Cumulative Update KB4025342 Windows 10 v1703 Build 15063.483

fdegrove · 11 Jul 2017

Hi,

khanmein said:

Do we really need to edit the registry key?

After installing the security updates for CVE-2017-8563, administrators need to set registry key LdapEnforceChannelBinding to enable the fix for the CVE. For more information about setting the registry key, see Microsoft Knowledge Base article 4034879.

The way I understand it, no, you do not:

********************************************************************
Title: Microsoft Security Update Releases
Issued: July 11, 2017
********************************************************************

Summary
=======

The following CVEs and Microsoft security bulletins have undergone
a major revision increment.

* CVE-2016-3305
* CVE-2017-0292
* CVE-2017-8543
* MS16-111
* MS16-SEP

CVE Revision Information:
=====================

CVE-2016-3305

- Title: CVE-2016-3305 | Windows Session Object Elevation of
Privilege Vulnerability
- https://portal.msrc.microsoft.com/en...urity-guidance
- Reason for Revision: Revised the Affected Products table to
include 10 Version 1703 for 32-bit Systems and Windows 10 Version
1703 for x64-based Systems because they are affected by
CVE-2016-3305. Microsoft recommends that customers running Windows
10 Version 1703 should install update 4025342 to be protected from
this vulnerability.
- Originally posted: September 13, 2016
- CVE Severity Rating: Important
- Version: 2.0

Source MS Security Update e-mail.

Cheers,

dencal · 11 Jul 2017

Installed update on three computers....all seems ok.

OilerNut · 11 Jul 2017

khanmein said:

Do we really need to edit the registry key?

After installing the security updates for CVE-2017-8563, administrators need to set registry key LdapEnforceChannelBinding to enable the fix for the CVE. For more information about setting the registry key, see Microsoft Knowledge Base article 4034879.

Only on a DC, which most people won't have, you can set the registry to enhance the security for the communication between a workstation and a domain controller.

https://portal.msrc.microsoft.com/en...c-000d3a32fc99

After installing the updates for CVE-2017-8563, to make LDAP authentication over SSL/TLS more secure, administrators need to create a LdapEnforceChannelBinding registry setting on a Domain Controller

https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry

To help make LDAP authentication over SSL/TLS more secure, administrators can configure the following registry setting on a Domain Controller

IronZorg89 · 11 Jul 2017

khanmein said:

Do we really need to edit the registry key?

After installing the security updates for CVE-2017-8563, administrators need to set registry key LdapEnforceChannelBinding to enable the fix for the CVE. For more information about setting the registry key, see Microsoft Knowledge Base article 4034879.

I am having the same question. Does anyone have the answer?

KB4025342 installed on both of my PCs without any issues. Ran Disk Cleanup right after this CU; It saved me 2.55GB on both PCs

IronZorg89 · 11 Jul 2017

fdegrove said:

Hi,

The way I understand it, no, you do not:

Source MS Security Update e-mail.

Cheers,

Thanks a lot for the prompt answer. That really helps.

I just realized that the answer is also in the Microsoft Knowledge Base article 4034879, referred to by "Brink" the administrator in post # 1. The modification of the "LdapEnforceChannelBinding" in the registry has to do with administrators running a server, which I don't have.

kado897 · 11 Jul 2017

WU kept doing a fail retry loop. WU troubleshooter made no difference nor did the WU reset script. Had to download and install manually. WU seems OK now it downloaded and installed a defender update and ran MRT.

Josey Wales · 11 Jul 2017

I just used Windows update for The CU and AU but The AU gave me a warning after I restored it that this will be the last time I can avoid going to the CU. I have the Do not update or whatever checked in Advanced settings.

Scottyboy99 · 11 Jul 2017

Czecher said:

Hello guys,
I did this update and everything went ok.
Just wanna ask you, is there any update for adobe flash player, it used to be there.
Thank you
Czecher

Attachment 143495

Yeah I'm not getting flash either even though I know there has been an update for it released. My v1607 machine got the flash update via WU, but this v1703 machine is not getting it. Odd

f14tomcat · 11 Jul 2017

Nice and smooth....about 15 minutes.

WEKJR · 11 Jul 2017

Completed the CU on 5 systems in the office with no difficulty. Everything seems to be running smoothly. Logitech K520 keyboard on IE11 and using this editor seems to be skipping keys. Not happening anywhere else.

WEK

PS No Flash update with this CU.

I just rechecked the Flash Version which is 26.0.0.137 which is correct.