Рекомендации по обновлению ПО

История обновлений

  • 20.12.2021 | December 2021 NCR FSE Microsoft Security Updates

    IMPORTANT NOTE
    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10. KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv). If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible. The NCR Global Security Team cannot assist in this matter.

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available. In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described. An update on the status of testing will be issued as a follow up to this email once testing has been completed.
    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    December 2021 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE: February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5008282

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs:  
    CVE-2021-43233, CVE-2021-43234, CVE-2021-43235

    Microsoft Important Rated CVEs: CVE-2021-43236, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43241, CVE-2021-43242, CVE-2021-43243, CVE-2021-43244, CVE-2021-43245, CVE-2021-43246, CVE-2021-43247, CVE-2021-43248, CVE-2021-43249, CVE-2021-43250


    In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 7 SP1

     

    In the month of December 2021, Microsoft have not released any security fixes in Microsoft Internet Explorer 11 Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5008207

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2021-43215, CVE-2021-43217, CVE-2021-43233

    Microsoft Important Rated CVEs: CVE-2021-43207, CVE-2021-41333, CVE-2021-43216, CVE-2021-43222, CVE-2021-43223, CVE-2021-43224, CVE-2021-43226, CVE-2021-43227, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43232, CVE-2021-43234, CVE-2021-43235, CVE-2021-43236, CVE-2021-43238, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893

     

    In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1607

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID:  5008218

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2021-43233, CVE-2021-43217, CVE-2021-43215

    Microsoft Important Rated CVEs: CVE-2021-43248, CVE-2021-43247, CVE-2021-43246, CVE-2021-43244, CVE-2021-43238, CVE-2021-43236, CVE-2021-43235, CVE-2021-43234, CVE-2021-43232, CVE-2021-43231, CVE-2021-43230, CVE-2021-43229, CVE-2021-43228, CVE-2021-43227, CVE-2021-43226, CVE-2021-43224, CVE-2021-43223, CVE-2021-43222, CVE-2021-43216, CVE-2021-41333, CVE-2021-43207, CVE-2021-43219, CVE-2021-43883, CVE-2021-43893

     

    In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1809

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in December 2021



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

  • 31.01.2022 | January 2022 NCR FSE Microsoft Security Updates

    IMPORTANT NOTE

    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows 
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586.  That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.  
    KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.   
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers.  Once applied, you cannot play flash content (swf and flv). 
    If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.  
    The NCR Global Security Team cannot assist in this matter. 

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    February 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5010422

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21989, CVE-2022-21981, CVE-2022-22718, CVE-2022-21985, CVE-2022-22717, CVE-2022-22710, CVE-2013-3900

     

    In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 7 SP1

     

    In the month of February 2022, Microsoft have not released any security fixes in Microsoft Internet Explorer 11 Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5010359

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: N/A

    Microsoft Important Rated CVEs: CVE-2022-22002, CVE-2022-22001, CVE-2022-22000, CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21993, CVE-2022-21992, CVE-2022-21989, CVE-2022-21981, CVE-2022-22718, CVE-2022-21985, CVE-2022-22717, CVE-2022-21974, CVE-2022-22710, CVE-2013-3900

     

    In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1607

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID:  5010351

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: N/A

    Microsoft Important Rated CVEs: CVE-2022-22002, CVE-2022-22001, CVE-2022-22000, CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21995, CVE-2022-21994, CVE-2022-21993, CVE-2022-21992, CVE-2022-21989, CVE-2022-21981, CVE-2022-21985, CVE-2022-22718, CVE-2022-22717, CVE-2022-22715, CVE-2022-22712, CVE-2022-21974, CVE-2022-21971, CVE-2022-22710, CVE-2022-22710

     

    In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1809

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in February 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

  • 28.02.2022 | February 2022 NCR FSE Microsoft Security Updates

    IMPORTANT NOTE

    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows 
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586.  That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.  
    KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.   
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers.  Once applied, you cannot play flash content (swf and flv). 
    If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.  
    The NCR Global Security Team cannot assist in this matter. 

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    February 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5010422

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21989, CVE-2022-21981, CVE-2022-22718, CVE-2022-21985, CVE-2022-22717, CVE-2022-22710, CVE-2013-3900

     

    In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 7 SP1

     

    In the month of February 2022, Microsoft have not released any security fixes in Microsoft Internet Explorer 11 Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5010359

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: N/A

    Microsoft Important Rated CVEs: CVE-2022-22002, CVE-2022-22001, CVE-2022-22000, CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21993, CVE-2022-21992, CVE-2022-21989, CVE-2022-21981, CVE-2022-22718, CVE-2022-21985, CVE-2022-22717, CVE-2022-21974, CVE-2022-22710, CVE-2013-3900

     

    In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1607

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID:  5010351

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: N/A

    Microsoft Important Rated CVEs: CVE-2022-22002, CVE-2022-22001, CVE-2022-22000, CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21995, CVE-2022-21994, CVE-2022-21993, CVE-2022-21992, CVE-2022-21989, CVE-2022-21981, CVE-2022-21985, CVE-2022-22718, CVE-2022-22717, CVE-2022-22715, CVE-2022-22712, CVE-2022-21974, CVE-2022-21971, CVE-2022-22710, CVE-2022-22710

     

    In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1809

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in February 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

  • 31.03.2022 | March 2022 NCR FSE Microsoft Security Updates

    IMPORTANT NOTE

    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows 
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586.  That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.  
    KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.   
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers.  Once applied, you cannot play flash content (swf and flv). 
    If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.  
    The NCR Global Security Team cannot assist in this matter. 

