IMPORTANT NOTE
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10. KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv). If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible. The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available. In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described. An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
December 2021 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE: February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5008282
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2021-43233, CVE-2021-43234, CVE-2021-43235
Microsoft Important Rated CVEs: CVE-2021-43236, CVE-2021-43237, CVE-2021-43238, CVE-2021-43239, CVE-2021-43240, CVE-2021-43241, CVE-2021-43242, CVE-2021-43243, CVE-2021-43244, CVE-2021-43245, CVE-2021-43246, CVE-2021-43247, CVE-2021-43248, CVE-2021-43249, CVE-2021-43250
In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 7 SP1
In the month of December 2021, Microsoft have not released any security fixes in Microsoft Internet Explorer 11 Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5008207
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2021-43215, CVE-2021-43217, CVE-2021-43233
Microsoft Important Rated CVEs: CVE-2021-43207, CVE-2021-41333, CVE-2021-43216, CVE-2021-43222, CVE-2021-43223, CVE-2021-43224, CVE-2021-43226, CVE-2021-43227, CVE-2021-43229, CVE-2021-43230, CVE-2021-43231, CVE-2021-43232, CVE-2021-43234, CVE-2021-43235, CVE-2021-43236, CVE-2021-43238, CVE-2021-43248, CVE-2021-43883, CVE-2021-43893
In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5008218
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2021-43233, CVE-2021-43217, CVE-2021-43215
Microsoft Important Rated CVEs: CVE-2021-43248, CVE-2021-43247, CVE-2021-43246, CVE-2021-43244, CVE-2021-43238, CVE-2021-43236, CVE-2021-43235, CVE-2021-43234, CVE-2021-43232, CVE-2021-43231, CVE-2021-43230, CVE-2021-43229, CVE-2021-43228, CVE-2021-43227, CVE-2021-43226, CVE-2021-43224, CVE-2021-43223, CVE-2021-43222, CVE-2021-43216, CVE-2021-41333, CVE-2021-43207, CVE-2021-43219, CVE-2021-43883, CVE-2021-43893
In the month of December 2021, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1809
Security Advisories
No New Notable Security Advisories were published by Microsoft in December 2021
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
IMPORTANT NOTE
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.
KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv).
If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.
The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
February 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5010422
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21989, CVE-2022-21981, CVE-2022-22718, CVE-2022-21985, CVE-2022-22717, CVE-2022-22710, CVE-2013-3900
In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 7 SP1
In the month of February 2022, Microsoft have not released any security fixes in Microsoft Internet Explorer 11 Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5010359
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-22002, CVE-2022-22001, CVE-2022-22000, CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21993, CVE-2022-21992, CVE-2022-21989, CVE-2022-21981, CVE-2022-22718, CVE-2022-21985, CVE-2022-22717, CVE-2022-21974, CVE-2022-22710, CVE-2013-3900
In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5010351
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-22002, CVE-2022-22001, CVE-2022-22000, CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21995, CVE-2022-21994, CVE-2022-21993, CVE-2022-21992, CVE-2022-21989, CVE-2022-21981, CVE-2022-21985, CVE-2022-22718, CVE-2022-22717, CVE-2022-22715, CVE-2022-22712, CVE-2022-21974, CVE-2022-21971, CVE-2022-22710, CVE-2022-22710
In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1809
Security Advisories
No New Notable Security Advisories were published by Microsoft in February 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
IMPORTANT NOTE
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.
KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv).
If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.
The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
February 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5010422
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21989, CVE-2022-21981, CVE-2022-22718, CVE-2022-21985, CVE-2022-22717, CVE-2022-22710, CVE-2013-3900
In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 7 SP1
In the month of February 2022, Microsoft have not released any security fixes in Microsoft Internet Explorer 11 Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5010359
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-22002, CVE-2022-22001, CVE-2022-22000, CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21993, CVE-2022-21992, CVE-2022-21989, CVE-2022-21981, CVE-2022-22718, CVE-2022-21985, CVE-2022-22717, CVE-2022-21974, CVE-2022-22710, CVE-2013-3900
In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5010351
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-22002, CVE-2022-22001, CVE-2022-22000, CVE-2022-21999, CVE-2022-21998, CVE-2022-21997, CVE-2022-21995, CVE-2022-21994, CVE-2022-21993, CVE-2022-21992, CVE-2022-21989, CVE-2022-21981, CVE-2022-21985, CVE-2022-22718, CVE-2022-22717, CVE-2022-22715, CVE-2022-22712, CVE-2022-21974, CVE-2022-21971, CVE-2022-22710, CVE-2022-22710
In the month of February 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1809
Security Advisories
No New Notable Security Advisories were published by Microsoft in February 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
IMPORTANT NOTE
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.
KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv).
If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.
The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
March 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5011529
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-23283, CVE-2022-23296, CVE-2022-24459, CVE-2022-23290, CVE-2022-23298, CVE-2022-23297, CVE-2022-24503, CVE-2022-23253, CVE-2022-24454, CVE-2022-23299, CVE-2022-23281, CVE-2022-23285, CVE-2022-21990, CVE-2022-21973, CVE-2022-23293
Security Rollup ID: 5011486
NCR Severity Rating: IMPORTANT
Affected Software: Internet Explorer 11
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-24502
In the month of March 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5011495
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-23293, CVE-2022-23287, CVE-2022-23283, CVE-2022-24502, CVE-2022-23297, CVE-2022-23296, CVE-2022-24459, CVE-2022-21977, CVE-2022-24507, CVE-2022-23298, CVE-2022-23284, CVE-2022-21990, CVE-2022-23290, CVE-2022-24503, CVE-2022-24454, CVE-2022-23253, CVE-2022-24460, CVE-2022-23299, CVE-2022-23281, CVE-2022-22010, CVE-2022-24455, CVE-2022-23294, CVE-2022-23285, CVE-2022-21967, CVE-2022-21975, CVE-2022-24505
In the month of March 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5011503
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-23288, CVE-2022-23285, CVE-2022-24455, CVE-2022-23284, CVE-2022-23294, CVE-2022-23278, CVE-2022-23296, CVE-2022-23281, CVE-2022-24507, CVE-2022-24503, CVE-2022-23291, CVE-2022-23253, CVE-2022-24459, CVE-2022-23299, CVE-2022-22010, CVE-2022-23293, CVE-2022-21975, CVE-2022-23297, CVE-2022-23290, CVE-2022-21990, CVE-2022-24460, CVE-2022-24454, CVE-2022-24502, CVE-2022-23298, CVE-2022-23283, CVE-2022-21967, CVE-2022-21977, CVE-2022-24505, CVE-2022-23287, CVE-2022-23286
In the month of March 2022, Microsoft have not released any security fixes in Microsoft .NET Framework Patches for Windows 10 version 1809
Security Advisories
No New Notable Security Advisories were published by Microsoft in March 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
IMPORTANT NOTE
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.
KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv).
If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.
