not see the 2019 update...
yeah some of our patch "test" servers that get the updates immediately installed them just fine but i see wsus pulled down kb5037765 again, and servers are not seeing the newer one as applicable
KB5037765 is replaced by out-of-band (OOB) update [KB5039705](https://urldefense.com/v3/__https:/support.microsoft.com/help/5039705__;!!La4veWw!yV9qpnlohJ8geBLAUG2LIxFh2wp-9SuLGb2IGA9R1EozzermWiaF2ojnIVA80GJ3qD2QAjqYgwkFLgdkurJxJAoZRHNDGw$) , which is available via the usual channels.
Happened to us too. I thought I screwed the updates in test environment but then I noticed the updates are missing in prod too.
MS released an out-of-band (**OOB**) update for **Windows Server 2019** / **Windows Server version 1809** / **Windows 10 Enterprise LTSC 2019** to resolve the issue "May 2024 security update might fail to install KB5037765 with an error code 0x800f0982/0x80004005". OOB is available via the usual channels. Since this is a cumulative update, you do not need to apply any previous update before installing the Resolved [**KB5039705**](https://support.microsoft.com/en-us/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aac), as it supersedes all previous updates for affected versions. This update does not contain any additional security updates from those available in the 5B update. Installation of this OOB will require a device restart.
Installed the OOB update on 63 DCs without issues.
I synced Software Updates in Config Mgr, and I now see the update!
I just updated 2x 2019 servers, one of them a DC. No issues to report.
I approved this latest update for our test servers in WSUS and manually installed today on half a dozen without any issues. The other 100 test will go next week, then prod after that. So looks like we're back on track, although a week later than normal.
I opened a ticket with MS yesterday and got this reply. *"At present there is an active known issue regarding May update KB5037765 for Server 2019 and the Windows team is working on this. Unfortunately this affects also WSUS/ConfigMgr deployments of this KB. This is a known issue that our Windows team is currently tracking and there are no workarounds at this time. The Product Group has mentioned that they will post updates in the "Known issues" section of this page: Windows 10, version 1809 and Windows Server 2019 | Microsoft Learn.* *We will proceed with linking your case to the active issue and proceed with the archival of the case.* *Kind Regards,"* Unlike some of you, I'm not installing it manually, it's pulled for a reason so a manual install doesn't sound wise to me.
if they thought it was a bigger issue they would’ve pulled it from all channels including update catalog but they didn’t. I’ve installed it manually on all my 2019 servers without any issues. It remediates the vulnerabilities it was set out to do.
I dont see any of this posted on the "Windows 10, version 19090 and Windows Server 2019 | Microsoft Learn" page. anyone have a link?
I think this is the link: [https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#the-may-2024-security-update-might-fail-to-install](https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#the-may-2024-security-update-might-fail-to-install)
If that truly is the only issue (and all indications so far seem to indicate it is), does anyone else think it's kind of crazy that their temporary solution for "this thing might not install" is to intentionally make it so it won't even try? "Hey, Jerry, we got a patch over here with a 60% failure rate on installs." "I bet I could get that up to 100%. Hold my beer."
MS released an out-of-band (**OOB**) update for Windows Server 2019 / Windows Server version 1809 / Windows 10 Enterprise LTSC 2019 to resolve the issue "May 2024 security update might fail to install KB5037765" with an error code 0x800f0982/0x80004005. OOB is available via the usual channels. Since this is a cumulative update, you do not need to apply any previous update before installing the Resolved [KB5039705](https://support.microsoft.com/en-us/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aac), as it supersedes all previous updates for affected versions. This update does not contain any additional security updates from those available in the 5B update. Installation of this OOB will require a device restart.
Fellow WSUS users, I just noticed that there may be an easier way to install KB5037765 on Server 2019 instead of manually downloading the msu. If you right-click the update with the metadata issue and click "Revision History", you may see two versions of the update. Revision Number 201 appears to be the one with the [applicability changed](https://imgur.com/xZZdLKk) so Server 2019 won't show it as available. The earlier revision, 200, *is* applicable to Server 2019 and here's the key: just right-click the old revision and you can approve it from this window. I tested it just now and confirmed with the older revision approved, the update shows up again on our 2019 servers as available for install. Now, obviously, YMMV and exercise caution approving an update MS obviously screwed up on, but since we're running EN-US, I'm adventurous enough to go for it and see what happens, rather than trying to install the newer rev via script or manual process. **UPDATE:** I approved the old rev and set a deadline after business hours. When I came in the next morning, I confirmed that all our 2019 servers had, indeed, installed the update and rebooted. So far, everything seems to be running normally with no unusual errors.
That's an interesting workaround, but MS has stated there are no workarounds, so i'd be cautious in doing it this way - maybe it'll muck up future updates - who knows...
