Microsoft releases emergency update to fix two serious Windows flaws ( CVE-2020-1425 / CVE-2020-1457 )
Question
Microsoft releases emergency update to fix two serious Windows flaws
I do understand it is only customers who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.
So but if we need to force the update on users machines remotely (from SCCM ,PowerShell script ) how we can do that for this software’s ?
In windows store setting suppose user selected the option to turn off automatic update ,then how we can proceed ?
Is there any way we can force it via script or do we have offline package or installer for the same ?
How we can check , how many users installed this software , Do we have any SQL query for that ?
Answers ( 7 )
Hi Anoop ,
Sorry to bother you but ,I am still waiting foe your answer
Manual update is working
Can you please tell me how we can trigger updation of microsoft store software on remote machine from sccm
You should have tried manually update on a machine if that works .. then we can have several methods to update the latest version
Yes i checked that , but if any customer selected the option do not install update in store then it is difficult to update
I managed to create one query which will show how many machines are not having the latest version of software
select sms.name0, sms.User_Name0, gsapp.ApplicationName0, gsapp.Version0,
case when parsename(gsapp.Version0,2) < '31822' then 'NONCOMPLIANT'
else 'COMPLIANT' end as status
from v_r_system sms
join v_GS_WINDOWS8_APPLICATION gsapp on gsapp.ResourceID=sms.ResourceID
where gsapp.ApplicationName0 like '%Microsoft.HEVCVideoExtension%'
But now the question remains to keep the environment secure how we can force the upgrade
Can we use CIM method to force the Store to update ( Get-CimInstance ) ?
Microsoft is not at all providing more information about this in any blog . Ideally they need to remove old version and force the installation of latest version
Notes from Article – “Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update”
You can check the FAQ here – https://snipboard.io/I1yAEL.jpg
Hello Ketan, As of now this update can’t be downloaded and applied manually or via PowerShell.
These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store.
Check this TechNet thread to understand more about this.
+ https://social.technet.microsoft.com/Forums/en-US/9604e252-bcfa-4230-9bcf-e1b5515f72c7/the-new-updates-today-cve20201425-and-cve20201457-say-they-will-update-through-windows-store?forum=win10itprosecurity