The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
April 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5012649
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2022-26809, CVE-2022-26919, CVE-2022-24541, CVE-2022-24500
Microsoft Important Rated CVEs: CVE-2022-26796, CVE-2022-26827, CVE-2022-26918, CVE-2022-26807, CVE-2022-26792, CVE-2022-26794, CVE-2022-26916, CVE-2022-26797, CVE-2022-26787, CVE-2022-26831, CVE-2022-26802, CVE-2022-26810, CVE-2022-26798, CVE-2022-26790, CVE-2022-26915, CVE-2022-26917, CVE-2022-26904, CVE-2022-26801, CVE-2022-24544, CVE-2022-24493, CVE-2022-24492, CVE-2022-24540, CVE-2022-24534, CVE-2022-24485, CVE-2022-24533, CVE-2022-24481, CVE-2022-24527, CVE-2022-24474, CVE-2022-24521, CVE-2022-26903, CVE-2022-24499, CVE-2022-24498, CVE-2022-24494, CVE-2022-24542, CVE-2022-24528, CVE-2022-21983, CVE-2022-24530
Security Rollup ID: 5012324
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-26832
In the month of April 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5012596
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-26919, CVE-2022-26809, CVE-2022-24541, CVE-2022-24491, CVE-2022-24537, CVE-2022-22008, CVE-2022-24500, CVE-2022-24497
Microsoft Important Rated CVEs: CVE-2022-26831, CVE-2022-26827, CVE-2022-24549, CVE-2022-26810, CVE-2022-26808, CVE-2022-26826, CVE-2022-26801, CVE-2022-26792, CVE-2022-26794, CVE-2022-26916, CVE-2022-26797, CVE-2022-26787, CVE-2022-26918, CVE-2022-26803, CVE-2022-26802, CVE-2022-26790, CVE-2022-26786, CVE-2022-26915, CVE-2022-26917, CVE-2022-26904, CVE-2022-26807, CVE-2022-26798, CVE-2022-26796, CVE-2022-26788, CVE-2022-24545, CVE-2022-24496, CVE-2022-24544, CVE-2022-24493, CVE-2022-24492, CVE-2022-24540, CVE-2022-24487, CVE-2022-24486, CVE-2022-24534, CVE-2022-24485, CVE-2022-24533, CVE-2022-24481, CVE-2022-24479, CVE-2022-24527, CVE-2022-24474, CVE-2022-24521, CVE-2022-26903, CVE-2022-24547, CVE-2022-24550, CVE-2022-24499, CVE-2022-24498, CVE-2022-24495, CVE-2022-24494, CVE-2022-24542, CVE-2022-24528, CVE-2022-24482
Security Rollup ID: 5012118
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-26832
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5012647
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-24481, CVE-2022-24479, CVE-2022-24527, CVE-2022-24474, CVE-2022-24521, CVE-2022-24550, CVE-2022-26903, CVE-2022-24499, CVE-2022-24547, CVE-2022-24498, CVE-2022-24546, CVE-2022-24495, CVE-2022-24494, CVE-2022-24542, CVE-2022-24483, CVE-2022-24528, CVE-2022-21983, CVE-2022-24530, CVE-2022-24482
Security Rollup ID: 5012328
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5, 4.7.2, and 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-26832
Security Advisories
No New Notable Security Advisories were published by Microsoft in April 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
IMPORTANT NOTE
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.
KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv).
If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.
The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
May 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5013999
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2022-26931, CVE-2022-23270, CVE-2022-21972
Microsoft Important Rated CVEs: CVE-2022-22019, CVE-2022-29141, CVE-2022-29132, CVE-2022-29139, CVE-2022-29137, CVE-2022-29130, CVE-2022-29129, CVE-2022-29128, CVE-2022-29127, CVE-2022-29121, CVE-2022-29115, CVE-2022-29112, CVE-2022-29105, CVE-2022-29103, CVE-2022-22015, CVE-2022-22014, CVE-2022-22013, CVE-2022-22012, CVE-2022-22011, CVE-2022-26936, CVE-2022-26935, CVE-2022-26934, CVE-2022-26926, CVE-2022-26925
Security Rollup ID: 5013837
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-30130
In the month of May 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5013952
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-26931, CVE-2022-26923, CVE-2022-23270, CVE-2022-21972
Microsoft Important Rated CVEs: CVE-2022-29132, CVE-2022-22019, CVE-2022-29141, CVE-2022-29137, CVE-2022-29140, CVE-2022-29130, CVE-2022-29129, CVE-2022-29128, CVE-2022-29127, CVE-2022-29126, CVE-2022-29125, CVE-2022-29121, CVE-2022-29115, CVE-2022-29114, CVE-2022-29112, CVE-2022-29105, CVE-2022-29104, CVE-2022-29103, CVE-2022-22016, CVE-2022-22015, CVE-2022-22014, CVE-2022-22013, CVE-2022-22012, CVE-2022-22011, CVE-2022-26936, CVE-2022-26935, CVE-2022-26934, CVE-2022-26933, CVE-2022-26930, CVE-2022-26926, CVE-2022-26925, CVE-2022-24466
Security Rollup ID: 5013625
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-30130
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5013941
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-29115, CVE-2022-29114, CVE-2022-29113, CVE-2022-29112, CVE-2022-29105, CVE-2022-29104, CVE-2022-29103, CVE-2022-22016, CVE-2022-22015, CVE-2022-22014, CVE-2022-22013, CVE-2022-22012, CVE-2022-22011, CVE-2022-26936, CVE-2022-26935, CVE-2022-26934, CVE-2022-26933, CVE-2022-26930, CVE-2022-26927, CVE-2022-26926, CVE-2022-26925, CVE-2022-26913, CVE-2022-24466
Security Rollup ID: 5013868
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5, 4.7.2, and 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-30130
Security Advisories
No New Notable Security Advisories were published by Microsoft in May 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTE
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.
KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv).
If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.
The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
June 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5014742
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-21166, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125, CVE-2022-30135, CVE-2022-30140, CVE-2022-30141, CVE-2022-30142, CVE-2022-30143, CVE-2022-30146, CVE-2022-30147, CVE-2022-30149, CVE-2022-30151, CVE-2022-30152, CVE-2022-30153, CVE-2022-30155, CVE-2022-30160, CVE-2022-30161, CVE-2022-30166, CVE-2022-30190
In the month of June 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1
In the month of June 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5014702
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-30139, CVE-2022-30163
Microsoft Important Rated CVEs: CVE-2022-21166, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125, CVE-2022-30138, CVE-2022-30140, CVE-2022-30141, CVE-2022-30142, CVE-2022-30143, CVE-2022-30145, CVE-2022-30146, CVE-2022-30147, CVE-2022-30148, CVE-2022-30149, CVE-2022-30150, CVE-2022-30151, CVE-2022-30152, CVE-2022-30153, CVE-2022-30155, CVE-2022-30160, CVE-2022-30161, CVE-2022-30162, CVE-2022-30164, CVE-2022-30165, CVE-2022-30166, CVE-2022-30190
In the month of June 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 10 1607 for x64 based Systems
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5014692
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-30139, CVE-2022-30163
Microsoft Important Rated CVEs: CVE-2022-21166, CVE-2022-21127, CVE-2022-21123, CVE-2022-21125, CVE-2022-30132, CVE-2022-30138, CVE-2022-30140, CVE-2022-30141, CVE-2022-30142, CVE-2022-30143, CVE-2022-30145, CVE-2022-30146, CVE-2022-30147, CVE-2022-30148, CVE-2022-30149, CVE-2022-30150, CVE-2022-30151, CVE-2022-30152, CVE-2022-30153, CVE-2022-30155, CVE-2022-30160, CVE-2022-30161, CVE-2022-30162, CVE-2022-30164, CVE-2022-30165, CVE-2022-30166, CVE-2022-30190, CVE-2022-32230
In the month of June 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 10 1809 for x64 based Systems
Security Advisories
No New Notable Security Advisories were published by Microsoft in June 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.
KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv).
If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.
The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
July 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5015862
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2022-30221
Microsoft Important Rated CVEs: CVE-2022-22050, CVE-2022-22049, CVE-2022-22048, CVE-2022-22047, CVE-2022-22043, CVE-2022-22040, CVE-2022-22037, CVE-2022-22036, CVE-2022-22034, CVE-2022-22027, CVE-2022-22026, CVE-2022-22025, CVE-2022-22024, CVE-2022-22023, CVE-2022-22022, CVE-2022-30226, CVE-2022-30225, CVE-2022-30224, CVE-2022-30220, CVE-2022-30213, CVE-2022-30211, CVE-2022-30209, CVE-2022-30208, CVE-2022-30206, CVE-2022-30205, CVE-2022-30203, CVE-2022-30202, CVE-2022-21845
In the month of July 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1
In the month of July 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5015808
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-22038, CVE-2022-30221
Microsoft Important Rated CVEs: CVE-2022-22050, CVE-2022-22048, CVE-2022-22049, CVE-2022-22047, CVE-2022-22045, CVE-2022-22043, CVE-2022-22042, CVE-2022-22041, CVE-2022-22040, CVE-2022-22037, CVE-2022-22036, CVE-2022-22034, CVE-2022-22031, CVE-2022-22027, CVE-2022-22026, CVE-2022-22025, CVE-2022-22024, CVE-2022-22023, CVE-2022-22022, CVE-2022-30226, CVE-2022-30225, CVE-2022-30224, CVE-2022-30223, CVE-2022-30222, CVE-2022-30220, CVE-2022-30213, CVE-2022-30211, CVE-2022-30209, CVE-2022-30208, CVE-2022-30206, CVE-2022-30205, CVE-2022-30203, CVE-2022-30202, CVE-2022-22711, CVE-2022-21845
In the month of July 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 10 1607 for x64 based Systems
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5015811
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-22038, CVE-2022-30221
Microsoft Important Rated CVEs: CVE-2022-22050, CVE-2022-27776, CVE-2022-22049, CVE-2022-22048, CVE-2022-22047, CVE-2022-22045, CVE-2022-22043, CVE-2022-22042, CVE-2022-22041, CVE-2022-22040, CVE-2022-22037, CVE-2022-22036, CVE-2022-22034, CVE-2022-22031, CVE-2022-22027, CVE-2022-22026, CVE-2022-22025, CVE-2022-22024, CVE-2022-22023, CVE-2022-22022, CVE-2022-30226, CVE-2022-30225, CVE-2022-30224, CVE-2022-30223, CVE-2022-30222, CVE-2022-30220, CVE-2022-30213, CVE-2022-30212, CVE-2022-30211, CVE-2022-30209, CVE-2022-30208, CVE-2022-30206, CVE-2022-30205, CVE-2022-30203, CVE-2022-30202, CVE-2022-22711, CVE-2022-21845
In the month of July 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 10 1809 for x64 based Systems
Security Advisories
No New Notable Security Advisories were published by Microsoft in July 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTE
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.
KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv).
If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.
The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
August 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5016679
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2022-35767, CVE-2022-35753, CVE-2022-35752, CVE-2022-35745, CVE-2022-35744, CVE-2022-34714, CVE-2022-34702, CVE-2022-34691, CVE-2022-30133
Microsoft Important Rated CVEs: CVE-2022-35768, CVE-2022-35760, CVE-2022-35795, CVE-2022-35793, CVE-2022-35820, CVE-2022-35769, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35750, CVE-2022-35747, CVE-2022-35743, CVE-2022-34713, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34701, CVE-2022-34690, CVE-2022-30194
In the month of August 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1
In the month of August 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5016622
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-35767, CVE-2022-35753, CVE-2022-35752, CVE-2022-35745, CVE-2022-35744, CVE-2022-34714, CVE-2022-34702, CVE-2022-34696, CVE-2022-34691, CVE-2022-30133
Microsoft Important Rated CVEs: CVE-2022-35768, CVE-2022-35792, CVE-2022-35764, CVE-2022-35760, CVE-2022-35754, CVE-2022-35763, CVE-2022-35795, CVE-2022-35769, CVE-2022-35793, CVE-2022-34703, CVE-2022-35762, CVE-2022-33670, CVE-2022-35771, CVE-2022-35765, CVE-2022-35761, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35755, CVE-2022-35751, CVE-2022-35750, CVE-2022-35749, CVE-2022-35747, CVE-2022-35746, CVE-2022-35743, CVE-2022-34713, CVE-2022-34710, CVE-2022-34709, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34704, CVE-2022-34701, CVE-2022-34699, CVE-2022-34690, CVE-2022-30194, CVE-2022-30144
In the month of August 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 10 1607 for x64 based Systems
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5016623
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-35766, CVE-2022-35794, CVE-2022-35767, CVE-2022-35753, CVE-2022-35752, CVE-2022-35745, CVE-2022-35744, CVE-2022-34714, CVE-2022-34702, CVE-2022-34696, CVE-2022-34691, CVE-2022-30133
Microsoft Important Rated CVEs: CVE-2022-35771, CVE-2022-35764, CVE-2022-35760, CVE-2022-35754, CVE-2022-35768, CVE-2022-35765, CVE-2022-35765, CVE-2022-35769, CVE-2022-33670, CVE-2022-35793, CVE-2022-35757, CVE-2022-34703, CVE-2022-35797, CVE-2022-35763, CVE-2022-35795, CVE-2022-35792, CVE-2022-35762, CVE-2022-35761, CVE-2022-35759, CVE-2022-35758, CVE-2022-35756, CVE-2022-35755, CVE-2022-35751, CVE-2022-35750, CVE-2022-35749, CVE-2022-35747, CVE-2022-35746, CVE-2022-35743, CVE-2022-34713, CVE-2022-34710, CVE-2022-34709, CVE-2022-34708, CVE-2022-34707, CVE-2022-34706, CVE-2022-34705, CVE-2022-34704, CVE-2022-34701, CVE-2022-34699, CVE-2022-34690, CVE-2022-30194, CVE-2022-30144, CVE-2022-30197
In the month of August 2022, Microsoft have not released any security fixes in .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 10 1809 for x64 based Systems
Security Advisories
No New Notable Security Advisories were published by Microsoft in August 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.
KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv).
If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.
The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
September 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5017373
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1, and .NET Framework
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-26929
In the month of September 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1
In the month of September 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5017305
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems, and .NET Framework
Microsoft Critical Rated CVEs: CVE-2022-34722, CVE-2022-34721, CVE-2022-34718
Microsoft Important Rated CVEs: CVE-2022-35803, CVE-2022-26929, CVE-2022-37958, CVE-2022-26929, CVE-2022-38006, CVE-2022-38005, CVE-2022-37957, CVE-2022-38004, CVE-2022-37956, CVE-2022-37955, CVE-2022-34734, CVE-2022-34733, CVE-2022-34732, CVE-2022-34731, CVE-2022-34730, CVE-2022-34729, CVE-2022-34728, CVE-2022-34727, CVE-2022-34726, CVE-2022-34725, CVE-2022-34720, CVE-2022-34719, CVE-2022-35841, CVE-2022-35840, CVE-2022-35837, CVE-2022-35836, CVE-2022-35835, CVE-2022-35834, CVE-2022-35834, CVE-2022-35833, CVE-2022-35832, CVE-2022-35831, CVE-2022-30200, CVE-2022-30170, CVE-2022-26928, CVE-2022-37969
In the month of September 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 10 1607 for x64 based Systems
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5017315
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems, and .NET Framework
Microsoft Critical Rated CVEs: CVE-2022-34722, CVE-2022-34721, CVE-2022-34718
Microsoft Important Rated CVEs: CVE-2022-26929, CVE-2022-35803, CVE-2022-26929, CVE-2022-38006, CVE-2022-37958, CVE-2022-38005, CVE-2022-37957, CVE-2022-38004, CVE-2022-37956, CVE-2022-37955, CVE-2022-37954, CVE-2022-34734, CVE-2022-34733, CVE-2022-34732, CVE-2022-34731, CVE-2022-34730, CVE-2022-34729, CVE-2022-34728, CVE-2022-34727, CVE-2022-34726, CVE-2022-34725, CVE-2022-34720, CVE-2022-34719, CVE-2022-35841, CVE-2022-35840, CVE-2022-35837, CVE-2022-35836, CVE-2022-35835, CVE-2022-35834, CVE-2022-35833, CVE-2022-35832, CVE-2022-35831, CVE-2022-30200, CVE-2022-30196, CVE-2022-30170, CVE-2022-26928, CVE-2022-37969
In the month of September 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 10 1809 for x64 based Systems
Security Advisories
No New Notable Security Advisories were published by Microsoft in September 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
Starting in July 2021, all Windows 10 v1607 and Windows 10 v1809 security patch rollups provided by Microsoft include the “Flash Removal Package” (KB4577586).
Microsoft Removing Adobe Flash from Windows
Microsoft will remove Adobe Flash in 2021 from the Windows10 O/S via Microsoft update KB4577586. That same KB4577586 will also remove Adobe Flash from the Edge and Internet Explorer browsers in Windows 10.
KB4577586 becomes a recommended update starting April 20th 2021 and then mandatory starting July 20th 2021.
This KB negates Adobe Enterprise Enablement configurations for AllowList by removing Adobe Flash and/or blocking it completely in the IE/Edge browsers. Once applied, you cannot play flash content (swf and flv).
If you are currently using Adobe Enterprise Enablement configurations for AllowList, or have not completed the Adobe Flash EOL remediation actions previously communicated to you, please contact your advocated NCR Account Managers, Partner Manager and Professional Services Representatives for the best way forward as soon as possible.