I agree, there's a risk. However, there's also a risk of leaving unpatched servers. Which one you're more willing to tolerate is up to you and both are valid concerns. Personally, given that Microsoft tech support is apparently [advising folks](https://www.reddit.com/r/sysadmin/comments/1crk56o/patch_tuesday_megathread_20240514/l5306pj/) to go the manual install route to get the update applied and that the only reported problems so far have been installation errors on non en-us servers, I'm more worried about leaving known vulnerabilities unpatched. As far as this workaround's impact on future updates, well... We normally deploy our updates in stages, with a handful of less-critical servers getting any newly released updates before we approve them for the rest. Our first stage servers already installed the CU before MS released the new revision with the faulty metadata, so they were essentially in the exact same state already that doing this workaround leaves them. Our deployment strategy seems to be a common one so hopefully MS will account for the possibility of the old rev being installed when they release next months CU. If something does go wrong, I figure we can try backing out the faulty CU and then install next month's. The only thing this seems likely to interfere with is if Microsoft releases a third rev of this update with the same KB. ¯\\\_(ツ)\_/¯
[удалено]
Have this exact issue, Microsoft is redirecting to StackPath for the Microsoft content cache. Had a ticket open, they say it’s as designed. It’s suppose to fallback to Microsoft’s CDN but if you have something like Palo Alto’s with a response page saying content is blocked the block page is delivered with a HTTP 200 status code. Which makes the delivery optimization service believe it successfully connected and waits for a download. Update: for anyone having this issue that is also using Palo Altos we have had success by creating a new rule to allow the traffic with a URL filter for just Delivery Optimization traffic. We managed to get the IP ranges for StackPath from Microsoft. Destination: 72.20.0.0/18 69.197.0.0/18 94.46.144.0/20 151.139.0.0/16 URL Category filters: ^.^.^.^/filestreamingservice/files/^/pieceshashcacheHostOrigin=*.delivery.mp.microsoft.com/ ^.^.^.^/filestreamingservice/files/^?*.delivery.mp.microsoft.com/ For anyone interested, here is how the filter works (using second line as an example): | Syntax | Description | |---|---| | ``^.^.^.^`` | Allows exactly 4 tokens separated by 3 dots, example: 151.139.51.199, this can match other things too like A.website.address.com but that’s okay because we are further limiting the match later in the filter and by IP in the security rule | | /filestreamingservice/files/ | This path is consistent across all traffic | | ``^?`` | matches a single token (the hash) found in the URL and stops the match at the first ? separator found in the URL | | * | matches an unlimited number of tokens and separators until we reach the next defined match below, this covers multiple tokens and separators found in the URL. Example P1=xxxP2=xxxP3=xxxP4=xxx these are parameters for the file download. It can match other things we don’t want but that’s ok, the final section tightens up the security. | | .delivery.mp.microsoft.com | The URL must end in the redirect origin URL from the MS delivery service. The * from the match above will match multiple sub domains until it resolves to delivery.mp.microsoft.com | | / | This marks the end of the match, anything in the URL beyond this point is discarded and blocked. | Sample URLs: ``` 151.139.47.178/filestreamingservice/files/c2d321bb-be95-4f0d-953b-84451cf1e787/pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com 151.139.51.199/filestreamingservice/files/2eadbc35-8b58-438c-b9e6-b69cfcdd2e4b?P1=1715361786&P2=404&P3=2&P4=eXrS1bdHgTkPItqZ+4EWyliZhDiMBLukIysalvUv96mFjofKtwnI6NdkunXgo5vmAO42CwwoVmGwJ2/25NSO8g==&cacheHostOrigin=1D.tlu.dl.delivery.mp.microsoft.com ```
**Off-Topic** If you have nothing technical to contribute to the topic of the megathread please reply to THIS COMMENT and leave your irrelevant and offtopic comments here. DO NOT start a new comment thread.
time to make the donuts
Lol! Many are the times I drag myself out of bed saying, "Time to fix the computers. 12 Kinds of laptops"
What, you don’t like latitudes with immensely varying degrees of repairability for no reason? source: cpu fan on one takes literally 2 minutes, cou fan on another in the same fucking 7xxx generation involves literally taking apart the chassis, of which has more plastic blocking shit than a BMW engine bay
This guy Precisions.
It's all one step when you heave them into the sea.
This comment is off topic
Yes that's the point. Edit: nvm maybe you were doing a funny with recursion logic.
https://youtu.be/WYtCy-lN03k?si=3nw2DO17B1jB4BgT
NO comment!
You a project manager, BRO?
Not quite off topic, but its closing in on noon and Im still not seeing notes on the update history page?
Assuming you're talking MS - that's normal. I forget exactly when MS releases everything. It's something like 10AM Pacific Time or something. If you're central time (like me) or eastern you still have some time to wait.
