Patch Tuesday: Microsoft Finally Offers Fixes to Publicly-Disclosed “Critical” Security Flaws

After missing last month's security patch that triggered a number of PoCs releasing online, Microsoft has now released this month's security updates in today's Patch Tuesday releases. The company never shared details about why the Patch Tuesday was delayed last month, as it just cited some "last minute issue." For those worried about at least three security vulnerabilities that were shared to the public by Google and an independent security researcher, you can now install Microsoft Patch Tuesday for March to secure your Windows devices.

Microsoft Patch Tuesday for March finally resolves some long-reported vulnerabilities

March Patch Tuesday comes with the new Cumulative Update KB4013429, which is now available for both Windows 10 PC and Mobile devices. Today's update brings the OS build number up to 14393.953.

Among the patches, Microsoft has also fixed a "critical" flaw, which was publicly disclosed earlier last month following Microsoft missing February's Patch Tuesday. The exploit code related to a Windows SMB bug was made available by Laurent Gaffie, but Microsoft hasn't credited Gaffie in the bulletin.

Security Update for Microsoft Windows SMB Server (4013389) "resolves vulnerabilities in Microsoft Windows," the changelog mentioned. "The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server."

Microsoft has also fixed eight other critical flaws. Microsoft Patch Tuesday for March is now available through Windows Update.

Following is the complete changelog (via MSPU), which is expectedly huge... For more details, visit this security bulletin.

• Addressed known issue called out in KB3213986. Users may experience delays while running 3D rendering apps with multiple monitors.
• Addressed issue in KB3213986 where the Cluster Service may not start automatically on the first reboot after applying the update.
• Addressed issue where the Active Directory Administrative Center (ADAC) crashes when attempting to modify any attribute of any user account in Active Directory.
• Addressed issue where the Japanese Input Method Editor is leaking graphics device interface resources, which causes windows to disappear or only partially render after typing approximately 100 sentences.
• Addressed an issue which improves the reliability of Enable-ClusterS2D PowerShell cmdlet.
• Addressed an issue where the Virtual Machine Management Service (Vmms.exe) may crash during a live migration of virtual machines.
• Improved the bandwidth of SSD/NVMe drives available to application workloads during S2D rebuild operations.
• Addressed issue where Work Folders clients get duplicate files (sync conflict files) when Work Folders is configured using Group Policy.
• Addressed an issue where Remote Desktop Servers crash with a Stop 0x27 in RxSelectAndSwitchPagingFileObject when RDP clients connect and utilize redirected drives, printers, or removable USB drives.
• Addressed issue where adjusting the Windows Server Update Services settings using the Group Policy feature causes downloads to fail.
• Addressed issue to hard code Microsoft’s first-party provider registry key values.
• Addressed issue that causes the System Preparation (Sysprep) tool to fail.
• Addressed issue that causes Office 2016 profile corruption when used with User Experience Virtualization (UE-V) roaming.
• Addressed issue that causes the Local Security Authority Subsystem Service to become unresponsive after upgrading the OS.
• Addressed issue that causes the Local Security Authority Subsystem Service to fail when a SAP® application uses Transport Layer Security authentication.
• Addressed issue where sequencing large registries using the Application Virtualization 5.1 Sequencer results in missing registry keys in the final package.
• Addressed issue that fails to retain the sort order of names in a contact list after a device restarts when using the Japanese language.
• Addressed issue that causes transactions to fail because of a memory shortage.
• Addressed issue that allows files that are forbidden by the security zone setting to be opened in Internet Explorer.
• Addressed issue that causes Internet Explorer 11 to fail after installing KB3175443.
• Addressed issue that causes applications that use the VBScript engine to fail after applying KB3185319.
• Addressed issue that occurs in Internet Explorer when the CSS float style is set to “center” in a webpage.
• Addressed issue that occurs whenever the multipath IO attempts to log I/O statistics with no paths present.
• Addressed issue that causes a 32-bit static route added by a VPN solution to fail, which prevents users from establishing a connection through the VPN.
• Addressed issue that may decrease performance by up to 50% when Ethernet adapters that support receive side scaling (RSS) fail to re-enable RSS after fault or system upgrade.
• Addressed issue to allow wildcards in the Allowed list field for the Point and Print Restrictions Group Policy.
• Addressed issue with multipath I/O failure that can lead to data corruption or application failures.
• Addressed issue that can lead to system failure when removing a multipath IO ID_ENTRY.
• Addressed issue that occurs when a Network Driver Interface Specification function NdisMFreeSharedMemory() is not called at the correct Interrupt Request Level.
• Addressed issue to utilize the proper service vault for Azure Backup integration.
• Addressed issue where SQL server takes 30 minutes to shut down on machines with a lot of RAM (>2TB).
• Addressed additional issues with updated time zone information, Internet Explorer, file server and clustering, wireless networking, Map apps, mobile upgrades for IoT, display rendering, USB 2.0 safe removal, multimedia, Direct3D, Microsoft Edge, enterprise security, Windows Server Update Services, storage networking, Remote Desktop, clustering, Windows Hyper-V, and Credential Guard.
• Security updates to Microsoft Edge, Internet Explorer, Microsoft Graphics Component, Internet Information Services, Windows SMB Server, Microsoft Windows PDF Library, Windows kernel-mode drivers, Microsoft Uniscribe, the Windows kernel, DirectShow, the Windows OS, and Windows Hyper-V.