The NCR Global Security Team cannot assist in this matter.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
October 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5018479
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-24504, CVE-2022-41081, CVE-2022-38000, CVE-2022-38047
Microsoft Important Rated CVEs: CVE-2022-38041, CVE-2022-33645, CVE-2022-35770, CVE-2022-38042, CVE-2022-38040, CVE-2022-38043, CVE-2022-33635, CVE-2022-37986, CVE-2022-37987, CVE-2022-37997, CVE-2022-37985, CVE-2022-37975, CVE-2022-38026, CVE-2022-38022, CVE-2022-37994, CVE-2022-37993, CVE-2022-37991, CVE-2022-37990, CVE-2022-38038, CVE-2022-37989, CVE-2022-38037, CVE-2022-37988, CVE-2022-38033, CVE-2022-38032, CVE-2022-38031, CVE-2022-37982, CVE-2022-38029, CVE-2022-37977, CVE-2022-38034, CVE-2022-37978, CVE-2022-41033, CVE-2022-37981, CVE-2022-38051, CVE-2022-38044, CVE-2022-37999
In the month of October 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1
In the month of October 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5018411
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-30198, CVE-2022-22035, CVE-2022-33634, CVE-2022-24504, CVE-2022-37979, CVE-2022-41081, CVE-2022-38000, CVE-2022-38047
Microsoft Important Rated CVEs: CVE-2022-38028, CVE-2022-37965, CVE-2022-33645, CVE-2022-37984, CVE-2022-38040, CVE-2022-38042, CVE-2022-37995, CVE-2022-38043, CVE-2022-37997, CVE-2022-33635, CVE-2022-38021, CVE-2022-37986, CVE-2022-38041, CVE-2022-37985, CVE-2022-35770, CVE-2022-38045, CVE-2022-37987, CVE-2022-37975, CVE-2022-38026, CVE-2022-38022, CVE-2022-37994, CVE-2022-37993, CVE-2022-37991, CVE-2022-37990, CVE-2022-38038, CVE-2022-37989, CVE-2022-38037, CVE-2022-37988, CVE-2022-38033, CVE-2022-38032, CVE-2022-38031, CVE-2022-37982, CVE-2022-38029, CVE-2022-37977, CVE-2022-38034, CVE-2022-37978, CVE-2022-41033, CVE-2022-37981, CVE-2022-38003, CVE-2022-38051, CVE-2022-37996, CVE-2022-38027, CVE-2022-38044, CVE-2022-37999
In the month of October 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 10 1607 for x64 based Systems
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5018419
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-30198, CVE-2022-22035, CVE-2022-33634, CVE-2022-24504, CVE-2022-37979, CVE-2022-41081, CVE-2022-38000, CVE-2022-38047
Microsoft Important Rated CVEs: CVE-2022-38040, CVE-2022-37987, CVE-2022-38045, CVE-2022-38022, CVE-2022-37995, CVE-2022-38026, CVE-2022-37986, CVE-2022-38046, CVE-2022-38041, CVE-2022-33645, CVE-2022-38043, CVE-2022-37985, CVE-2022-37994, CVE-2022-38021, CVE-2022-37984, CVE-2022-38028, CVE-2022-33635, CVE-2022-35770, CVE-2022-37975, CVE-2022-37965, CVE-2022-37997, CVE-2022-38042, CVE-2022-37993, CVE-2022-37991, CVE-2022-37990, CVE-2022-38038, CVE-2022-37989, CVE-2022-38037, CVE-2022-37988, CVE-2022-38033, CVE-2022-38032, CVE-2022-38031, CVE-2022-37982, CVE-2022-38029, CVE-2022-37977, CVE-2022-38034, CVE-2022-37978, CVE-2022-37970, CVE-2022-37983, CVE-2022-38016, CVE-2022-38030, CVE-2022-38039, CVE-2022-41033, CVE-2022-37981, CVE-2022-38003, CVE-2022-38051, CVE-2022-38050, CVE-2022-37996, CVE-2022-38044
In the month of October 2022, Microsoft have not released any separate security patches for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 10 1809 for x64 based Systems
Security Advisories
No New Notable Security Advisories were published by Microsoft in October 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTICE:
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
Thus, NCR’s current recommendation is to delay the application of the following windows 10 operating system patches on Cometlake, Kabylake, and Skylake cores until otherwise instructed -
Other patches should continue to be applied as per normal cadence.
Other cores running Windows 10 are unaffected by the issues with the above patches, and therefore customers should continue to apply these patches as per normal cadence on those machines.
Windows 7 systems are also unaffected, and patches should continue to be applied to those systems as per normal cadence.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
Please note that the three-year ESU period defined by Microsoft ends in January 2023, and there will not be ESU updates after that date.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
November 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5013999
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2022-41039, CVE-2022-41128, CVE-2022-41118, CVE-2022-41044
Microsoft Important Rated CVEs: CVE-2022-41045, CVE-2022-41109, CVE-2022-41098, CVE-2022-41097, CVE-2022-41095, CVE-2022-41090, CVE-2022-41086, CVE-2022-41058, CVE-2022-41057, CVE-2022-41056, CVE-2022-41053, CVE-2022-41047, CVE-2022-41048, CVE-2022-37992, CVE-2022-23824, CVE-2022-41073, CVE-2022-41116
Security Rollup ID: 5020612
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-41064
Security Rollup ID: 5019958
NCR Severity Rating: IMPORTANT
Affected Software: Internet Explorer 11
Microsoft Critical Rated CVEs: CVE-2022-41128, CVE-2022-41118
Microsoft Important Rated CVEs: N/A
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5019964
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-41039, CVE-2022-41088, CVE-2022-38015, CVE-2022-41128, CVE-2022-41118
Microsoft Important Rated CVEs: CVE-2022-41100, CVE-2022-41045, CVE-2022-41109, CVE-2022-41099, CVE-2022-41098, CVE-2022-41097, CVE-2022-41095, CVE-2022-41093, CVE-2022-41090, CVE-2022-41086, CVE-2022-41058, CVE-2022-41057, CVE-2022-41056, CVE-2022-41053, CVE-2022-41052, CVE-2022-41047, CVE-2022-41048, CVE-2022-37992, CVE-2022-23824, CVE-2022-41125, CVE-2022-41073, CVE-2022-41054, CVE-2022-41102, CVE-2022-41101, CVE-2022-41050, CVE-2022-41049, CVE-2022-41091
Security Rollup ID: 5020614
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-41064
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5019966
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-41039, CVE-2022-41088, CVE-2022-38015, CVE-2022-41128, CVE-2022-41118
Microsoft Important Rated CVEs: CVE-2022-41045, CVE-2022-41109, CVE-2022-41100, CVE-2022-41099, CVE-2022-41098, CVE-2022-41097, CVE-2022-41096, CVE-2022-41095, CVE-2022-41093, CVE-2022-41090, CVE-2022-41086, CVE-2022-41058, CVE-2022-41057, CVE-2022-41056, CVE-2022-41055, CVE-2022-41053, CVE-2022-41052, CVE-2022-41047, CVE-2022-41048, CVE-2022-37992, CVE-2022-23824, CVE-2022-41125, CVE-2022-41073, CVE-2022-41054, CVE-2022-41113, CVE-2022-41102, CVE-2022-41101, CVE-2022-41050, CVE-2022-41049, CVE-2022-41091
Security Rollup ID: 5020685
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 4.7.2, 4.8.1
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-41064
Security Advisories
No New Notable Security Advisories were published by Microsoft in November 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTICE (DECEMBER 2022):
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
Thus, NCR’s current recommendation is to delay the application of the following windows 10 operating system patches on Cometlake, Kabylake, and Skylake cores until otherwise instructed -
Other patches should continue to be applied as per normal cadence.
Other cores running Windows 10 are unaffected by the issues with the above patches, and therefore customers should continue to apply these patches as per normal cadence on those machines.
Windows 7 systems are also unaffected, and patches should continue to be applied to those systems as per normal cadence.
At the moment, we expect that the resolution for this will be included in the January patch release from Microsoft.
For further information, please refer to the following OKM article: https://okm.corp.ncr.com/infocenter/index?page=content&id=IS35085&actp=search&viewlocale=en_US
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
Please note that the three-year ESU period defined by Microsoft ends in January 2023, and there will not be ESU updates after that date.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
December 2022 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5021288
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2022-41076, CVE-2022-44676, CVE-2022-44670
Microsoft Important Rated CVEs: CVE-2022-44697, CVE-2022-44681, CVE-2022-44678, CVE-2022-44675, CVE-2022-44673, CVE-2022-44668, CVE-2022-44667, CVE-2022-44666, CVE-2022-41121, CVE-2022-41077, CVE-2022-41074
Security Rollup ID: 5021079
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-41089
In the month of December 2022, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5021235
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-41076, CVE-2022-44676, CVE-2022-44670
Microsoft Important Rated CVEs: CVE-2022-41094, CVE-2022-44707, CVE-2022-44683, CVE-2022-44682, CVE-2022-44681, CVE-2022-44680, CVE-2022-44679, CVE-2022-44678, CVE-2022-44675, CVE-2022-44668, CVE-2022-44667, CVE-2022-44666, CVE-2022-41121, CVE-2022-41077, CVE-2022-41074
Security Rollup ID: 5020873
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-41089
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5021237
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2022-41076, CVE-2022-44676, CVE-2022-44670
Microsoft Important Rated CVEs: CVE-2022-41094, CVE-2022-44707, CVE-2022-44689, CVE-2022-44683, CVE-2022-44682, CVE-2022-44681, CVE-2022-44680, CVE-2022-44679, CVE-2022-44678, CVE-2022-44677, CVE-2022-44675, CVE-2022-44674, CVE-2022-44671, CVE-2022-44669, CVE-2022-44668, CVE-2022-44667, CVE-2022-44666, CVE-2022-41121, CVE-2022-41077, CVE-2022-41074
Security Rollup ID: 5021085
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5, 4.7.2, 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2022-41089
Security Advisories
No New Notable Security Advisories were published by Microsoft in December 2022
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
IMPORTANT NOTICE (DECEMBER 2022):
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
Thus, NCR’s current recommendation is to delay the application of the following windows 10 operating system patches on Cometlake, Kabylake, and Skylake cores until otherwise instructed -
Other patches should continue to be applied as per normal cadence.