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    March 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5011529

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-23283, CVE-2022-23296, CVE-2022-24459, CVE-2022-23290, CVE-2022-23298, CVE-2022-23297, CVE-2022-24503, CVE-2022-23253, CVE-2022-24454, CVE-2022-23299, CVE-2022-23281, CVE-2022-23285, CVE-2022-21990, CVE-2022-21973, CVE-2022-23293

     

    Security Rollup ID: 5011486

    NCR Severity Rating: IMPORTANT
    Affected Software: Internet Explorer 11

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-24502

     

    In the month of March 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5011495

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: N/A

    Microsoft Important Rated CVEs: CVE-2022-23293, CVE-2022-23287,  CVE-2022-23283, CVE-2022-24502, CVE-2022-23297, CVE-2022-23296, CVE-2022-24459, CVE-2022-21977, CVE-2022-24507, CVE-2022-23298, CVE-2022-23284, CVE-2022-21990, CVE-2022-23290, CVE-2022-24503, CVE-2022-24454, CVE-2022-23253, CVE-2022-24460, CVE-2022-23299, CVE-2022-23281, CVE-2022-22010, CVE-2022-24455, CVE-2022-23294, CVE-2022-23285, CVE-2022-21967, CVE-2022-21975, CVE-2022-24505

     

    In the month of March 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1607

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID:  5011503

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: N/A

    Microsoft Important Rated CVEs: CVE-2022-23288, CVE-2022-23285, CVE-2022-24455, CVE-2022-23284, CVE-2022-23294, CVE-2022-23278, CVE-2022-23296, CVE-2022-23281, CVE-2022-24507, CVE-2022-24503, CVE-2022-23291, CVE-2022-23253, CVE-2022-24459, CVE-2022-23299, CVE-2022-22010, CVE-2022-23293, CVE-2022-21975, CVE-2022-23297, CVE-2022-23290, CVE-2022-21990, CVE-2022-24460, CVE-2022-24454, CVE-2022-24502, CVE-2022-23298, CVE-2022-23283, CVE-2022-21967, CVE-2022-21977, CVE-2022-24505, CVE-2022-23287, CVE-2022-23286

     

    In the month of March 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1809

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in March 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

  • 30.04.2022 | April 2022 NCR FSE Microsoft Security Updates

    IMPORTANT NOTE

    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows 
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586.  That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.  

    KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.   
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers.  Once applied, you cannot play flash content (swf and flv). 
    If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.  
    The NCR Global Security Team cannot assist in this matter. 

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    April 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5012649

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs: 
    CVE-2022-26809, CVE-2022-26919, CVE-2022-24541, CVE-2022-24500

    Microsoft Important Rated CVEs: CVE-2022-26796, CVE-2022-26827, CVE-2022-26918, CVE-2022-26807, CVE-2022-26792, CVE-2022-26794, CVE-2022-26916, CVE-2022-26797, CVE-2022-26787, CVE-2022-26831, CVE-2022-26802, CVE-2022-26810, CVE-2022-26798, CVE-2022-26790, CVE-2022-26915, CVE-2022-26917, CVE-2022-26904, CVE-2022-26801, CVE-2022-24544, CVE-2022-24493, CVE-2022-24492, CVE-2022-24540, CVE-2022-24534, CVE-2022-24485, CVE-2022-24533, CVE-2022-24481, CVE-2022-24527, CVE-2022-24474, CVE-2022-24521, CVE-2022-26903, CVE-2022-24499, CVE-2022-24498, CVE-2022-24494, CVE-2022-24542, CVE-2022-24528, CVE-2022-21983, CVE-2022-24530

     

    Security Rollup ID: 5012324

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-26832

     

    In the month of April 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5012596

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-26919, CVE-2022-26809, CVE-2022-24541, CVE-2022-24491, CVE-2022-24537, CVE-2022-22008, CVE-2022-24500, CVE-2022-24497

    Microsoft Important Rated CVEs: CVE-2022-26831, CVE-2022-26827, CVE-2022-24549, CVE-2022-26810, CVE-2022-26808, CVE-2022-26826, CVE-2022-26801, CVE-2022-26792, CVE-2022-26794, CVE-2022-26916, CVE-2022-26797, CVE-2022-26787, CVE-2022-26918, CVE-2022-26803, CVE-2022-26802, CVE-2022-26790, CVE-2022-26786, CVE-2022-26915, CVE-2022-26917, CVE-2022-26904, CVE-2022-26807, CVE-2022-26798, CVE-2022-26796, CVE-2022-26788, CVE-2022-24545, CVE-2022-24496, CVE-2022-24544, CVE-2022-24493, CVE-2022-24492, CVE-2022-24540, CVE-2022-24487, CVE-2022-24486, CVE-2022-24534, CVE-2022-24485, CVE-2022-24533, CVE-2022-24481, CVE-2022-24479, CVE-2022-24527, CVE-2022-24474, CVE-2022-24521, CVE-2022-26903, CVE-2022-24547, CVE-2022-24550, CVE-2022-24499, CVE-2022-24498, CVE-2022-24495, CVE-2022-24494, CVE-2022-24542, CVE-2022-24528, CVE-2022-24482

     

     

    Security Rollup ID:  5012118

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-26832

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID: 5012647

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: N/A

    Microsoft Important Rated CVEs: CVE-2022-24481, CVE-2022-24479, CVE-2022-24527, CVE-2022-24474, CVE-2022-24521, CVE-2022-24550, CVE-2022-26903, CVE-2022-24499, CVE-2022-24547, CVE-2022-24498, CVE-2022-24546, CVE-2022-24495, CVE-2022-24494, CVE-2022-24542, CVE-2022-24483, CVE-2022-24528, CVE-2022-21983, CVE-2022-24530, CVE-2022-24482

     

    Security Rollup ID:  5012328

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 3.5, 4.7.2, and 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-26832

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in April 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

  • 31.05.2022 | May 2022 NCR FSE Microsoft Security Updates

    IMPORTANT NOTE

    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows 
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586.  That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.  
    KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.   
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers.  Once applied, you cannot play flash content (swf and flv). 
    If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.  
    The NCR Global Security Team cannot assist in this matter. 

