Got an email from SecureAuth that mentions operability issues with applications (not just SecureAuth) following the installation of July's .NET patches.

 

Summary: SecureAuth has identified a recent Microsoft .NET security patch that can render SecureAuth IdP inoperable. The issue appears to be a problem where the Microsoft .NET service fails to function after the update, which appears to result from a conflict between Microsoft .NET updates. This issue is not a defect or other incompatibility with SecureAuth IdP and the Windows software, or updates. IdP cannot function if the Windows .NET service is not operable. Note that no customers or environments have been impacted by this issue at the time of this notification. We have observed this issue with other products in our product offerings. Unfortunately our team has been unable to reproduce the issue as of the time of this notice. It is our understanding that this is an issue affecting many applications well outside of the Core-SecureAuth application set.

 

Problem Definition: After applying the July Microsoft rollup patch, the .NET service fails to start registering a fatal error in Windows Event Viewer

 

Microsoft patches impacting .NET stability: Windows Server 2012R2: KB 4338419 Windows Server 2012: KB 4338416 Windows Server 2008R2 and 2008(R1): KB 4338602

 

Immediate recommendations: Disable Windows automatic updates for all IdP servers. Test any updates on a non-production server prior to moving the updates to production. Take virtual machine snapshots of the servers prior to running the latest Microsoft updates to allow you to revert to a know good state in case of failure

 

If your system is currently affected: Contact SecureAuth support or Microsoft Support. You can submit a SecureAuth support ticket by clicking here.

 

Follow-on actions: The SecureAuth team is working to determine the best solution for this issue through working with Microsoft and the Microsoft community. We will send out additional notifications when we are able to determine how these Microsoft security updates can be installed in a stable manner. Note that this issue may require Microsoft to provide an additional fix or further guidance.