Other cores running Windows 10 are unaffected by the issues with the above patches, and therefore customers should continue to apply these patches as per normal cadence on those machines.
Windows 7 systems are also unaffected, and patches should continue to be applied to those systems as per normal cadence.
At the moment, we expect that the resolution for this will be included in the February patch release from Microsoft.
For further information, please refer to the following OKM article: https://okm.corp.ncr.com/infocenter/index?page=content&id=IS35085&actp=search&viewlocale=en_US
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
In subsequent months, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
Please note that the three-year ESU period defined by Microsoft ends in January 2023, and there will not be ESU updates after that date.
For more information on ESU, please contact your NCR Sales Representative.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
January 2023 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 7
IMPORTANT NOTE 1 – Windows 7 updates are now only able to be applied by ESU customers.
For more information on ESU, please contact your NCR Sales Representative
NOTE:
February 2022 is the time when 2021 Windows 7 SP1 ESU keys may become invalid due to the second year of ESU support ending.
February 2021 is the time when 2020 Windows 7 SP1 ESU keys may become invalid due to the first year of ESU support ending.
Customers should ensure that they have installed an up to date ESU key which covers 2022/2021 so that patches can be applied to windows 7 in an ongoing basis
Build recommendation - Anyone creating new OS builds for Windows 7 can use the “convenience roll up” that was issued in April 2016 and then install all the security patches released since April 2016. The convenience roll up can be found here and includes all security patches released up until April 2016.
Security Rollup ID: 5022339
NCR Severity Rating: IMPORTANT
Affected Software: Windows 7 for 32-bit Systems Service Pack 1
Microsoft Critical Rated CVEs: CVE-2023-21730, CVE-2023-21679, CVE-2023-21561, CVE-2023-21556, CVE-2023-21555, CVE-2023-21548, CVE-2023-21543, CVE-2023-21546
Microsoft Important Rated CVEs: CVE-2023-21773, CVE-2023-21760, CVE-2023-21754, CVE-2023-21774, CVE-2023-21749, CVE-2023-21772, CVE-2023-21747, CVE-2023-21524, CVE-2023-21776, CVE-2023-21752, CVE-2023-21765, CVE-2023-21525, CVE-2023-21757, CVE-2023-21750, CVE-2023-21748, CVE-2023-21746, CVE-2023-21732, CVE-2023-21728, CVE-2023-21726, CVE-2023-21682, CVE-2023-21681, CVE-2023-21680, CVE-2023-21678, CVE-2023-21675, CVE-2023-21563, CVE-2023-21560, CVE-2023-21557, CVE-2023-21552, CVE-2023-21549, CVE-2023-21542, CVE-2023-21541, CVE-2023-21537, CVE-2023-21532, CVE-2023-21527
In the month of January 2023, Microsoft have not released any security fixes in .NET Framework for Windows 7 SP1
In the month of January 2023, Microsoft have not released any security fixes in Internet Explorer Patches for Windows 7 SP1
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5022289
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-21730, CVE-2023-21679, CVE-2023-21561, CVE-2023-21556, CVE-2023-21555, CVE-2023-21548, CVE-2023-21543, CVE-2023-21546, CVE-2023-21535
Microsoft Important Rated CVEs: CVE-2023-21773, CVE-2023-21760, CVE-2023-21754, CVE-2023-21774, CVE-2023-21766, CVE-2023-21758, CVE-2023-21747, CVE-2023-21524, CVE-2023-21776, CVE-2023-21749, CVE-2023-21752, CVE-2023-21765, CVE-2023-21525, CVE-2023-21772, CVE-2023-21767, CVE-2023-21757, CVE-2023-21750, CVE-2023-21748, CVE-2023-21746, CVE-2023-21739, CVE-2023-21732, CVE-2023-21728, CVE-2023-21726¸ CVE-2023-21683, CVE-2023-21682, CVE-2023-21681, CVE-2023-21680, CVE-2023-21678, CVE-2023-21677, CVE-2023-21675, CVE-2023-21674, CVE-2023-21563, CVE-2023-21560, CVE-2023-21558, CVE-2023-21557, CVE-2023-21552, CVE-2023-21549, CVE-2023-21542, CVE-2023-21541, CVE-2023-21547, CVE-2023-21537, CVE-2023-21532, CVE-2023-21527
In the month of January 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5022286
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-21730, CVE-2023-21679, CVE-2023-21561, CVE-2023-21556, CVE-2023-21555, CVE-2023-21551, CVE-2023-21548, CVE-2023-21543, CVE-2023-21546, CVE-2023-21535
Microsoft Important Rated CVEs: CVE-2023-21774, CVE-2023-21525, CVE-2023-21750, CVE-2023-21767, CVE-2023-21765, CVE-2023-21748, CVE-2023-21757, CVE-2023-21755, CVE-2023-21766, CVE-2023-21772, CVE-2023-21758, CVE-2023-21524, CVE-2023-21752, CVE-2023-21760, CVE-2023-21754, CVE-2023-21747, CVE-2023-21776, CVE-2023-21773, CVE-2023-21753, CVE-2023-21749, CVE-2023-21746, CVE-2023-21739, CVE-2023-21732, CVE-2023-21728, CVE-2023-21726, CVE-2023-21683, CVE-2023-21682, CVE-2023-21681, CVE-2023-21680, CVE-2023-21678, CVE-2023-21677, CVE-2023-21676, CVE-2023-21675, CVE-2023-21674, CVE-2023-21563, CVE-2023-21560, CVE-2023-21559, CVE-2023-21558, CVE-2023-21557, CVE-2023-21552, CVE-2023-21550, CVE-2023-21549, CVE-2023-21541, CVE-2023-21540, CVE-2023-21547, CVE-2023-21537, CVE-2023-21532
In the month of January 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1809
Security Advisories
No New Notable Security Advisories were published by Microsoft in January 2023
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTICE (Updated February 2023):
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended. Windows 7 systems are also unaffected.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
The patches included in the February 2023 release include the fix for this audio issue, and are also a rollup of all patches released in previous months. Thus, NCR’s current recommendation is now to install the February 2023 patches, as listed below. There are no special instructions for installation, please follow your usual deployment method.
IMPORTANT NOTE – END OF WINDOWS 7 EXTENDED SUPPORT JANUARY 2020
The patches released in January 2020 for Windows 7 are the last official Microsoft patches released for Windows 7 that will be made generally available.
As of February 2020, Microsoft will only release “Extended Security Updates” (ESU) for Windows 7. These will only be able to be installed by those customers who have an agreement to receive them. These will only cover “important” and “critical” updates to security vulnerabilities as categorized by Microsoft.