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    May 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5013999

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs:
    CVE-2022-26931, CVE-2022-23270, CVE-2022-21972

    Microsoft Important Rated CVEs: CVE-2022-22019, CVE-2022-29141, CVE-2022-29132, CVE-2022-29139, CVE-2022-29137, CVE-2022-29130, CVE-2022-29129, CVE-2022-29128, CVE-2022-29127, CVE-2022-29121, CVE-2022-29115, CVE-2022-29112, CVE-2022-29105, CVE-2022-29103, CVE-2022-22015, CVE-2022-22014, CVE-2022-22013, CVE-2022-22012, CVE-2022-22011, CVE-2022-26936, CVE-2022-26935, CVE-2022-26934, CVE-2022-26926, CVE-2022-26925

     

    Security Rollup ID: 5013837

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-30130

     

    In the month of May 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5013952

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-26931, CVE-2022-26923, CVE-2022-23270, CVE-2022-21972

    Microsoft Important Rated CVEs: CVE-2022-29132, CVE-2022-22019, CVE-2022-29141, CVE-2022-29137, CVE-2022-29140, CVE-2022-29130, CVE-2022-29129, CVE-2022-29128, CVE-2022-29127, CVE-2022-29126, CVE-2022-29125, CVE-2022-29121, CVE-2022-29115, CVE-2022-29114, CVE-2022-29112, CVE-2022-29105, CVE-2022-29104, CVE-2022-29103, CVE-2022-22016, CVE-2022-22015, CVE-2022-22014, CVE-2022-22013, CVE-2022-22012, CVE-2022-22011, CVE-2022-26936, CVE-2022-26935, CVE-2022-26934, CVE-2022-26933, CVE-2022-26930, CVE-2022-26926, CVE-2022-26925, CVE-2022-24466

     

    Security Rollup ID:  5013625

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-30130

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID: 5013941

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: N/A

    Microsoft Important Rated CVEs: CVE-2022-29115, CVE-2022-29114, CVE-2022-29113, CVE-2022-29112, CVE-2022-29105, CVE-2022-29104, CVE-2022-29103, CVE-2022-22016, CVE-2022-22015, CVE-2022-22014, CVE-2022-22013, CVE-2022-22012, CVE-2022-22011, CVE-2022-26936, CVE-2022-26935, CVE-2022-26934, CVE-2022-26933, CVE-2022-26930, CVE-2022-26927, CVE-2022-26926, CVE-2022-26925, CVE-2022-26913, CVE-2022-24466

     

     

    Security Rollup ID:  5013868

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 3.5, 4.7.2, and 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-30130

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in May 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

    Software Security Team, FSE

    NCR Corporation

    www.ncr.com

     

    The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.

     

     

     

     

     

  • 30.06.2022 | June 2022 NCR FSE Microsoft Security Updates

    IMPORTANT NOTE

    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows 
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586.  That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.  
    KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.   
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers.  Once applied, you cannot play flash content (swf and flv). 
    If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.  
    The NCR Global Security Team cannot assist in this matter. 

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    June 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5014742

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs: N/A

    Microsoft Important Rated CVEs: CVE-2022-21166, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125, CVE-2022-30135, CVE-2022-30140, CVE-2022-30141, CVE-2022-30142, CVE-2022-30143, CVE-2022-30146, CVE-2022-30147, CVE-2022-30149, CVE-2022-30151, CVE-2022-30152, CVE-2022-30153, CVE-2022-30155, CVE-2022-30160, CVE-2022-30161, CVE-2022-30166, CVE-2022-30190

     

    In the month of June 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 7 SP1

     

    In the month of June 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5014702

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-30139, CVE-2022-30163

    Microsoft Important Rated CVEs: CVE-2022-21166, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125, CVE-2022-30138, CVE-2022-30140, CVE-2022-30141, CVE-2022-30142, CVE-2022-30143, CVE-2022-30145, CVE-2022-30146, CVE-2022-30147, CVE-2022-30148, CVE-2022-30149, CVE-2022-30150, CVE-2022-30151, CVE-2022-30152, CVE-2022-30153, CVE-2022-30155, CVE-2022-30160, CVE-2022-30161, CVE-2022-30162, CVE-2022-30164, CVE-2022-30165, CVE-2022-30166, CVE-2022-30190

     

    In the month of June 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 10 1607 for x64 based Systems

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID: 5014692

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-30139, CVE-2022-30163

    Microsoft Important Rated CVEs: CVE-2022-21166, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125, CVE-2022-30132, CVE-2022-30138, CVE-2022-30140, CVE-2022-30141, CVE-2022-30142, CVE-2022-30143, CVE-2022-30145, CVE-2022-30146, CVE-2022-30147, CVE-2022-30148, CVE-2022-30149, CVE-2022-30150, CVE-2022-30151, CVE-2022-30152, CVE-2022-30153, CVE-2022-30155, CVE-2022-30160, CVE-2022-30161, CVE-2022-30162, CVE-2022-30164, CVE-2022-30165, CVE-2022-30166, CVE-2022-30190, CVE-2022-32230

     

    In the month of June 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 10 1809 for x64 based Systems

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in June 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

    Software Security Team, FSE

    NCR Corporation

    www.ncr.com

     

    The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.

     

     

     

     

     

  • 30.07.2022 | July 2022 NCR FSE Microsoft Security Updates

    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows 
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586.  That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.  
    KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.   
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers.  Once applied, you cannot play flash content (swf and flv). 
    If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.  
    The NCR Global Security Team cannot assist in this matter. 

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    July 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5015862

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs: 
    CVE-2022-30221

    Microsoft Important Rated CVEs: CVE-2022-22050, CVE-2022-22049, CVE-2022-22048, CVE-2022-22047, CVE-2022-22043, CVE-2022-22040, CVE-2022-22037, CVE-2022-22036, CVE-2022-22034, CVE-2022-22027, CVE-2022-22026, CVE-2022-22025, CVE-2022-22024, CVE-2022-22023, CVE-2022-22022, CVE-2022-30226, CVE-2022-30225, CVE-2022-30224, CVE-2022-30220, CVE-2022-30213, CVE-2022-30211, CVE-2022-30209, CVE-2022-30208, CVE-2022-30206, CVE-2022-30205, CVE-2022-30203, CVE-2022-30202, CVE-2022-21845

     

    In the month of July 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 7 SP1

     

    In the month of July 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5015808

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-22038CVE-2022-30221

    Microsoft Important Rated CVEs: CVE-2022-22050, CVE-2022-22048, CVE-2022-22049, CVE-2022-22047, CVE-2022-22045, CVE-2022-22043, CVE-2022-22042, CVE-2022-22041, CVE-2022-22040, CVE-2022-22037, CVE-2022-22036, CVE-2022-22034, CVE-2022-22031, CVE-2022-22027, CVE-2022-22026, CVE-2022-22025, CVE-2022-22024, CVE-2022-22023, CVE-2022-22022, CVE-2022-30226, CVE-2022-30225, CVE-2022-30224, CVE-2022-30223, CVE-2022-30222, CVE-2022-30220, CVE-2022-30213, CVE-2022-30211, CVE-2022-30209, CVE-2022-30208, CVE-2022-30206, CVE-2022-30205, CVE-2022-30203, CVE-2022-30202, CVE-2022-22711, CVE-2022-21845