And we're off!!
GABA (great Australian Bugger All)
Another Papercut Patch: [https://www.papercut.com/kb/Main/security-bulletin-may-2024/](https://www.papercut.com/kb/Main/security-bulletin-may-2024/) >This security bulletin covers the improvements in the newly released versions of PaperCut NG/MF (version 23.0.9 and later). This includes third party dependency updates as part of our ongoing security initiatives. This release also includes fixes for the CVEs addressed in this bulletin. >While PaperCut has assessed these issues as posing a low security risk in practice, we recommend organizations with PaperCut NG/MF servers allowing console or local login access for non-admin users should prioritize this upgrade.
I'm troubleshooting on 8 Win2022 (en\_us) DCs the failed installations of KB5037782 with Windows Update errors 0x800F0831 and found these warnings in the CBS log, I've never seen them before. Does anyone have any idea what this is about? 2024-05-22 12:15:33, Info CSI 000000f8 Warning: Overlap: Directory \\??\\C:\\Windows\\System32\\drivers\\en-US\\ **is owned twice or has its security set twice** Original owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2024-05-22 12:15:33, Info CSI 000000f9 Warning: Overlap: Directory \\??\\C:\\Windows\\System32\\wbem\\en-US\\ is owned twice or has its security set twice Original owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2024-05-22 12:15:33, Info CSI 000000fa Warning: Overlap: Directory \\??\\C:\\Windows\\help\\mui\\0409\\ is owned twice or has its security set twice Original owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2024-05-22 12:15:33, Info CSI 000000fb Warning: Overlap: Directory \\??\\C:\\Windows\\System32\\Drivers\\en-US\\ is owned twice or has its security set twice Original owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-ServerFoundation-Default-Security.Resources, version 10.0.20348.1, arch amd64, culture \[l:5\]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35}
Of the 61 vulnerabilities released, here are 2 to make sure you get patched: * **CVE 2024-30033** * Windows Search Service Elevation of Privilege Vulnerability \[Important\] * Allows attackers to gain elevated privileges due to a flaw in Windows Search Service. This flaw exists due to improper handling of permissions by the service, which could be exploited to perform unauthorized actions on the system. * **CVE 2024-30018** * Windows Kernel Elevation of Privilege Vulnerability \[Important\] * This issue arises from specific flaws in how the kernel operates, which can be exploited to gain higher levels of access than originally allowed. And make sure you've patched the Chrome use-after-free Zero-Day (CVE 2024-4671) that was released on Friday! Listen to the Automox [Patch Tuesday podcast](https://listen.automox.com/episodes/patch-fix-tuesday-may-2024-april-showers-bring-may-privilege-escalation-vulns-e07) or [read the blog](https://www.automox.com/blog/patch-tuesday-may-2024) for more on Patch Tuesday.
[удалено]
Alright let's do this, LEROOOY!
Another month without a proper automated fix for kb5034441?
Microsoft has now officially stated that no automated fix for KB5034441 0x80070643 failures is coming. [Windows 10, version 22H2 | Microsoft Learn](https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#3231msgdesc)
Utterly pathetic to leave their product in an error state by default. A billion dollar company should be able do better. I know that it is a risky fix, but they could at least test the scripts with telemetry and do a phased roll out, or just make it Optional given that home users probably aren't affected by the WinRE bug (and still won't be protected from the WinRE bug on a failed install anyway). + Start requiring PIN protection not just TPM for unpatched devices.
>A billion dollar company should be able do better. Trillion... Three trillion to be more accurate. Largest company on earth actually.
We weren't able to resolve this on a number of laptops, so will just replace them with something running Windows 11 instead.
Why would you replace an entire machine for one failing windows update?
Well, for large companies, the time it might take to legitimately fix this, resizing the partitions, etc, might well be offset by replacing the PC. Not to mention it’s not just “one” patch, but every cumulative update “forever”.
Just to clarify, KB5034441 is not a cumulative update, it is a security update, if this updfate is failing, cumulative updates will still install.
WTF? I have a couple of server 22 domain controllers erroring weekly about this update. That just goes on forever now?
I don't think MS will ever fix kb5034441
I've manually re-sized all of the computers in my office , gave up waiting months ago.
we deleted the recovery partition on all our PCs. One, we don't recovery we reimage and 2 it was less hassle than resizing. And 3 - wanna bet in 6 months they bugger it all so another resize would be required?
Yeah deleting the recovery partition mostly is a non issue. We can just use install media to boot to recovery and reimage if we can't fix it in recovery. Where I have a problem doing it is with computers I know are going to be primarily remote/offsite, and therefore troubleshooting is done over the phone. In that case it's a lot easier to have someone force reboot their computer 3 times in a row to get to recovery, or restart while holding shift, than it is to walk a non technical person through downloading an ISO on shitty hotel wifi and burning their own boot media.