Please note that the three-year ESU period defined by Microsoft ended in January 2023, and there will not be ESU updates after that date.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
February 2023 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5022838
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-21692, CVE-2023-21690, CVE-2023-21689
Microsoft Important Rated CVEs: CVE-2023-21823, CVE-2023-23376, CVE-2023-21805, CVE-2023-21702, CVE-2023-21701, CVE-2023-21700, CVE-2023-21699, CVE-2023-21697, CVE-2023-21695, CVE-2023-21694, CVE-2023-21693, CVE-2023-21691, CVE-2023-21688, CVE-2023-21686, CVE-2023-21685, CVE-2023-21822, CVE-2023-21820, CVE-2023-21818, CVE-2023-21817, CVE-2023-21816, CVE-2023-21813, CVE-2023-21812, CVE-2023-21811, CVE-2023-21804, CVE-2023-21802, CVE-2023-21801, CVE-2023-21799, CVE-2023-21798, CVE-2023-21797, CVE-2023-21684
Security Rollup ID: 5022838
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5 and 4.8
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2023-21722, CVE-2023-21808
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 50222840
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-21692, CVE-2023-21690, CVE-2023-21689
Microsoft Important Rated CVEs: CVE-2023-21823, CVE-2023-23376, CVE-2023-21805, CVE-2023-21702, CVE-2023-21701, CVE-2023-21700, CVE-2023-21699, CVE-2023-21697, CVE-2023-21695, CVE-2023-21694, CVE-2023-21693, CVE-2023-21691, CVE-2023-21688, CVE-2023-21686, CVE-2023-21685, CVE-2023-21822, CVE-2023-21820, CVE-2023-21819, CVE-2023-21818, CVE-2023-21817, CVE-2023-21816, CVE-2023-21813, CVE-2023-21812, CVE-2023-21811, CVE-2023-21804, CVE-2023-21802, CVE-2023-21801, CVE-2023-21799, CVE-2023-21798, CVE-2023-21797, CVE-2023-21684
Security Rollup ID: 5022782
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5.1 AND 4.7.2
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2023-21808, CVE-2023-21722
Security Advisories
No New Notable Security Advisories were published by Microsoft in February 2023
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTICE (Updated February 2023):
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended. Windows 7 systems are also unaffected.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
The patches included in the February 2023 release include the fix for this audio issue, and are also a rollup of all patches released in previous months. Thus, NCR’s current recommendation is now to install the February 2023 patches, as listed below. There are no special instructions for installation, please follow your usual deployment method.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
March 2023 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5023697
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-1018, CVE-2023-1017, CVE-2023-23416, CVE-2023-23415, CVE-2023-23411, CVE-2023-23404, CVE-2023-21708
Microsoft Important Rated CVEs: CVE-2023-24911, CVE-2023-24870, CVE-2023-24876, CVE-2023-24909, CVE-2023-24868, CVE-2023-24872, CVE-2023-23403, CVE-2023-24907, CVE-2023-24869, CVE-2023-24910, CVE-2023-24913, CVE-2023-24908, CVE-2023-24867, CVE-2023-24906, CVE-2023-24866, CVE-2023-24865, CVE-2023-24864, CVE-2023-24863, CVE-2023-24862, CVE-2023-24861, CVE-2023-24859, CVE-2023-24858, CVE-2023-24857, CVE-2023-24856, CVE-2023-23423, CVE-2023-23422, CVE-2023-23421, CVE-2023-23420, CVE-2023-23417, CVE-2023-23414, CVE-2023-23413, CVE-2023-23412, CVE-2023-23410, CVE-2023-23409, CVE-2023-23407, CVE-2023-23406, CVE-2023-23405, CVE-2023-23402, CVE-2023-23401, CVE-2023-23394, CVE-2023-23388, CVE-2023-23385, CVE-2023-24880
In the month of March 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5023702
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-1018, CVE-2023-1017, CVE-2023-23416, CVE-2023-23415, CVE-2023-23411, CVE-2023-23404, CVE-2023-21708
Microsoft Important Rated CVEs: CVE-2023-24910, CVE-2023-24908, CVE-2023-24872, CVE-2023-23403, CVE-2023-24911, CVE-2023-24909, CVE-2023-24870, CVE-2023-24868, CVE-2023-24876, CVE-2023-24913, CVE-2023-24869, CVE-2023-24907, CVE-2023-24867, CVE-2023-24906, CVE-2023-24866, CVE-2023-24865, CVE-2023-24864, CVE-2023-24863, CVE-2023-24862, CVE-2023-24861, CVE-2023-24859, CVE-2023-24858, CVE-2023-24857, CVE-2023-24856, CVE-2023-23423, CVE-2023-23422, CVE-2023-23421, CVE-2023-23420, CVE-2023-23417, CVE-2023-23414, CVE-2023-23413, CVE-2023-23412, CVE-2023-23410, CVE-2023-23409, CVE-2023-23407, CVE-2023-23406, CVE-2023-23405, CVE-2023-23402, CVE-2023-23401, CVE-2023-23394, CVE-2023-23393, CVE-2023-23388, CVE-2023-23385, CVE-2023-24880
In the month of March 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1807
Security Advisories
No New Notable Security Advisories were published by Microsoft in March 2023
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTICE (Updated February 2023):
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended. Windows 7 systems are also unaffected.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
The patches included in the February 2023 release include the fix for this audio issue and are also a rollup of all patches released in previous months. Thus, NCR’s current recommendation is now to install the February 2023 patches, as listed below. There are no special instructions for installation, please follow your usual deployment method.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
April 2023 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5025228
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-28250, CVE-2023-28232, CVE-2023-28220, CVE-2023-28219, CVE-2023-21554
Microsoft Important Rated CVEs: CVE-2023-21729, CVE-2023-28302, CVE-2023-28298, CVE-2023-28293, CVE-2023-28253, CVE-2023-28276, CVE-2023-28275, CVE-2023-28252, CVE-2023-28273, CVE-2023-28249, CVE-2023-28272, CVE-2023-28271, CVE-2023-28248, CVE-2023-28269, CVE-2023-28267, CVE-2023-28266, CVE-2023-28243, CVE-2023-28241, CVE-2023-28238, CVE-2023-28236, CVE-2023-28237, CVE-2023-28228, CVE-2023-28229, CVE-2023-28227, CVE-2023-28226, CVE-2023-28225, CVE-2023-28224, CVE-2023-28222, CVE-2023-28221, CVE-2023-28218, CVE-2023-28217, CVE-2023-28216, CVE-2023-24931, CVE-2023-24929, CVE-2023-24887, CVE-2023-24928, CVE-2023-24886, CVE-2023-24927, CVE-2023-24885, CVE-2023-24926, CVE-2023-24884, CVE-2023-24925, CVE-2023-24883, CVE-2023-24924, CVE-2023-24912, CVE-2023-21769, CVE-2023-21727
In the month of March 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5025229
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-28250, CVE-2023-28232, CVE-2023-28220, CVE-2023-28219, CVE-2023-21554
Microsoft Important Rated CVEs: CVE-2023-21729, CVE-2023-28302, CVE-2023-28298, CVE-2023-28293, CVE-2023-28276, CVE-2023-28253, CVE-2023-28275, CVE-2023-28252, CVE-2023-28274, CVE-2023-28273, CVE-2023-28249, CVE-2023-28272, CVE-2023-28271, CVE-2023-28248, CVE-2023-28270, CVE-2023-28269, CVE-2023-28267, CVE-2023-28243, CVE-2023-28266, CVE-2023-28241, CVE-2023-28238, CVE-2023-28237, CVE-2023-28236, CVE-2023-28235, CVE-2023-28229, CVE-2023-28228, CVE-2023-28227, CVE-2023-28226, CVE-2023-28225, CVE-2023-28224, CVE-2023-28222, CVE-2023-28221, CVE-2023-28218, CVE-2023-28217, CVE-2023-28216, CVE-2023-24931, CVE-2023-24929, CVE-2023-24887, CVE-2023-24928, CVE-2023-24886, CVE-2023-24927, CVE-2023-24885, CVE-2023-24926, CVE-2023-24884, CVE-2023-24925, CVE-2023-24883, CVE-2023-24924, CVE-2023-24912, CVE-2023-21769, CVE-2023-21727
In the month of March 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1807
Security Advisories
No New Notable Security Advisories were published by Microsoft in April 2023
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTICE (Updated February 2023):
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended. Windows 7 systems are also unaffected.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
The patches included in the February 2023 release include the fix for this audio issue and are also a rollup of all patches released in previous months. Thus, NCR’s current recommendation is now to install the February 2023 patches, as listed below. There are no special instructions for installation, please follow your usual deployment method.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
May 2023 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5026363
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-24903, CVE-2023-29325, CVE-2023-24943, CVE-2023-28283
Microsoft Important Rated CVEs: CVE-2023-24947, CVE-2023-29336, CVE-2023-29324, CVE-2023-24948, CVE-2023-24946, CVE-2023-24945, CVE-2023-24942, CVE-2023-24901, CVE-2023-24940, CVE-2023-24900, CVE-2023-24939, CVE-2023-28251, CVE-2023-24932
In the month of May 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5026362
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-24903, CVE-2023-29325, CVE-2023-24943, CVE-2023-28283
Microsoft Important Rated CVEs: CVE-2023-24949, CVE-2023-24947, CVE-2023-29324, CVE-2023-24948, CVE-2023-24946, CVE-2023-24945, CVE-2023-24944, CVE-2023-24942, CVE-2023-24901, CVE-2023-24940, CVE-2023-24900, CVE-2023-24939, CVE-2023-28251, CVE-2023-24932