     

    In the month of July 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 10 1607 for x64 based Systems

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID: 5015811

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-22038, CVE-2022-30221

    Microsoft Important Rated CVEs: CVE-2022-22050, CVE-2022-27776, CVE-2022-22049, CVE-2022-22048, CVE-2022-22047, CVE-2022-22045, CVE-2022-22043, CVE-2022-22042, CVE-2022-22041, CVE-2022-22040, CVE-2022-22037, CVE-2022-22036, CVE-2022-22034, CVE-2022-22031, CVE-2022-22027, CVE-2022-22026, CVE-2022-22025, CVE-2022-22024, CVE-2022-22023, CVE-2022-22022, CVE-2022-30226, CVE-2022-30225, CVE-2022-30224, CVE-2022-30223, CVE-2022-30222, CVE-2022-30220, CVE-2022-30213, CVE-2022-30212, CVE-2022-30211, CVE-2022-30209, CVE-2022-30208, CVE-2022-30206, CVE-2022-30205, CVE-2022-30203, CVE-2022-30202, CVE-2022-22711, CVE-2022-21845

     

     

    In the month of July 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 10 1809 for x64 based Systems

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in July 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

    Software Security Team, FSE

    NCR Corporation

    www.ncr.com

     

    The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.

     

     

     

     

     

  • 30.08.2022 | August 2022 NCR FSE Microsoft Security Updates

    IMPORTANT NOTE

    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows 
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586.  That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.  

    KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.   
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers.  Once applied, you cannot play flash content (swf and flv). 
    If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.  
    The NCR Global Security Team cannot assist in this matter. 

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    August 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5016679

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs: 
    CVE-2022-35767, CVE-2022-35753, CVE-2022-35752, CVE-2022-35745, CVE-2022-35744, CVE-2022-34714, CVE-2022-34702, CVE-2022-34691, CVE-2022-30133

    Microsoft Important Rated CVEs: CVE-2022-35768, CVE-2022-35760, CVE-2022-35795, CVE-2022-35793, CVE-2022-35820, CVE-2022-35769, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35750, CVE-2022-35747, CVE-2022-35743, CVE-2022-34713, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34701, CVE-2022-34690, CVE-2022-30194

     

    In the month of August 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 7 SP1

     

    In the month of August 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5016622

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-35767, CVE-2022-35753, CVE-2022-35752, CVE-2022-35745, CVE-2022-35744, CVE-2022-34714, CVE-2022-34702, CVE-2022-34696,  CVE-2022-34691, CVE-2022-30133

    Microsoft Important Rated CVEs: CVE-2022-35768, CVE-2022-35792, CVE-2022-35764, CVE-2022-35760, CVE-2022-35754, CVE-2022-35763, CVE-2022-35795, CVE-2022-35769, CVE-2022-35793, CVE-2022-34703, CVE-2022-35762, CVE-2022-33670, CVE-2022-35771, CVE-2022-35765, CVE-2022-35761, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35755, CVE-2022-35751, CVE-2022-35750, CVE-2022-35749, CVE-2022-35747, CVE-2022-35746, CVE-2022-35743, CVE-2022-34713, CVE-2022-34710, CVE-2022-34709, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34704, CVE-2022-34701, CVE-2022-34699, CVE-2022-34690, CVE-2022-30194, CVE-2022-30144

     

    In the month of August 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 10 1607 for x64 based Systems

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID: 5016623

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-35766, CVE-2022-35794, CVE-2022-35767, CVE-2022-35753, CVE-2022-35752, CVE-2022-35745, CVE-2022-35744, CVE-2022-34714, CVE-2022-34702, CVE-2022-34696,  CVE-2022-34691, CVE-2022-30133

    Microsoft Important Rated CVEs: CVE-2022-35771, CVE-2022-35764, CVE-2022-35760, CVE-2022-35754, CVE-2022-35768, CVE-2022-35765, CVE-2022-35765, CVE-2022-35769, CVE-2022-33670, CVE-2022-35793, CVE-2022-35757, CVE-2022-34703, CVE-2022-35797, CVE-2022-35763, CVE-2022-35795, CVE-2022-35792, CVE-2022-35762, CVE-2022-35761, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35755, CVE-2022-35751, CVE-2022-35750, CVE-2022-35749, CVE-2022-35747, CVE-2022-35746, CVE-2022-35743, CVE-2022-34713, CVE-2022-34710, CVE-2022-34709, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34705, CVE-2022-34704, CVE-2022-34701, CVE-2022-34699, CVE-2022-34690, CVE-2022-30194, CVE-2022-30144, CVE-2022-30197

     

    In the month of August 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 10 1809 for x64 based Systems

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in August 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

    Software Security Team, FSE

    NCR Corporation

    www.ncr.com

     

    The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.

     

     

     

  • 14.09.2022 | September 2022 NCR FSE Microsoft Security Updates

    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows 
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586.  That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.  

    KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.   
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers.  Once applied, you cannot play flash content (swf and flv). 
    If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.  
    The NCR Global Security Team cannot assist in this matter. 

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    September 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5017373

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1, and .NET Framework
    Microsoft Critical Rated CVEs: 
    N/A

    Microsoft Important Rated CVEs: CVE-2022-26929

     

     

    In the month of September 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 7 SP1

     

    In the month of September 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5017305

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems, and .NET Framework

    Microsoft Critical Rated CVEs: CVE-2022-34722, CVE-2022-34721, CVE-2022-34718

    Microsoft Important Rated CVEs: CVE-2022-35803, CVE-2022-26929, CVE-2022-37958, CVE-2022-26929, CVE-2022-38006, CVE-2022-38005, CVE-2022-37957, CVE-2022-38004, CVE-2022-37956, CVE-2022-37955, CVE-2022-34734, CVE-2022-34733, CVE-2022-34732, CVE-2022-34731, CVE-2022-34730, CVE-2022-34729, CVE-2022-34728, CVE-2022-34727, CVE-2022-34726, CVE-2022-34725, CVE-2022-34720, CVE-2022-34719, CVE-2022-35841, CVE-2022-35840, CVE-2022-35837, CVE-2022-35836, CVE-2022-35835, CVE-2022-35834, CVE-2022-35834, CVE-2022-35833, CVE-2022-35832, CVE-2022-35831, CVE-2022-30200, CVE-2022-30170, CVE-2022-26928, CVE-2022-37969