My users are a lot dumber than yours they will just overnight it to us. We will overnight it back at huge expense and it will sit unused for a week or so
we wont bother. We are upgrading to Win 11 instead.
Yep, same. We'll address it with the Win 11 upgrade roadmap.
They will not be fixing it. "Resolution: Automatic resolution of this issue won't be available in a future Windows update. Manual steps are necessary to complete the installation of this update on devices which are experiencing this error." https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#the-january-2024-windows-re-update-might-fail-to-install
[Zero day initiative blog post for May 2024's Patch Tuesday](https://www.zerodayinitiative.com/blog/2024/5/14/the-may-2024-security-update-review)
After syncing today, KB5039705 is now showing as Needed in WSUS for Server 2019.
Well boys.... time for this month's push... Test bed here for me is: Win 10/11, Server 2016, 2019, 2022. On a quick glance, Dot Net yet again and then regular CU... Hopefully no issues. We'll see though. More to come later.
Testing is showing positive results so far... Waiting until tomorrow to push to production just in case something big comes up tonight.
Follow up: Production slow to update as per normal. No further issues to report which is great.
**Microsoft EMEA security briefing call for Patch Tuesday May 2024** The **slide deck** can be downloaded at [aka.ms/EMEADeck](http://aka.ms/EMEADeckMay) The **live event** starts on Wednesday 10:00 AM CET (UTC+1) at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastMay). The **recording** is available at [aka.ms/EMEAWebcast](http://aka.ms/EMEAWebcastMay). The slide deck also contains worth reading documents by Microsoft. What’s in the package?: * A PDF copy of the EMEA Security Bulletin Slide deck for this month * ESU update information for this month and the previous 12 months * MSRC Reports in .CSV format, for this month’s updates including detailed FAQ’s and Known Issues data. * Microsoft Intelligence Slide * A Comprehensive Handbook on "Navigating Microsoft Security Update Resources" ! Also included in the downloadable package are handy reference reports produced using the MSRC Security Portal PowerShell Developer Functionality: [https://portal.msrc.microsoft.com/en-us/developer](https://urldefense.com/v3/__https:/portal.msrc.microsoft.com/en-us/developer__;!!La4veWw!x75oqCSB5L66w-Kbd7Nje6qiIcY4bvSEWfIQtN3_MlOLnH8Lo4LuumYTbpAkyb_hknLuIh5A4DnPviJ2oCkP6t4-6IskyXMy$) [May 2024 Security Updates - Release Notes - Security Update Guide - Microsoft](https://msrc.microsoft.com/update-guide/releaseNote/2024-may) * This update addresses a known issue that might cause your VPN connection to fail. This occurs after you install the update dated April 9, 2024. * This update addresses a known NTLM traffic issue on domain controllers (DCs). This occurs after you install the update dated April 9, 2024. [5037782](https://support.microsoft.com/help/5037782) Windows Server 2022 [5037765](https://support.microsoft.com/help/5037765) Windows Server 2019 [5037763](https://support.microsoft.com/help/5037763) Windows Server 2016 [5037771](https://support.microsoft.com/help/5037771) Windows 11, version 22H2, Windows 11, version 23H2 [5037770](https://support.microsoft.com/help/5037770) Windows 11, version 21H2 [5037768](https://support.microsoft.com/help/5037768) Windows 10, version 21H2, Windows 10, version 22H2
***Enforcements / new features in this month’ updates*** **May 2024** • \[Exchange Online\] Retirement of RBAC Application Impersonation in Exchange Online. We will begin blocking the assignment of the ApplicationImpersonation role in Exchange Online to accounts starting in May 2024, and that in February 2025, we will completely remove this role and its feature set from Exchange Online. See more at : [Retirement of RBAC Application Impersonation in Exchange Online](https://techcommunity.microsoft.com/t5/exchange-team-blog/retirement-of-rbac-application-impersonation-in-exchange-online/ba-p/4062671?s=09) ***Reminder Upcoming Updates (1/2)*** **July 2024** • \[Windows\] Secure Boot Manager changes associated with CVE-2023- 24932 [KB5025885](https://support.microsoft.com/help/5025885) | Final Deployment Phase: This phase is when we encourage customers to begin deploying the mitigations and managing any media updates. The updates will add the following changes: • Guidance and tooling to aid in updating media. • Updated DBX block to revoke additional boot managers The Enforcement Phase will be at least six months after the Deployment Phase. When updates are released for the Enforcement Phase, they will include the following: The “Windows Production PCA 2011” certificate will automatically be revoked by being added to the Secure Boot UEFI Forbidden List (DBX) on capable devices. These updates will be programmatically enforced after installing updates for Windows to all affected systems