In the month of May 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1807
Security Advisories
No New Notable Security Advisories were published by Microsoft in May 2023
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTICE (Updated February 2023):
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended. Windows 7 systems are also unaffected.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
The patches included in the February 2023 release include the fix for this audio issue and are also a rollup of all patches released in previous months. Thus, NCR’s current recommendation is now to install the February 2023 patches, as listed below. There are no special instructions for installation, please follow your usual deployment method.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
June 2023 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5027219
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-29363, CVE-2023-32014, CVE-2023-32015, CVE-2023-24897
Microsoft Important Rated CVEs: CVE-2023-29346, CVE-2023-29351, CVE-2023-29358, CVE-2023-29359, CVE-2023-29360, CVE-2023-29362, CVE-2023-29364, CVE-2023-29365, CVE-2023-29368, CVE-2023-29370, CVE-2023-29371, CVE-2023-29372, CVE-2023-29373, CVE-2023-32008, CVE-2023-32009, CVE-2023-32011, CVE-2023-32016, CVE-2023-32017, CVE-2023-32019, CVE-2023-29326, CVE-2023-29331, CVE-2023-24895, CVE-2023-32030, CVE-2023-24936
Security Rollup ID: 5027123
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 4.8 for Windows 10, version 1607
Microsoft Critical Rated CVEs: CVE-2023-24897
Microsoft Important Rated CVEs: CVE-2023-29331, CVE-2023-24895, CVE-2023-32030, CVE-2023-24936
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5027222
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-29363, CVE-2023-32013, CVE-2023-32014, CVE-2023-32015
Microsoft Important Rated CVEs: CVE-2023-24937, CVE-2023-24938, CVE-2023-29346, CVE-2023-29351, CVE-2023-29352, CVE-2023-29358, CVE-2023-29359, CVE-2023-29360, CVE-2023-29362, CVE-2023-29364, CVE-2023-29365, CVE-2023-29368, CVE-2023-29370, CVE-2023-29371, CVE-2023-29372, CVE-2023-29373, CVE-2023-32008, CVE-2023-32009, CVE-2023-32011, CVE-2023-32016, CVE-2023-32017, CVE-2023-32019
Security Rollup ID: 5027536
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809
Microsoft Critical Rated CVEs: CVE-2023-24897
Microsoft Important Rated CVEs: CVE-2023-29326, CVE-2023-29331, CVE-2023-24895, CVE-2023-32030, CVE-2023-24936
Security Advisories
CVE-2023-32019/KB5028408 - NCR Severity Rating :“IMPORTANT” - In June 2023 there is a notable advisory for a vulnerability present within windows 10 1607 and 1809. This vulnerability is already mitigated by NCR’s recommendation for Logical Security (“15 Rules”), however in order to fully enable the specific fix a registry change is required after June 2023 patches have been applied. It should be noted that this means that this vulnerability is likely to appear in automated vulnerability scans even when fully patched if this registry key is not applied, even when all 15 rules are present. This does not indicate increased risk under such circumstances, and therefore this should be considered “IMPORTANT” only.
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTICE (Updated February 2023):
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended. Windows 7 systems are also unaffected.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
The patches included in the February 2023 release include the fix for this audio issue and are also a rollup of all patches released in previous months. Thus, NCR’s current recommendation is now to install the February 2023 patches, as listed below. There are no special instructions for installation, please follow your usual deployment method.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
July 2023 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5028169
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-35365, CVE-2023-35367, CVE-2023-35366, CVE-2023-32057, CVE-2023-35297
Microsoft Important Rated CVEs: CVE-2023-35306, CVE-2023-33154, CVE-2023-35362, CVE-2023-35356, CVE-2023-35361, CVE-2023-35296, CVE-2023-21526, CVE-2023-32044, CVE-2023-35308, CVE-2023-32055, CVE-2023-32054, CVE-2023-33169, CVE-2023-32053, CVE-2023-35302, CVE-2023-33168, CVE-2023-35303, CVE-2023-32085, CVE-2023-35360, CVE-2023-35357, CVE-2023-35305, CVE-2023-35299, CVE-2023-36874, CVE-2023-35353, CVE-2023-35309, CVE-2023-35304, CVE-2023-32038, CVE-2023-33174, CVE-2023-36871¸ CVE-2023-35358, CVE-2023-35342, CVE-2023-35341, CVE-2023-35340, CVE-2023-35339, CVE-2023-35338, CVE-2023-35336, CVE-2023-35332, CVE-2023-35330, CVE-2023-35329, CVE-2023-35328, CVE-2023-35325, CVE-2023-35324, CVE-2023-35320, CVE-2023-35319, CVE-2023-35318, CVE-2023-35316, CVE-2023-35314, CVE-2023-35313, CVE-2023-35312, CVE-2023-35300, CVE-2023-32049, CVE-2023-32045, CVE-2023-32041, CVE-2023-32040, CVE-2023-32039, CVE-2023-32035, CVE-2023-32034, CVE-2023-33173, CVE-2023-33172, CVE-2023-33167, CVE-2023-33166, CVE-2023-33164, CVE-2023-21756
In the month of July 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5028168
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-35367, CVE-2023-35365, CVE-2023-35366, CVE-2023-32057, CVE-2023-35315, CVE-2023-35297
Microsoft Important Rated CVEs: CVE-2023-35302, CVE-2023-33155, CVE-2023-35309, CVE-2023-32054, CVE-2023-35358, CVE-2023-32044, CVE-2023-35361, CVE-2023-32085, CVE-2023-32056, CVE-2023-35306, CVE-2023-33174, CVE-2023-35357, CVE-2023-35303, CVE-2023-32055, CVE-2023-33154, CVE-2023-35304, CVE-2023-35296, CVE-2023-35362, CVE-2023-35363, CVE-2023-35308, CVE-2023-32038, CVE-2023-33168, CVE-2023-36871, CVE-2023-32053, CVE-2023-32037, CVE-2023-33169, CVE-2023-35356, CVE-2023-35305, CVE-2023-35299, CVE-2023-21526, CVE-2023-36874, CVE-2023-35364, CVE-2023-35360, CVE-2023-35353, CVE-2023-35343, CVE-2023-35342, CVE-2023-35341, CVE-2023-35340, CVE-2023-35339, CVE-2023-35338, CVE-2023-35336, CVE-2023-35332, CVE-2023-35330, CVE-2023-35329, CVE-2023-35328, CVE-2023-35326, CVE-2023-35325, CVE-2023-35324, CVE-2023-35320, CVE-2023-35318, CVE-2023-35313, CVE-2023-35312, CVE-2023-35300, CVE-2023-32084, CVE-2023-32049, CVE-2023-32046, CVE-2023-32045, CVE-2023-32043, CVE-2023-32042, CVE-2023-32041, CVE-2023-32040, CVE-2023-32039, CVE-2023-32035, CVE-2023-32034, CVE-2023-33173, CVE-2023-33172, CVE-2023-33167, CVE-2023-33166, CVE-2023-33164, CVE-2023-21756
In the month of July 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1809
Security Advisories
No New Notable Security Advisories were published by Microsoft in July 2023
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTICE (Updated February 2023):
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended. Windows 7 systems are also unaffected.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
The patches included in the February 2023 release include the fix for this audio issue and are also a rollup of all patches released in previous months. Thus, NCR’s current recommendation is now to install the February 2023 patches, as listed below. There are no special instructions for installation, please follow your usual deployment method.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
August 2023 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5029242
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-36910, CVE-2023-36911, CVE-2023-35385
Microsoft Important Rated CVEs: CVE-2023-35359, CVE-2023-36882, CVE-2023-36900, CVE-2023-20569, CVE-2023-36903, CVE-2023-36905, CVE-2023-36906, CVE-2023-36908, CVE-2023-36909, CVE-2023-36912, CVE-2023-35376, CVE-2023-35381, CVE-2023-36889, CVE-2023-36907, CVE-2023-36913, CVE-2023-38254, CVE-2023-35377, CVE-2023-35380, CVE-2023-35383, CVE-2023-35384, CVE-2023-35386, CVE-2023-35387, CVE-2023-38184, CVE-2023-38172
Security Rollup ID: 5028952
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 4.8 for Windows 10, version 1607
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2023-36899, CVE-2023-36873
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5029247
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-36910, CVE-2023-36911, CVE-2023-35385
Microsoft Important Rated CVEs: CVE-2023-35359, CVE-2023-36882, CVE-2023-36900, CVE-2023-20569, CVE-2023-36903, CVE-2023-36904, CVE-2023-36905, CVE-2023-36906, CVE-2023-36908, CVE-2023-36909, CVE-2023-36912, CVE-2023-35376, CVE-2023-35381, CVE-2023-35382, CVE-2023-38154, CVE-2023-36889, CVE-2023-36907, CVE-2023-36913, CVE-2023-38254, CVE-2023-35377, CVE-2023-35378, CVE-2023-35380, CVE-2023-35383, CVE-2023-35384, CVE-2023-35386, CVE-2023-35387, CVE-2023-38184, CVE-2023-38172
Security Rollup ID: 5029647
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2023-36899, CVE-2023-36873
Security Advisories
No New Notable Security Advisories were published by Microsoft in August 2023
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY.