     

    In the month of September 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 10 1607 for x64 based Systems

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID: 5017315

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems, and .NET Framework

    Microsoft Critical Rated CVEs: CVE-2022-34722, CVE-2022-34721, CVE-2022-34718

    Microsoft Important Rated CVEs: CVE-2022-26929, CVE-2022-35803, CVE-2022-26929, CVE-2022-38006, CVE-2022-37958, CVE-2022-38005, CVE-2022-37957, CVE-2022-38004, CVE-2022-37956, CVE-2022-37955, CVE-2022-37954, CVE-2022-34734, CVE-2022-34733, CVE-2022-34732, CVE-2022-34731, CVE-2022-34730, CVE-2022-34729, CVE-2022-34728, CVE-2022-34727, CVE-2022-34726, CVE-2022-34725, CVE-2022-34720, CVE-2022-34719, CVE-2022-35841, CVE-2022-35840, CVE-2022-35837, CVE-2022-35836, CVE-2022-35835, CVE-2022-35834, CVE-2022-35833, CVE-2022-35832, CVE-2022-35831, CVE-2022-30200, CVE-2022-30196, CVE-2022-30170, CVE-2022-26928, CVE-2022-37969

     

    In the month of September 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 10 1809 for x64 based Systems

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in September 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

    Software Security Team, FSE

    NCR Corporation

    www.ncr.com

     

    The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.

     

  • 12.10.2022 | October 2022 NCR FSE Microsoft Security Updates

    Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).

    Microsoft Removing Adobe Flash from Windows 
    Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586.  That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.  

    KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.   
    This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers.  Once applied, you cannot play flash content (swf and flv). 
    If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.  
    The NCR Global Security Team cannot assist in this matter. 

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    October 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5018479

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs: 
    CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-24504, CVE-2022-41081, CVE-2022-38000, CVE-2022-38047

    Microsoft Important Rated CVEs: CVE-2022-38041, CVE-2022-33645, CVE-2022-35770, CVE-2022-38042, CVE-2022-38040, CVE-2022-38043, CVE-2022-33635, CVE-2022-37986, CVE-2022-37987, CVE-2022-37997, CVE-2022-37985, CVE-2022-37975, CVE-2022-38026, CVE-2022-38022, CVE-2022-37994, CVE-2022-37993, CVE-2022-37991, CVE-2022-37990, CVE-2022-38038, CVE-2022-37989, CVE-2022-38037, CVE-2022-37988, CVE-2022-38033, CVE-2022-38032, CVE-2022-38031, CVE-2022-37982, CVE-2022-38029, CVE-2022-37977, CVE-2022-38034, CVE-2022-37978, CVE-2022-41033, CVE-2022-37981, CVE-2022-38051, CVE-2022-38044, CVE-2022-37999

     

    In the month of October 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 7 SP1

     

    In the month of October 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5018411

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-30198, CVE-2022-22035, CVE-2022-33634, CVE-2022-24504, CVE-2022-37979, CVE-2022-41081, CVE-2022-38000, CVE-2022-38047

    Microsoft Important Rated CVEs: CVE-2022-38028, CVE-2022-37965, CVE-2022-33645, CVE-2022-37984, CVE-2022-38040, CVE-2022-38042, CVE-2022-37995, CVE-2022-38043, CVE-2022-37997, CVE-2022-33635, CVE-2022-38021, CVE-2022-37986, CVE-2022-38041, CVE-2022-37985, CVE-2022-35770, CVE-2022-38045, CVE-2022-37987, CVE-2022-37975, CVE-2022-38026, CVE-2022-38022, CVE-2022-37994, CVE-2022-37993, CVE-2022-37991, CVE-2022-37990, CVE-2022-38038, CVE-2022-37989, CVE-2022-38037, CVE-2022-37988, CVE-2022-38033, CVE-2022-38032, CVE-2022-38031, CVE-2022-37982, CVE-2022-38029, CVE-2022-37977, CVE-2022-38034, CVE-2022-37978, CVE-2022-41033, CVE-2022-37981, CVE-2022-38003, CVE-2022-38051, CVE-2022-37996, CVE-2022-38027, CVE-2022-38044, CVE-2022-37999

     

    In the month of October 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 10 1607 for x64 based Systems

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID: 5018419

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-30198, CVE-2022-22035, CVE-2022-33634, CVE-2022-24504, CVE-2022-37979, CVE-2022-41081, CVE-2022-38000, CVE-2022-38047

    Microsoft Important Rated CVEs: CVE-2022-38040, CVE-2022-37987, CVE-2022-38045, CVE-2022-38022, CVE-2022-37995, CVE-2022-38026, CVE-2022-37986, CVE-2022-38046, CVE-2022-38041, CVE-2022-33645, CVE-2022-38043, CVE-2022-37985, CVE-2022-37994, CVE-2022-38021, CVE-2022-37984, CVE-2022-38028, CVE-2022-33635, CVE-2022-35770, CVE-2022-37975, CVE-2022-37965, CVE-2022-37997, CVE-2022-38042, CVE-2022-37993, CVE-2022-37991, CVE-2022-37990, CVE-2022-38038, CVE-2022-37989, CVE-2022-38037, CVE-2022-37988, CVE-2022-38033, CVE-2022-38032, CVE-2022-38031, CVE-2022-37982, CVE-2022-38029, CVE-2022-37977, CVE-2022-38034, CVE-2022-37978, CVE-2022-37970, CVE-2022-37983, CVE-2022-38016, CVE-2022-38030, CVE-2022-38039, CVE-2022-41033, CVE-2022-37981, CVE-2022-38003, CVE-2022-38051, CVE-2022-38050, CVE-2022-37996, CVE-2022-38044

     

    In the month of October 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8  for Windows 10 1809 for x64 based Systems

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in October 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

    Software Security Team, FSE

    NCR Corporation

    www.ncr.com

     

    The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.

