April 2014



April 2014 Security Bulletin Webcast Q&A

Hosts:              William Peteroy, Security Program Manager
                          Dustin Childs, Group Manager, Response Communications

Website:         TechNet/Security
Chat Topic:     April 2014 Security Bulletin Release
Wednesday, April 9, 2014

Q1: Will existing patches for XP continue to be available via Windows Update and for how long?
We have no current plans to remove historical Windows XP security updates from Windows Update, however, we will not provide new security updates after April 8, 2014.

Q2: Why is Windows 8.1 Update being released on Update Tuesday’? Is this a ‘Security Update’?
In addition to the other enhancements we’ve talked about, Windows 8.1 Update and Windows RT 8.1 Update also include security and performance updates, and they must be installed for your PC to receive any future security updates for Windows 8.1 or Windows RT 8.1.

Q3: Why is Microsoft making this a required update? Why are you only giving customers 30 days to install the Windows 8.1 Update?
Microsoft wants to ensure that customers continue to benefit from the best support and servicing experience from Microsoft.  Also, in order to coordinate and simplify servicing across both Windows Server 2012 R2, Windows 8.1 RT and Windows 8.1, this update will be considered a new servicing/support baseline. Customers who have elected to install updates manually will have 30 days to install Windows 8.1 Update; after this 30-day window—and beginning with May Update Tuesday –Windows 8.1 customers without the update installed will no longer receive security updates, so make sure you install the update!

Q4: What is the KB2929437 update for Internet Explorer 11 on Windows 7 and Windows Server 2008 R2? 
The Windows 7 and Windows Server 2008 R2 Update for April, 2014 (2929437) is a cumulative update for Internet Explorer 11 on Windows 7 and Windows Server 2008 R2. In addition to previous updates for Internet Explorer 11 on these operating systems, it includes enhancements such as improved Internet Explorer 11 compatibility for enterprise applications. For more information, see Microsoft Knowledge Base Article 2929437.

Q5: Will Microsoft release a security advisory stating that Microsoft products don't contain the OpenSSL code that is affected by the Heartbleed bug?
As of April 11, 2014, our investigation has determined Microsoft Account, Microsoft Azure, Office 365, Yammer, Skype, along with most Microsoft Services, were not impacted by the OpenSSL “Heartbleed” vulnerability. Windows’ implementation of SSL/TLS was also not impacted. A few Services continue to be reviewed and updated with further protections.

Q6: Some are reporting issues with people getting KB2919355 (required for May updates for 8.1). What is the best advice for resolving issues?
If you are not offered this update (KB2919355) automatically, view the list of Important updates available - you might notice that the KB2919355 update is unchecked. You can get the update by checking the box - so that it is included in the list of updates to be installed. This update may also be found on the Download Center here.

Q7: If I download IE11 today will it contain all updates including enterprise mode?
: New downloads of IE 11 will require you to apply updates prior to receiving the most current updates and features.

Q8: Are there any plans to release a "final rollup" for XP containing all public patches? We're still in the middle of our migration process and it would be a good way to push out the final updates while we migrate.
There are currently no plans for cumulative updates or rollup packages for Windows XP systems.

Q9: Is the IE 11 MS14-018 on Windows 7 a cumulative patch, even though it isn't on Windows 8.1?  Does the IE 11 Windows 7 MS14-018 include the new enterprise features like Windows 8.1?
The Internet Explorer 11 for Windows 7 update provided throught MS14-018 is not cumulative and requires the update from MS14-012 also be installed to ensure all documented security issues are address.  The KB2929437 does include Windows 8.1 Update feature updates, including enterprise features.

Q10: Any problems identified so far with patches released for April?
Any known issues are documented in the bulletins and the corresponding KB articles will have specific details. We are not aware of any significant issues at this time.

Q11: MS14-018 looks like it requires a non-security patch KB2919442. Could you elaborate on this?
The March Internet Explorer Cumulative Update (MS14-013) had known issues when applied without KB2919442, a non-security related servicing stack update (SSU).  Some of our updates this month are dependent upon the previous update and thus require the Non-sec SSU.

Q12: Do you know when the SSL issues with the 8.1 update will be resolved so it can be included in WSUS?
The WSUS blog post (http://blogs.technet.com/b/wsus/archive/2014/04/08/windows-8-1-update-prevents-interaction-with-wsus-3-2-over-ssl.aspx) discusses this issue along with some workarounds. Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update KB 2919355 scanning against all supported WSUS configurations. Until that time, we are delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.

Q13: What happens to users who are stuck on W8 RTM for whatever reason and cannot update to 8.1. Will they still get future security updates?
The issue being discussed with regard to Windows 8.1 (the Windows 8.1 Update) has no impact on Windows 8 RTM.  Windows 8 RTM users will continue to get future security updates per the Microsoft Lifecycle policy.