locked
The new updates today, CVE-2020-1425 and CVE-2020-1457, say they will update through Windows Store, but we have the Store app disabled through GPO RRS feed

  • Question

  • Do we need to worry about a way to apply these updates independently?  Can they be downloaded and applied manually or via Powershell?  We are certainly not the only organization that has the Windows Store disabled for our end users.  
    Wednesday, July 1, 2020 5:35 PM

All replies

  • Hi,

     

    For now, they can't be downloaded and applied manually or via PowerShell.

    These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store. Updates for optional store apps/components are provided via the Microsoft Store.

     

    Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App, more information on this process can be found here.

     

    Hope above information can help you.


    Please remember to mark the replies as answers if they help.
    "Windows 10 Installation, Setup, and Deployment" forum will be migrating to a new home on Microsoft Q&A (Preview)!
    We invite you to post new questions in the "Windows 10 Installation, Setup, and Deployment" forum’s new home on Microsoft Q&A (Preview)!
    For more information, please refer to the sticky post.

    Thursday, July 2, 2020 2:20 AM
  • Microsoft has updated the original post.  It now says:  

    FAQ

    Is Windows vulnerable in the default configuration?

    No. Only customers who have installed the optional HEVC or "HEVC from Device Manufacturer" media codecs from Microsoft Store may be vulnerable.

    So if you have disabled the Store and have not downloaded the HEVC codec, you are not vulnerable and do not need this patch.

    Thursday, July 2, 2020 2:40 PM
  • Can someone tell me the exact name of the Store app that is vulnerable. I looked for HEVC but didnt find that by itself. I also looked for HEVC from Device Manufacturer, and didnt see anything.  I see some other apps that have the word HEVC in them, but how do i know which one is the vulnerable one?  And how do i know if i have it installed?  And how do i know if i have the latest version that is fixed?  and what is that version?
    Thursday, July 2, 2020 7:37 PM
  •  you can find HEVC via Microsoft Score called HEVC Video Extensions. 

    if you did not install HEVC, you don`t need to install patch as per Microsoft FAQs. 

    Friday, July 3, 2020 3:19 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful.

     

    If the reply helped you, please remember to mark it as an answer.

    If no, please reply and tell us the current situation in order to provide further help.


    Please remember to mark the replies as answers if they help.
    "Windows 10 Installation, Setup, and Deployment" forum will be migrating to a new home on Microsoft Q&A (Preview)!
    We invite you to post new questions in the "Windows 10 Installation, Setup, and Deployment" forum’s new home on Microsoft Q&A (Preview)!
    For more information, please refer to the sticky post.

    Monday, July 6, 2020 7:17 AM