     

     

  • 9.11.2022 | November 2022 NCR FSE Microsoft Security Updates

    IMPORTANT NOTICE:   

    Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended.

    The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.

    Thus, NCR’s current recommendation is to delay the application of the following windows 10 operating system patches on Cometlake, Kabylake, and Skylake cores until otherwise instructed -

            • Win10 1607: KB5019964
            • Win10 1809: KB5019966

    Other patches should continue to be applied as per normal cadence.

    Other cores running Windows 10 are unaffected by the issues with the above patches, and therefore customers should continue to apply these patches as per normal cadence on those machines.

    Windows 7 systems are also unaffected, and patches should continue to be applied to those systems as per normal cadence.

     

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.

    Please note that the three-year ESU period defined by Microsoft ends in January 2023, and there will not be ESU updates after that date.


    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    November 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5013999

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs: 
    CVE-2022-41039, CVE-2022-41128, CVE-2022-41118, CVE-2022-41044

    Microsoft Important Rated CVEs: CVE-2022-41045, CVE-2022-41109, CVE-2022-41098, CVE-2022-41097, CVE-2022-41095, CVE-2022-41090, CVE-2022-41086, CVE-2022-41058, CVE-2022-41057, CVE-2022-41056, CVE-2022-41053, CVE-2022-41047, CVE-2022-41048, CVE-2022-37992, CVE-2022-23824, CVE-2022-41073, CVE-2022-41116

     

    Security Rollup ID: 5020612

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-41064

     

    Security Rollup ID: 5019958

    NCR Severity Rating: IMPORTANT
    Affected Software: Internet Explorer 11

    Microsoft Critical Rated CVEs:  CVE-2022-41128, CVE-2022-41118

    Microsoft Important Rated CVEs: N/A

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5019964

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-41039, CVE-2022-41088, CVE-2022-38015, CVE-2022-41128, CVE-2022-41118

    Microsoft Important Rated CVEs:  CVE-2022-41100, CVE-2022-41045, CVE-2022-41109, CVE-2022-41099, CVE-2022-41098, CVE-2022-41097, CVE-2022-41095, CVE-2022-41093, CVE-2022-41090, CVE-2022-41086, CVE-2022-41058, CVE-2022-41057, CVE-2022-41056, CVE-2022-41053, CVE-2022-41052, CVE-2022-41047, CVE-2022-41048, CVE-2022-37992, CVE-2022-23824, CVE-2022-41125, CVE-2022-41073, CVE-2022-41054, CVE-2022-41102, CVE-2022-41101, CVE-2022-41050, CVE-2022-41049, CVE-2022-41091

     

    Security Rollup ID: 5020614

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-41064

     

    Windows 10 Version 1809 for x64 based Systems

    Security Rollup ID: 5019966

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-41039, CVE-2022-41088, CVE-2022-38015, CVE-2022-41128, CVE-2022-41118

    Microsoft Important Rated CVEs: CVE-2022-41045, CVE-2022-41109, CVE-2022-41100, CVE-2022-41099, CVE-2022-41098, CVE-2022-41097, CVE-2022-41096, CVE-2022-41095, CVE-2022-41093, CVE-2022-41090, CVE-2022-41086, CVE-2022-41058, CVE-2022-41057, CVE-2022-41056, CVE-2022-41055, CVE-2022-41053, CVE-2022-41052, CVE-2022-41047, CVE-2022-41048, CVE-2022-37992, CVE-2022-23824, CVE-2022-41125, CVE-2022-41073, CVE-2022-41054, CVE-2022-41113, CVE-2022-41102, CVE-2022-41101, CVE-2022-41050, CVE-2022-41049, CVE-2022-41091

     

    Security Rollup ID: 5020685

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 4.7.2, 4.8.1

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-41064

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in November 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

    Software Security Team, FSE

    NCR Corporation

    www.ncr.com

     

    The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.

     

     

  • 15.12.2022 | December 2022 NCR FSE Microsoft Security Updates

    IMPORTANT NOTICE (DECEMBER 2022):   

    Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended.

    The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.

    Thus, NCR’s current recommendation is to delay the application of the following windows 10 operating system patches on Cometlake, Kabylake, and Skylake cores until otherwise instructed -

            • Win10 1607: KB5019964 (November), KB5021235 (December)
            • Win10 1809: KB5019966 (November), KB5021237 (December)

    Other patches should continue to be applied as per normal cadence.

    Other cores running Windows 10 are unaffected by the issues with the above patches, and therefore customers should continue to apply these patches as per normal cadence on those machines.

    Windows 7 systems are also unaffected, and patches should continue to be applied to those systems as per normal cadence.

    At the moment, we expect that the resolution for this will be included in the January patch release from Microsoft.

    For further information, please refer to the following OKM article: https://okm.corp.ncr.com/infocenter/index?page=content&id=IS35085&actp=search&viewlocale=en_US

     

     

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.

    Please note that the three-year ESU period defined by Microsoft ends in January 2023, and there will not be ESU updates after that date.


    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    December 2022 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5021288

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs: 
    CVE-2022-41076, CVE-2022-44676, CVE-2022-44670

    Microsoft Important Rated CVEs: CVE-2022-44697, CVE-2022-44681, CVE-2022-44678, CVE-2022-44675, CVE-2022-44673, CVE-2022-44668, CVE-2022-44667, CVE-2022-44666, CVE-2022-41121, CVE-2022-41077, CVE-2022-41074

     

    Security Rollup ID: 5021079

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-41089

     

    In the month of December 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5021235

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-41076, CVE-2022-44676, CVE-2022-44670

    Microsoft Important Rated CVEs:  CVE-2022-41094, CVE-2022-44707, CVE-2022-44683, CVE-2022-44682, CVE-2022-44681, CVE-2022-44680, CVE-2022-44679, CVE-2022-44678, CVE-2022-44675, CVE-2022-44668, CVE-2022-44667, CVE-2022-44666, CVE-2022-41121, CVE-2022-41077, CVE-2022-41074

     

    Security Rollup ID: 5020873

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-41089

     

    Windows 10 Version 1809 for x64 based Systems 

    Security Rollup ID: 5021237

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2022-41076, CVE-2022-44676, CVE-2022-44670

    Microsoft Important Rated CVEs: CVE-2022-41094, CVE-2022-44707, CVE-2022-44689, CVE-2022-44683, CVE-2022-44682, CVE-2022-44681, CVE-2022-44680, CVE-2022-44679, CVE-2022-44678, CVE-2022-44677, CVE-2022-44675, CVE-2022-44674, CVE-2022-44671, CVE-2022-44669, CVE-2022-44668, CVE-2022-44667, CVE-2022-44666, CVE-2022-41121, CVE-2022-41077, CVE-2022-41074

     

    Security Rollup ID: 5021085

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 3.5, 4.7.2, 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2022-41089

     

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in December 2022



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

    Software Security Team, FSE

    NCR Corporation

    www.ncr.com

  • 11.01.2023 | January 2023 NCR FSE Microsoft Security Updates

    IMPORTANT NOTICE (DECEMBER 2022):   

    Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended.