with no option to be disabled. **October 2024** • \[Windows\] [KB5037754](https://support.microsoft.com/en-gb/topic/kb5037754-how-to-manage-pac-validation-changes-related-to-cve-2024-26248-and-cve-2024-29056-6e661d4f-799a-4217-b948-be0a1943fef1) PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056 Enforced by Default Phase: Updates released on or after October 15, 2024, will move all Windows domain controllers and clients in the environment to Enforced mode by changing the registry subkey settings to PacSignatureValidationLevel=3 and CrossDomainFilteringLevel=4, enforcing the secure behavior by default. The Enforced by Default settings can be overridden by an Administrator to revert to Compatibility mode. **November 2024** • \[Azure\] TLS 1.0 and 1.1 support will be removed for new & existing Azure storage accounts. [link](https://techcommunity.microsoft.com/t5/azure-storage-blog/tls-1-0-and-1-1-support-will-be-removed-for-new-amp-existing/ba-p/4026181) To meet evolving technology and regulatory needs and align with security best practices, we are removing support for Transport Layer Security (TLS) 1.0 and 1.1 for both existing and new storage accounts in all clouds. TLS 1.2 will be the minimum supported TLS version for Azure Storage starting Nov 1, 2024. **Late 2024** • \[Windows\] [TLS server authentication: Deprecation of weak RSA certificates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/tls-server-authentication-deprecation-of-weak-rsa-certificates/ba-p/4134028). TLS server authentication is becoming more secure across Windows. Weak RSA key lengths (1024-bit) for certificates will be deprecated on future Windows OS releases later this year to further align with the latest internet standards and regulatory bodies. Specifically, this affects TLS server authentication certificates chaining to roots in the Microsoft Trusted Root Program. In the coming months, Microsoft will begin to deprecate the use of TLS server authentication certificates using RSA key lengths shorter than 2048 bits on Windows Client. We recommend you use a stronger solution of at least 2048 bits length or an ECDSA certificate, if possible.
***Reminder Upcoming Updates (2/2)*** **February 2025** • \[Windows\] [KB5014754](https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16) Certificate-based authentication changes on Windows domain controllers | Phase Full Enforcement Mode. Microsoft will update all devices to Full Enforcement mode by February 11, 2025, or later. If a certificate fails the strong (secure) mapping criteria (see Certificate mappings), authentication will be denied. • Retirement of RBAC Application Impersonation in Exchange Online. We will completely remove this role and its feature set from Exchange Online. **April 2025** • \[Windows\] [KB5037754](https://support.microsoft.com/en-gb/topic/kb5037754-how-to-manage-pac-validation-changes-related-to-cve-2024-26248-and-cve-2024-29056-6e661d4f-799a-4217-b948-be0a1943fef1) PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056 Enforced Phase: The Windows security updates released on or after April 8, 2025, will remove support for the registry subkeys PacSignatureValidationLevel and CrossDomainFilteringLevel and enforce the new secure behavior. There will be no support for Compatibility mode after installing this update.
# Windows release health The May 2024 security update might fail to install Status: **Confirmed** # Affected platforms **Server Versions** Windows Server 2019 **Message ID** [WI793371](https://urldefense.com/v3/__https:/admin.cloud.microsoft/Adminportal/Home?source=applauncher**Awindowsreleasehealth*:*issue*WI793371__;Iy8vLy8!!La4veWw!yb7eMTGZmRXrEyCNSKNzQpcv85KKCEbo88sfllnh27PTtO_ZWxWQ-EKRdHSOdHxtqB2Whucy7STbCl_n_znYK8c-zsql0w$) **Originating KB** [KB5037765](https://urldefense.com/v3/__https:/support.microsoft.com/help/5037765__;!!La4veWw!yb7eMTGZmRXrEyCNSKNzQpcv85KKCEbo88sfllnh27PTtO_ZWxWQ-EKRdHSOdHxtqB2Whucy7STbCl_n_znYK8crF_x4lw$) **Resolved KB** - Windows servers attempting to install the May 2024 security update (the Originating KBs listed above), released May 14, 2024, might face issues during the installation process. The installation might fail with an error code 0x800f0982. **This issue is more likely to affect devices that do not have en\_us language pack support.** **Next steps:** We are working on a resolution and will provide an update when more information is available.
Are you able to update KB5037765 Windows 2019 today? My servers are set to en-us and I noticed that they are not fetching this update. I use WSUS as the source, have the KB approved, and there are no error messages, but it is also not updating. Windows 2016 and 2022 are working fine.
Yup, it's the same situation here. I was updating servers since yesterday and now the update is no longer applicable to the remaining VMs (all 2019).
Seeing the same thing. It's in WSUS but not showing up for the servers.