IMPORTANT NOTICE (Updated February 2023):
Since November’s Windows patch release it has come to our attention that subset of Skylake, a subset of KabyLake, and all Cometlake cores that are running Windows 10 1607 and 1809 are being negatively impacted by some of the patches previously recommended. Windows 7 systems are also unaffected.
The USB audio interfaces on these hardware configurations may be rendered non-functional after the application of specific patches.
The patches included in the February 2023 release include the fix for this audio issue and are also a rollup of all patches released in previous months. Thus, NCR’s current recommendation is now to install the February 2023 patches, as listed below. There are no special instructions for installation, please follow your usual deployment method.
Note for NCR Employee Subscribers only
Please be advised that this mailing list is currently in a transition between NCR.com and NCR Atleos.
Any NCR employees who are currently subscribed, please be advised that after the company split that ncr.com mail addresses will no longer receive this mail.
NCR Atleos individuals will continue to receive this mail update.
It is also expected that the email address sending this mail will transition to ncratleos.com in the following months.
------------------------
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
September 2023 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft’s Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5030213
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2023-36803, CVE-2023-38142, CVE-2023-38160, CVE-2023-38161, CVE-2023-36804, CVE-2023-36805, CVE-2023-38139, CVE-2023-38140, CVE-2023-38141, CVE-2023-38143, CVE-2023-38144, CVE-2023-38147, CVE-2023-38149
Security Rollup ID: 5029924
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 4.8 for Windows 10, version 1607
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2023-36794, CVE-2023-36792, CVE-2023-36796, CVE-2023-36793
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5030214
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2023-35355, CVE-2023-38149, CVE-2023-38147, CVE-2023-38144, CVE-2023-38143, CVE-2023-38141, CVE-2023-38140, CVE-2023-38139, CVE-2023-36805, CVE-2023-36804, CVE-2023-36802, CVE-2023-38161, CVE-2023-38160, CVE-2023-38142, CVE-2023-36803
Security Rollup ID: 5030178
NCR Severity Rating: IMPORTANT
Affected Software: .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809
Microsoft Critical Rated CVEs: N/A
Microsoft Important Rated CVEs: CVE-2023-36794, CVE-2023-36792, CVE-2023-36796, CVE-2023-36793, CVE-2023-36788
Security Advisories
No New Notable Security Advisories were published by Microsoft in September 2023
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
The information in this email is confidential and may be legally privileged. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful and you should notify us immediately by return E-mail to the address where the E-mail originated. When addressed to our customers, partners or suppliers, any opinions advice or statements contained in this email are subject to formal contract and business approvals. Nothing contained in this email is capable of becoming legally binding upon NCR by your acceptance. NCR Financial Solutions Group Limited is registered in England No. 414844. Registered Address: 206 Marylebone Road, London NW1 6LY
This email is a notification that the below patches are now available from Microsoft and that NCR testing has begun upon the specific patches described.
An update on the status of testing will be issued as a follow up to this email once testing has been completed.
If assistance with any of these patches is required, please route the request via your standard NCR Support Route.
Only NCR customers and partners who are on software maintenance (SWM) can be subscribed to this list, and only when NCR account team approval has been provided.
October 2023 Security Updates
Full details of all patches made publicly available by Microsoft are published on the Microsoft’s Security Updates Guide .
Microsoft Release Notes for this month’s patch release are available Here.
Pre-Requisite for Patch Installation - Latest Servicing Stack Updates
Always ensure that you have the latest Servicing Stack Updates installed before provisioning the below updates.
These are released outside the standard monthly cadence by Microsoft, and the latest should always be picked up from ADV990001 before beginning to deploy monthly patches.
Windows 10 Version 1607 for x64 based Systems
Security Rollup ID: 5031362
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1607 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-36718, CVE-2023-41773, CVE-2023-41771, CVE-2023-41770, CVE-2023-41768, CVE-2023-41767, CVE-2023-38166, CVE-2023-35349, CVE-2023-36697, CVE-2023-41774, CVE-2023-41769, CVE-2023-41765
Microsoft Important Rated CVEs: CVE-2023-36434, CVE-2023-36557, CVE-2023-36436, CVE-2023-36722, CVE-2023-36724, CVE-2023-36598, CVE-2023-44487, CVE-2023-36602, CVE-2023-36720, CVE-2023-36563, CVE-2023-36717, CVE-2023-36570, CVE-2023-36731, CVE-2023-36431, CVE-2023-36726, CVE-2023-36438, CVE-2023-36576, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, CVE-2023-36902, CVE-2023-36564, CVE-2023-36567, CVE-2023-36571, CVE-2023-36572, CVE-2023-36573, CVE-2023-36574, CVE-2023-36575, CVE-2023-36577, CVE-2023-36578, CVE-2023-36579, CVE-2023-36581, CVE-2023-36582, CVE-2023-36583, CVE-2023-36584, CVE-2023-36585, CVE-2023-36589, CVE-2023-36590, CVE-2023-36591, CVE-2023-36592, CVE-2023-36593, CVE-2023-36594, CVE-2023-36596, CVE-2023-36606, CVE-2023-36702, CVE-2023-36711, CVE-2023-36712, CVE-2023-36713, CVE-2023-36729, CVE-2023-41766, CVE-2023-38159
In the month of October 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1607
Windows 10 Version 1809 for x64 based Systems
Security Rollup ID: 5031361
NCR Severity Rating: IMPORTANT
Affected Software: Windows 10 Version 1809 for x64-based Systems
Microsoft Critical Rated CVEs: CVE-2023-36718, CVE-2023-41773, CVE-2023-41771, CVE-2023-41770, CVE-2023-41768, CVE-2023-41767, CVE-2023-38166, CVE-2023-35349, CVE-2023-36697, CVE-2023-41774, CVE-2023-41769, CVE-2023-41765
Microsoft Important Rated CVEs: CVE-2023-36724, CVE-2023-36434, CVE-2023-36557, CVE-2023-36576, CVE-2023-36598, CVE-2023-36731, CVE-2023-36563, CVE-2023-36721, CVE-2023-44487, CVE-2023-36602, CVE-2023-36717, CVE-2023-36725, CVE-2023-36436, CVE-2023-36438, CVE-2023-36720, CVE-2023-36431, CVE-2023-36570, CVE-2023-36722, CVE-2023-36723, CVE-2023-36726, CVE-2023-36732, CVE-2023-41772, CVE-2023-36743, CVE-2023-36776, CVE-2023-36902, CVE-2023-36564, CVE-2023-36567, CVE-2023-36571, CVE-2023-36572, CVE-2023-36573, CVE-2023-36574, CVE-2023-36575, CVE-2023-36577, CVE-2023-36578, CVE-2023-36579, CVE-2023-36581, CVE-2023-36582, CVE-2023-36583, CVE-2023-36584, CVE-2023-36585, CVE-2023-36589, CVE-2023-36590, CVE-2023-36591, CVE-2023-36592, CVE-2023-36594, CVE-2023-36605, CVE-2023-36606, CVE-2023-36698, CVE-2023-36701, CVE-2023-36702, CVE-2023-36704, CVE-2023-36709, CVE-2023-36710, CVE-2023-36711¸CVE-2023-36712, CVE-2023-36713, CVE-2023-36729, CVE-2023-41766, CVE-2023-38159
In the month of October 2023, Microsoft have not released any security fixes in .NET Framework for Windows 10 Version 1809
Security Advisories
No New Notable Security Advisories were published by Microsoft in October 2023
Historical patching information from December 2017 and earlier is available on Confluence at the following location: https://confluence.ncr.com/display/FSE/Microsoft+Security+Patch+Historical+Archives
If you are unable to access these archives, please contact your Account Manager, who shall retrieve them for you.
Software Security Team, FSE
NCR Corporation