    The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.

    Thus, NCR’s current recommendation is to delay the application of the following windows 10 operating system patches on Cometlake, Kabylake, and Skylake cores until otherwise instructed -

    • Win10 1607: KB5019964 (November), KB5021235 (December), KB5022289 (January)
    • Win10 1809: KB5019966 (November), KB5021237 (December), KB5022286 (January)

    Other patches should continue to be applied as per normal cadence.

    Other cores running Windows 10 are unaffected by the issues with the above patches, and therefore customers should continue to apply these patches as per normal cadence on those machines.

    Windows 7 systems are also unaffected, and patches should continue to be applied to those systems as per normal cadence.

    At the moment, we expect that the resolution for this will be included in the February patch release from Microsoft.

    For further information, please refer to the following OKM article: https://okm.corp.ncr.com/infocenter/index?page=content&id=IS35085&actp=search&viewlocale=en_US

     

     

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.

    Please note that the three-year ESU period defined by Microsoft ends in January 2023, and there will not be ESU updates after that date.


    For more information on ESU, please contact your NCR Sales Representative.

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    January 2023 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 7

    IMPORTANT NOTE 1Windows 7 updates are now only able to be applied by ESU customers.

    For more information on ESU, please contact your NCR Sales Representative

    NOTE:

    February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.

    February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.

    Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis

     

    Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.

     

    Security Rollup ID: 5022339

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 7 for 32-bit Systems Service Pack 1
    Microsoft Critical Rated CVEs: 
    CVE-2023-21730, CVE-2023-21679, CVE-2023-21561, CVE-2023-21556, CVE-2023-21555, CVE-2023-21548, CVE-2023-21543, CVE-2023-21546

    Microsoft Important Rated CVEs: CVE-2023-21773, CVE-2023-21760, CVE-2023-21754, CVE-2023-21774, CVE-2023-21749, CVE-2023-21772, CVE-2023-21747, CVE-2023-21524, CVE-2023-21776, CVE-2023-21752, CVE-2023-21765, CVE-2023-21525, CVE-2023-21757, CVE-2023-21750, CVE-2023-21748, CVE-2023-21746, CVE-2023-21732, CVE-2023-21728, CVE-2023-21726, CVE-2023-21682, CVE-2023-21681, CVE-2023-21680, CVE-2023-21678, CVE-2023-21675, CVE-2023-21563, CVE-2023-21560, CVE-2023-21557, CVE-2023-21552, CVE-2023-21549, CVE-2023-21542, CVE-2023-21541, CVE-2023-21537, CVE-2023-21532, CVE-2023-21527

     

    In the month of January 2023, Microsoft have not released any security fixes in .NET Framework for Windows 7 SP1

     

    In the month of January 2023, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5022289

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2023-21730, CVE-2023-21679, CVE-2023-21561, CVE-2023-21556, CVE-2023-21555, CVE-2023-21548, CVE-2023-21543, CVE-2023-21546, CVE-2023-21535

    Microsoft Important Rated CVEs:   CVE-2023-21773, CVE-2023-21760, CVE-2023-21754, CVE-2023-21774, CVE-2023-21766, CVE-2023-21758, CVE-2023-21747, CVE-2023-21524, CVE-2023-21776, CVE-2023-21749, CVE-2023-21752, CVE-2023-21765, CVE-2023-21525, CVE-2023-21772, CVE-2023-21767, CVE-2023-21757, CVE-2023-21750, CVE-2023-21748, CVE-2023-21746, CVE-2023-21739, CVE-2023-21732, CVE-2023-21728, CVE-2023-21726¸ CVE-2023-21683, CVE-2023-21682, CVE-2023-21681, CVE-2023-21680, CVE-2023-21678, CVE-2023-21677, CVE-2023-21675, CVE-2023-21674, CVE-2023-21563, CVE-2023-21560, CVE-2023-21558, CVE-2023-21557, CVE-2023-21552, CVE-2023-21549, CVE-2023-21542, CVE-2023-21541, CVE-2023-21547, CVE-2023-21537, CVE-2023-21532, CVE-2023-21527

     

    In the month of January 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1607

     

    Windows 10 Version 1809 for x64 based Systems 

    Security Rollup ID: 5022286

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2023-21730, CVE-2023-21679, CVE-2023-21561, CVE-2023-21556, CVE-2023-21555, CVE-2023-21551, CVE-2023-21548, CVE-2023-21543, CVE-2023-21546, CVE-2023-21535

    Microsoft Important Rated CVEs: CVE-2023-21774, CVE-2023-21525, CVE-2023-21750, CVE-2023-21767, CVE-2023-21765, CVE-2023-21748, CVE-2023-21757, CVE-2023-21755, CVE-2023-21766, CVE-2023-21772, CVE-2023-21758, CVE-2023-21524, CVE-2023-21752, CVE-2023-21760, CVE-2023-21754, CVE-2023-21747, CVE-2023-21776, CVE-2023-21773, CVE-2023-21753, CVE-2023-21749, CVE-2023-21746, CVE-2023-21739, CVE-2023-21732, CVE-2023-21728, CVE-2023-21726, CVE-2023-21683, CVE-2023-21682, CVE-2023-21681, CVE-2023-21680, CVE-2023-21678, CVE-2023-21677, CVE-2023-21676, CVE-2023-21675, CVE-2023-21674, CVE-2023-21563, CVE-2023-21560, CVE-2023-21559, CVE-2023-21558, CVE-2023-21557, CVE-2023-21552, CVE-2023-21550CVE-2023-21549, CVE-2023-21541, CVE-2023-21540, CVE-2023-21547, CVE-2023-21537, CVE-2023-21532

     

    In the month of January 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1809

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in January 2023



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

    Software Security Team, FSE

    NCR Corporation

    www.ncr.com

     

    The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.