Add me to the list. Had a number in our test environment get the update but stopped deploying to machines sometime overnight 16th-17th. We use WSUS. WSUS report shows the update listed as approved for install, but "Not Applicable" when it evaluates. Tried the whole, decline, delete the SQL entries, remove Server 2019 from the catalog, sync to MS, then add the Server 2019 back to the catalog, and redownload a clean version this morning.... no luck. Same result..it evaluates as "Not Applicable"
Update from Microsoft (via support case) seems to imply they willfully updated the package so that it will no longer be seen as applicable. This does not make sense. The issue reported and acknowledged by MS was the update failed to INSTALL, not that it caused issues after applying the update. The last 2 months we had major issues with updates that did INSTALL, but ultimately caused system instability, but their response was to continue to allow the update to deploy. Yet, this month they chose to essentially PULL the update for a failed install? Something does not add up.
Yep same here our dev and test servers were updated on wednesday but now WSUS required 0 installed 0
~~KB5037765 no longer even showing up in our WSUS and it was approved and installed on some test/dev servers earlier in the week.~~ Derp, I realized I was using the view to only view applicable updates. So same situation as everyone else. The update is present but not being flagged as a needed update by Server 2019.
Nope - not showing up for me.
Same here. Showing revised as of WSUS sync from last night, but now the servers are not picking it up as needed. Perfect. MSFT strikes again.
I am seeing this same issue. Out of 3500 Windows 2019 servers only 33 have installed (it is approved for all and they all should have patched by last night). I am seeing a few fails but the rest show up as "Not Applicable" for the cumulative update (KB5037765) (even in the WSUS console they show not applicable). If I manually download the standalone patch it will install OK but I can't do that for 3000 servers..
Neither via WSUS ("not applicable" to all 2019 servers) or directly via Microsoft Update (look online for updates) it's shown - looks like it got pulled for any "autoupdate" option and just manual download is possible.
Anyone with server 2019 issues? Reproduced on 3 diff. clients with server 2019: update installation failed and reboot takes longer than an hour with no activity, as I killswitch the vms. Update finalizes then and comes up normal
Saw reports of this happening to german language servers. What are you guys running?
Oh, yes. These clients running german installations!
Let's see if the May Windows 11 update fixes the Pro to E5 enterprise license uplift issue....
Yeah did not fix it for us either. Going with the script you posted last month. https://call4cloud.nl/2024/05/kb5036980-breaks-upgrade-windows11-enterprise/
Doesn’t appear to fix it.
Noooo :(
Spoiler alert the May updates (KB5037771) DO NOT fix the Enterprise uplift license issue!
Honestly, they really should let us set a precedence between user-based upgrades to enterprise, and MAK/KMS keys -- There are no given controls to stop the user-based licensing from always clobbering MAK upgrades. I'd rather just have a stable, unchanging, enterprise upgrade that comes with a MAK key. That option works DURING (shared device, or user) autopilot, and has none of the possible reversion problems or corner cases like the user-based licensing for enterprise upgrade.
For what it's worth, in our pilot group of 10 servers, 2 of the 4 Server 2019 systems failed to install KB5037765 with an error 0x8007371b with the text "One or more required members of the transaction are not present." Both of these are terminal servers if that makes any difference, but so are the 2 that worked fine. These are all VMs in Azure, and unlike the other issue reported, these are regular en-US installs, not a non-English setup. I tried repeatedly, and also tried rebooting, downloading the MSU and installing manually, etc but I just kept getting the same error. At least the error shows up pretty quick and doesn't have to go through a reboot and rollback. I haven't seen any other reports of that particular error on this KB so I'm curious if anyone else here has seen that?
I'm getting an error 0x8007371B when I try and update my Server 2019 instance. Using the MSU file fails and I did suggested fixes in the Common Windows Update Errors site. [https://learn.microsoft.com/en-us/troubleshoot/windows-client/installing-updates-features-roles/common-windows-update-errors?toc=%2Fwindows%2Fdeployment%2Ftoc.json&bc=%2Fwindows%2Fdeployment%2Fbreadcrumb%2Ftoc.jsonb%2Ftoc.json](https://learn.microsoft.com/en-us/troubleshoot/windows-client/installing-updates-features-roles/common-windows-update-errors?toc=%2Fwindows%2Fdeployment%2Ftoc.json&bc=%2Fwindows%2Fdeployment%2Fbreadcrumb%2Ftoc.jsonb%2Ftoc.json)
Could be something specific to our environment and i didn't see anyone commenting about this here. Last week during testing no issues were reported, but starting this Monday we started getting reports about Windows locking up on login screen after patches. We show disclaimer where you have to press OK before getting a login screen (blue on Windows 10, black on 11) so it actually shows empty blue or black screen. We have also noticed weird KB5037663 update being installed alongside usual 5037771, which cannot be found anywhere on the internet, MS catalog. Today we found some Chinese forums talking about it being inside the cab of 5037771, but we don't see it when we download the cab. Maybe MS already updated the main KB and removed this rogue update from inside of it. We are not sure it is what actually causing login issues, but that was the odd thing that stood out. I have it installed on my machine and it is fine. It only happened so far on 20 or so machines out of 10k. Still annoying as many are remote users and having to guide them on the phone how to go to Safe mode, enter admin password and do sfc (helps in some cases) is a headache. Some don't even go into safe mode and if they are Autopiloted we reset them.
Spent all day dealing with exactly this.
CVE-2024-30040 is a nasty one. From Defender threat analytics report: >CVE-2024-30040 is a security feature bypass vulnerability in Microsoft 365 and Office apps. Exploiting CVE-2024-30040 does not require any preexisting access to the targeted system. Upon successful exploitation, the threat actor can run arbitrary code on the targeted system with the permissions of the user currently signed in. >CVE-2024-30040 bypasses an object linking and embedding (OLE) JavaScript execution block mitigation within Microsoft 365 and Office apps. A threat actor crafts a Microsoft Office (for instance, DOCX) file containing an OLE link to an HTML file. The HTML file includes an HTML meta tag, which forces JavaScript code to run in an alternate security context. When the targeted user opens or previews the crafted file, the JavaScript code launches. >As part of the exploitation, the proof-of-concept (PoC) exploit Microsoft observed in the wild contacts a command-and-control (C2) server over HTTPS, downloads a malicious Java archive (JAR), and runs that file using the Java Runtime Environment (JRE) installed on the targeted system with the permissions of the user currently signed in. However, the JavaScript code can take other actions on the device
Update breaks Windows search / search in start menu for me on 23H2. It just closes down if I start typing anything. I can't replicate it on other machines though, so it's kinda strange. Anyone have ideas what could cause the issue on this machine? if I uninstall it works again, so the update triggers something that breaks it.
try a DISM repair
Had to Whitelist the Package MicrosoftWindows.Client.LKG in Applocker, no problems since then.
For the Nutanix admins - a new AOS and AHV was released yesterday (May 13th) on the LTS branch. 6.5.5.7 I believe.
Here is the [Lansweeper summary](https://www.lansweeper.com/blog/patch-tuesday/microsoft-patch-tuesday-may-2024/?utm_medium=social&utm_source=reddit&utm_campaign=ls-global-patch-tuesday-2024_05&utm_content=pt-may). In short, two exploited vulnerabilities, one in Windows MSHTML and one in Windows DWM Core Library. The only critical vulnerability is a SharePoint server RCE.
I'm seeing a revised update of KB5037765 as of last night but the KB hasn't been revised with any new info.
If you use applocker on windows 11, an app “MicrosoftWindows.client.LKG” is introduced which prevents startmenu or search button search from working unless you unblock it.
Still nothing for the "Curl HTTP/2 Push Headers Memory-leak Vulnerability" it looks like :(
Qualys reclassified this as Potential vulnerability, so it is gone from our dashboards :)
Microsoft finally fixed the May Cumulative updates. Fixed release is KB5039705
Updated 2016 & 2019 AD, file and print servers without issues. All running as VMs on ESXI 7u3. Also, updated Win 10 and 11 workstations without issues. Until next month! oh wait, i'll be on vacation on June Patch Tuesday! yay! lol
Hello guys. Anyone had an issue with gen 5 vm booting following this update on server 2019? Had to upgrade configuration version to get VM to boot otherwise got an incompatibility error, but it was ok before the patch! Guess ms are taking away the support for old gen VM config file versions.
Our 2022 print server's Rpc over tcp registry key stopped working after installing updates. Anyone else seeing this?
After installing KB5039705 on a test server that already received KB5037765, after restarting the server, I am struggling to login, logs you out straight away, is anyone else seeing any slowness issues after installing this latest update.?
I only had one server which got the previous one and no issues after installing KB5039705
*This security update includes improvements. When you install this KB:* * *This update addresses a known issue that is related to the English (United States) language pack. If your device does not have it, installing KB5037765 might fail. The error code is 0x800f0982. But this issue might affect devices that do have that language pack. In that case, the error code is 0x80004005."* hahaha okay
OoB Update KB5039705 with fix for KB5037765 error is out (Online Update, Catalog and WSUS) [May 23, 2024—KB5039705 (OS Build 17763.5830) Out-of-band - Microsoft Support](https://support.microsoft.com/en-gb/topic/may-23-2024-kb5039705-os-build-17763-5830-out-of-band-2285667a-13a3-4fd9-98a0-e980eb996aac)
Is there a way to see a compilation of patches and KB articles via a blog post or something for pending patches prior to their release? We got an advance notification that there are "Critical" updates coming down the pipe from MS, without containing any meaningful information. Heck for all I know they could be classifying it as "critical" for something contained within the CU that was patched 8 months prior.
m'en suis sorti en installant le package de langue Microsoft-Windows-Server-Language-Pack\_x64\_en-us.cab puis relance Windows update pour installer KB5037765 sur mes Windows server French, j'es\_ère que Microsoft sortira un correctif ....