     

     

     

  • 16.02.2023 | February 2023 NCR FSE Microsoft Security Updates

    IMPORTANT NOTICE (Updated February 2023):   

    Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended.  Windows 7 systems are also unaffected.

    The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.

    The patches included in the February 2023 release include the fix for this audio issue, and are also a rollup of all patches released in previous months. Thus, NCR’s current recommendation is now to install the February 2023 patches, as listed below. There are no special instructions for installation, please follow your usual deployment method.

     

     

    IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
    The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
    As of February 2020, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.

    Please note that the three-year ESU period defined by Microsoft ended in January 2023, and there will not be ESU updates after that date.

     

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    February 2023 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5022838

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2023-21692, CVE-2023-21690, CVE-2023-21689

    Microsoft Important Rated CVEs: CVE-2023-21823, CVE-2023-23376, CVE-2023-21805, CVE-2023-21702, CVE-2023-21701, CVE-2023-21700, CVE-2023-21699, CVE-2023-21697, CVE-2023-21695, CVE-2023-21694, CVE-2023-21693, CVE-2023-21691, CVE-2023-21688CVE-2023-21686, CVE-2023-21685, CVE-2023-21822, CVE-2023-21820, CVE-2023-21818, CVE-2023-21817, CVE-2023-21816, CVE-2023-21813, CVE-2023-21812, CVE-2023-21811, CVE-2023-21804, CVE-2023-21802, CVE-2023-21801, CVE-2023-21799CVE-2023-21798, CVE-2023-21797, CVE-2023-21684

     

    Security Rollup ID: 5022838

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 3.5 and 4.8

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2023-21722, CVE-2023-21808

     

     

    Windows 10 Version 1809 for x64 based Systems 

    Security Rollup ID: 50222840

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2023-21692, CVE-2023-21690, CVE-2023-21689

    Microsoft Important Rated CVEs: CVE-2023-21823, CVE-2023-23376, CVE-2023-21805, CVE-2023-21702, CVE-2023-21701, CVE-2023-21700, CVE-2023-21699, CVE-2023-21697, CVE-2023-21695, CVE-2023-21694, CVE-2023-21693, CVE-2023-21691, CVE-2023-21688, CVE-2023-21686, CVE-2023-21685, CVE-2023-21822, CVE-2023-21820, CVE-2023-21819, CVE-2023-21818, CVE-2023-21817, CVE-2023-21816, CVE-2023-21813, CVE-2023-21812, CVE-2023-21811, CVE-2023-21804, CVE-2023-21802, CVE-2023-21801, CVE-2023-21799, CVE-2023-21798, CVE-2023-21797, CVE-2023-21684

     

    Security Rollup ID: 5022782

    NCR Severity Rating: IMPORTANT
    Affected Software: .NET Framework 3.5.1 AND 4.7.2

    Microsoft Critical Rated CVEs:  N/A

    Microsoft Important Rated CVEs: CVE-2023-21808, CVE-2023-21722

     

    Security Advisories

    No New Notable Security Advisories were published by Microsoft in February 2023



    Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives

    If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.

     

    Software Security Team, FSE

    NCR Corporation

    www.ncr.com

     

    The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.

     

     

     

     

     

  • 15.03.2023 | March 2023 NCR FSE Microsoft Security Updates

    IMPORTANT NOTICE (Updated February 2023):   

    Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended.  Windows 7 systems are also unaffected.

    The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.

    The patches included in the February 2023 release include the fix for this audio issue, and are also a rollup of all patches released in previous months. Thus, NCR’s current recommendation is now to install the February 2023 patches, as listed below. There are no special instructions for installation, please follow your usual deployment method.

     

    ------------------------
    This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
    An update on the status of testing will be issued as a follow up to this email once testing has been completed.

    If assistance with any of these patches is required, please route the request via your standard NCR Support Route.

    Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.

    March 2023 Security Updates
    Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
    Microsoft Release Notes for this month’s patch release are available Here.

    Pre-Requisite for Patch Installation - Latest Servicing Stack Updates

    Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.

    These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.

     

    Windows 10 Version 1607 for x64 based Systems

    Security Rollup ID: 5023697

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1607 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2023-1018, CVE-2023-1017, CVE-2023-23416, CVE-2023-23415, CVE-2023-23411, CVE-2023-23404, CVE-2023-21708

    Microsoft Important Rated CVEs: CVE-2023-24911, CVE-2023-24870, CVE-2023-24876, CVE-2023-24909, CVE-2023-24868, CVE-2023-24872, CVE-2023-23403, CVE-2023-24907, CVE-2023-24869, CVE-2023-24910, CVE-2023-24913, CVE-2023-24908, CVE-2023-24867, CVE-2023-24906, CVE-2023-24866, CVE-2023-24865, CVE-2023-24864, CVE-2023-24863, CVE-2023-24862, CVE-2023-24861, CVE-2023-24859, CVE-2023-24858, CVE-2023-24857, CVE-2023-24856, CVE-2023-23423, CVE-2023-23422, CVE-2023-23421, CVE-2023-23420, CVE-2023-23417, CVE-2023-23414, CVE-2023-23413, CVE-2023-23412, CVE-2023-23410, CVE-2023-23409, CVE-2023-23407, CVE-2023-23406, CVE-2023-23405, CVE-2023-23402, CVE-2023-23401, CVE-2023-23394, CVE-2023-23388, CVE-2023-23385, CVE-2023-24880

     

    In the month of March 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1607

     

    Windows 10 Version 1809 for x64 based Systems 

    Security Rollup ID: 5023702

    NCR Severity Rating: IMPORTANT
    Affected Software: Windows 10 Version 1809 for x64-based Systems

    Microsoft Critical Rated CVEs: CVE-2023-1018, CVE-2023-1017, CVE-2023-23416, CVE-2023-23415, CVE-2023-23411, CVE-2023-23404, CVE-2023-21708

    Microsoft Important Rated CVEs: CVE-2023-24910, CVE-2023-24908, CVE-2023-24872, CVE-2023-23403, CVE-2023-24911,