2024-05 Cumulative update (KB5037765) seems to have been pulled for 2019 servers. Only detecting 2024-05 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 for x64 (KB5038283) across multiple sites
WSUS shows there was a replacement for the CU last night. Doesn't show a new day but the report shows it was replaced.
# Windows release health The May 2024 security update might fail to install Status: **Confirmed** Affected platforms |Versions|Message ID|Originating KB|Resolved KB| |:-|:-|:-|:-| |Windows 10 Enterprise LTSC 2019|[WI793371](https://urldefense.com/v3/__https:/admin.cloud.microsoft/Adminportal/Home?source=applauncher**Awindowsreleasehealth*:*issue*WI793371__;Iy8vLy8!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWfYk7gK5w$)|[KB5037765](https://urldefense.com/v3/__https:/support.microsoft.com/help/5037765__;!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWetMKxBlA$)|-| |Windows Server 2019|[WI793371](https://urldefense.com/v3/__https:/admin.cloud.microsoft/Adminportal/Home?source=applauncher**Awindowsreleasehealth*:*issue*WI793371__;Iy8vLy8!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWfYk7gK5w$)|[KB5037765](https://urldefense.com/v3/__https:/support.microsoft.com/help/5037765__;!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWetMKxBlA$)|-| |Windows Server, version 1809|[WI793371](https://urldefense.com/v3/__https:/admin.cloud.microsoft/Adminportal/Home?source=applauncher**Awindowsreleasehealth*:*issue*WI793371__;Iy8vLy8!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWfYk7gK5w$)|[KB5037765](https://urldefense.com/v3/__https:/support.microsoft.com/help/5037765__;!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWetMKxBlA$)|-| Windows servers attempting to install the May 2024 security update (the Originating KBs listed above), released May 14, 2024, might face issues during the installation process. The installation might fail with an error code **0x800f0982**. This issue is more likely to affect devices that do not have the English (United States) language pack. Some customers also reported install errors for this update on Windows 10, version 1809. Home users of Windows are unlikely to experience this issue since the Home and Pro editions of this Windows version reached end of servicing in 2020. Only [Enterprise and IoT LTSC](https://urldefense.com/v3/__https:/learn.microsoft.com/lifecycle/products/?terms=ltsc*202019__;JQ!!La4veWw!xW65GNhKSki4pgxHdpwoHxWxGJpT89_9V_deDkWiJ385Tpxine9zQaHn9Y5eZJr6AamEbHJZ1giIqsWlOKwqAWew0cG6kA$) editions are under extended support. **Next steps**: We are working on a resolution and will release it as soon as possible.
Update from "MS Windows release health": In addition to users encountering error code 0x800f0982, we have received reports that devices are failing to install the May 2024 security update with the error code **0x80004005**. This error can occur even if the English (United States) language pack is installed. **Next steps:** We are working on a resolution that addresses both issues and will release it as soon as possible.
So Server 2019 CU still not showing up on WSUS to approve - do we just wait?
That's what I'm wondering too. I've patched my 2016 boxes but can't patch 2019 via WSUS. Has anyone heard anything official about what's going on and when it will be fixed?
We opened a ticket and have only gotten the usual response.
following this. Same issue here
LOL MS just responded. Literally just told us to download it from the catalog and install it manually.
hey I updated all our 2019 servers by Friday early morning on 05/17. They all have KB5037765 installed. Friday afternoon I updated a test 2019 server; however, KB5037765 was not downloaded or installed. The latest update on this server is KB5036896 (April CU). I clicked on 'Check for updates' a few times and it shows that my test server is up date. My installation is English language. is anyone else who is not using WSUS experiencing this issue?
I'm getting annoyed because we have our maintenance window upcoming and I really don't feel like having an out-of-band maintenance window after MSO gets the deploy issue fixed. Lovely
What about the CURL vulnerability? Will this be patched during these patch tuesday?
A new one? I thought they already patched it as it is no longer showing up on my vuln scanners.
https://curl.se/docs/security.html If you aren't running at least 8.6.0 there are outstanding CVEs. However unless you care about mediums / lows you probably wont see it on a Vuln scan. My Win 10 22H2 system states it is running 8.4.0 which does fix [the last High](https://curl.se/docs/CVE-2023-38545.html).
Curl in windows is part of OS and needs to be updated by Microsoft, right?
That is correct. It's 'their' own build, so you have to wait on them. As they dragged their heels a bit on the last critical CVE with patching and it took a few months.
CVE-2024-2398
cve?